ell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 32.088075] audit: type=1800 audit(1555876234.869:34): pid=6852 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.826552] random: sshd: uninitialized urandom read (32 bytes read) [ 35.016975] audit: type=1400 audit(1555876237.829:35): avc: denied { map } for pid=7026 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 35.069732] random: sshd: uninitialized urandom read (32 bytes read) [ 35.616417] random: sshd: uninitialized urandom read (32 bytes read) [ 438.530815] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.27' (ECDSA) to the list of known hosts. [ 444.122966] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program [ 444.241295] audit: type=1400 audit(1555876647.059:36): avc: denied { map } for pid=7038 comm="syz-executor830" path="/root/syz-executor830216529" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program [ 714.710667] INFO: task syz-executor830:7059 blocked for more than 140 seconds. [ 714.718290] Not tainted 4.14.113 #3 [ 714.723305] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 714.731314] syz-executor830 D28528 7059 7038 0x00000004 [ 714.736981] Call Trace: [ 714.739680] __schedule+0x7be/0x1cf0 [ 714.743423] ? pci_mmcfg_check_reserved+0x150/0x150 [ 714.748494] ? find_held_lock+0x35/0x130 [ 714.752601] schedule+0x92/0x1c0 [ 714.755968] schedule_timeout+0x93d/0xe10 [ 714.760146] ? wait_for_completion+0x274/0x420 [ 714.764751] ? find_held_lock+0x35/0x130 [ 714.768788] ? usleep_range+0x130/0x130 [ 714.772789] ? wait_for_completion+0x274/0x420 [ 714.777379] ? mark_held_locks+0xb1/0x100 [ 714.781579] ? _raw_spin_unlock_irq+0x28/0x90 [ 714.786098] ? trace_hardirqs_on_caller+0x400/0x590 [ 714.791192] wait_for_completion+0x27c/0x420 [ 714.795632] ? __local_bh_enable_ip+0x99/0x1a0 [ 714.800247] ? wait_for_completion_interruptible+0x490/0x490 [ 714.806090] ? wake_up_q+0xf0/0xf0 [ 714.809666] af_alg_wait_for_completion+0x38/0xb0 [ 714.814552] aead_recvmsg+0x83a/0x1da0 [ 714.818570] ? aead_release+0x50/0x50 [ 714.822478] ? selinux_socket_recvmsg+0x36/0x40 [ 714.827179] ? security_socket_recvmsg+0x97/0xc0 [ 714.832023] ? aead_release+0x50/0x50 [ 714.836056] sock_recvmsg+0xc8/0x110 [ 714.839753] sock_read_iter+0x22f/0x340 [ 714.843770] ? sock_recvmsg+0x110/0x110 [ 714.847771] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 714.854950] do_iter_readv_writev+0x4f7/0x680 [ 714.859546] ? vfs_dedupe_file_range+0x8f0/0x8f0 [ 714.864496] ? rw_verify_area+0xea/0x2b0 [ 714.868577] do_iter_read+0x221/0x5b0 [ 714.872441] ? dup_iter+0x260/0x260 [ 714.876073] vfs_readv+0xd3/0x130 [ 714.879512] ? compat_rw_copy_check_uvector+0x310/0x310 [ 714.884907] ? SyS_sendmsg+0x50/0x50 [ 714.888630] ? fd_install+0x4d/0x60 [ 714.892292] ? kernel_accept+0x300/0x300 [ 714.896355] ? _raw_spin_unlock_bh+0x31/0x40 [ 714.900854] ? release_sock+0x14c/0x1c0 [ 714.905179] ? __fget_light+0x172/0x1f0 [ 714.909158] do_readv+0xc2/0x220 [ 714.912651] ? vfs_readv+0x130/0x130 [ 714.916352] ? SyS_recv+0x40/0x40 [ 714.919782] ? do_preadv+0x200/0x200 [ 714.923512] SyS_readv+0x28/0x30 [ 714.926927] do_syscall_64+0x1eb/0x630 [ 714.930843] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 714.935680] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 714.940951] RIP: 0033:0x441349 [ 714.944122] RSP: 002b:00007fff2352d3c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 714.951842] RAX: ffffffffffffffda RBX: 00000000004a23d8 RCX: 0000000000441349 [ 714.959090] RDX: 0000000000000001 RSI: 00000000200007c0 RDI: 0000000000000004 [ 714.966377] RBP: 000000000006c788 R08: 00000000004002c8 R09: 00000000004002c8 [ 714.973674] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402170 [ 714.981379] R13: 0000000000402200 R14: 0000000000000000 R15: 0000000000000000 [ 714.988657] [ 714.988657] Showing all locks held in the system: [ 714.994997] 1 lock held by khungtaskd/1007: [ 714.999381] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7f/0x21f [ 715.008489] 2 locks held by getty/7013: [ 715.012599] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 715.021306] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 715.030715] 2 locks held by getty/7014: [ 715.034671] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 715.043383] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 715.052671] 2 locks held by getty/7015: [ 715.056623] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 715.065302] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 715.074582] 2 locks held by getty/7016: [ 715.078535] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 715.087283] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 715.096707] 2 locks held by getty/7017: [ 715.100699] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 715.109355] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 715.118678] 2 locks held by getty/7018: [ 715.122667] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 715.131373] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 715.140661] 2 locks held by getty/7019: [ 715.144608] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 715.153289] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 715.162594] 1 lock held by syz-executor830/7059: [ 715.167321] #0: (sk_lock-AF_ALG){+.+.}, at: [] af_alg_wait_for_data+0x1df/0x480 [ 715.176536] [ 715.178139] ============================================= [ 715.178139] [ 715.185362] NMI backtrace for cpu 1 [ 715.189181] CPU: 1 PID: 1007 Comm: khungtaskd Not tainted 4.14.113 #3 [ 715.195886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 715.205225] Call Trace: [ 715.207881] dump_stack+0x138/0x19c [ 715.211506] nmi_cpu_backtrace.cold+0x57/0x94 [ 715.216061] ? irq_force_complete_move.cold+0x7d/0x7d [ 715.221243] nmi_trigger_cpumask_backtrace+0x141/0x189 [ 715.226513] arch_trigger_cpumask_backtrace+0x14/0x20 [ 715.231727] watchdog+0x5e7/0xb90 [ 715.235196] kthread+0x31c/0x430 [ 715.238627] ? hungtask_pm_notify+0x60/0x60 [ 715.242937] ? kthread_create_on_node+0xd0/0xd0 [ 715.247652] ret_from_fork+0x3a/0x50 [ 715.251415] Sending NMI from CPU 1 to CPUs 0: [ 715.256088] NMI backtrace for cpu 0 skipped: idling at pc 0xffffffff861b0e02 [ 715.257020] Kernel panic - not syncing: hung_task: blocked tasks [ 715.269444] CPU: 1 PID: 1007 Comm: khungtaskd Not tainted 4.14.113 #3 [ 715.275999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 715.285441] Call Trace: [ 715.288005] dump_stack+0x138/0x19c [ 715.291727] panic+0x1f2/0x438 [ 715.294933] ? add_taint.cold+0x16/0x16 [ 715.298905] ? ___preempt_schedule+0x16/0x18 [ 715.303327] watchdog+0x5f8/0xb90 [ 715.306767] kthread+0x31c/0x430 [ 715.310329] ? hungtask_pm_notify+0x60/0x60 [ 715.314626] ? kthread_create_on_node+0xd0/0xd0 [ 715.319279] ret_from_fork+0x3a/0x50 [ 715.323952] Kernel Offset: disabled [ 715.327637] Rebooting in 86400 seconds..