[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   35.334588] random: sshd: uninitialized urandom read (32 bytes read)
[   35.622609] kauditd_printk_skb: 10 callbacks suppressed
[   35.622617] audit: type=1400 audit(1578039503.835:35): avc:  denied  { map } for  pid=7005 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   35.708010] random: sshd: uninitialized urandom read (32 bytes read)
[   36.310657] random: sshd: uninitialized urandom read (32 bytes read)
[  939.106291] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.1.54' (ECDSA) to the list of known hosts.
[  944.772655] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
[  944.891328] audit: type=1400 audit(1578040413.105:36): avc:  denied  { map } for  pid=7018 comm="syz-executor188" path="/root/syz-executor188793893" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 1144.790229] INFO: task syz-executor188:7026 blocked for more than 140 seconds.
[ 1144.790238]       Not tainted 4.14.161-syzkaller #0
[ 1144.790241] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1144.790245] syz-executor188 D28528  7026   7022 0x00000004
[ 1144.790332] Call Trace:
[ 1144.790428]  __schedule+0x7b8/0x1cd0
[ 1144.790441]  ? firmware_map_remove+0x196/0x196
[ 1144.790516]  ? __lock_acquire+0x5f7/0x4620
[ 1144.790527]  schedule+0x92/0x1c0
[ 1144.790536]  schedule_timeout+0x93b/0xe10
[ 1144.790543]  ? __down+0x158/0x290
[ 1144.790552]  ? find_held_lock+0x35/0x130
[ 1144.790560]  ? usleep_range+0x130/0x130
[ 1144.790566]  ? __down+0x158/0x290
[ 1144.790575]  ? save_trace+0x290/0x290
[ 1144.790587]  ? _raw_spin_unlock_irq+0x28/0x90
[ 1144.790597]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1144.790607]  __down+0x160/0x290
[ 1144.790617]  ? ww_mutex_lock+0xc0/0xc0
[ 1144.790632]  down+0x64/0x90
[ 1144.790665]  console_lock+0x28/0x80
[ 1144.790698]  do_fb_ioctl+0x36a/0x940
[ 1144.790707]  ? lock_downgrade+0x740/0x740
[ 1144.790714]  ? fb_read+0x520/0x520
[ 1144.790749]  ? avc_has_extended_perms+0x8ec/0xe40
[ 1144.790756]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.790768]  ? avc_ss_reset+0x110/0x110
[ 1144.790806]  ? follow_pfn+0x220/0x220
[ 1144.790815]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.790826]  ? do_wp_page+0x253/0x1250
[ 1144.790864]  ? __might_sleep+0x93/0xb0
[ 1144.790871]  ? save_trace+0x290/0x290
[ 1144.790882]  fb_ioctl+0xe6/0x130
[ 1144.790890]  ? do_fb_ioctl+0x940/0x940
[ 1144.790922]  do_vfs_ioctl+0x7ae/0x1060
[ 1144.790951]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1144.790961]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1144.790970]  ? lock_downgrade+0x740/0x740
[ 1144.791007]  ? security_file_ioctl+0x7d/0xb0
[ 1144.791014]  ? security_file_ioctl+0x89/0xb0
[ 1144.791025]  SyS_ioctl+0x8f/0xc0
[ 1144.791033]  ? do_vfs_ioctl+0x1060/0x1060
[ 1144.791044]  do_syscall_64+0x1e8/0x640
[ 1144.791052]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.791089]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.791096] RIP: 0033:0x441419
[ 1144.791100] RSP: 002b:00007ffe8db1a488 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.791110] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.791115] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[ 1144.791120] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[ 1144.791125] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[ 1144.791130] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.791153] INFO: task syz-executor188:7027 blocked for more than 140 seconds.
