[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   37.650211] random: sshd: uninitialized urandom read (32 bytes read)
[   38.015429] kauditd_printk_skb: 10 callbacks suppressed
[   38.015437] audit: type=1400 audit(1577404510.216:35): avc:  denied  { map } for  pid=7019 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   38.071043] random: sshd: uninitialized urandom read (32 bytes read)
[   38.688831] random: sshd: uninitialized urandom read (32 bytes read)
[  497.872701] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.94' (ECDSA) to the list of known hosts.
[  503.421158] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
[  503.553108] audit: type=1400 audit(1577404975.756:36): avc:  denied  { map } for  pid=7031 comm="syz-executor290" path="/root/syz-executor290874068" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[  714.720185] INFO: task syz-executor290:7039 blocked for more than 140 seconds.
[  714.720193]       Not tainted 4.14.160-syzkaller #0
[  714.720197] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  714.720201] syz-executor290 D28528  7039   7035 0x00000004
[  714.720285] Call Trace:
[  714.720367]  __schedule+0x7b8/0x1cd0
[  714.720381]  ? firmware_map_remove+0x196/0x196
[  714.720433]  ? __lock_acquire+0x5f7/0x4620
[  714.720444]  schedule+0x92/0x1c0
[  714.720453]  schedule_timeout+0x93b/0xe10
[  714.720460]  ? __down+0x158/0x290
[  714.720469]  ? find_held_lock+0x35/0x130
[  714.720477]  ? usleep_range+0x130/0x130
[  714.720483]  ? __down+0x158/0x290
[  714.720492]  ? save_trace+0x290/0x290
[  714.720539]  ? _raw_spin_unlock_irq+0x28/0x90
[  714.720550]  ? trace_hardirqs_on_caller+0x400/0x590
[  714.720560]  __down+0x160/0x290
[  714.720570]  ? ww_mutex_lock+0xc0/0xc0
[  714.720585]  down+0x64/0x90
[  714.720612]  console_lock+0x28/0x80
[  714.720642]  do_fb_ioctl+0x36a/0x940
[  714.720651]  ? lock_downgrade+0x740/0x740
[  714.720658]  ? fb_read+0x520/0x520
[  714.720695]  ? avc_has_extended_perms+0x8ec/0xe40
[  714.720703]  ? do_raw_spin_unlock+0x16b/0x260
[  714.720715]  ? avc_ss_reset+0x110/0x110
[  714.720746]  ? follow_pfn+0x220/0x220
[  714.720756]  ? do_raw_spin_unlock+0x16b/0x260
[  714.720766]  ? do_wp_page+0x253/0x1250
[  714.720804]  ? __might_sleep+0x93/0xb0
[  714.720812]  ? save_trace+0x290/0x290
[  714.720823]  fb_ioctl+0xe6/0x130
[  714.720832]  ? do_fb_ioctl+0x940/0x940
[  714.720868]  do_vfs_ioctl+0x7ae/0x1060
[  714.720897]  ? selinux_file_mprotect+0x5d0/0x5d0
[  714.720908]  ? ioctl_preallocate+0x1c0/0x1c0
[  714.720917]  ? lock_downgrade+0x740/0x740
[  714.720952]  ? security_file_ioctl+0x7d/0xb0
[  714.720960]  ? security_file_ioctl+0x89/0xb0
[  714.720971]  SyS_ioctl+0x8f/0xc0
[  714.720979]  ? do_vfs_ioctl+0x1060/0x1060
[  714.720990]  do_syscall_64+0x1e8/0x640
[  714.720998]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  714.721011]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  714.721018] RIP: 0033:0x441419
[  714.721023] RSP: 002b:00007fffd66eb6f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  714.721032] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[  714.721038] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[  714.721043] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[  714.721047] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[  714.721052] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[  714.721071] INFO: task syz-executor290:7040 blocked for more than 140 seconds.
