[ 32.963526] audit: type=1800 audit(1576792876.134:33): pid=6874 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 32.985136] audit: type=1800 audit(1576792876.134:34): pid=6874 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.874328] random: sshd: uninitialized urandom read (32 bytes read) [ 36.076080] audit: type=1400 audit(1576792879.244:35): avc: denied { map } for pid=7048 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.118149] random: sshd: uninitialized urandom read (32 bytes read) [ 36.699108] random: sshd: uninitialized urandom read (32 bytes read) [ 935.505713] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts. [ 941.041446] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program [ 941.161084] audit: type=1400 audit(1576793784.334:36): avc: denied { map } for pid=7060 comm="syz-executor213" path="/root/syz-executor213868467" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 978.383156] audit: type=1400 audit(1576793821.554:37): avc: denied { map } for pid=7074 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 1144.790163] INFO: task syz-executor213:7068 blocked for more than 140 seconds. [ 1144.790171] Not tainted 4.14.159-syzkaller #0 [ 1144.790174] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.790180] syz-executor213 D28488 7068 7064 0x00000004 [ 1144.790255] Call Trace: [ 1144.790330] __schedule+0x7b8/0x1cd0 [ 1144.790344] ? firmware_map_remove+0x196/0x196 [ 1144.790392] ? __lock_acquire+0x5f7/0x4620 [ 1144.790403] schedule+0x92/0x1c0 [ 1144.790412] schedule_timeout+0x93b/0xe10 [ 1144.790419] ? __down+0x158/0x290 [ 1144.790429] ? find_held_lock+0x35/0x130 [ 1144.790436] ? usleep_range+0x130/0x130 [ 1144.790443] ? __down+0x158/0x290 [ 1144.790452] ? save_trace+0x290/0x290 [ 1144.790464] ? _raw_spin_unlock_irq+0x28/0x90 [ 1144.790474] ? trace_hardirqs_on_caller+0x400/0x590 [ 1144.790484] __down+0x160/0x290 [ 1144.790494] ? ww_mutex_lock+0xc0/0xc0 [ 1144.790509] down+0x64/0x90 [ 1144.790535] console_lock+0x28/0x80 [ 1144.790571] do_fb_ioctl+0x36a/0x940 [ 1144.790579] ? lock_downgrade+0x740/0x740 [ 1144.790586] ? fb_read+0x520/0x520 [ 1144.790622] ? avc_has_extended_perms+0x8ec/0xe40 [ 1144.790630] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.790642] ? avc_ss_reset+0x110/0x110 [ 1144.790692] ? follow_pfn+0x220/0x220 [ 1144.790701] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.790711] ? do_wp_page+0x253/0x1250 [ 1144.790746] ? __might_sleep+0x93/0xb0 [ 1144.790754] ? save_trace+0x290/0x290 [ 1144.790765] fb_ioctl+0xe6/0x130 [ 1144.790774] ? do_fb_ioctl+0x940/0x940 [ 1144.790804] do_vfs_ioctl+0x7ae/0x1060 [ 1144.790831] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1144.790841] ? ioctl_preallocate+0x1c0/0x1c0 [ 1144.790850] ? lock_downgrade+0x740/0x740 [ 1144.790884] ? security_file_ioctl+0x7d/0xb0 [ 1144.790891] ? security_file_ioctl+0x89/0xb0 [ 1144.790902] SyS_ioctl+0x8f/0xc0 [ 1144.790910] ? do_vfs_ioctl+0x1060/0x1060 [ 1144.790921] do_syscall_64+0x1e8/0x640 [ 1144.790929] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1144.790943] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.790951] RIP: 0033:0x441419 [ 1144.790956] RSP: 002b:00007ffe62d74898 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.790965] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.790970] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.790975] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.790980] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.790985] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.791004] INFO: task syz-executor213:7069 blocked for more than 140 seconds. [ 1144.791008] Not tainted 4.14.159-syzkaller #0 [ 1144.791012] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.791015] syz-executor213 D28528 7069 7062 0x00000004 [ 1144.791032] Call Trace: [ 1144.791043] __schedule+0x7b8/0x1cd0 [ 1144.791055] ? firmware_map_remove+0x196/0x196 [ 1144.791063] ? __lock_acquire+0x5f7/0x4620 [ 1144.791074] schedule+0x92/0x1c0 [ 1144.791082] schedule_timeout+0x93b/0xe10 [ 1144.791089] ? __down+0x158/0x290 [ 1144.791098] ? find_held_lock+0x35/0x130 [ 1144.791106] ? usleep_range+0x130/0x130 [ 1144.791112] ? __down+0x158/0x290 [ 1144.791121] ? save_trace+0x290/0x290 [ 1144.791133] ? _raw_spin_unlock_irq+0x28/0x90 [ 1144.791143] ? trace_hardirqs_on_caller+0x400/0x590 [ 1144.791152] __down+0x160/0x290 [ 1144.791162] ? ww_mutex_lock+0xc0/0xc0 [ 1144.791177] down+0x64/0x90 [ 1144.791185] console_lock+0x28/0x80 [ 1144.791192] do_fb_ioctl+0x36a/0x940 [ 1144.791200] ? lock_downgrade+0x740/0x740 [ 1144.791207] ? fb_read+0x520/0x520 [ 1144.791218] ? avc_has_extended_perms+0x8ec/0xe40 [ 1144.791226] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.791237] ? avc_ss_reset+0x110/0x110 [ 1144.791249] ? follow_pfn+0x220/0x220 [ 1144.791258] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.791268] ? do_wp_page+0x253/0x1250 [ 1144.791287] ? __might_sleep+0x93/0xb0 [ 1144.791294] ? save_trace+0x290/0x290 [ 1144.791305] fb_ioctl+0xe6/0x130 [ 1144.791313] ? do_fb_ioctl+0x940/0x940 [ 1144.791321] do_vfs_ioctl+0x7ae/0x1060 [ 1144.791330] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1144.791340] ? ioctl_preallocate+0x1c0/0x1c0 [ 1144.791348] ? lock_downgrade+0x740/0x740 [ 1144.791363] ? security_file_ioctl+0x7d/0xb0 [ 1144.791370] ? security_file_ioctl+0x89/0xb0 [ 1144.791381] SyS_ioctl+0x8f/0xc0 [ 1144.791389] ? do_vfs_ioctl+0x1060/0x1060 [ 1144.791399] do_syscall_64+0x1e8/0x640 [ 1144.791406] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1144.791419] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.791425] RIP: 0033:0x441419 [ 1144.791429] RSP: 002b:00007ffe62d74898 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.791438] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.791443] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.791448] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.791453] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.791457] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.791474] INFO: task syz-executor213:7070 blocked for more than 140 seconds. [ 1144.791479] Not tainted 4.14.159-syzkaller #0 [ 1144.791482] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.791485] syz-executor213 D28528 7070 7065 0x00000004 [ 1144.791499] Call Trace: [ 1144.791510] __schedule+0x7b8/0x1cd0 [ 1144.791522] ? firmware_map_remove+0x196/0x196 [ 1144.791530] ? __lock_acquire+0x5f7/0x4620 [ 1144.791541] schedule+0x92/0x1c0 [ 1144.791549] schedule_timeout+0x93b/0xe10 [ 1144.791556] ? __down+0x158/0x290 [ 1144.791565] ? find_held_lock+0x35/0x130 [ 1144.791573] ? usleep_range+0x130/0x130 [ 1144.791579] ? __down+0x158/0x290 [ 1144.791588] ? save_trace+0x290/0x290 [ 1144.791599] ? _raw_spin_unlock_irq+0x28/0x90 [ 1144.791609] ? trace_hardirqs_on_caller+0x400/0x590 [ 1144.791620] __down+0x160/0x290 [ 1144.791630] ? ww_mutex_lock+0xc0/0xc0 [ 1144.791650] down+0x64/0x90 [ 1144.791658] console_lock+0x28/0x80 [ 1144.791665] do_fb_ioctl+0x36a/0x940 [ 1144.791673] ? lock_downgrade+0x740/0x740 [ 1144.791680] ? fb_read+0x520/0x520 [ 