[ 1144.791158]       Not tainted 4.14.161-syzkaller #0
[ 1144.791161] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1144.791165] syz-executor188 D28528  7027   7020 0x00000004
[ 1144.791181] Call Trace:
[ 1144.791192]  __schedule+0x7b8/0x1cd0
[ 1144.791204]  ? firmware_map_remove+0x196/0x196
[ 1144.791212]  ? __lock_acquire+0x5f7/0x4620
[ 1144.791223]  schedule+0x92/0x1c0
[ 1144.791231]  schedule_timeout+0x93b/0xe10
[ 1144.791238]  ? __down+0x158/0x290
[ 1144.791247]  ? find_held_lock+0x35/0x130
[ 1144.791254]  ? usleep_range+0x130/0x130
[ 1144.791260]  ? __down+0x158/0x290
[ 1144.791269]  ? save_trace+0x290/0x290
[ 1144.791281]  ? _raw_spin_unlock_irq+0x28/0x90
[ 1144.791291]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1144.791301]  __down+0x160/0x290
[ 1144.791311]  ? ww_mutex_lock+0xc0/0xc0
[ 1144.791326]  down+0x64/0x90
[ 1144.791334]  console_lock+0x28/0x80
[ 1144.791340]  do_fb_ioctl+0x36a/0x940
[ 1144.791348]  ? lock_downgrade+0x740/0x740
[ 1144.791355]  ? fb_read+0x520/0x520
[ 1144.791366]  ? avc_has_extended_perms+0x8ec/0xe40
[ 1144.791374]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.791385]  ? avc_ss_reset+0x110/0x110
[ 1144.791397]  ? follow_pfn+0x220/0x220
[ 1144.791405]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.791415]  ? do_wp_page+0x253/0x1250
[ 1144.791434]  ? __might_sleep+0x93/0xb0
[ 1144.791441]  ? save_trace+0x290/0x290
[ 1144.791452]  fb_ioctl+0xe6/0x130
[ 1144.791460]  ? do_fb_ioctl+0x940/0x940
[ 1144.791468]  do_vfs_ioctl+0x7ae/0x1060
[ 1144.791476]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1144.791486]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1144.791495]  ? lock_downgrade+0x740/0x740
[ 1144.791510]  ? security_file_ioctl+0x7d/0xb0
[ 1144.791517]  ? security_file_ioctl+0x89/0xb0
[ 1144.791528]  SyS_ioctl+0x8f/0xc0
[ 1144.791535]  ? do_vfs_ioctl+0x1060/0x1060
[ 1144.791545]  do_syscall_64+0x1e8/0x640
[ 1144.791552]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.791565]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.791571] RIP: 0033:0x441419
[ 1144.791575] RSP: 002b:00007ffe8db1a488 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.791584] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.791589] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[ 1144.791593] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[ 1144.791598] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[ 1144.791603] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.791620] INFO: task syz-executor188:7028 blocked for more than 140 seconds.
[ 1144.791624]       Not tainted 4.14.161-syzkaller #0
[ 1144.791627] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1144.791630] syz-executor188 D28528  7028   7023 0x00000004
[ 1144.791646] Call Trace:
[ 1144.791657]  __schedule+0x7b8/0x1cd0
[ 1144.791669]  ? firmware_map_remove+0x196/0x196
[ 1144.791676]  ? __lock_acquire+0x5f7/0x4620
[ 1144.791687]  schedule+0x92/0x1c0
[ 1144.791695]  schedule_timeout+0x93b/0xe10
[ 1144.791702]  ? __down+0x158/0x290
[ 1144.791711]  ? find_held_lock+0x35/0x130
[ 1144.791719]  ? usleep_range+0x130/0x130
[ 1144.791725]  ? __down+0x158/0x290
[ 1144.791734]  ? save_trace+0x290/0x290
[ 1144.791745]  ? _raw_spin_unlock_irq+0x28/0x90
[ 1144.791755]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1144.791765]  __down+0x160/0x290
[ 1144.791775]  ? ww_mutex_lock+0xc0/0xc0
[ 1144.791790]  down+0x64/0x90
[ 1144.791798]  console_lock+0x28/0x80
[ 1144.791804]  do_fb_ioctl+0x36a/0x940
[ 1144.791812]  ? lock_downgrade+0x740/0x740
[ 1144.791819]  ? fb_read+0x520/0x520
[ 1144.791830]  ? avc_has_extended_perms+0x8ec/0xe40
[ 1144.791838]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.791849]  ? avc_ss_reset+0x110/0x110
[ 1144.791861]  ? follow_pfn+0x220/0x220
[ 1144.791869]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.791880]  ? do_wp_page+0x253/0x1250
[ 1144.791899]  ? __might_sleep+0x93/0xb0
[ 1144.791905]  ? save_trace+0x290/0x290
[ 1144.791916]  fb_ioctl+0xe6/0x130
[ 1144.791924]  ? do_fb_ioctl+0x940/0x940
[ 1144.791932]  do_vfs_ioctl+0x7ae/0x1060
[ 1144.791940]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1144.791950]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1144.791959]  ? lock_downgrade+0x740/0x740
[ 1144.791974]  ? security_file_ioctl+0x7d/0xb0
[ 1144.791981]  ? security_file_ioctl+0x89/0xb0
[ 1144.791992]  SyS_ioctl+0x8f/0xc0
[ 1144.792000]  ? do_vfs_ioctl+0x1060/0x1060
[ 1144.792009]  do_syscall_64+0x1e8/0x640
[ 1144.792017]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.792030]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.792035] RIP: 0033:0x441419
[ 1144.792039] RSP: 002b:00007ffe8db1a488 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.792048] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.792052] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[ 1144.792057] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[ 1144.792062] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[ 1144.792067] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.792084] INFO: task syz-executor188:7029 blocked for more than 140 seconds.