[  714.721075]       Not tainted 4.14.160-syzkaller #0
[  714.721079] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  714.721082] syz-executor290 D28528  7040   7033 0x00000004
[  714.721099] Call Trace:
[  714.721110]  __schedule+0x7b8/0x1cd0
[  714.721122]  ? firmware_map_remove+0x196/0x196
[  714.721130]  ? __lock_acquire+0x5f7/0x4620
[  714.721141]  schedule+0x92/0x1c0
[  714.721149]  schedule_timeout+0x93b/0xe10
[  714.721156]  ? __down+0x158/0x290
[  714.721165]  ? find_held_lock+0x35/0x130
[  714.721173]  ? usleep_range+0x130/0x130
[  714.721179]  ? __down+0x158/0x290
[  714.721189]  ? save_trace+0x290/0x290
[  714.721200]  ? _raw_spin_unlock_irq+0x28/0x90
[  714.721210]  ? trace_hardirqs_on_caller+0x400/0x590
[  714.721221]  __down+0x160/0x290
[  714.721231]  ? ww_mutex_lock+0xc0/0xc0
[  714.721245]  down+0x64/0x90
[  714.721253]  console_lock+0x28/0x80
[  714.721260]  do_fb_ioctl+0x36a/0x940
[  714.721269]  ? lock_downgrade+0x740/0x740
[  714.721276]  ? fb_read+0x520/0x520
[  714.721287]  ? avc_has_extended_perms+0x8ec/0xe40
[  714.721294]  ? do_raw_spin_unlock+0x16b/0x260
[  714.721306]  ? avc_ss_reset+0x110/0x110
[  714.721318]  ? follow_pfn+0x220/0x220
[  714.721326]  ? do_raw_spin_unlock+0x16b/0x260
[  714.721336]  ? do_wp_page+0x253/0x1250
[  714.721355]  ? __might_sleep+0x93/0xb0
[  714.721362]  ? save_trace+0x290/0x290
[  714.721373]  fb_ioctl+0xe6/0x130
[  714.721381]  ? do_fb_ioctl+0x940/0x940
[  714.721389]  do_vfs_ioctl+0x7ae/0x1060
[  714.721398]  ? selinux_file_mprotect+0x5d0/0x5d0
[  714.721408]  ? ioctl_preallocate+0x1c0/0x1c0
[  714.721416]  ? lock_downgrade+0x740/0x740
[  714.721432]  ? security_file_ioctl+0x7d/0xb0
[  714.721439]  ? security_file_ioctl+0x89/0xb0
[  714.721450]  SyS_ioctl+0x8f/0xc0
[  714.721457]  ? do_vfs_ioctl+0x1060/0x1060
[  714.721467]  do_syscall_64+0x1e8/0x640
[  714.721474]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  714.721487]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  714.721493] RIP: 0033:0x441419
[  714.721497] RSP: 002b:00007fffd66eb6f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  714.721512] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[  714.721517] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[  714.721522] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[  714.721527] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[  714.721532] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[  714.721549] INFO: task syz-executor290:7041 blocked for more than 140 seconds.
[  714.721553]       Not tainted 4.14.160-syzkaller #0
[  714.721556] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  714.721560] syz-executor290 D28528  7041   7036 0x00000004
[  714.721577] Call Trace:
[  714.721587]  __schedule+0x7b8/0x1cd0
[  714.721599]  ? firmware_map_remove+0x196/0x196
[  714.721607]  ? __lock_acquire+0x5f7/0x4620
[  714.721618]  schedule+0x92/0x1c0
[  714.721626]  schedule_timeout+0x93b/0xe10
[  714.721633]  ? __down+0x158/0x290
[  714.721642]  ? find_held_lock+0x35/0x130
[  714.721650]  ? usleep_range+0x130/0x130
[  714.721656]  ? __down+0x158/0x290
[  714.721665]  ? save_trace+0x290/0x290
[  714.721676]  ? _raw_spin_unlock_irq+0x28/0x90
[  714.721686]  ? trace_hardirqs_on_caller+0x400/0x590
[  714.721697]  __down+0x160/0x290
[  714.721706]  ? ww_mutex_lock+0xc0/0xc0
[  714.721721]  down+0x64/0x90
[  714.721729]  console_lock+0x28/0x80
[  714.721736]  do_fb_ioctl+0x36a/0x940
[  714.721744]  ? lock_downgrade+0x740/0x740
[  714.721751]  ? fb_read+0x520/0x520
[  714.721762]  ? avc_has_extended_perms+0x8ec/0xe40
[  714.721770]  ? do_raw_spin_unlock+0x16b/0x260
[  714.721781]  ? avc_ss_reset+0x110/0x110
[  714.721793]  ? follow_pfn+0x220/0x220
[  714.721801]  ? do_raw_spin_unlock+0x16b/0x260
[  714.721812]  ? do_wp_page+0x253/0x1250
[  714.721831]  ? __might_sleep+0x93/0xb0
[  714.721837]  ? save_trace+0x290/0x290
[  714.721849]  fb_ioctl+0xe6/0x130
[  714.721857]  ? do_fb_ioctl+0x940/0x940
[  714.721864]  do_vfs_ioctl+0x7ae/0x1060
[  714.721873]  ? selinux_file_mprotect+0x5d0/0x5d0
[  714.721883]  ? ioctl_preallocate+0x1c0/0x1c0
[  714.721891]  ? lock_downgrade+0x740/0x740
[  714.721906]  ? security_file_ioctl+0x7d/0xb0
[  714.721914]  ? security_file_ioctl+0x89/0xb0
[  714.721924]  SyS_ioctl+0x8f/0xc0
[  714.721932]  ? do_vfs_ioctl+0x1060/0x1060
[  714.721942]  do_syscall_64+0x1e8/0x640
[  714.721950]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  714.721962]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  714.721968] RIP: 0033:0x441419
[  714.721972] RSP: 002b:00007fffd66eb6f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  714.721980] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[  714.721985] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[  714.721990] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[  714.721995] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[  714.722000] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[  714.722015] INFO: task syz-executor290:7042 blocked for more than 140 seconds.