1144.791691] ? avc_has_extended_perms+0x8ec/0xe40 [ 1144.791699] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.791710] ? avc_ss_reset+0x110/0x110 [ 1144.791722] ? follow_pfn+0x220/0x220 [ 1144.791731] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.791741] ? do_wp_page+0x253/0x1250 [ 1144.791760] ? __might_sleep+0x93/0xb0 [ 1144.791767] ? save_trace+0x290/0x290 [ 1144.791778] fb_ioctl+0xe6/0x130 [ 1144.791786] ? do_fb_ioctl+0x940/0x940 [ 1144.791794] do_vfs_ioctl+0x7ae/0x1060 [ 1144.791803] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1144.791813] ? ioctl_preallocate+0x1c0/0x1c0 [ 1144.791821] ? lock_downgrade+0x740/0x740 [ 1144.791836] ? security_file_ioctl+0x7d/0xb0 [ 1144.791844] ? security_file_ioctl+0x89/0xb0 [ 1144.791854] SyS_ioctl+0x8f/0xc0 [ 1144.791862] ? do_vfs_ioctl+0x1060/0x1060 [ 1144.791872] do_syscall_64+0x1e8/0x640 [ 1144.791880] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1144.791893] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.791898] RIP: 0033:0x441419 [ 1144.791902] RSP: 002b:00007ffe62d74898 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.791911] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.791916] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.791921] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.791926] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.791930] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.791948] INFO: task syz-executor213:7071 blocked for more than 140 seconds. [ 1144.791952] Not tainted 4.14.159-syzkaller #0 [ 1144.791955] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.791959] syz-executor213 D28528 7071 7063 0x00000004 [ 1144.791974] Call Trace: [ 1144.791984] __schedule+0x7b8/0x1cd0 [ 1144.791991] ? __mutex_lock+0x737/0x1470 [ 1144.792003] ? firmware_map_remove+0x196/0x196 [ 1144.792015] schedule+0x92/0x1c0 [ 1144.792023] schedule_preempt_disabled+0x13/0x20 [ 1144.792030] __mutex_lock+0x73c/0x1470 [ 1144.792040] ? fb_open+0xb7/0x420 [ 1144.792051] ? mutex_trylock+0x1c0/0x1c0 [ 1144.792061] ? __mutex_unlock_slowpath+0x71/0x800 [ 1144.792068] ? find_held_lock+0x35/0x130 [ 1144.792085] mutex_lock_nested+0x16/0x20 [ 1144.792092] ? mutex_lock_nested+0x16/0x20 [ 1144.792099] fb_open+0xb7/0x420 [ 1144.792108] ? get_fb_info.part.0+0x80/0x80 [ 1144.792116] chrdev_open+0x207/0x590 [ 1144.792126] ? cdev_put.part.0+0x50/0x50 [ 1144.792136] ? security_file_open+0x89/0x190 [ 1144.792171] do_dentry_open+0x73b/0xeb0 [ 1144.792182] ? cdev_put.part.0+0x50/0x50 [ 1144.792194] vfs_open+0x105/0x220 [ 1144.792205] path_openat+0x8bd/0x3f70 [ 1144.792213] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.792223] ? trace_hardirqs_on+0x10/0x10 [ 1144.792239] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 1144.792247] ? __lock_is_held+0xb6/0x140 [ 1144.792255] ? save_trace+0x290/0x290 [ 1144.792285] ? __alloc_fd+0x1d4/0x4a0 [ 1144.792295] do_filp_open+0x18e/0x250 [ 1144.792302] ? __alloc_fd+0x1d4/0x4a0 [ 1144.792311] ? may_open_dev+0xe0/0xe0 [ 1144.792326] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.792335] ? _raw_spin_unlock+0x2d/0x50 [ 1144.792343] ? __alloc_fd+0x1d4/0x4a0 [ 1144.792361] do_sys_open+0x2c5/0x430 [ 1144.792371] ? filp_open+0x70/0x70 [ 1144.792378] ? up_read+0x1a/0x40 [ 1144.792393] SyS_openat+0x30/0x40 [ 1144.792400] ? SyS_open+0x40/0x40 [ 1144.792409] do_syscall_64+0x1e8/0x640 [ 1144.792416] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1144.792429] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.792435] RIP: 0033:0x441419 [ 1144.792439] RSP: 