[ 1144.792088]       Not tainted 4.14.161-syzkaller #0
[ 1144.792091] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1144.792095] syz-executor188 D28528  7029   7021 0x00000004
[ 1144.792111] Call Trace:
[ 1144.792121]  __schedule+0x7b8/0x1cd0
[ 1144.792133]  ? firmware_map_remove+0x196/0x196
[ 1144.792146]  ? __lock_acquire+0x5f7/0x4620
[ 1144.792156]  schedule+0x92/0x1c0
[ 1144.792165]  schedule_timeout+0x93b/0xe10
[ 1144.792171]  ? __down+0x158/0x290
[ 1144.792180]  ? find_held_lock+0x35/0x130
[ 1144.792188]  ? usleep_range+0x130/0x130
[ 1144.792194]  ? __down+0x158/0x290
[ 1144.792203]  ? save_trace+0x290/0x290
[ 1144.792214]  ? _raw_spin_unlock_irq+0x28/0x90
[ 1144.792224]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1144.792235]  __down+0x160/0x290
[ 1144.792244]  ? ww_mutex_lock+0xc0/0xc0
[ 1144.792259]  down+0x64/0x90
[ 1144.792267]  console_lock+0x28/0x80
[ 1144.792274]  do_fb_ioctl+0x36a/0x940
[ 1144.792282]  ? lock_downgrade+0x740/0x740
[ 1144.792289]  ? fb_read+0x520/0x520
[ 1144.792300]  ? avc_has_extended_perms+0x8ec/0xe40
[ 1144.792307]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.792318]  ? avc_ss_reset+0x110/0x110
[ 1144.792330]  ? follow_pfn+0x220/0x220
[ 1144.792338]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.792349]  ? do_wp_page+0x253/0x1250
[ 1144.792367]  ? __might_sleep+0x93/0xb0
[ 1144.792374]  ? save_trace+0x290/0x290
[ 1144.792386]  fb_ioctl+0xe6/0x130
[ 1144.792393]  ? do_fb_ioctl+0x940/0x940
[ 1144.792401]  do_vfs_ioctl+0x7ae/0x1060
[ 1144.792409]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1144.792420]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1144.792428]  ? lock_downgrade+0x740/0x740
[ 1144.792443]  ? security_file_ioctl+0x7d/0xb0
[ 1144.792450]  ? security_file_ioctl+0x89/0xb0
[ 1144.792461]  SyS_ioctl+0x8f/0xc0
[ 1144.792468]  ? do_vfs_ioctl+0x1060/0x1060
[ 1144.792478]  do_syscall_64+0x1e8/0x640
[ 1144.792485]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.792498]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.792503] RIP: 0033:0x441419
[ 1144.792508] RSP: 002b:00007ffe8db1a488 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.792516] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.792521] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[ 1144.792526] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[ 1144.792530] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[ 1144.792535] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.792552] INFO: task syz-executor188:7030 blocked for more than 140 seconds.
