[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.61' (ECDSA) to the list of known hosts. syzkaller login: [ 1213.882294] IPVS: ftp: loaded support on port[0] = 21 [ 1213.884685] IPVS: ftp: loaded support on port[0] = 21 [ 1213.891656] IPVS: ftp: loaded support on port[0] = 21 [ 1213.903040] IPVS: ftp: loaded support on port[0] = 21 [ 1213.922177] IPVS: ftp: loaded support on port[0] = 21 [ 1213.932844] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program executing program [ 1214.230170] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 1214.253224] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 1214.256266] REISERFS (device loop1): using ordered data mode [ 1214.269554] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 1214.274862] REISERFS (device loop3): using ordered data mode [ 1214.292078] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal [ 1214.294554] REISERFS (device loop4): using ordered data mode [ 1214.311390] reiserfs: using flush barriers [ 1214.312312] reiserfs: using flush barriers [ 1214.322745] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 1214.332321] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 1214.339618] reiserfs: using flush barriers [ 1214.345145] REISERFS warning (device loop1): sh-460 journal_init: journal header magic 0 (device loop1) does not match to magic found in super block 49ad1c61 [ 1214.345523] REISERFS warning (device loop3): sh-460 journal_init: journal header magic 0 (device loop3) does not match to magic found in super block 49ad1c61 [ 1214.359805] REISERFS (device loop0): using ordered data mode [ 1214.380604] REISERFS (device loop5): using ordered data mode [ 1214.386175] REISERFS (device loop2): using ordered data mode [ 1214.387378] reiserfs: using flush barriers [ 1214.396727] REISERFS warning (device loop4): sh-460 journal_init: journal header magic 0 (device loop4) does not match to magic found in super block 49ad1c61 [ 1214.412599] reiserfs: using flush barriers [ 1214.417213] REISERFS warning (device loop1): sh-2022 reiserfs_fill_super: unable to initialize journal space [ 1214.428561] REISERFS warning (device loop5): sh-460 journal_init: journal header magic 0 (device loop5) does not match to magic found in super block 49ad1c61 [ 1214.443157] REISERFS warning (device loop2): sh-460 journal_init: journal header magic 0 (device loop2) does not match to magic found in super block 49ad1c61 [ 1214.443764] REISERFS warning (device loop4): sh-2022 reiserfs_fill_super: unable to initialize journal space [ 1214.472940] reiserfs: using flush barriers executing program [ 1214.509694] REISERFS warning (device loop5): sh-2022 reiserfs_fill_super: unable to initialize journal space [ 1214.524512] REISERFS warning (device loop3): sh-2022 reiserfs_fill_super: unable to initialize journal space [ 1214.537014] REISERFS warning (device loop2): sh-2022 reiserfs_fill_super: unable to initialize journal space [ 1214.547164] REISERFS warning (device loop0): sh-460 journal_init: journal header magic 0 (device loop0) does not match to magic found in super block 49ad1c61 executing program [ 1215.856046] Bluetooth: hci1: command 0x0409 tx timeout [ 1215.861736] Bluetooth: hci4: command 0x0409 tx timeout [ 1215.867180] Bluetooth: hci3: command 0x0409 tx timeout [ 1215.935557] Bluetooth: hci5: command 0x0409 tx timeout [ 1215.941021] Bluetooth: hci2: command 0x0409 tx timeout [ 1215.947426] Bluetooth: hci0: command 