002b:00007ffe62d74898 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1144.792448] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.792453] RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c [ 1144.792458] RBP: 00000000006cb018 R08: 0000000000000004 R09: 00000000004002c8 [ 1144.792463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402190 [ 1144.792468] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.792485] INFO: task syz-executor213:7072 blocked for more than 140 seconds. [ 1144.792489] Not tainted 4.14.159-syzkaller #0 [ 1144.792493] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.792496] syz-executor213 D28528 7072 7061 0x00000004 [ 1144.792512] Call Trace: [ 1144.792522] __schedule+0x7b8/0x1cd0 [ 1144.792529] ? __mutex_lock+0x737/0x1470 [ 1144.792551] ? firmware_map_remove+0x196/0x196 [ 1144.792564] schedule+0x92/0x1c0 [ 1144.792584] schedule_preempt_disabled+0x13/0x20 [ 1144.792591] __mutex_lock+0x73c/0x1470 [ 1144.792601] ? fb_open+0xb7/0x420 [ 1144.792611] ? mutex_trylock+0x1c0/0x1c0 [ 1144.792621] ? __mutex_unlock_slowpath+0x71/0x800 [ 1144.792629] ? find_held_lock+0x35/0x130 [ 1144.792650] mutex_lock_nested+0x16/0x20 [ 1144.792657] ? mutex_lock_nested+0x16/0x20 [ 1144.792663] fb_open+0xb7/0x420 [ 1144.792672] ? get_fb_info.part.0+0x80/0x80 [ 1144.792679] chrdev_open+0x207/0x590 [ 1144.792689] ? cdev_put.part.0+0x50/0x50 [ 1144.792698] ? security_file_open+0x89/0x190 [ 1144.792708] do_dentry_open+0x73b/0xeb0 [ 1144.792717] ? cdev_put.part.0+0x50/0x50 [ 1144.792729] vfs_open+0x105/0x220 [ 1144.792740] path_openat+0x8bd/0x3f70 [ 1144.792747] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.792757] ? trace_hardirqs_on+0x10/0x10 [ 1144.792773] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 1144.792780] ? __lock_is_held+0xb6/0x140 [ 1144.792788] ? save_trace+0x290/0x290 [ 1144.792798] ? __alloc_fd+0x1d4/0x4a0 [ 1144.792808] do_filp_open+0x18e/0x250 [ 1144.792815] ? __alloc_fd+0x1d4/0x4a0 [ 1144.792823] ? may_open_dev+0xe0/0xe0 [ 1144.792838] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.792846] ? _raw_spin_unlock+0x2d/0x50 [ 1144.792854] ? __alloc_fd+0x1d4/0x4a0 [ 1144.792889] do_sys_open+0x2c5/0x430 [ 1144.792899] ? filp_open+0x70/0x70 [ 1144.792906] ? up_read+0x1a/0x40 [ 1144.792921] SyS_openat+0x30/0x40 [ 1144.792928] ? SyS_open+0x40/0x40 [ 1144.792937] do_syscall_64+0x1e8/0x640 [ 1144.792945] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1144.792958] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.792963] RIP: 0033:0x441419 [ 1144.792967] RSP: 002b:00007ffe62d74898 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1144.792976] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.792981] RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c [ 1144.792986] RBP: 00000000006cb018 R08: 0000000000000004 R09: 00000000004002c8 [ 1144.792991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402190 [ 1144.792995] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.793011] [ 1144.793011] Showing all locks held in the system: [ 1144.793021] 1 lock held by khungtaskd/1045: [ 1144.793024] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7f/0x21f [ 1144.793056] 1 lock held by rsyslogd/6913: [ 1144.793059] #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0xab/0xd0 [ 1144.793080] 2 locks held by getty/7035: [ 1144.793083] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.793101] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1144.793159] 2 locks held by getty/7036: [ 