[ 1144.792556]       Not tainted 4.14.161-syzkaller #0
[ 1144.792560] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1144.792563] syz-executor188 D28528  7030   7019 0x00000004
[ 1144.792578] Call Trace:
[ 1144.792589]  __schedule+0x7b8/0x1cd0
[ 1144.792601]  ? firmware_map_remove+0x196/0x196
[ 1144.792609]  ? __lock_acquire+0x5f7/0x4620
[ 1144.792619]  schedule+0x92/0x1c0
[ 1144.792628]  schedule_timeout+0x93b/0xe10
[ 1144.792634]  ? __down+0x158/0x290
[ 1144.792642]  ? find_held_lock+0x35/0x130
[ 1144.792650]  ? usleep_range+0x130/0x130
[ 1144.792656]  ? __down+0x158/0x290
[ 1144.792665]  ? save_trace+0x290/0x290
[ 1144.792676]  ? _raw_spin_unlock_irq+0x28/0x90
[ 1144.792686]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1144.792696]  __down+0x160/0x290
[ 1144.792706]  ? ww_mutex_lock+0xc0/0xc0
[ 1144.792721]  down+0x64/0x90
[ 1144.792729]  console_lock+0x28/0x80
[ 1144.792735]  do_fb_ioctl+0x36a/0x940
[ 1144.792743]  ? lock_downgrade+0x740/0x740
[ 1144.792750]  ? fb_read+0x520/0x520
[ 1144.792761]  ? avc_has_extended_perms+0x8ec/0xe40
[ 1144.792769]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.792780]  ? avc_ss_reset+0x110/0x110
[ 1144.792792]  ? follow_pfn+0x220/0x220
[ 1144.792800]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.792810]  ? do_wp_page+0x253/0x1250
[ 1144.792829]  ? __might_sleep+0x93/0xb0
[ 1144.792836]  ? save_trace+0x290/0x290
[ 1144.792847]  fb_ioctl+0xe6/0x130
[ 1144.792855]  ? do_fb_ioctl+0x940/0x940
[ 1144.792863]  do_vfs_ioctl+0x7ae/0x1060
[ 1144.792872]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1144.792882]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1144.792890]  ? lock_downgrade+0x740/0x740
[ 1144.792905]  ? security_file_ioctl+0x7d/0xb0
[ 1144.792912]  ? security_file_ioctl+0x89/0xb0
[ 1144.792922]  SyS_ioctl+0x8f/0xc0
[ 1144.792930]  ? do_vfs_ioctl+0x1060/0x1060
[ 1144.792940]  do_syscall_64+0x1e8/0x640
[ 1144.792947]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.792960]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.792965] RIP: 0033:0x441419
[ 1144.792969] RSP: 002b:00007ffe8db1a488 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.792978] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.792983] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[ 1144.792988] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[ 1144.792992] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[ 1144.792997] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.793012] 
[ 1144.793012] Showing all locks held in the system:
[ 1144.793022] 1 lock held by khungtaskd/1044:
[ 1144.793025]  #0:  (tasklist_lock){.+.+}, at: [<ffffffff8148c8d8>] debug_show_all_locks+0x7f/0x21f
[ 1144.793056] 1 lock held by rsyslogd/6870:
[ 1144.793059]  #0:  (&f->f_pos_lock){+.+.}, at: [<ffffffff81966a5b>] __fdget_pos+0xab/0xd0
[ 1144.793106] 2 locks held by getty/6993:
[ 1144.793112]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86650bc3>] ldsem_down_read+0x33/0x40
[ 1144.793130]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83492216>] n_tty_read+0x1e6/0x17d0
[ 1144.793201] 2 locks held by getty/6994:
[ 1144.793204]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86650bc3>] ldsem_down_read+0x33/0x40
[ 1144.793222]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83492216>] n_tty_read+0x1e6/0x17d0
[ 1144.793242] 2 locks held by getty/6995:
[ 1144.793244]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86650bc3>] ldsem_down_read+0x33/0x40