0x0409 tx timeout [ 1217.935318] Bluetooth: hci3: command 0x041b tx timeout [ 1217.940770] Bluetooth: hci4: command 0x041b tx timeout [ 1217.946905] Bluetooth: hci1: command 0x041b tx timeout [ 1218.015369] Bluetooth: hci0: command 0x041b tx timeout [ 1218.020769] Bluetooth: hci2: command 0x041b tx timeout [ 1218.026873] Bluetooth: hci5: command 0x041b tx timeout [ 1220.015156] Bluetooth: hci3: command 0x040f tx timeout [ 1220.015229] Bluetooth: hci1: command 0x040f tx timeout [ 1220.025958] Bluetooth: hci4: command 0x040f tx timeout [ 1220.095278] Bluetooth: hci5: command 0x040f tx timeout [ 1220.095313] Bluetooth: hci2: command 0x040f tx timeout [ 1220.095327] Bluetooth: hci0: command 0x040f tx timeout [ 1222.095011] Bluetooth: hci4: command 0x0419 tx timeout [ 1222.100448] Bluetooth: hci1: command 0x0419 tx timeout [ 1222.105845] Bluetooth: hci3: command 0x0419 tx timeout [ 1222.175011] Bluetooth: hci5: command 0x0419 tx timeout [ 1222.175038] Bluetooth: hci0: command 0x0419 tx timeout [ 1222.185710] Bluetooth: hci2: command 0x0419 tx timeout [ 1339.284060] Bluetooth: hci3: command 0x0406 tx timeout [ 1339.284066] Bluetooth: hci4: command 0x0406 tx timeout [ 1339.284099] Bluetooth: hci0: command 0x0406 tx timeout [ 1339.289726] Bluetooth: hci1: command 0x0406 tx timeout [ 1339.297571] Bluetooth: hci2: command 0x0406 tx timeout [ 1339.300314] Bluetooth: hci5: command 0x0406 tx timeout [ 1375.600954] INFO: task syz-executor478:8302 blocked for more than 140 seconds. [ 1375.608470] Not tainted 4.19.158-syzkaller #0 [ 1375.613674] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1375.621778] syz-executor478 D27960 8302 8128 0x00000004 [ 1375.627449] Call Trace: [ 1375.630155] __schedule+0x887/0x2040 [ 1375.633912] ? io_schedule_timeout+0x140/0x140 [ 1375.638586] ? lock_downgrade+0x720/0x720 [ 1375.642795] ? __mutex_lock+0x458/0x1260 [ 1375.646855] schedule+0x8d/0x1b0 [ 1375.650204] schedule_preempt_disabled+0xf/0x20 [ 1375.655019] __mutex_lock+0x647/0x1260 [ 1375.659094] ? blkdev_put+0x30/0x520 [ 1375.662881] ? __mutex_add_waiter+0x160/0x160 [ 1375.667376] ? lock_downgrade+0x720/0x720 [ 1375.671643] ? locks_remove_file+0x286/0x450 [ 1375.676051] ? locks_check_ctx_file_list+0x1d/0x110 [ 1375.681139] ? _raw_spin_unlock+0x29/0x40 [ 1375.685281] ? locks_remove_file+0x2cd/0x450 [ 1375.689672] ? blkdev_put+0x520/0x520 [ 1375.693669] blkdev_put+0x30/0x520 [ 1375.697205] ? blkdev_put+0x520/0x520 [ 1375.701064] blkdev_close+0x86/0xb0 [ 1375.704742] __fput+0x2ce/0x890 [ 1375.708088] task_work_run+0x148/0x1c0 [ 1375.712108] exit_to_usermode_loop+0x251/0x2a0 [ 1375.716692] do_syscall_64+0x538/0x620 [ 1375.720563] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1375.725826] RIP: 0033:0x4078a1 [ 1375.729038] Code: Bad RIP value. [ 1375.732463] RSP: 002b:00007ffd8ae00e20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1375.740195] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004078a1 [ 1375.747562] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003 [ 1375.754910] RBP: 0000000000000000 R08: 00007ffd8ae00cc0 R09: 0000000000000000 [ 1375.762241] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1375.769498] R13: 0000000001fb8914 R14: 0000000000000000 R15: 0000000000000000 [ 1375.776855] INFO: task syz-executor478:8319 blocked for more than 140 seconds. [ 1375.784284] Not tainted 4.19.158-syzkaller #0 [ 1375.789278] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1375.797273] syz-executor478 