[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.224' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 1288.008695] INFO: task syz-executor542:7989 blocked for more than 140 seconds. [ 1288.016187] Not tainted 4.14.259-syzkaller #0 [ 1288.022502] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1288.030532] syz-executor542 D27288 7989 7987 0x00000004 [ 1288.036143] Call Trace: [ 1288.038765] __schedule+0x88b/0x1de0 [ 1288.042477] ? io_schedule_timeout+0x140/0x140 [ 1288.047039] ? mark_held_locks+0xa6/0xf0 [ 1288.051318] ? _raw_spin_unlock_irq+0x24/0x80 [ 1288.055815] ? rwsem_down_write_failed+0x33e/0x6d0 [ 1288.060782] schedule+0x8d/0x1b0 [ 1288.064143] rwsem_down_write_failed+0x343/0x6d0 [ 1288.069101] ? rwsem_down_read_failed_killable+0x520/0x520 [ 1288.074718] ? lock_downgrade+0x740/0x740 [ 1288.078905] call_rwsem_down_write_failed+0x13/0x20 [ 1288.083918] down_write_nested+0x51/0x90 [ 1288.087960] ? fuse_reverse_inval_entry+0x9e/0x5f0 [ 1288.092936] fuse_reverse_inval_entry+0x9e/0x5f0 [ 1288.097676] ? fuse_dev_do_write+0xc80/0x25c0 [ 1288.102194] ? fuse_update_attributes+0xc0/0xc0 [ 1288.106854] fuse_dev_do_write+0x1f22/0x25c0 [ 1288.111306] ? lock_downgrade+0x740/0x740 [ 1288.115447] ? fuse_dev_read+0x1a0/0x1a0 [ 1288.119546] ? hash_futex+0x12/0x200 [ 1288.123256] ? aa_file_perm+0x2dd/0xab0 [ 1288.127207] ? lock_acquire+0x170/0x3f0 [ 1288.131226] ? lock_downgrade+0x740/0x740 [ 1288.135361] fuse_dev_write+0x125/0x1a0 [ 1288.139359] ? fuse_dev_splice_write+0x940/0x940 [ 1288.144105] ? iov_iter_init+0xa6/0x1c0 [ 1288.148058] __vfs_write+0x44c/0x630 [ 1288.151809] ? kernel_read+0x110/0x110 [ 1288.155694] ? rw_verify_area+0xe1/0x2a0 [ 1288.159776] vfs_write+0x17f/0x4d0 [ 1288.163307] SyS_write+0xf2/0x210 [ 1288.166735] ? SyS_read+0x210/0x210 [ 1288.170399] ? do_syscall_64+0x4c/0x640 [ 1288.174360] ? SyS_read+0x210/0x210 [ 1288.177964] do_syscall_64+0x1d5/0x640 [ 1288.181880] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1288.187101] RIP: 0033:0x7fd0839ed089 [ 1288.190849] RSP: 002b:00007fd083999208 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1288.198594] RAX: ffffffffffffffda RBX: 00007fd083a714c8 RCX: 00007fd0839ed089 [ 1288.205849] RDX: 0000000000000029 RSI: 00000000200043c0 RDI: 0000000000000003 [ 1288.213153] RBP: 00007fd083a714c0 R08: 0000000000000000 R09: 0000000000000000 [ 1288.220456] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd083a714cc [ 1288.227709] R13: 00007ffc107c112f R14: 00007fd083999300 R15: 0000000000022000 [ 1288.235037] INFO: task syz-executor542:7994 blocked for more than 140 seconds. [ 1288.242545] Not tainted 4.14.259-syzkaller #0 [ 1288.247544] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1288.255561] syz-executor542 D28928 7994 7987 0x00000004 [ 1288.261232] Call Trace: [ 1288.263808] __schedule+0x88b/0x1de0 [ 1288.267501] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1288.272554] ? io_schedule_timeout+0x140/0x140 [ 1288.277131] schedule+0x8d/0x1b0 [ 1288.280653] request_wait_answer+0x30d/0x620 [ 1288.285062] ? queue_interrupt+0x1f0/0x1f0 [ 1288.289334] ? wait_woken+0x230/0x230 [ 1288.293127] __fuse_request_send+0x108/0x1a0 [ 1288.297513] fuse_simple_request+0x2fa/0x790 [ 1288.301946] fuse_lookup_name+0x228/0x550 [ 1288.306086] ? fuse_readdir+0x11a0/0x11a0 [ 1288.310287] fuse_lookup+0xcd/0x390 [ 1288.313908] ? fuse_dentry_init+0x40/0xa0 [ 1288.318056] ? fuse_lookup_name+0x550/0x550 [ 1288.322415] ? d_alloc+0x1c7/0x240 [ 1288.325951] ? _raw_spin_unlock+0x29/0x40 [ 1288.330140] ? d_alloc+0x1cc/0x240 [ 1288.333665] __lookup_hash+0x1bb/0x270 [ 1288.337528] filename_create+0x156/0x3f0 [ 1288.341626] ? kern_path_mountpoint+0x40/0x40 [ 1288.346114] ? SyS_futex+0x1e3/0x290 [ 1288.349873] SyS_mkdirat+0x95/0x270 [ 1288.353488] ? SyS_mknod+0x30/0x30 [ 1288.357004] ? do_syscall_64+0x4c/0x640 [ 1288.360999] ? SyS_mknod+0x30/0x30 [ 1288.364526] do_syscall_64+0x1d5/0x640 [ 1288.368393] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1288.373623] RIP: 0033:0x7fd0839ed089 [ 1288.377321] RSP: 002b:00007fd083978208 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 1288.385052] RAX: ffffffffffffffda RBX: 00007fd083a714d8 RCX: 00007fd0839ed089 [ 1288.392365] RDX: 0000000000000000 RSI: 0000000020004380 RDI: 00000000ffffff9c [ 1288.399653] RBP: 00007fd083a714d0 R08: 0000000000000000 R09: 0000000000000000 [ 1288.406911] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd083a714dc [ 1288.414218] R13: 00007ffc107c112f R14: 00007fd083978300 R15: 0000000000022000 [ 1288.421539] [ 1288.421539] Showing all locks held in the system: [ 1288.427888] 1 lock held by khungtaskd/1534: [ 1288.432300] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a [ 1288.441413] 1 lock held by in:imklog/7685: [ 1288.445627] #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0x1fb/0x2b0 [ 1288.454089] 2 locks held by syz-executor542/7989: [ 1288.458974] #0: (&fc->killsb){.+.+}, at: [] fuse_dev_do_write+0xc80/0x25c0 [ 1288.467722] #1: (&type->i_mutex_dir_key#7/1){+.+.}, at: [] fuse_reverse_inval_entry+0x9e/0x5f0 [ 1288.478346] 3 locks held by syz-executor542/7994: [ 1288.483229] #0: (sb_writers#10){.+.+}, at: [] mnt_want_write+0x3a/0xb0 [ 1288.491701] #1: (&type->i_mutex_dir_key#7/1){+.+.}, at: [] filename_create+0x12a/0x3f0 [ 1288.501644] #2: (&fi->mutex){+.+.}, at: [] fuse_lock_inode+0xb0/0xe0 [ 1288.509930] [ 1288.511538] ============================================= [ 1288.511538] [ 1288.518744] NMI backtrace for cpu 1 [ 1288.522359] CPU: 1 PID: 1534 Comm: khungtaskd Not tainted 4.14.259-syzkaller #0 [ 1288.529778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1288.539102] Call Trace: [ 1288.541667] dump_stack+0x1b2/0x281 [ 1288.545268] nmi_cpu_backtrace.cold+0x57/0x93 [ 1288.549739] ? irq_force_complete_move+0x350/0x350 [ 1288.554642] nmi_trigger_cpumask_backtrace+0x13a/0x180 [ 1288.559896] watchdog+0x5b9/0xb40 [ 1288.563411] ? hungtask_pm_notify+0x50/0x50 [ 1288.567710] kthread+0x30d/0x420 [ 1288.571051] ? kthread_create_on_node+0xd0/0xd0 [ 1288.575695] ret_from_fork+0x24/0x30 [ 1288.579456] Sending NMI from CPU 1 to CPUs 0: [ 1288.584402] NMI backtrace for cpu 0 [ 1288.584407] CPU: 0 PID: 4616 Comm: systemd-journal Not tainted 4.14.259-syzkaller #0 [ 1288.584411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1288.584414] task: ffff8880a1b5a640 task.stack: ffff8880a1b60000 [ 1288.584422] RIP: 0010:lock_release+0x41e/0x870 [ 1288.584425] RSP: 0018:ffff8880a1b678a0 EFLAGS: 00000086 [ 1288.584430] RAX: 1ffffffff11e1279 RBX: 1ffff1101436cf17 RCX: 1ffff1101436b5e3 [ 1288.584433] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: 0000000000000086 [ 1288.584437] RBP: ffff8880a1b5a640 R08: ffffffff8b9ca1e0 R09: 0000000000000002 [ 1288.584440] R10: 0000000000000000 R11: ffff8880a1b5a640 R12: aa719b8d105ca9d7 [ 1288.584443] R13: 0000000000000003 R14: ffff8880a1b5a640 R15: 0000000000000003 [ 1288.584447] FS: 