[ 1144.793262]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83492216>] n_tty_read+0x1e6/0x17d0
[ 1144.793282] 2 locks held by getty/6996:
[ 1144.793284]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86650bc3>] ldsem_down_read+0x33/0x40
[ 1144.793302]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83492216>] n_tty_read+0x1e6/0x17d0
[ 1144.793321] 2 locks held by getty/6997:
[ 1144.793324]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86650bc3>] ldsem_down_read+0x33/0x40
[ 1144.793342]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83492216>] n_tty_read+0x1e6/0x17d0
[ 1144.793361] 2 locks held by getty/6998:
[ 1144.793364]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86650bc3>] ldsem_down_read+0x33/0x40
[ 1144.793382]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83492216>] n_tty_read+0x1e6/0x17d0
[ 1144.793402] 2 locks held by getty/6999:
[ 1144.793404]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff86650bc3>] ldsem_down_read+0x33/0x40
[ 1144.793422]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83492216>] n_tty_read+0x1e6/0x17d0
[ 1144.793441] 
[ 1144.793444] =============================================
[ 1144.793444] 
[ 1144.793448] NMI backtrace for cpu 0
[ 1144.793456] CPU: 0 PID: 1044 Comm: khungtaskd Not tainted 4.14.161-syzkaller #0
[ 1144.793461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1144.793464] Call Trace:
[ 1144.793496]  dump_stack+0x142/0x197
[ 1144.793530]  nmi_cpu_backtrace.cold+0x57/0x94
[ 1144.793541]  ? irq_force_complete_move.cold+0x7d/0x7d
[ 1144.793550]  nmi_trigger_cpumask_backtrace+0x141/0x189
[ 1144.793561]  arch_trigger_cpumask_backtrace+0x14/0x20
[ 1144.793591]  watchdog+0x5e7/0xb90
[ 1144.793625]  kthread+0x319/0x430
[ 1144.793632]  ? hungtask_pm_notify+0x50/0x50
[ 1144.793638]  ? kthread_create_on_node+0xd0/0xd0
[ 1144.793647]  ret_from_fork+0x24/0x30
[ 1144.793664] Sending NMI from CPU 0 to CPUs 1:
[ 1144.794261] NMI backtrace for cpu 1
[ 1144.794265] CPU: 1 PID: 7025 Comm: syz-executor188 Not tainted 4.14.161-syzkaller #0
[ 1144.794269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1144.794272] task: ffff888086c58280 task.stack: ffff888095688000
[ 1144.794274] RIP: 0010:bitfill_aligned+0x51/0x190
[ 1144.794276] RSP: 0018:ffff88809568f270 EFLAGS: 00000246
[ 1144.794281] RAX: 0000000000000050 RBX: 0000000000001400 RCX: 0000000000000000
[ 1144.794284] RDX: 0000000000000000 RSI: ffff8880000a0000 RDI: 0000000000000040
[ 1144.794287] RBP: ffff88809568f2a8 R08: 0000000000001400 R09: 0000000000000040
[ 1144.794290] R10: ffffed1014b91223 R11: ffff8880a5c8911f R12: 0000000000000000
[ 1144.794294] R13: ffffffffffffffff R14: ffff8880000a0000 R15: 0000000000000000
[ 1144.794297] FS:  0000000000c1a880(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000
[ 1144.794299] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1144.794302] CR2: 00000000006cb090 CR3: 0000000095221000 CR4: 00000000001406e0
[ 1144.794306] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1144.794309] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1144.794310] Call Trace:
[ 1144.794312]  cfb_fillrect+0x3d0/0x720
[ 1144.794314]  ? cfb_fillrect+0x720/0x720
[ 1144.794317]  vga16fb_fillrect+0x618/0x1880
[ 1144.794318]  ? memcpy+0x46/0x50
[ 1144.794321]  bit_clear_margins+0x2d5/0x4f0
[ 1144.794323]  ? bit_bmove+0x240/0x240
[ 1144.794325]  ? efifb_probe.cold+0x1379/0x1379
[ 1144.794328]  fbcon_clear_margins+0x292/0x320
[ 1144.794330]  fbcon_switch+0xd38/0x1820
[ 1144.794332]  ? fbcon_set_def_font+0x360/0x360
[ 1144.794334]  ? fbcon_set_origin+0x21/0x50
