[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 26.930805] kauditd_printk_skb: 7 callbacks suppressed [ 26.930830] audit: type=1800 audit(1541524534.665:29): pid=5531 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 26.966003] audit: type=1800 audit(1541524534.665:30): pid=5531 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.122' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 494.707805] INFO: task syz-executor865:5690 blocked for more than 140 seconds. [ 494.715384] Not tainted 4.20.0-rc1+ #322 [ 494.720106] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 494.728132] syz-executor865 D24216 5690 5689 0x00000004 [ 494.733766] Call Trace: [ 494.736352] __schedule+0x8cf/0x21d0 [ 494.740194] ? __sched_text_start+0x8/0x8 [ 494.744346] ? perf_trace_sched_process_exec+0x860/0x860 [ 494.750056] ? zap_class+0x640/0x640 [ 494.753765] ? zap_class+0x640/0x640 [ 494.757465] ? zap_class+0x640/0x640 [ 494.761236] schedule+0xfe/0x460 [ 494.764623] ? __schedule+0x21d0/0x21d0 [ 494.768657] ? find_held_lock+0x36/0x1c0 [ 494.772716] ? mark_held_locks+0xc7/0x130 [ 494.776856] schedule_timeout+0x1cc/0x260 [ 494.781050] ? usleep_range+0x1a0/0x1a0 [ 494.785013] ? wait_for_completion+0x41f/0x8a0 [ 494.789638] ? trace_hardirqs_off_caller+0x310/0x310 [ 494.794738] wait_for_completion+0x427/0x8a0 [ 494.799181] ? wait_for_completion_interruptible+0x840/0x840 [ 494.804973] ? wake_up_q+0x100/0x100 [ 494.808729] ? lock_release+0xa00/0xa00 [ 494.812738] ? __init_waitqueue_head+0x9e/0x150 [ 494.817405] ? init_wait_entry+0x1c0/0x1c0 [ 494.821685] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 494.827216] flush_workqueue+0x742/0x1e10 [ 494.831404] ? print_usage_bug+0xc0/0xc0 [ 494.835472] ? cancel_delayed_work+0x3e0/0x3e0 [ 494.840104] ? is_bpf_text_address+0xac/0x170 [ 494.844616] ? lock_downgrade+0x900/0x900 [ 494.848822] ? check_preemption_disabled+0x48/0x280 [ 494.853838] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 494.858823] ? __lock_acquire+0x62f/0x4c20 [ 494.863055] ? rcu_softirq_qs+0x20/0x20 [ 494.867018] ? unwind_dump+0x190/0x190 [ 494.871036] ? zap_class+0x640/0x640 [ 494.874755] ? mark_held_locks+0x130/0x130 [ 494.879025] ? __kernel_text_address+0xd/0x40 [ 494.883517] ? lock_acquire+0x1ed/0x520 [ 494.887479] ? vim2m_release+0xbc/0x150 [ 494.891486] ? lock_release+0xa00/0xa00 [ 494.895449] ? perf_trace_sched_process_exec+0x860/0x860 [ 494.900926] ? v4l2_ctrl_handler_free.part.12+0x742/0xb80 [ 494.906454] ? lock_downgrade+0x900/0x900 [ 494.910659] ? kfree+0xcf/0x230 [ 494.913935] ? __mutex_lock+0x85e/0x16f0 [ 494.918098] ? trace_hardirqs_on+0x310/0x310 [ 494.922504] ? zap_class+0x640/0x640 [ 494.926258] vim2m_stop_streaming+0x7c/0x2c0 [ 494.930712] ? vim2m_stop_streaming+0x7c/0x2c0 [ 494.935288] ? mark_held_locks+0xc7/0x130 [ 494.939500] ? vim2m_buf_queue+0xa0/0xa0 [ 494.943551] __vb2_queue_cancel+0x171/0xd20 [ 494.947907] ? trace_hardirqs_on+0xbd/0x310 [ 494.952218] ? kasan_check_read+0x11/0x20 [ 494.956365] ? vb2_buffer_done+0xb90/0xb90 [ 494.960642] ? kasan_check_read+0x11/0x20 [ 494.964801] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 494.969962] ? v4l2_m2m_cancel_job+0x2f8/0x650 [ 494.974548] ? v4l2_m2m_job_finish+0x4c0/0x4c0 [ 494.979301] ? kasan_check_read+0x11/0x20 [ 494.983444] ? mutex_destroy+0x103/0x200 [ 494.987492] ? percpu_down_write+0x540/0x540 [ 494.991962] ? vidioc_querycap+0xd0/0xd0 [ 494.996018] vb2_core_queue_release+0x26/0x80 [ 495.000554] vb2_queue_release+0x15/0x20 [ 495.004609] v4l2_m2m_ctx_release+0x1e/0x35 [ 495.008965] vim2m_release+0xe6/0x150 [ 495.012805] v4l2_release+0x224/0x3a0 [ 495.016615] ? dev_debug_store+0x140/0x140 [ 495.020902] __fput+0x385/0xa30 [ 495.024182] ? get_max_files+0x20/0x20 [ 495.028107] ? trace_hardirqs_on+0xbd/0x310 [ 495.032418] ? kasan_check_read+0x11/0x20 [ 