1144.793162] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.793180] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1144.793200] 2 locks held by getty/7037: [ 1144.793203] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.793221] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1144.793241] 2 locks held by getty/7038: [ 1144.793244] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.793261] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1144.793281] 2 locks held by getty/7039: [ 1144.793284] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.793302] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1144.793322] 2 locks held by getty/7040: [ 1144.793325] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.793342] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1144.793363] 2 locks held by getty/7041: [ 1144.793365] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.793383] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1144.793404] 1 lock held by syz-executor213/7071: [ 1144.793407] #0: (&fb_info->lock){+.+.}, at: [] fb_open+0xb7/0x420 [ 1144.793426] 1 lock held by syz-executor213/7072: [ 1144.793429] #0: (&fb_info->lock){+.+.}, at: [] fb_open+0xb7/0x420 [ 1144.793446] [ 1144.793449] ============================================= [ 1144.793449] [ 1144.793454] NMI backtrace for cpu 0 [ 1144.793461] CPU: 0 PID: 1045 Comm: khungtaskd Not tainted 4.14.159-syzkaller #0 [ 1144.793466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.793469] Call Trace: [ 1144.793501] dump_stack+0x142/0x197 [ 1144.793532] nmi_cpu_backtrace.cold+0x57/0x94 [ 1144.793543] ? irq_force_complete_move.cold+0x7d/0x7d [ 1144.793552] nmi_trigger_cpumask_backtrace+0x141/0x189 [ 1144.793563] arch_trigger_cpumask_backtrace+0x14/0x20 [ 1144.793589] watchdog+0x5e7/0xb90 [ 1144.793623] kthread+0x319/0x430 [ 1144.793630] ? hungtask_pm_notify+0x50/0x50 [ 1144.793637] ? kthread_create_on_node+0xd0/0xd0 [ 1144.793651] ret_from_fork+0x24/0x30 [ 1144.793667] Sending NMI from CPU 0 to CPUs 1: [ 1144.794218] NMI backtrace for cpu 1 [ 1144.794222] CPU: 1 PID: 7067 Comm: syz-executor213 Not tainted 4.14.159-syzkaller #0 [ 1144.794226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.794229] task: ffff8880959744c0 task.stack: ffff8880920d0000 [ 1144.794232] RIP: 0010:bitfill_aligned+0x6/0x190 [ 1144.794234] RSP: 0018:ffff8880920d72a0 EFLAGS: 00000246 [ 1144.794239] RAX: ffffffff8328b0e0 RBX: ffff8882192d0ec0 RCX: 0000000000000000 [ 1144.794242] RDX: 0000000000000000 RSI: ffff8880000a0000 RDI: ffff8882192d0ec0 [ 1144.794245] RBP: ffff8880920d72a8 R08: 0000000000001400 R09: 0000000000000040 [ 1144.794248] R10: ffffed10432467ab R11: ffff888219233d5f R12: ffff8880000a0000 [ 1144.794251] R13: 0000000000000000 R14: 0000000000001400 R15: 0000000018937952 [ 1144.794255] FS: 0000000000a54880(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000 [ 1144.794257] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1144.794260] CR2: 00007f03e81e33c0 CR3: 000000007f6c7000 CR4: 00000000001406e0 [ 1144.794264] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1144.794267] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1144.794268] Call Trace: [ 1144.794270] cfb_fillrect+0x3d0/0x720 [ 1144.794272] ? cfb_fillrect+0x720/0x720 [ 1144.794275] vga16fb_fillrect+0x618/0x1880 [ 1144.794277] ? memcpy+0x46/0x50 [ 1144.794279] bit_clear_margins+0x2d5/0x4f0 [ 1144.794281] ? bit_bmove+0x240/0x240 [ 1144.794283] ? efifb_probe.cold+0x1379/0x1379 [ 1144.794285] fbcon_clear_margins+0x292/0x320 [ 1144.794287] fbcon_switch+0xd38/0x1820 [ 1144.794290] ? fbcon_set_def_font+0x360/0x360 [ 1144.794292] ? fbcon_set_origin+0x21/0x50 [ 1144.794294] ? fbcon_scrolldelta+0x1100/0x1100 [ 1144.794296] ? set_origin+0x108/0x3c0 [ 1144.794298] redraw_screen+0x335/0x7c0 [ 1144.794300] ? con_flush_chars+0x90/0x90 [ 1144.794303] ? fbcon_set_palette+0x203/0x5b0 [ 1144.794305] fbcon_modechanged+0x59e/0x880 [ 1144.794307] fbcon_event_notify+0x11f/0x17af [ 1144.794309] ? lock_acquire+0x16f/0x430 [ 1144.794312] notifier_call_chain+0x111/0x1b0 [ 1144.794314] blocking_notifier_call_chain+0x80/0xa0 [ 1144.794317] fb_notifier_call_chain+0x25/0x30 [ 1144.794319] fb_set_var+0xb09/0xcf0 [ 1144.794321] ? fb_set_suspend+0x110/0x110 [ 1144.794323] ? lock_acquire+0x16f/0x430 [ 1144.794325] ? lock_fb_info+0x1f/0x80 [ 1144.794327] ? lock_fb_info+0x1f/0x80 [ 1144.794329] ? __mutex_lock+0x36a/0x1470 [ 1144.794331] ? trace_hardirqs_on+0x10/0x10 [ 1144.794333] ? lock_acquire+0x16f/0x430 [ 1144.794335] ? __down+0x16b/0x290 [ 1144.794337] ? mutex_trylock+0x1c0/0x1c0 [ 1144.794339] ? down+0x70/0x90 [ 1144.794341] ? mutex_lock_nested+0x16/0x20 [ 1144.794343] ? mutex_lock_nested+0x16/0x20 [ 1144.794345] do_fb_ioctl+0x3cc/0x940 [ 1144.794347] ? fb_read+0x520/0x520 [ 1144.794350] ? avc_has_extended_perms+0x8ec/0xe40 [ 1144.794352] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.794354] ? avc_ss_reset+0x110/0x110 [ 1144.794356] ? follow_pfn+0x220/0x220 [ 1144.794359] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.794360] ? do_wp_page+0x253/0x1250 [ 1144.794362] ? __might_sleep+0x93/0xb0 [ 1144.794364] ? save_trace+0x290/0x290 [ 1144.794366] fb_ioctl+0xe6/0x130 [ 1144.794368] ? do_fb_ioctl+0x940/0x940 [ 1144.794370] do_vfs_ioctl+0x7ae/0x1060 [ 1144.794373] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1144.794375] ? ioctl_preallocate+0x1c0/0x1c0 [ 1144.794377] ? lock_downgrade+0x740/0x740 [ 1144.794379] ? security_file_ioctl+0x7d/0xb0 [ 1144.794382] ? security_file_ioctl+0x89/0xb0 [ 1144.794384] SyS_ioctl+0x8f/0xc0 [ 1144.794386] ? do_vfs_ioctl+0x1060/0x1060 [ 1144.794388] do_syscall_64+0x1e8/0x640 [ 1144.794390] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1144.794393] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.794395] RIP: 0033:0x441419 [ 1144.794397] RSP: 002b:00007ffe62d74898 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.794403] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441419 [ 1144.794406] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 1144.794409] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.794412] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402190 [ 1144.794415] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000 [ 1144.794417] Code: e8 10 2c 5f fe 8b 45 c8 e9 2f fb ff ff e8 03 2c 5f fe e9 f4 fa ff ff 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 <49> 89 cf 41 56 49 89 f6 41 55 41 54 41 89 d4 53 44 89 c3 48 83 [ 1144.794681] Kernel panic - not syncing: hung_task: blocked tasks [ 1144.794688] CPU: 0 PID: 1045 Comm: khungtaskd Not tainted 4.14.159-syzkaller #0 [ 1144.794692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.794694] Call Trace: [ 1144.794703] dump_stack+0x142/0x197 [ 1144.794732] panic+0x1f9/0x42d [ 1144.794739] ? add_taint.cold+0x16/0x16 [ 1144.794750] ? irq_force_complete_move.cold+0x7d/0x7d [ 1144.794762] watchdog+0x5f8/0xb90 [ 1144.794776] kthread+0x319/0x430 [ 1144.794783] ? hungtask_pm_notify+0x50/0x50 [ 1144.794789] ? kthread_create_on_node+0xd0/0xd0 [ 1144.794798] ret_from_fork+0x24/0x30 [ 1144.796488] Kernel Offset: disabled