[  714.722019]       Not tainted 4.14.160-syzkaller #0
[  714.722022] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  714.722026] syz-executor290 D28528  7042   7034 0x00000004
[  714.722040] Call Trace:
[  714.722051]  __schedule+0x7b8/0x1cd0
[  714.722058]  ? __mutex_lock+0x737/0x1470
[  714.722069]  ? firmware_map_remove+0x196/0x196
[  714.722081]  schedule+0x92/0x1c0
[  714.722089]  schedule_preempt_disabled+0x13/0x20
[  714.722096]  __mutex_lock+0x73c/0x1470
[  714.722106]  ? fb_open+0xb7/0x420
[  714.722117]  ? mutex_trylock+0x1c0/0x1c0
[  714.722127]  ? __mutex_unlock_slowpath+0x71/0x800
[  714.722134]  ? find_held_lock+0x35/0x130
[  714.722151]  mutex_lock_nested+0x16/0x20
[  714.722158]  ? mutex_lock_nested+0x16/0x20
[  714.722164]  fb_open+0xb7/0x420
[  714.722174]  ? get_fb_info.part.0+0x80/0x80
[  714.722182]  chrdev_open+0x207/0x590
[  714.722192]  ? cdev_put.part.0+0x50/0x50
[  714.722201]  ? security_file_open+0x89/0x190
[  714.722239]  do_dentry_open+0x73b/0xeb0
[  714.722249]  ? cdev_put.part.0+0x50/0x50
[  714.722261]  vfs_open+0x105/0x220
[  714.722272]  path_openat+0x8bd/0x3f70
[  714.722280]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  714.722290]  ? trace_hardirqs_on+0x10/0x10
[  714.722306]  ? path_lookupat.isra.0+0x7b0/0x7b0
[  714.722313]  ? __lock_is_held+0xb6/0x140
[  714.722322]  ? save_trace+0x290/0x290
[  714.722350]  ? __alloc_fd+0x1d4/0x4a0
[  714.722360]  do_filp_open+0x18e/0x250
[  714.722368]  ? __alloc_fd+0x1d4/0x4a0
[  714.722376]  ? may_open_dev+0xe0/0xe0
[  714.722391]  ? do_raw_spin_unlock+0x16b/0x260
[  714.722400]  ? _raw_spin_unlock+0x2d/0x50
[  714.722408]  ? __alloc_fd+0x1d4/0x4a0
[  714.722426]  do_sys_open+0x2c5/0x430
[  714.722436]  ? filp_open+0x70/0x70
[  714.722443]  ? up_read+0x1a/0x40
[  714.722457]  SyS_openat+0x30/0x40
[  714.722464]  ? SyS_open+0x40/0x40
[  714.722474]  do_syscall_64+0x1e8/0x640
[  714.722481]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  714.722494]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  714.722500] RIP: 0033:0x441419
[  714.722509] RSP: 002b:00007fffd66eb6f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  714.722518] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[  714.722523] RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c
[  714.722528] RBP: 00000000006cb018 R08: 0000000000000004 R09: 00000000004002c8
[  714.722532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402190
[  714.722537] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[  714.722554] INFO: task syz-executor290:7043 blocked for more than 140 seconds.