495.036560] ? task_work_run+0x1af/0x2a0 [ 495.040664] ? trace_hardirqs_off_caller+0x310/0x310 [ 495.045771] ? filp_close+0x1cd/0x250 [ 495.049615] ____fput+0x15/0x20 [ 495.052889] task_work_run+0x1e8/0x2a0 [ 495.056800] ? task_work_cancel+0x240/0x240 [ 495.061157] ? copy_fd_bitmaps+0x210/0x210 [ 495.065435] ? do_syscall_64+0x9a/0x820 [ 495.069458] exit_to_usermode_loop+0x318/0x380 [ 495.074031] ? __bpf_trace_sys_exit+0x30/0x30 [ 495.078580] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 495.084137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 495.089717] do_syscall_64+0x6be/0x820 [ 495.093614] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 495.099017] ? syscall_return_slowpath+0x5e0/0x5e0 [ 495.103955] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 495.108874] ? trace_hardirqs_on_caller+0x310/0x310 [ 495.113897] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 495.118946] ? prepare_exit_to_usermode+0x291/0x3b0 [ 495.123958] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 495.128840] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 495.134017] RIP: 0033:0x401010 [ 495.137200] Code: 00 00 5b 00 00 00 12 00 0c 00 70 1e 40 00 00 00 00 00 00 00 00 00 00 00 00 00 74 00 00 00 12 00 0f 00 78 6f 40 00 00 00 00 00 <00> 00 00 00 00 00 00 00 a5 00 00 00 11 00 1a 00 a8 88 60 00 00 00 [ 495.156144] RSP: 002b:00007ffe19651dd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 495.163878] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000401010 [ 495.171185] RDX: 0000000000444bb9 RSI: 0000000000000000 RDI: 0000000000000003 [ 495.178468] RBP: 0000000000000000 R08: 00000000004002e0 R09: 00000000004002e0 [ 495.185826] R10: 00000000004002e0 R11: 0000000000000246 R12: 0000000000401f20 [ 495.193132] R13: 0000000000401fb0 R14: 0000000000000000 R15: 0000000000000000 [ 495.200498] [ 495.200498] Showing all locks held in the system: [ 495.206880] 2 locks held by kworker/0:1/12: [ 495.211252] #0: 00000000d7473a36 ((wq_completion)"events"){+.+.}, at: process_one_work+0xb43/0x1c40 [ 495.220557] #1: 00000000f72c74f6 ((work_completion)(&smc->tcp_listen_work)){+.+.}, at: process_one_work+0xb9a/0x1c40 [ 495.231362] 1 lock held by khungtaskd/1008: [ 495.235665] #0: 00000000b9a0dc89 (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x424 [ 495.244307] 1 lock held by rsyslogd/5569: [ 495.248468] #0: 000000008386a0db (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200 [ 495.256436] 2 locks held by getty/5659: [ 495.260430] #0: 00000000ec1aaf9b (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 495.268702] #1: 00000000109dc792 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 [ 495.277563] 2 locks held by getty/5660: [ 495.281618] #0: 000000007887bb89 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 495.289881] #1: 00000000ee8ea506 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 [ 495.298854] 2 locks held by getty/5661: [ 495.302925] #0: 00000000d39f8ce9 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 495.311214] #1: 00000000d16ff58e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 [ 495.320081] 2 locks held by getty/5662: [ 495.324038] #0: 00000000e00b0edd (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 495.332321] #1: 000000001bfb6716 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 [ 495.341218] 2 locks held by getty/5663: [ 495.345179] #0: 0000000018e0ae48 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 495.353449] #1: 0000000082a7be0e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 [ 495.362387] 2 locks held by getty/5664: [ 495.366356] #0: 0000000007259cc3 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 495.374651] #1: 00000000da35977d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 [ 495.383533] 2 locks held by getty/5665: [ 495.387488] #0: 0000000043e56469 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 495.396027] #1: 000000006e66d464 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 [ 495.404908] 2 locks held by syz-executor865/5690: [ 495.409772] #0: 000000005adeb1f0 (&mdev->req_queue_mutex){+.