00007f6c352968c0(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 1288.584450] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1288.584453] CR2: 00007f6c325da000 CR3: 00000000a1bec000 CR4: 00000000003406f0 [ 1288.584457] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1288.584460] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1288.584462] Call Trace: [ 1288.584464] ? lock_downgrade+0x740/0x740 [ 1288.584467] page_outside_zone_boundaries+0xcf/0x310 [ 1288.584469] ? free_one_page+0x119/0x12a0 [ 1288.584472] ? __mod_zone_page_state+0x84/0xd0 [ 1288.584474] free_one_page+0x119/0x12a0 [ 1288.584477] ? debug_object_activate+0x490/0x490 [ 1288.584479] ? kernel_poison_pages+0x1b/0x250 [ 1288.584482] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1288.584484] __free_pages_ok+0x3f1/0xeb0 [ 1288.584487] ? kmem_freepages.isra.0+0x199/0x4b0 [ 1288.584489] ? lock_downgrade+0x740/0x740 [ 1288.584492] slabs_destroy+0x90/0xd0 [ 1288.584494] ___cache_free+0x213/0x2c0 [ 1288.584496] qlist_free_all+0x79/0x140 [ 1288.584498] quarantine_reduce+0x185/0x200 [ 1288.584501] kasan_kmalloc+0xa2/0x160 [ 1288.584503] ? __lock_acquire+0x5fc/0x3f20 [ 1288.584505] ? trace_hardirqs_on+0x10/0x10 [ 1288.584507] ? putname+0xcd/0x110 [ 1288.584510] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1288.584513] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1288.584515] ? putname+0xcd/0x110 [ 1288.584517] ? getname+0x20/0x20 [ 1288.584520] ? cache_alloc_refill+0x2fa/0x350 [ 1288.584522] ? lock_downgrade+0x740/0x740 [ 1288.584524] ? do_raw_spin_unlock+0x164/0x220 [ 1288.584527] ? _raw_spin_unlock+0x29/0x40 [ 1288.584529] ? cache_alloc_refill+0x2fa/0x350 [ 1288.584532] ? kmem_cache_alloc+0x2c8/0x3c0 [ 1288.584534] kmem_cache_alloc+0x111/0x3c0 [ 1288.584536] getname_flags+0xc8/0x550 [ 1288.584538] do_sys_open+0x1ce/0x410 [ 1288.584540] ? filp_open+0x60/0x60 [ 1288.584543] ? do_syscall_64+0x4c/0x640 [ 1288.584545] ? do_sys_open+0x410/0x410 [ 1288.584548] do_syscall_64+0x1d5/0x640 [ 1288.584550] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1288.584552] RIP: 0033:0x7f6c34825840 [ 1288.584555] RSP: 002b:00007ffdf44263b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1288.584561] RAX: ffffffffffffffda RBX: 00007ffdf44266c0 RCX: 00007f6c34825840 [ 1288.584564] RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 000055f7d0c43480 [ 1288.584567] RBP: 000000000000000d R08: 000000000000ffc0 R09: 00000000ffffffff [ 1288.584571] R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff [ 1288.584574] R13: 000055f7d0c3e040 R14: 00007ffdf4426680 R15: 000055f7d0c434d0 [ 1288.584576] Code: 85 84 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 88 03 00 00 48 83 3d c6 c6 ae 07 00 0f 84 ba 01 00 00 48 8b 3c 24 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 c7 04 03 00 00 [ 1288.584965] Kernel panic - not syncing: hung_task: blocked tasks [ 1288.923453] CPU: 1 PID: 1534 Comm: khungtaskd Not tainted 4.14.259-syzkaller #0 [ 1288.930977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1288.940389] Call Trace: [ 1288.942954] dump_stack+0x1b2/0x281 [ 1288.946554] panic+0x1f9/0x42d [ 1288.949721] ? add_taint.cold+0x16/0x16 [ 1288.953675] watchdog+0x5ca/0xb40 [ 1288.957100] ? hungtask_pm_notify+0x50/0x50 [ 1288.961396] kthread+0x30d/0x420 [ 1288.964736] ? kthread_create_on_node+0xd0/0xd0 [ 1288.969386] ret_from_fork+0x24/0x30 [ 1288.973416] Kernel Offset: disabled [ 1288.977030] Rebooting in 86400 seconds..