[ 1144.794337]  ? fbcon_scrolldelta+0x1100/0x1100
[ 1144.794339]  ? set_origin+0x108/0x3c0
[ 1144.794341]  redraw_screen+0x335/0x7c0
[ 1144.794343]  ? con_flush_chars+0x90/0x90
[ 1144.794345]  ? fbcon_set_palette+0x203/0x5b0
[ 1144.794347]  fbcon_modechanged+0x59e/0x880
[ 1144.794349]  fbcon_event_notify+0x11f/0x17af
[ 1144.794351]  ? lock_acquire+0x16f/0x430
[ 1144.794354]  notifier_call_chain+0x111/0x1b0
[ 1144.794356]  blocking_notifier_call_chain+0x80/0xa0
[ 1144.794358]  fb_notifier_call_chain+0x25/0x30
[ 1144.794360]  fb_set_var+0xb09/0xcf0
[ 1144.794362]  ? fb_set_suspend+0x110/0x110
[ 1144.794364]  ? lock_acquire+0x16f/0x430
[ 1144.794366]  ? lock_fb_info+0x1f/0x80
[ 1144.794368]  ? lock_fb_info+0x1f/0x80
[ 1144.794370]  ? __mutex_lock+0x36a/0x1470
[ 1144.794373]  ? trace_hardirqs_on+0x10/0x10
[ 1144.794375]  ? lock_acquire+0x16f/0x430
[ 1144.794377]  ? __down+0x16b/0x290
[ 1144.794379]  ? mutex_trylock+0x1c0/0x1c0
[ 1144.794381]  ? down+0x70/0x90
[ 1144.794383]  ? mutex_lock_nested+0x16/0x20
[ 1144.794385]  ? mutex_lock_nested+0x16/0x20
[ 1144.794387]  do_fb_ioctl+0x3cc/0x940
[ 1144.794389]  ? fb_read+0x520/0x520
[ 1144.794392]  ? avc_has_extended_perms+0x8ec/0xe40
[ 1144.794394]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.794396]  ? avc_ss_reset+0x110/0x110
[ 1144.794398]  ? follow_pfn+0x220/0x220
[ 1144.794400]  ? do_raw_spin_unlock+0x16b/0x260
[ 1144.794402]  ? do_wp_page+0x253/0x1250
[ 1144.794405]  ? __might_sleep+0x93/0xb0
[ 1144.794407]  ? save_trace+0x290/0x290
[ 1144.794409]  fb_ioctl+0xe6/0x130
[ 1144.794411]  ? do_fb_ioctl+0x940/0x940
[ 1144.794413]  do_vfs_ioctl+0x7ae/0x1060
[ 1144.794415]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1144.794417]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1144.794419]  ? lock_downgrade+0x740/0x740
[ 1144.794422]  ? security_file_ioctl+0x7d/0xb0
[ 1144.794424]  ? security_file_ioctl+0x89/0xb0
[ 1144.794426]  SyS_ioctl+0x8f/0xc0
[ 1144.794428]  ? do_vfs_ioctl+0x1060/0x1060
[ 1144.794430]  do_syscall_64+0x1e8/0x640
[ 1144.794432]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1144.794435]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1144.794437] RIP: 0033:0x441419
[ 1144.794439] RSP: 002b:00007ffe8db1a488 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.794445] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419
[ 1144.794448] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[ 1144.794451] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[ 1144.794454] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190
[ 1144.794457] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[ 1144.794458] Code: 85 db 74 62 e8 41 98 34 fe 8b 7d d4 44 89 e1 31 d2 45 8d 04 1c 49 c7 c5 ff ff ff ff 4c 89 e8 48 d3 e0 48 89 45 c8 44 89 c0 f7 f7 <89> d1 49 d3 e5 41 39 f8 49 f7 d5 77 42 e8 0d 98 34 fe 4d 85 ed 
[ 1144.794678] Kernel panic - not syncing: hung_task: blocked tasks
[ 1144.794685] CPU: 0 PID: 1044 Comm: khungtaskd Not tainted 4.14.161-syzkaller #0
[ 1144.794690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1144.794692] Call Trace:
[ 1144.794701]  dump_stack+0x142/0x197
[ 1144.794736]  panic+0x1f9/0x42d
[ 1144.794744]  ? add_taint.cold+0x16/0x16
[ 1144.794756]  ? irq_force_complete_move.cold+0x7d/0x7d
[ 1144.794768]  watchdog+0x5f8/0xb90
[ 1144.794782]  kthread+0x319/0x430
[ 1144.794789]  ? hungtask_pm_notify+0x50/0x50
[ 1144.794796]  ? kthread_create_on_node+0xd0/0xd0
[ 1144.794805]  ret_from_fork+0x24/0x30
[ 1144.796536] Kernel Offset: disabled