[  714.722559]       Not tainted 4.14.160-syzkaller #0
[  714.722562] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  714.722565] syz-executor290 D28528  7043   7032 0x00000004
[  714.722580] Call Trace:
[  714.722591]  __schedule+0x7b8/0x1cd0
[  714.722598]  ? __mutex_lock+0x737/0x1470
[  714.722609]  ? firmware_map_remove+0x196/0x196
[  714.722621]  schedule+0x92/0x1c0
[  714.722629]  schedule_preempt_disabled+0x13/0x20
[  714.722636]  __mutex_lock+0x73c/0x1470
[  714.722646]  ? fb_open+0xb7/0x420
[  714.722657]  ? mutex_trylock+0x1c0/0x1c0
[  714.722667]  ? __mutex_unlock_slowpath+0x71/0x800
[  714.722674]  ? find_held_lock+0x35/0x130
[  714.722691]  mutex_lock_nested+0x16/0x20
[  714.722698]  ? mutex_lock_nested+0x16/0x20
[  714.722705]  fb_open+0xb7/0x420
[  714.722714]  ? get_fb_info.part.0+0x80/0x80
[  714.722722]  chrdev_open+0x207/0x590
[  714.722731]  ? cdev_put.part.0+0x50/0x50
[  714.722741]  ? security_file_open+0x89/0x190
[  714.722751]  do_dentry_open+0x73b/0xeb0
[  714.722761]  ? cdev_put.part.0+0x50/0x50
[  714.722773]  vfs_open+0x105/0x220
[  714.722784]  path_openat+0x8bd/0x3f70
[  714.722791]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  714.722802]  ? trace_hardirqs_on+0x10/0x10
[  714.722818]  ? path_lookupat.isra.0+0x7b0/0x7b0
[  714.722825]  ? __lock_is_held+0xb6/0x140
[  714.722833]  ? save_trace+0x290/0x290
[  714.722844]  ? __alloc_fd+0x1d4/0x4a0
[  714.722858]  do_filp_open+0x18e/0x250
[  714.722866]  ? __alloc_fd+0x1d4/0x4a0
[  714.722875]  ? may_open_dev+0xe0/0xe0
[  714.722890]  ? do_raw_spin_unlock+0x16b/0x260
[  714.722899]  ? _raw_spin_unlock+0x2d/0x50
[  714.722907]  ? __alloc_fd+0x1d4/0x4a0
[  714.722924]  do_sys_open+0x2c5/0x430
[  714.722935]  ? filp_open+0x70/0x70
[  714.722941]  ? up_read+0x1a/0x40
[  714.722956]  SyS_openat+0x30/0x40
[  714.722963]  ? SyS_open+0x40/0x40
[  714.722972]  do_syscall_64+0x1e8/0x640
[  714.722979]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  714.722992]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  714.722998] RIP: 0033:0x441419
[  714.723002] RSP: 002b:00007fffd66eb6f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  714.723010] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[  714.723015] RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c
[  714.723020] RBP: 00000000006cb018 R08: 0000000000000004 R09: 00000000004002c8
[  714.723024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402190
[  714.723029] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[  714.723044] 
[  714.723044] Showing all locks held in the system:
[  714.723054] 1 lock held by khungtaskd/1045:
[  714.723058]  #0:  (tasklist_lock){.+.+}, at: [<ffffffff8148c8d8>] debug_show_all_locks+0x7f/0x21f
[  714.723092] 1 lock held by rsyslogd/6884:
[  714.723095]  #0:  (&f->f_pos_lock){+.+.}, at: [<ffffffff81966a5b>] __fdget_pos+0xab/0xd0
[  714.723115] 2 locks held by getty/7007:
[  714.723118]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>] ldsem_down_read+0x33/0x40
[  714.723136]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>] n_tty_read+0x1e6/0x17d0
[  714.723197] 2 locks held by getty/7008:
[  714.723200]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>] ldsem_down_read+0x33/0x40
[  714.723217]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>] n_tty_read+0x1e6/0x17d0
[  714.723237] 2 locks held by getty/7009:
[  714.723240]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>] ldsem_down_read+0x33/0x40
[  714.723258]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>] n_tty_read+0x1e6/0x17d0
