penBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.874239] random: sshd: uninitialized urandom read (32 bytes read) [ 37.142977] kauditd_printk_skb: 10 callbacks suppressed [ 37.142986] audit: type=1400 audit(1569143932.873:35): avc: denied { map } for pid=6913 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 37.195443] random: sshd: uninitialized urandom read (32 bytes read) [ 37.761116] random: sshd: uninitialized urandom read (32 bytes read) [ 699.065429] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.195' (ECDSA) to the list of known hosts. [ 704.559729] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 704.686014] audit: type=1400 audit(1569144600.413:36): avc: denied { map } for pid=6925 comm="syz-executor989" path="/root/syz-executor989696888" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 858.080316] INFO: task syz-executor989:6925 blocked for more than 140 seconds. [ 858.087831] Not tainted 4.14.146 #0 [ 858.092485] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 858.100625] syz-executor989 D28144 6925 6923 0x80000002 [ 858.106346] Call Trace: [ 858.109030] __schedule+0x7b8/0x1cd0 [ 858.112841] ? pci_mmcfg_check_reserved+0x150/0x150 [ 858.117874] ? trace_hardirqs_on+0x10/0x10 [ 858.122316] schedule+0x92/0x1c0 [ 858.125712] schedule_timeout+0x93b/0xe10 [ 858.129876] ? wait_for_completion+0x274/0x420 [ 858.134602] ? find_held_lock+0x35/0x130 [ 858.138670] ? usleep_range+0x130/0x130 [ 858.142994] ? _raw_spin_unlock_irq+0x28/0x90 [ 858.147602] ? trace_hardirqs_on_caller+0x400/0x590 [ 858.152691] wait_for_completion+0x27c/0x420 [ 858.157120] ? wait_for_completion_interruptible+0x490/0x490 [ 858.163072] ? wake_up_q+0xf0/0xf0 [ 858.166699] ucma_close+0xf0/0x310 [ 858.170295] ? ucma_free_ctx+0xa30/0xa30 [ 858.174370] __fput+0x275/0x7a0 [ 858.177637] ____fput+0x16/0x20 [ 858.180958] task_work_run+0x114/0x190 [ 858.185131] do_exit+0x7df/0x2c10 [ 858.188584] ? rw_verify_area+0xea/0x2b0 [ 858.192728] ? mm_update_next_owner+0x5d0/0x5d0 [ 858.197417] ? vfs_write+0x104/0x500 [ 858.201280] ? SyS_write+0x15e/0x230 [ 858.204993] do_group_exit+0x111/0x330 [ 858.208866] SyS_exit_group+0x1d/0x20 [ 858.212714] ? do_group_exit+0x330/0x330 [ 858.216776] do_syscall_64+0x1e8/0x640 [ 858.220725] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 858.225574] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 858.230819] RIP: 0033:0x43eee8 [ 858.234018] RSP: 002b:00007ffd3bcf1078 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 858.241801] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043eee8 [ 858.249092] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 858.256421] RBP: 00000000004be6e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 858.263730] R10: 0000000000401ba0 R11: 0000000000000246 R12: 0000000000000001 [ 858.271049] R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000 [ 858.278576] [ 858.278576] Showing all locks held in the system: [ 858.284972] 1 lock held by khungtaskd/1012: [ 858.289411] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7f/0x21f [ 858.298685] 2 locks held by getty/6903: [ 858.302689] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 858.311569] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 858.320966] 2 locks held by getty/6904: [ 858.324937] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 858.334095] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 858.343458] 2 locks held by getty/6905: [ 858.347500] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 858.356218] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 858.365563] 2 locks held by getty/6906: [ 858.369530] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 858.378251] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 858.387595] 2 locks held by getty/6907: [ 858.391607] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 858.400434] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 858.409750] 2 locks held by getty/6908: [ 858.413782] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 858.422522] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 858.431987] 2 locks held by getty/6909: [ 858.435965] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 858.444816] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 858.454277] [ 858.455892] ============================================= [ 858.455892] [ 858.463091] NMI backtrace for cpu 0 [ 858.466829] CPU: 0 PID: 1012 Comm: khungtaskd Not tainted 4.14.146 #0 [ 858.473403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 858.482756] Call Trace: [ 858.485391] dump_stack+0x138/0x197 [ 858.489005] nmi_cpu_backtrace.cold+0x57/0x94 [ 858.493496] ? irq_force_complete_move.cold+0x7d/0x7d [ 858.498854] nmi_trigger_cpumask_backtrace+0x141/0x189 [ 858.504118] arch_trigger_cpumask_backtrace+0x14/0x20 [ 858.509307] watchdog+0x5e7/0xb90 [ 858.512756] kthread+0x319/0x430 [ 858.516126] ? hungtask_pm_notify+0x50/0x50 [ 858.520430] ? kthread_create_on_node+0xd0/0xd0 [ 858.525174] ret_from_fork+0x24/0x30 [ 858.528972] Sending NMI from CPU 0 to CPUs 1: [ 858.533558] NMI backtrace for cpu 1 skipped: idling at pc 0xffffffff861c184e [ 858.534508] Kernel panic - not syncing: hung_task: blocked tasks [ 858.546907] CPU: 0 PID: 1012 Comm: khungtaskd Not tainted 4.14.146 #0 [ 858.553510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 858.562880] Call Trace: [ 858.565465] dump_stack+0x138/0x197 [ 858.569079] panic+0x1f2/0x426 [ 858.572254] ? add_taint.cold+0x16/0x16 [ 858.576227] ? irq_force_complete_move.cold+0x7d/0x7d [ 858.581402] watchdog+0x5f8/0xb90 [ 858.584841] kthread+0x319/0x430 [ 858.588326] ? hungtask_pm_notify+0x50/0x50 [ 858.592643] ? kthread_create_on_node+0xd0/0xd0 [ 858.597309] ret_from_fork+0x24/0x30 [ 858.602886] Kernel Offset: disabled [ 858.606535] Rebooting in 86400 seconds..