Warning: Permanently added '10.128.0.156' (ECDSA) to the list of known hosts. [ 907.663707] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program [ 907.782622] audit: type=1400 audit(1576516139.082:36): avc: denied { map } for pid=7233 comm="syz-executor433" path="/root/syz-executor433312727" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 1144.800238] INFO: task syz-executor433:7240 blocked for more than 140 seconds. [ 1144.800248] Not tainted 4.14.158-syzkaller #0 [ 1144.800251] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.800256] syz-executor433 D28528 7240 7239 0x00000004 [ 1144.800335] Call Trace: [ 1144.800453] __schedule+0x7b8/0x1cd0 [ 1144.800467] ? firmware_map_remove+0x196/0x196 [ 1144.800560] ? __lock_acquire+0x5f7/0x4620 [ 1144.800572] schedule+0x92/0x1c0 [ 1144.800580] schedule_timeout+0x93b/0xe10 [ 1144.800587] ? __down+0x158/0x290 [ 1144.800597] ? find_held_lock+0x35/0x130 [ 1144.800604] ? usleep_range+0x130/0x130 [ 1144.800610] ? __down+0x158/0x290 [ 1144.800619] ? save_trace+0x290/0x290 [ 1144.800631] ? _raw_spin_unlock_irq+0x28/0x90 [ 1144.800640] ? trace_hardirqs_on_caller+0x400/0x590 [ 1144.800651] __down+0x160/0x290 [ 1144.800660] ? ww_mutex_lock+0xc0/0xc0 [ 1144.800675] down+0x64/0x90 [ 1144.800723] console_lock+0x28/0x80 [ 1144.800774] do_fb_ioctl+0x36a/0x940 [ 1144.800782] ? lock_downgrade+0x740/0x740 [ 1144.800790] ? fb_read+0x520/0x520 [ 1144.800836] ? avc_has_extended_perms+0x8ec/0xe40 [ 1144.800844] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.800855] ? avc_ss_reset+0x110/0x110 [ 1144.800881] ? follow_pfn+0x220/0x220 [ 1144.800890] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.800900] ? do_wp_page+0x253/0x1250 [ 1144.800936] ? __might_sleep+0x93/0xb0 [ 1144.800943] ? save_trace+0x290/0x290 [ 1144.800954] fb_ioctl+0xe6/0x130 [ 1144.800962] ? do_fb_ioctl+0x940/0x940 [ 1144.801091] do_vfs_ioctl+0x7ae/0x1060 [ 1144.801100] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1144.801110] ? ioctl_preallocate+0x1c0/0x1c0 [ 1144.801118] ? lock_downgrade+0x740/0x740 [ 1144.801151] ? security_file_ioctl+0x7d/0xb0 [ 1144.801158] ? security_file_ioctl+0x89/0xb0 [ 1144.801168] SyS_ioctl+0x8f/0xc0 [ 1144.801176] ? do_vfs_ioctl+0x1060/0x1060 [ 1144.801237] do_syscall_64+0x1e8/0x640 [ 1144.801245] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1144.801258] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.801266] RIP: 0033:0x4414e9 [ 1144.801270] RSP: 002b:00007ffec2cbe898 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.801280] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004414e9 [ 1144.801285] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000005 [ 1144.801290] RBP: 00000000006cc018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.801295] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402260 [ 1144.801300] R13: 00000000004022f0 R14: 0000000000000000 R15: 0000000000000000 [ 1144.801319] INFO: task syz-executor433:7243 blocked for more than 140 seconds. [ 1144.801324] Not tainted 4.14.158-syzkaller #0 [ 1144.801327] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.801331] syz-executor433 D28528 7243 7238 0x00000004 [ 1144.801350] Call Trace: [ 1144.801361] __schedule+0x7b8/0x1cd0 [ 1144.801373] ? firmware_map_remove+0x196/0x196 [ 1144.801380] ? __lock_acquire+0x5f7/0x4620 [ 