[  714.723278] 2 locks held by getty/7010:
[  714.723281]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>] ldsem_down_read+0x33/0x40
[  714.723298]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>] n_tty_read+0x1e6/0x17d0
[  714.723318] 2 locks held by getty/7011:
[  714.723321]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>] ldsem_down_read+0x33/0x40
[  714.723338]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>] n_tty_read+0x1e6/0x17d0
[  714.723358] 2 locks held by getty/7012:
[  714.723361]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>] ldsem_down_read+0x33/0x40
[  714.723378]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>] n_tty_read+0x1e6/0x17d0
[  714.723398] 2 locks held by getty/7013:
[  714.723401]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff8664f823>] ldsem_down_read+0x33/0x40
[  714.723418]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83491c76>] n_tty_read+0x1e6/0x17d0
[  714.723439] 1 lock held by syz-executor290/7042:
[  714.723442]  #0:  (&fb_info->lock){+.+.}, at: [<ffffffff8324a947>] fb_open+0xb7/0x420
[  714.723461] 1 lock held by syz-executor290/7043:
[  714.723464]  #0:  (&fb_info->lock){+.+.}, at: [<ffffffff8324a947>] fb_open+0xb7/0x420
[  714.723481] 
[  714.723484] =============================================
[  714.723484] 
[  714.723489] NMI backtrace for cpu 0
[  714.723496] CPU: 0 PID: 1045 Comm: khungtaskd Not tainted 4.14.160-syzkaller #0
[  714.723501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  714.723509] Call Trace:
[  714.723539]  dump_stack+0x142/0x197
[  714.723571]  nmi_cpu_backtrace.cold+0x57/0x94
[  714.723582]  ? irq_force_complete_move.cold+0x7d/0x7d
[  714.723591]  nmi_trigger_cpumask_backtrace+0x141/0x189
[  714.723602]  arch_trigger_cpumask_backtrace+0x14/0x20
[  714.723629]  watchdog+0x5e7/0xb90
[  714.723662]  kthread+0x319/0x430
[  714.723670]  ? hungtask_pm_notify+0x50/0x50
[  714.723676]  ? kthread_create_on_node+0xd0/0xd0
[  714.723686]  ret_from_fork+0x24/0x30
[  714.723702] Sending NMI from CPU 0 to CPUs 1:
[  714.724266] NMI backtrace for cpu 1
[  714.724270] CPU: 1 PID: 7038 Comm: syz-executor290 Not tainted 4.14.160-syzkaller #0
[  714.724273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  714.724276] task: ffff8880a831e600 task.stack: ffff888098538000
[  714.724278] RIP: 0010:bitfill_aligned+0xef/0x190
[  714.724281] RSP: 0018:ffff88809853f270 EFLAGS: 00000297
[  714.724285] RAX: ffff8880a831e600 RBX: 0000000000000050 RCX: 0000000000000000
[  714.724288] RDX: 0000000000000000 RSI: ffff8880000a0000 RDI: 0000000000000040
[  714.724291] RBP: ffff88809853f2a8 R08: 0000000000001400 R09: 0000000000000040
[  714.724294] R10: ffffed104323aba3 R11: ffff8882191d5d1f R12: ffff8880000a0280
[  714.724297] R13: 0000000000000000 R14: ffff8880000a0100 R15: 0000000000000000
[  714.724300] FS:  00000000010ce880(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000
[  714.724302] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  714.724305] CR2: 00000000006cc080 CR3: 000000008f016000 CR4: 00000000001406e0
[  714.724308] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  714.724311] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  714.724312] Call Trace:
[  714.724315]  cfb_fillrect+0x3d0/0x720
[  714.724316]  ? cfb_fillrect+0x720/0x720
[  714.724319]  vga16fb_fillrect+0x618/0x1880
[  714.724321]  ? memcpy+0x46/0x50
[  714.724323]  bit_clear_margins+0x2d5/0x4f0
[  714.724325]  ? bit_bmove+0x240/0x240
[  714.724327]  ? efifb_probe.cold+0x1379/0x1379
[  714.724329]  fbcon_clear_margins+0x292/0x320
