[ 35.757877] audit: type=1800 audit(1583801349.626:33): pid=7329 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 35.786153] audit: type=1800 audit(1583801349.626:34): pid=7329 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 38.065140] random: sshd: uninitialized urandom read (32 bytes read) [ 38.393233] audit: type=1400 audit(1583801352.266:35): avc: denied { map } for pid=7499 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.449561] random: sshd: uninitialized urandom read (32 bytes read) [ 39.250864] random: sshd: uninitialized urandom read (32 bytes read) [ 609.064500] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.53' (ECDSA) to the list of known hosts. [ 614.721029] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 614.846986] audit: type=1400 audit(1583801928.716:36): avc: denied { map } for pid=7511 comm="syz-executor836" path="/root/syz-executor836040391" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 614.902418] XFS (loop0): correcting sb_features alignment problem [ 614.909418] XFS (loop0): Mounting V4 Filesystem [ 614.914931] XFS (loop0): log size 2150998016 bytes too large, maximum size is 2136997888 bytes [ 614.923937] XFS (loop0): Log size out of supported range. [ 614.929483] XFS (loop0): Continuing onwards, but if log hangs are experienced then please report this message in the bug report. [ 614.942266] XFS (loop0): totally zeroed log [ 614.947157] XFS (loop0): Metadata corruption detected at xfs_agf_read_verify+0x267/0x2e0, xfs_agf block 0x1 [ 614.957170] XFS (loop0): Unmount and run xfs_repair [ 614.962223] XFS (loop0): First 64 bytes of corrupted metadata buffer: [ 614.968793] ffff88809ad50800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 614.977711] ffff88809ad50810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 614.986579] ffff88809ad50820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 614.995439] ffff88809ad50830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 615.004401] XFS (loop0): metadata I/O error: block 0x1 ("xfs_trans_read_buf_map") error 117 numblks 1 [ 858.080216] INFO: task syz-executor836:7511 blocked for more than 140 seconds. [ 858.087722] Not tainted 4.14.172-syzkaller #0 [ 858.092800] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 858.100914] syz-executor836 D27936 7511 7509 0x00000000 [ 858.106540] Call Trace: [ 858.109205] ? __schedule+0x7b8/0x1ca0 [ 858.113211] ? xlog_grant_head_wait+0x270/0xc10 [ 858.117881] ? __sched_text_start+0x8/0x8 [ 858.122157] ? lock_downgrade+0x6e0/0x6e0 [ 858.126302] schedule+0x8d/0x1b0 [ 858.129675] xlog_grant_head_wait+0x135/0xc10 [ 858.134205] xlog_grant_head_check+0x34c/0x390 [ 858.138782] ? xlog_grant_head_wait+0xc10/0xc10 [ 858.143502] xfs_log_reserve+0x2fb/0x9f0 [ 858.147556] ? xfs_log_quiesce+0x15e/0x980 [ 858.151812] ? xlog_ticket_alloc+0x450/0x450 [ 858.156328] ? rcu_read_lock_sched_held+0x10a/0x130 [ 858.161420] xfs_log_quiesce+0x2ec/0x980 [ 858.165498] ? xfs_log_reserve+0x9f0/0x9f0 [ 858.169721] ? xfs_alloc_read_agf+0x12b/0xaa0 [ 858.174253] ? xfs_alloc_pagf_init+0x99/0xc0 [ 858.178656] ? xfs_alloc_fix_freelist+0xe80/0xe80 [ 858.183541] ? xlog_ticket_alloc+0x31c/0x450 [ 858.187955] xfs_log_unmount+0x1d/0xb0 [ 858.191912] xfs_log_mount_cancel+0x40/0x50 [ 858.196243] xfs_mountfs+0x1192/0x1f10 [ 858.200255] ? xfs_filestream_get_parent+0xc0/0xc0 [ 858.205201] ? xfs_default_resblks+0x60/0x60 [ 858.209600] ? rcu_read_lock_sched_held+0x10a/0x130 [ 858.214794] ? __lockdep_init_map+0x100/0x560 [ 858.219300] ? xfs_mru_cache_create+0x426/0x540 [ 858.224053] xfs_fs_fill_super+0xb7a/0x1380 [ 858.228519] mount_bdev+0x2bc/0x370 [ 858.232184] ? xfs_test_remount_options.isra.0+0x90/0x90 [ 858.237667] mount_fs+0x92/0x2a0 [ 858.241204] vfs_kern_mount.part.0+0x5b/0x3c0 [ 858.245762] do_mount+0x3c9/0x24f0 [ 858.249288] ? copy_mount_string+0x40/0x40 [ 858.253614] ? memset+0x20/0x40 [ 858.256913] ? copy_mount_options+0x1ec/0x2e0 [ 858.261476] ? copy_mnt_ns+0x8a0/0x8a0 [ 858.265379] SyS_mount+0xa8/0x120 [ 858.268823] ? copy_mnt_ns+0x8a0/0x8a0 [ 858.272920] do_syscall_64+0x1d5/0x640 [ 858.276875] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 858.282110] RIP: 0033:0x44761a [ 858.285294] RSP: 002b:00007ffc663d27d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 858.293045] RAX: ffffffffffffffda RBX: 00007ffc663d29b0 RCX: 000000000044761a [ 858.300408] RDX: 00007ffc663d2820 RSI: 0000000020000000 RDI: 00007ffc663d2840 [ 858.307666] RBP: 0000000000000000 R08: 00007ffc663d2880 R09: 0000000000000000 [ 858.315097] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000402900 [ 858.322452] R13: 0000000000402990 R14: 0000000000000000 R15: 0000000000000000 [ 858.329763] [ 858.329763] Showing all locks held in the system: [ 858.336119] 1 lock held by khungtaskd/1054: [ 858.340654] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a [ 858.349702] 1 lock held by rsyslogd/7367: [ 858.353935] #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0xa6/0xc0 [ 858.362267] 2 locks held by getty/7490: [ 858.366327] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 858.375417] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 858.384927] 2 locks held by getty/7491: [ 858.388883] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 858.397853] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 858.407184] 2 locks held by getty/7492: [ 858.411173] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 858.420164] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 858.429462] 2 locks held by getty/7493: [ 858.433455] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 858.442465] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 858.451778] 2 locks held by getty/7494: [ 858.455740] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 858.464738] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 858.474052] 2 locks held by getty/7495: [ 858.478003] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 858.486980] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 858.496295] 2 locks held by getty/7496: [ 858.500302] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 858.509237] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e4/0x16f0 [ 858.518561] 1 lock held by syz-executor836/7511: [ 858.523337] #0: (&type->s_umount_key#51/1){+.+.}, at: [] sget_userns+0x556/0xc30 [ 858.532642] [ 858.535129] ============================================= [ 858.535129] [ 858.542189] NMI backtrace for cpu 0 [ 858.545823] CPU: 0 PID: 1054 Comm: khungtaskd Not tainted 4.14.172-syzkaller #0 [ 858.553265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 858.562612] Call Trace: [ 858.565281] dump_stack+0x13e/0x194 [ 858.568893] nmi_cpu_backtrace.cold+0x57/0x93 [ 858.573468] ? irq_force_complete_move.cold+0x7b/0x7b [ 858.578650] nmi_trigger_cpumask_backtrace+0x139/0x17e [ 858.584119] watchdog+0x5e2/0xb80 [ 858.587554] ? hungtask_pm_notify+0x50/0x50 [ 858.591895] kthread+0x30d/0x420 [ 858.595243] ? kthread_create_on_node+0xd0/0xd0 [ 858.599901] ret_from_fork+0x24/0x30 [ 858.603682] Sending NMI from CPU 0 to CPUs 1: [ 858.608224] NMI backtrace for cpu 1 skipped: idling at pc 0xffffffff86401cbe [ 858.609185] Kernel panic - not syncing: hung_task: blocked tasks [ 858.621566] CPU: 0 PID: 1054 Comm: khungtaskd Not tainted 4.14.172-syzkaller #0 [ 858.628990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 858.638336] Call Trace: [ 858.640907] dump_stack+0x13e/0x194 [ 858.644578] panic+0x1f9/0x42d [ 858.647752] ? add_taint.cold+0x16/0x16 [ 858.651744] ? printk_safe_flush+0xac/0x110 [ 858.656046] watchdog+0x5f3/0xb80 [ 858.659476] ? hungtask_pm_notify+0x50/0x50 [ 858.663778] kthread+0x30d/0x420 [ 858.667142] ? kthread_create_on_node+0xd0/0xd0 [ 858.671789] ret_from_fork+0x24/0x30 [ 858.676921] Kernel Offset: disabled [ 858.680546] Rebooting in 86400 seconds..