+.}, at: v4l2_release+0x1d7/0x3a0 [ 495.418571] #1: 0000000068968887 (&dev->dev_mutex){+.+.}, at: vim2m_release+0xbc/0x150 [ 495.426722] [ 495.428427] ============================================= [ 495.428427] [ 495.435474] NMI backtrace for cpu 0 [ 495.439162] CPU: 0 PID: 1008 Comm: khungtaskd Not tainted 4.20.0-rc1+ #322 [ 495.446164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 495.455520] Call Trace: [ 495.458094] dump_stack+0x244/0x39d [ 495.461709] ? dump_stack_print_info.cold.1+0x20/0x20 [ 495.466967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 495.472502] nmi_cpu_backtrace.cold.2+0x5c/0xa1 [ 495.477182] ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f [ 495.482422] nmi_trigger_cpumask_backtrace+0x1e8/0x22a [ 495.487691] arch_trigger_cpumask_backtrace+0x14/0x20 [ 495.492875] watchdog+0xb51/0x1060 [ 495.496402] ? hungtask_pm_notify+0xb0/0xb0 [ 495.500712] ? __kthread_parkme+0xce/0x1a0 [ 495.504934] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 495.510042] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 495.515131] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 495.519703] ? trace_hardirqs_on+0xbd/0x310 [ 495.524014] ? kasan_check_read+0x11/0x20 [ 495.528332] ? __kthread_parkme+0xce/0x1a0 [ 495.532555] ? trace_hardirqs_off_caller+0x310/0x310 [ 495.537642] ? trace_hardirqs_off_caller+0x310/0x310 [ 495.542738] ? lockdep_init_map+0x9/0x10 [ 495.546792] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 495.551890] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 495.557424] ? __kthread_parkme+0xfb/0x1a0 [ 495.561757] ? hungtask_pm_notify+0xb0/0xb0 [ 495.566067] kthread+0x35a/0x440 [ 495.569422] ? kthread_stop+0x900/0x900 [ 495.573386] ret_from_fork+0x3a/0x50 [ 495.577232] Sending NMI from CPU 0 to CPUs 1: [ 495.581813] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x6/0x10 [ 495.582994] Kernel panic - not syncing: hung_task: blocked tasks [ 495.595527] CPU: 0 PID: 1008 Comm: khungtaskd Not tainted 4.20.0-rc1+ #322 [ 495.602524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 495.611860] Call Trace: [ 495.614436] dump_stack+0x244/0x39d [ 495.618053] ? dump_stack_print_info.cold.1+0x20/0x20 [ 495.623228] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 495.628241] panic+0x2ad/0x55c [ 495.631421] ? add_taint.cold.5+0x16/0x16 [ 495.635559] ? nmi_trigger_cpumask_backtrace+0x1c8/0x22a [ 495.641003] ? nmi_trigger_cpumask_backtrace+0x1f9/0x22a [ 495.646448] ? nmi_trigger_cpumask_backtrace+0x1d1/0x22a [ 495.651887] ? nmi_trigger_cpumask_backtrace+0x1c8/0x22a [ 495.657325] watchdog+0xb62/0x1060 [ 495.660857] ? hungtask_pm_notify+0xb0/0xb0 [ 495.665182] ? __kthread_parkme+0xce/0x1a0 [ 495.669407] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 495.674495] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 495.679582] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 495.684151] ? trace_hardirqs_on+0xbd/0x310 [ 495.688464] ? kasan_check_read+0x11/0x20 [ 495.692596] ? __kthread_parkme+0xce/0x1a0 [ 495.696815] ? trace_hardirqs_off_caller+0x310/0x310 [ 495.701904] ? trace_hardirqs_off_caller+0x310/0x310 [ 495.706995] ? lockdep_init_map+0x9/0x10 [ 495.711050] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 495.716144] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 495.721682] ? __kthread_parkme+0xfb/0x1a0 [ 495.725909] ? hungtask_pm_notify+0xb0/0xb0 [ 495.730218] kthread+0x35a/0x440 [ 495.733574] ? kthread_stop+0x900/0x900 [ 495.737535] ret_from_fork+0x3a/0x50 [ 495.742166] Kernel Offset: disabled [ 495.745802] Rebooting in 86400 seconds..