D27960 8319 8130 0x00000004 [ 1375.802974] Call Trace: [ 1375.805660] __schedule+0x887/0x2040 [ 1375.809354] ? io_schedule_timeout+0x140/0x140 [ 1375.813963] ? lock_downgrade+0x720/0x720 [ 1375.818131] ? __mutex_lock+0x458/0x1260 [ 1375.822254] schedule+0x8d/0x1b0 [ 1375.825614] schedule_preempt_disabled+0xf/0x20 [ 1375.830277] __mutex_lock+0x647/0x1260 [ 1375.834243] ? blkdev_put+0x30/0x520 [ 1375.837957] ? __mutex_add_waiter+0x160/0x160 [ 1375.842522] ? lock_downgrade+0x720/0x720 [ 1375.846767] ? locks_remove_file+0x286/0x450 [ 1375.851234] ? locks_check_ctx_file_list+0x1d/0x110 [ 1375.856255] ? _raw_spin_unlock+0x29/0x40 [ 1375.860383] ? locks_remove_file+0x2cd/0x450 [ 1375.864864] ? blkdev_put+0x520/0x520 [ 1375.868674] blkdev_put+0x30/0x520 [ 1375.872256] ? blkdev_put+0x520/0x520 [ 1375.876054] blkdev_close+0x86/0xb0 [ 1375.879661] __fput+0x2ce/0x890 [ 1375.883016] task_work_run+0x148/0x1c0 [ 1375.886902] exit_to_usermode_loop+0x251/0x2a0 [ 1375.891532] do_syscall_64+0x538/0x620 [ 1375.895421] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1375.900590] RIP: 0033:0x4078a1 [ 1375.903987] Code: Bad RIP value. [ 1375.907342] RSP: 002b:00007ffd8ae00e20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1375.915115] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004078a1 [ 1375.922509] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003 [ 1375.929765] RBP: 0000000000000000 R08: 00007ffd8ae00cc0 R09: 0000000000000000 [ 1375.937084] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1375.944439] R13: 0000000001fb8914 R14: 0000000000000000 R15: 0000000000000000 [ 1375.951792] INFO: task syz-executor478:8323 blocked for more than 140 seconds. [ 1375.959142] Not tainted 4.19.158-syzkaller #0 [ 1375.964234] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1375.972249] syz-executor478 D27288 8323 8131 0x00000004 [ 1375.977870] Call Trace: [ 1375.980444] __schedule+0x887/0x2040 [ 1375.984226] ? io_schedule_timeout+0x140/0x140 [ 1375.988833] ? lock_downgrade+0x720/0x720 [ 1375.993030] ? __mutex_lock+0x458/0x1260 [ 1375.997092] schedule+0x8d/0x1b0 [ 1376.000440] schedule_preempt_disabled+0xf/0x20 [ 1376.005176] __mutex_lock+0x647/0x1260 [ 1376.009086] ? blkdev_put+0x30/0x520 [ 1376.012849] ? __mutex_add_waiter+0x160/0x160 [ 1376.017345] ? lock_downgrade+0x720/0x720 [ 1376.021573] ? locks_remove_file+0x286/0x450 [ 1376.025974] ? locks_check_ctx_file_list+0x1d/0x110 [ 1376.031044] ? _raw_spin_unlock+0x29/0x40 [ 1376.035204] ? locks_remove_file+0x2cd/0x450 [ 1376.039608] ? blkdev_put+0x520/0x520 [ 1376.043484] blkdev_put+0x30/0x520 [ 1376.047020] ? blkdev_put+0x520/0x520 [ 1376.050855] blkdev_close+0x86/0xb0 [ 1376.054490] __fput+0x2ce/0x890 [ 1376.057755] task_work_run+0x148/0x1c0 [ 1376.061719] exit_to_usermode_loop+0x251/0x2a0 [ 1376.066297] do_syscall_64+0x538/0x620 [ 1376.070166] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1376.075391] RIP: 0033:0x4078a1 [ 1376.078595] Code: Bad RIP value. [ 1376.082543] RSP: 002b:00007ffd8ae00e20 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1376.090259] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004078a1 [ 1376.097583] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003 [ 1376.104937] RBP: 0000000000000000 R08: 00007ffd8ae00cc0 R09: 0000000000000000 [ 1376.112387] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1376.119652] R13: 0000000001fb8914 R14: 0000000000000000 R15: 