1144.801391] schedule+0x92/0x1c0 [ 1144.801399] schedule_timeout+0x93b/0xe10 [ 1144.801406] ? __down+0x158/0x290 [ 1144.801415] ? find_held_lock+0x35/0x130 [ 1144.801422] ? usleep_range+0x130/0x130 [ 1144.801428] ? __down+0x158/0x290 [ 1144.801437] ? save_trace+0x290/0x290 [ 1144.801448] ? _raw_spin_unlock_irq+0x28/0x90 [ 1144.801458] ? trace_hardirqs_on_caller+0x400/0x590 [ 1144.801468] __down+0x160/0x290 [ 1144.801477] ? ww_mutex_lock+0xc0/0xc0 [ 1144.801491] down+0x64/0x90 [ 1144.801500] console_lock+0x28/0x80 [ 1144.801506] do_fb_ioctl+0x36a/0x940 [ 1144.801514] ? lock_downgrade+0x740/0x740 [ 1144.801521] ? fb_read+0x520/0x520 [ 1144.801532] ? avc_has_extended_perms+0x8ec/0xe40 [ 1144.801539] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.801550] ? avc_ss_reset+0x110/0x110 [ 1144.801562] ? follow_pfn+0x220/0x220 [ 1144.801570] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.801580] ? do_wp_page+0x253/0x1250 [ 1144.801598] ? __might_sleep+0x93/0xb0 [ 1144.801605] ? save_trace+0x290/0x290 [ 1144.801616] fb_ioctl+0xe6/0x130 [ 1144.801624] ? do_fb_ioctl+0x940/0x940 [ 1144.801631] do_vfs_ioctl+0x7ae/0x1060 [ 1144.801640] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1144.801649] ? ioctl_preallocate+0x1c0/0x1c0 [ 1144.801657] ? lock_downgrade+0x740/0x740 [ 1144.801672] ? security_file_ioctl+0x7d/0xb0 [ 1144.801679] ? security_file_ioctl+0x89/0xb0 [ 1144.801689] SyS_ioctl+0x8f/0xc0 [ 1144.801697] ? do_vfs_ioctl+0x1060/0x1060 [ 1144.801707] do_syscall_64+0x1e8/0x640 [ 1144.801714] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1144.801727] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.801732] RIP: 0033:0x4414e9 [ 1144.801736] RSP: 002b:00007ffec2cbe898 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.801745] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004414e9 [ 1144.801749] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000005 [ 1144.801754] RBP: 00000000006cc018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.801759] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402260 [ 1144.801764] R13: 00000000004022f0 R14: 0000000000000000 R15: 0000000000000000 [ 1144.801781] [ 1144.801781] Showing all locks held in the system: [ 1144.801791] 1 lock held by khungtaskd/1044: [ 1144.801795] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7f/0x21f [ 1144.801830] 1 lock held by rsyslogd/7086: [ 1144.801833] #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0xab/0xd0 [ 1144.801854] 2 locks held by getty/7208: [ 1144.801857] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.801872] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 1144.801937] 2 locks held by getty/7209: [ 1144.801940] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.801957] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 1144.801982] 2 locks held by getty/7210: [ 1144.801985] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.802002] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 1144.802022] 2 locks held by getty/7211: [ 1144.802025] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.802042] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 1144.802062] 2 locks held by getty/7212: [ 1144.802064] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.802082] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 1144.802101] 2 locks held by getty/7213: [ 1144.802104] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.802121] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 1144.802141] 2 locks held by getty/7214: [ 1144.802144] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1144.802161] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 1144.802182] 1 lock held by syz-executor433/7241: [ 1144.802185] #0: (&fb_info->lock){+.