[  714.724331]  fbcon_switch+0xd38/0x1820
[  714.724333]  ? fbcon_set_def_font+0x360/0x360
[  714.724335]  ? fbcon_set_origin+0x21/0x50
[  714.724337]  ? fbcon_scrolldelta+0x1100/0x1100
[  714.724339]  ? set_origin+0x108/0x3c0
[  714.724341]  redraw_screen+0x335/0x7c0
[  714.724343]  ? con_flush_chars+0x90/0x90
[  714.724345]  ? fbcon_set_palette+0x203/0x5b0
[  714.724347]  fbcon_modechanged+0x59e/0x880
[  714.724349]  fbcon_event_notify+0x11f/0x17af
[  714.724351]  ? lock_acquire+0x16f/0x430
[  714.724354]  notifier_call_chain+0x111/0x1b0
[  714.724356]  blocking_notifier_call_chain+0x80/0xa0
[  714.724358]  fb_notifier_call_chain+0x25/0x30
[  714.724360]  fb_set_var+0xb09/0xcf0
[  714.724362]  ? fb_set_suspend+0x110/0x110
[  714.724364]  ? lock_acquire+0x16f/0x430
[  714.724366]  ? lock_fb_info+0x1f/0x80
[  714.724368]  ? lock_fb_info+0x1f/0x80
[  714.724370]  ? __mutex_lock+0x36a/0x1470
[  714.724372]  ? trace_hardirqs_on+0x10/0x10
[  714.724374]  ? lock_acquire+0x16f/0x430
[  714.724376]  ? __down+0x16b/0x290
[  714.724378]  ? mutex_trylock+0x1c0/0x1c0
[  714.724380]  ? down+0x70/0x90
[  714.724382]  ? mutex_lock_nested+0x16/0x20
[  714.724384]  ? mutex_lock_nested+0x16/0x20
[  714.724386]  do_fb_ioctl+0x3cc/0x940
[  714.724387]  ? fb_read+0x520/0x520
[  714.724390]  ? avc_has_extended_perms+0x8ec/0xe40
[  714.724392]  ? do_raw_spin_unlock+0x16b/0x260
[  714.724394]  ? avc_ss_reset+0x110/0x110
[  714.724396]  ? follow_pfn+0x220/0x220
[  714.724398]  ? do_raw_spin_unlock+0x16b/0x260
[  714.724400]  ? do_wp_page+0x253/0x1250
[  714.724403]  ? __might_sleep+0x93/0xb0
[  714.724405]  ? save_trace+0x290/0x290
[  714.724407]  fb_ioctl+0xe6/0x130
[  714.724409]  ? do_fb_ioctl+0x940/0x940
[  714.724411]  do_vfs_ioctl+0x7ae/0x1060
[  714.724413]  ? selinux_file_mprotect+0x5d0/0x5d0
[  714.724415]  ? ioctl_preallocate+0x1c0/0x1c0
[  714.724417]  ? lock_downgrade+0x740/0x740
[  714.724419]  ? security_file_ioctl+0x7d/0xb0
[  714.724421]  ? security_file_ioctl+0x89/0xb0
[  714.724423]  SyS_ioctl+0x8f/0xc0
[  714.724425]  ? do_vfs_ioctl+0x1060/0x1060
[  714.724428]  do_syscall_64+0x1e8/0x640
[  714.724430]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  714.724432]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  714.724434] RIP: 0033:0x441419
[  714.724436] RSP: 002b:00007fffd66eb6f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  714.724442] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[  714.724445] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[  714.724448] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[  714.724451] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[  714.724454] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[  714.724455] Code: 44 8d 60 f8 41 c1 ec 03 49 83 c4 01 49 c1 e4 06 4d 01 f4 e8 34 9d 34 fe 4d 89 3e 4d 89 7e 08 4d 89 7e 10 4d 89 7e 18 4d 89 7e 20 <4d> 89 7e 28 49 8d 46 38 4d 89 7e 30 49 83 c6 40 4c 89 38 4d 39 
[  714.724717] Kernel panic - not syncing: hung_task: blocked tasks
[  714.724724] CPU: 0 PID: 1045 Comm: khungtaskd Not tainted 4.14.160-syzkaller #0
[  714.724728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  714.724731] Call Trace:
[  714.724740]  dump_stack+0x142/0x197
[  714.724773]  panic+0x1f9/0x42d
[  714.724781]  ? add_taint.cold+0x16/0x16
[  714.724792]  ? irq_force_complete_move.cold+0x7d/0x7d
[  714.724805]  watchdog+0x5f8/0xb90
[  714.724819]  kthread+0x319/0x430
[  714.724826]  ? hungtask_pm_notify+0x50/0x50
[  714.724833]  ? kthread_create_on_node+0xd0/0xd0
[  714.724842]  ret_from_fork+0x24/0x30
[  714.726572] Kernel Offset: disabled