0000000000000000 [ 1376.127028] INFO: task syz-executor478:8324 blocked for more than 140 seconds. [ 1376.134454] Not tainted 4.19.158-syzkaller #0 [ 1376.139458] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1376.147479] syz-executor478 D27960 8324 8126 0x00000004 [ 1376.153162] Call Trace: [ 1376.155772] __schedule+0x887/0x2040 [ 1376.159472] ? io_schedule_timeout+0x140/0x140 [ 1376.164119] ? lock_downgrade+0x720/0x720 [ 1376.168281] ? __mutex_lock+0x458/0x1260 [ 1376.172392] schedule+0x8d/0x1b0 [ 1376.175758] schedule_preempt_disabled+0xf/0x20 [ 1376.180414] __mutex_lock+0x647/0x1260 [ 1376.184380] ? __blkdev_put+0xfc/0x870 [ 1376.188259] ? __mutex_add_waiter+0x160/0x160 [ 1376.192853] ? migrate_swap_stop+0x900/0x900 [ 1376.197262] ? __mutex_unlock_slowpath+0x30e/0x610 [ 1376.202275] __blkdev_put+0xfc/0x870 [ 1376.205991] ? fsync_bdev+0xc0/0xc0 [ 1376.209603] ? mark_held_locks+0xa6/0xf0 [ 1376.213710] ? blkdev_put+0x85/0x520 [ 1376.217484] free_journal_ram+0x44b/0x600 [ 1376.221962] journal_init+0x3f2/0x6020 [ 1376.225910] ? wake_up_klogd.part.0+0x8c/0xc0 [ 1376.230399] ? vprintk_emit+0x1d0/0x740 [ 1376.234432] ? vprintk_func+0x81/0x17e [ 1376.238325] ? journal_release_error+0x90/0x90 [ 1376.242971] ? printk+0xba/0xed [ 1376.246251] ? log_store.cold+0x16/0x16 [ 1376.250270] ? reiserfs_fill_super.cold+0x5/0x1c [ 1376.255084] reiserfs_fill_super+0xac5/0x2ce4 [ 1376.259580] ? reiserfs_remount+0x1540/0x1540 [ 1376.264143] ? lock_downgrade+0x720/0x720 [ 1376.268297] ? snprintf+0xbb/0xf0 [ 1376.271804] ? vsprintf+0x30/0x30 [ 1376.275280] ? wait_for_completion_io+0x10/0x10 [ 1376.279949] mount_bdev+0x2fc/0x3b0 [ 1376.283661] ? reiserfs_remount+0x1540/0x1540 [ 1376.288160] mount_fs+0xa3/0x30c [ 1376.291629] vfs_kern_mount.part.0+0x68/0x470 [ 1376.296130] do_mount+0x113c/0x2f10 [ 1376.299755] ? lock_acquire+0x170/0x3c0 [ 1376.303896] ? check_preemption_disabled+0x41/0x280 [ 1376.308935] ? copy_mount_string+0x40/0x40 [ 1376.313225] ? copy_mount_options+0x59/0x380 [ 1376.317708] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1376.323082] ? kmem_cache_alloc_trace+0x323/0x380 [ 1376.327950] ? copy_mount_options+0x26f/0x380 [ 1376.332526] ksys_mount+0xcf/0x130 [ 1376.336073] __x64_sys_mount+0xba/0x150 [ 1376.340040] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 1376.344699] do_syscall_64+0xf9/0x620 [ 1376.348521] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1376.353879] RIP: 0033:0x44f1ea [ 1376.357075] Code: Bad RIP value. [ 1376.360418] RSP: 002b:00007ffd8ae00c68 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5 [ 1376.368259] RAX: ffffffffffffffda RBX: 00007ffd8ae00cc0 RCX: 000000000044f1ea [ 1376.375587] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd8ae00c80 [ 1376.382933] RBP: 0000000000000005 R08: 00007ffd8ae00cc0 R09: 0000000000000000 [ 1376.390192] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000004 [ 1376.397503] R13: 00007ffd8ae00c80 R14: 0000000000000000 R15: 00000000200002a0 [ 1376.404879] INFO: task systemd-udevd:8340 blocked for more than 140 seconds. [ 1376.412109] Not tainted 4.19.158-syzkaller #0 [ 1376.417163] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1376.425201] systemd-udevd D27760 8340 4695 0x00000100 [ 1376.430884] Call Trace: [ 1376.433494] __schedule+0x887/0x2040 [ 1376.437227] ? io_schedule_timeout+0x140/0x140 [ 1376.441887] ? lock_downgrade+0x720/0x720 [ 1376.446034] ? __mutex_lock+0x458/0x1260 [ 