+.}, at: [] fb_release+0x55/0x150 [ 1144.802204] 1 lock held by syz-executor433/7244: [ 1144.802207] #0: (&fb_info->lock){+.+.}, at: [] fb_release+0x55/0x150 [ 1144.802225] 1 lock held by syz-executor433/7245: [ 1144.802228] #0: (&fb_info->lock){+.+.}, at: [] fb_open+0xb7/0x420 [ 1144.802244] [ 1144.802247] ============================================= [ 1144.802247] [ 1144.802254] NMI backtrace for cpu 0 [ 1144.802262] CPU: 0 PID: 1044 Comm: khungtaskd Not tainted 4.14.158-syzkaller #0 [ 1144.802266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.802269] Call Trace: [ 1144.802296] dump_stack+0x142/0x197 [ 1144.802326] nmi_cpu_backtrace.cold+0x57/0x94 [ 1144.802378] ? irq_force_complete_move.cold+0x7d/0x7d [ 1144.802387] nmi_trigger_cpumask_backtrace+0x141/0x189 [ 1144.802398] arch_trigger_cpumask_backtrace+0x14/0x20 [ 1144.802425] watchdog+0x5e7/0xb90 [ 1144.802457] kthread+0x319/0x430 [ 1144.802464] ? hungtask_pm_notify+0x50/0x50 [ 1144.802471] ? kthread_create_on_node+0xd0/0xd0 [ 1144.802480] ret_from_fork+0x24/0x30 [ 1144.802496] Sending NMI from CPU 0 to CPUs 1: [ 1144.803070] NMI backtrace for cpu 1 [ 1144.803074] CPU: 1 PID: 7242 Comm: syz-executor433 Not tainted 4.14.158-syzkaller #0 [ 1144.803078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.803081] task: ffff8880a5114100 task.stack: ffff888092d20000 [ 1144.803083] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 [ 1144.803086] RSP: 0018:ffff888092d27208 EFLAGS: 00000206 [ 1144.803090] RAX: ffff8880000a00b8 RBX: 0000000000000050 RCX: 0000000000000000 [ 1144.803093] RDX: 0000000000000000 RSI: ffff8880000a0000 RDI: 0000000000000040 [ 1144.803096] RBP: ffff888092d27248 R08: 0000000000001400 R09: 0000000000000040 [ 1144.803099] R10: ffffed1043235e4b R11: ffff8882191af25f R12: ffff8880000a0280 [ 1144.803102] R13: 0000000000000000 R14: ffff8880000a00c0 R15: 0000000000000000 [ 1144.803105] FS: 0000000001e66880(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000 [ 1144.803107] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1144.803111] CR2: 00007ffec2cbe898 CR3: 0000000092ec1000 CR4: 00000000001406e0 [ 1144.803113] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1144.803116] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1144.803118] Call Trace: [ 1144.803120] ? bitfill_aligned+0xdc/0x190 [ 1144.803122] cfb_fillrect+0x3d0/0x720 [ 1144.803124] ? cfb_fillrect+0x720/0x720 [ 1144.803126] vga16fb_fillrect+0x618/0x1880 [ 1144.803128] ? memcpy+0x46/0x50 [ 1144.803129] bit_clear_margins+0x2d5/0x4f0 [ 1144.803131] ? bit_bmove+0x240/0x240 [ 1144.803134] ? efifb_probe.cold+0x1379/0x1379 [ 1144.803136] fbcon_clear_margins+0x292/0x320 [ 1144.803138] fbcon_switch+0xd38/0x1820 [ 1144.803140] ? fbcon_set_def_font+0x360/0x360 [ 1144.803142] ? fbcon_set_origin+0x21/0x50 [ 1144.803144] ? fbcon_scrolldelta+0x1100/0x1100 [ 1144.803146] ? set_origin+0x108/0x3c0 [ 1144.803148] redraw_screen+0x335/0x7c0 [ 1144.803150] ? con_flush_chars+0x90/0x90 [ 1144.803153] ? fbcon_set_palette+0x203/0x5b0 [ 1144.803155] fbcon_modechanged+0x59e/0x880 [ 1144.803157] fbcon_set_all_vcs+0x35f/0x420 [ 1144.803159] fbcon_event_notify+0x75/0x17af [ 1144.803161] ? lock_acquire+0x16f/0x430 [ 1144.803163] notifier_call_chain+0x111/0x1b0 [ 1144.803166] blocking_notifier_call_chain+0x80/0xa0 [ 1144.803168] fb_notifier_call_chain+0x25/0x30 [ 1144.803170] fb_set_var+0xb09/0xcf0 [ 1144.803172] ? fb_set_suspend+0x110/0x110 [ 1144.803174] ? debug_smp_processor_id+0x1c/0x20 [ 1144.803176] ? __mutex_lock+0x36a/0x1470 [ 1144.803178] ? trace_hardirqs_on+0x10/0x10 [ 1144.803180] ? lock_acquire+0x16f/0x430 [ 1144.803182] ? __down+0x16b/0x290 [ 1144.803184] ? mutex_trylock+0x1c0/0x1c0 [ 1144.803185] ? down+0x70/0x90 [ 1144.803188] ? mutex_lock_nested+0x16/0x20 [ 1144.803190] ? mutex_lock_nested+0x16/0x20 [ 1144.803192] do_fb_ioctl+0x3cc/0x940 [ 1144.803194] ? fb_read+0x520/0x520 [ 1144.803196] ? avc_has_extended_perms+0x8ec/0xe40 [ 1144.803198] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.803200] ? avc_ss_reset+0x110/0x110 [ 1144.803202] ? follow_pfn+0x220/0x220 [ 1144.803204] ? do_raw_spin_unlock+0x16b/0x260 [ 1144.803206] ? do_wp_page+0x253/0x1250 [ 1144.803207] ? __might_sleep+0x93/0xb0 [ 1144.803209] ? save_trace+0x290/0x290 [ 1144.803211] fb_ioctl+0xe6/0x130 [ 1144.803213] ? do_fb_ioctl+0x940/0x940 [ 1144.803215] do_vfs_ioctl+0x7ae/0x1060 [ 1144.803217] ? selinux_file_mprotect+0x5d0/0x5d0 [ 1144.803219] ? ioctl_preallocate+0x1c0/0x1c0 [ 1144.803222] ? lock_downgrade+0x740/0x740 [ 1144.803224] ? security_file_ioctl+0x7d/0xb0 [ 1144.803226] ? security_file_ioctl+0x89/0xb0 [ 1144.803228] SyS_ioctl+0x8f/0xc0 [ 1144.803230] ? do_vfs_ioctl+0x1060/0x1060 [ 1144.803232] do_syscall_64+0x1e8/0x640 [ 1144.803234] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1144.803237] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1144.803239] RIP: 0033:0x4414e9 [ 1144.803241] RSP: 002b:00007ffec2cbe898 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1144.803246] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004414e9 [ 1144.803249] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000005 [ 1144.803251] RBP: 00000000006cc018 R08: 00000000004002c8 R09: 00000000004002c8 [ 1144.803260] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402260 [ 1144.803264] R13: 00000000004022f0 R14: 0000000000000000 R15: 0000000000000000 [ 1144.803265] Code: 00 00 48 c7 c7 20 cd cd 86 4c 89 35 ab e8 4b 08 41 be f4 ff ff ff e8 43 34 ee ff 48 c7 05 95 e8 4b 08 00 00 00 00 e9 14 ec ff ff <65> 48 8b 04 25 40 ee 01 00 48 85 c0 74 1a 65 8b 15 8b 9e a4 7e [ 1144.803511] Kernel panic - not syncing: hung_task: blocked tasks [ 1144.803518] CPU: 0 PID: 1044 Comm: khungtaskd Not tainted 4.14.158-syzkaller #0 [ 1144.803522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.803524] Call Trace: [ 1144.803532] dump_stack+0x142/0x197 [ 1144.803567] panic+0x1f9/0x42d [ 1144.803574] ? add_taint.cold+0x16/0x16 [ 1144.803585] ? irq_force_complete_move.cold+0x7d/0x7d [ 1144.803597] watchdog+0x5f8/0xb90 [ 1144.803611] kthread+0x319/0x430 [ 1144.803618] ? hungtask_pm_notify+0x50/0x50 [ 1144.803624] ? kthread_create_on_node+0xd0/0xd0 [ 1144.803633] ret_from_fork+0x24/0x30 [ 1144.805646] Kernel Offset: disabled