1376.450078] schedule+0x8d/0x1b0 [ 1376.453539] schedule_preempt_disabled+0xf/0x20 [ 1376.458212] __mutex_lock+0x647/0x1260 [ 1376.462170] ? blkdev_put+0x30/0x520 [ 1376.465874] ? __mutex_add_waiter+0x160/0x160 [ 1376.470471] ? lock_downgrade+0x720/0x720 [ 1376.474655] ? locks_remove_file+0x286/0x450 [ 1376.479060] ? locks_check_ctx_file_list+0x1d/0x110 [ 1376.484145] ? _raw_spin_unlock+0x29/0x40 [ 1376.488350] ? locks_remove_file+0x2cd/0x450 [ 1376.492800] ? blkdev_put+0x520/0x520 [ 1376.496701] blkdev_put+0x30/0x520 [ 1376.500220] ? blkdev_put+0x520/0x520 [ 1376.504083] blkdev_close+0x86/0xb0 [ 1376.507720] __fput+0x2ce/0x890 [ 1376.511051] task_work_run+0x148/0x1c0 [ 1376.514962] exit_to_usermode_loop+0x251/0x2a0 [ 1376.519542] do_syscall_64+0x538/0x620 [ 1376.523513] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1376.528811] RIP: 0033:0x7fe98cf02270 [ 1376.532725] Code: Bad RIP value. [ 1376.536081] RSP: 002b:00007ffc403a1a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 1376.543878] RAX: 0000000000000000 RBX: 000000000000000f RCX: 00007fe98cf02270 [ 1376.551199] RDX: 00007fe98ceecb58 RSI: 0000000000000000 RDI: 000000000000000f [ 1376.558725] RBP: 00007fe98ddbb710 R08: 000055570224ae90 R09: 0000000000000000 [ 1376.566066] R10: 0000000000000116 R11: 0000000000000246 R12: 0000000000000002 [ 1376.573391] R13: 00007ffc403a1a88 R14: 0000555702245a50 R15: 000000000000000f [ 1376.580796] INFO: task syz-executor478:8342 blocked for more than 140 seconds. [ 1376.588227] Not tainted 4.19.158-syzkaller #0 [ 1376.593330] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1376.601374] syz-executor478 D28304 8342 8132 0x00000004 [ 1376.606991] Call Trace: [ 1376.609606] __schedule+0x887/0x2040 [ 1376.613407] ? io_schedule_timeout+0x140/0x140 [ 1376.617993] ? mark_held_locks+0xa6/0xf0 [ 1376.622226] ? rwsem_down_read_failed+0x20a/0x390 [ 1376.627062] schedule+0x8d/0x1b0 [ 1376.630409] rwsem_down_read_failed+0x20a/0x390 [ 1376.635137] ? rt_mutex_futex_unlock+0xf0/0xf0 [ 1376.639730] call_rwsem_down_read_failed+0x14/0x30 [ 1376.644788] ? __lock_acquire+0x2853/0x3ff0 [ 1376.649146] down_read+0x44/0x80 [ 1376.652553] ? __get_super.part.0+0x209/0x2e0 [ 1376.657055] __get_super.part.0+0x209/0x2e0 [ 1376.661437] get_super+0x2b/0x50 [ 1376.664797] fsync_bdev+0x14/0xc0 [ 1376.668325] invalidate_partition+0x74/0xb0 [ 1376.672707] drop_partitions.isra.0+0x9c/0x190 [ 1376.677309] ? delete_partition+0x1d0/0x1d0 [ 1376.681691] ? __mutex_lock+0x3a8/0x1260 [ 1376.685817] ? apparmor_capable+0x147/0x750 [ 1376.690137] rescan_partitions+0xab/0x970 [ 1376.694383] __blkdev_reread_part+0x189/0x220 [ 1376.698883] blkdev_reread_part+0x23/0x40 [ 1376.703183] loop_set_status+0x103e/0x1800 [ 1376.707446] loop_set_status_old+0x1bb/0x250 [ 1376.711911] ? loop_set_status_compat+0x100/0x100 [ 1376.716812] ? cpumask_any_but+0xf9/0x130 [ 1376.721096] ? security_capable+0x8f/0xc0 [ 1376.725340] lo_ioctl+0x3b5/0x20e0 [ 1376.728962] ? clear_subpage.constprop.0+0x100/0x100 [ 1376.734124] ? loop_set_status64+0x110/0x110 [ 1376.738538] blkdev_ioctl+0x5cb/0x1a7e [ 1376.742642] ? blkpg_ioctl+0x9d0/0x9d0 [ 1376.746631] ? do_wp_page+0x2dc/0x2210 [ 1376.750503] ? finish_mkwrite_fault+0x640/0x640 [ 1376.755218] ? __handle_mm_fault+0x15f6/0x41c0 [ 1376.759806] ? mark_held_locks+0xf0/0xf0 [ 1376.763961] block_ioctl+0xe9/0x130 [ 1376.767581] ? blkdev_fallocate+0x3f0/0x3f0 [ 1376.772079] do_vfs_ioctl+0xcdb/0x12e0 [ 1376.776102] ? ioctl_preallocate+0x200/0x200 [ 1376.780551] ? __do_page_fault+0x6d1/0xd60 [ 1376.784866] ? lock_downgrade+0x720/0x720 [ 1376.789015] ? up_read+0x17/0x110 [ 1376.792504] ? __do_page_fault+0x180/0xd60 [ 1376.796738] ksys_ioctl+0x9b/0xc0 [ 1376.800181] __x64_sys_ioctl+0x6f/0xb0 [ 1376.804126] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 1376.808721] do_syscall_64+0xf9/0x620 [ 1376.812574] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1376.817819] RIP: 0033:0x44c7b9 [ 1376.821096] Code: Bad RIP value. [ 1376.824453] RSP: 002b:00007ffd8ae00e08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1376.832200] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000044c7b9 [ 1376.839516] RDX: 0000000020000280 RSI: 0000000000004c02 RDI: 0000000000000003 [ 1376.846873] RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000000000 [ 1376.854370] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001 [ 1376.861711] R13: 0000000001fb8914 R14: 0000000000000000 R15: 0000000000000000 [ 1376.869003] INFO: task syz-executor478:8349 blocked for more than 140 seconds. [ 1376.876411] Not tainted 4.19.158-syzkaller #0 [ 1376.881521] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1376.889472] syz-executor478 D28640 8349 8129 0x00000004 [ 1376.895152] Call Trace: [ 1376.897737] __schedule+0x887/0x2040 [ 1376.901521] ? io_schedule_timeout+0x140/0x140 [ 1376.906097] ? lock_downgrade+0x720/0x720 [ 1376.910227] ? __mutex_lock+0x458/0x1260 [ 1376.914333] schedule+0x8d/0x1b0 [ 1376.917700] schedule_preempt_disabled+0xf/0x20 [ 1376.922468] __mutex_lock+0x647/0x1260 [ 1376.926366] ? unwind_get_return_address+0x51/0x90 [ 1376.931345] ? __blkdev_get+0x1d0/0x1480 [ 1376.935414] ? __mutex_add_waiter+0x160/0x160 [ 1376.939991] ? lock_downgrade+0x720/0x720 [ 1376.944210] ? lock_acquire+0x170/0x3c0 [ 1376.948193] ? get_gendisk+0x83/0x380 [ 1376.952201] ? disk_block_events+0x1d/0x130 [ 1376.956551] __blkdev_get+0x1d0/0x1480 [ 1376.960426] ? bdev_disk_changed+0x1b0/0x1b0 [ 1376.964960] ? mark_held_locks+0xf0/0xf0 [ 1376.969025] ? mark_held_locks+0xf0/0xf0 [ 1376.973137] blkdev_get+0xb0/0x940 [ 1376.976694] ? bd_acquire+0x245/0x440 [ 1376.980673] ? __blkdev_get+0x1480/0x1480 [ 1376.984835] ? lock_downgrade+0x720/0x720 [ 1376.988965] ? lock_acquire+0x170/0x3c0 [ 1376.992982] ? bd_acquire+0x21/0x440 [ 1376.996699] ? do_raw_spin_unlock+0x171/0x230 [ 1377.001266] blkdev_open+0x202/0x290 [ 1377.004982] do_dentry_open+0x4aa/0x1160 [ 1377.009031] ? blkdev_get_by_dev+0x70/0x70 [ 1377.013330] ? chown_common+0x550/0x550 [ 1377.017341] ? inode_permission+0x3d/0x140 [ 1377.021670] path_openat+0x793/0x2df0 [ 1377.025495] ? path_lookupat+0x8d0/0x8d0 [ 1377.029542] ? mark_held_locks+0xf0/0xf0 [ 1377.033674] do_filp_open+0x18c/0x3f0 [ 1377.037474] ? may_open_dev+0xf0/0xf0 [ 1377.041439] ? lock_downgrade+0x720/0x720 [ 1377.045591] ? lock_acquire+0x170/0x3c0 [ 1377.049546] ? __alloc_fd+0x34/0x570 [ 1377.053314] ? do_raw_spin_unlock+0x171/0x230 [ 1377.057818] ? _raw_spin_unlock+0x29/0x40 [ 1377.062035] ? __alloc_fd+0x28d/0x570 [ 1377.065832] do_sys_open+0x3b3/0x520 [ 1377.069545] ? filp_open+0x70/0x70 [ 1377.073133] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1377.078590] ? trace_hardirqs_off_caller+0x6e/0x210 [ 1377.083677] ? do_syscall_64+0x21/0x620 [ 1377.087678] do_syscall_64+0xf9/0x620 [ 1377.091606] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1377.096805] RIP: 0033:0x407901 [ 1377.100006] Code: Bad RIP value. [ 1377.103462] RSP: 002b:00007ffd8ae009d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1377.111253] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000407901 [ 1377.118518] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffd8ae009e0 [ 1377.125917] RBP: 000000000000000a R08: 000000000000000f R09: 0000000000000004 [ 1377.133245] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 1377.140510] R13: 0000000001fb8914 R14: 0000000000000000 R15: 0000000000000000 [ 1377.147869] [ 1377.147869] Showing all locks held in the system: [ 1377.154271] 1 lock held by khungtaskd/1567: [ 1377.158577] #0: 000000007cd16e38 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 [ 1377.167416] 1 lock held by in:imklog/7793: [ 1377.171714] 1 lock held by syz-executor478/8302: [ 1377.178467] #0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x30/0x520 [ 1377.186468] 1 lock held by syz-executor478/8319: [ 1377.191268] #0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x30/0x520 [ 1377.199160] 1 lock held by syz-executor478/8323: [ 1377.204028] #0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x30/0x520 [ 1377.212005] 2 locks held by syz-executor478/8324: [ 1377.216853] #0: 000000000fa14dc7 (&type->s_umount_key#22/1){+.+.}, at: sget_userns+0x20b/0xcd0 [ 1377.225768] #1: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: __blkdev_put+0xfc/0x870 [ 1377.233898] 1 lock held by systemd-udevd/8340: [ 1377.238487] #0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: blkdev_put+0x30/0x520 [ 1377.246456] 2 locks held by syz-executor478/8342: [ 1377.251359] #0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: blkdev_reread_part+0x1b/0x40 [ 1377.259867] #1: 000000000fa14dc7 (&type->s_umount_key#46){.+.+}, at: __get_super.part.0+0x209/0x2e0 [ 1377.269219] 1 lock held by syz-executor478/8349: [ 1377.274039] #0: 0000000091669f9b (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x1d0/0x1480 [ 1377.282372] [ 1377.283991] ============================================= [ 1377.283991] [ 1377.291068] NMI backtrace for cpu 0 [ 1377.294687] CPU: 0 PID: 1567 Comm: khungtaskd Not tainted 4.19.158-syzkaller #0 [ 1377.302114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1377.311447] Call Trace: [ 1377.314024] dump_stack+0x1fc/0x2fe [ 1377.317658] nmi_cpu_backtrace.cold+0x63/0xa2 [ 1377.322216] ? lapic_can_unplug_cpu.cold+0x39/0x39 [ 1377.327141] nmi_trigger_cpumask_backtrace+0x1a6/0x1eb [ 1377.332440] watchdog+0x991/0xe60 [ 1377.335879] ? reset_hung_task_detector+0x30/0x30 [ 1377.340704] kthread+0x33f/0x460 [ 1377.344074] ? kthread_park+0x180/0x180 [ 1377.348034] ret_from_fork+0x24/0x30 [ 1377.351895] Sending NMI from CPU 0 to CPUs 1: [ 1377.356964] NMI backtrace for cpu 1 [ 1377.356970] CPU: 1 PID: 4691 Comm: systemd-journal Not tainted 4.19.158-syzkaller #0 [ 1377.356976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1377.356979] RIP: 0010:check_memory_region+0xcb/0x170 [ 1377.356990] Code: 0e 80 38 00 74 f2 48 85 c0 0f 85 9c 00 00 00 5b 5d 41 5c c3 48 85 d2 74 f6 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 e8 80 38 00 <74> f2 eb d8 41 bc 08 00 00 00 48 89 ea 45 29 dc 4e 8d 5c 25 00 eb [ 1377.356993] RSP: 0018:ffff8880a0dbfac0 EFLAGS: 00000046 [ 1377.357000] RAX: fffffbfff19aaacf RBX: fffffbfff19aaad0 RCX: ffffffff814c4451 [ 1377.357005] RDX: fffffbfff19aaad0 RSI: 0000000000000004 RDI: ffffffff8cd55678 [ 1377.357010] RBP: fffffbfff19aaacf R08: 0000000000000001 R09: fffffbfff19aaacf [ 1377.357014] R10: ffffffff8cd5567b R11: 0000000000000000 R12: 0000000000000001 [ 1377.357019] R13: ffff8880a0db65c0 R14: ffffffff8d4114a0 R15: 0000000000000001 [ 1377.357024] FS: 00007f51375fc8c0(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 1377.357028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1377.357033] CR2: 00007f51349f7000 CR3: 00000000a181c000 CR4: 00000000001406e0 [ 1377.357037] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1377.357042] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1377.357045] Call Trace: [ 1377.357048] __lock_acquire+0x251/0x3ff0 [ 1377.357051] ? __kernel_text_address+0x9/0x30 [ 1377.357055] ? unwind_get_return_address+0x51/0x90 [ 1377.357059] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1377.357062] ? __save_stack_trace+0xaf/0x190 [ 1377.357066] ? check_preemption_disabled+0x41/0x280 [ 1377.357069] ? mark_held_locks+0xf0/0xf0 [ 1377.357072] ? trace_hardirqs_off+0x64/0x200 [ 1377.357076] ? __kasan_slab_free+0x186/0x1f0 [ 1377.357079] ? kmem_cache_free+0x7f/0x260 [ 1377.357082] ? putname+0xe1/0x120 [ 1377.357085] ? do_sys_open+0x2ba/0x520 [ 1377.357088] ? do_syscall_64+0xf9/0x620 [ 1377.357092] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1377.357095] ? __lock_acquire+0x6de/0x3ff0 [ 1377.357098] lock_acquire+0x170/0x3c0 [ 1377.357102] ? debug_check_no_obj_freed+0xb5/0x482 [ 1377.357105] _raw_spin_lock_irqsave+0x8c/0xc0 [ 1377.357108] ? debug_check_no_obj_freed+0xb5/0x482 [ 1377.357112] debug_check_no_obj_freed+0xb5/0x482 [ 1377.357115] kfree+0xb9/0x210 [ 1377.357118] apparmor_file_free_security+0x9a/0xd0 [ 1377.357122] security_file_free+0x3e/0x70 [ 1377.357124] __fput+0x42a/0x890 [ 1377.357128] ? _raw_spin_unlock_irq+0x24/0x80 [ 1377.357131] task_work_run+0x148/0x1c0 [ 1377.357134] exit_to_usermode_loop+0x251/0x2a0 [ 1377.357137] do_syscall_64+0x538/0x620 [ 1377.357141] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1377.357144] RIP: 0033:0x7f5136b8c840 [ 1377.357154] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24 [ 1377.357158] RSP: 002b:00007ffeff9c4858 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1377.357166] RAX: fffffffffffffffe RBX: 00007ffeff9c4b60 RCX: 00007f5136b8c840 [ 1377.357170] RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 000055bf2a2c56a0 [ 1377.357175] RBP: 000000000000000d R08: 000000000000c0ff R09: 00000000ffffffff [ 1377.357179] R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff [ 1377.357184] R13: 000055bf2a2b9040 R14: 00007ffeff9c4b20 R15: 000055bf2a2c62f0 [ 1377.357411] Kernel panic - not syncing: hung_task: blocked tasks [ 1377.682544] CPU: 0 PID: 1567 Comm: khungtaskd Not tainted 4.19.158-syzkaller #0 [ 1377.689992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1377.699347] Call Trace: [ 1377.701923] dump_stack+0x1fc/0x2fe [ 1377.705596] panic+0x26a/0x50e [ 1377.708770] ? __warn_printk+0xf3/0xf3 [ 1377.712639] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1377.717724] ? cpumask_next+0x3c/0x40 [ 1377.721507] ? printk_safe_flush+0xd6/0x120 [ 1377.725812] ? watchdog+0x991/0xe60 [ 1377.729420] ? nmi_trigger_cpumask_backtrace+0x15e/0x1eb [ 1377.734853] watchdog+0x9a2/0xe60 [ 1377.738298] ? reset_hung_task_detector+0x30/0x30 [ 1377.743135] kthread+0x33f/0x460 [ 1377.746498] ? kthread_park+0x180/0x180 [ 1377.750454] ret_from_fork+0x24/0x30 [ 1377.755090] Kernel Offset: disabled [ 1377.758728] Rebooting in 86400 seconds..