[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.853152] random: sshd: uninitialized urandom read (32 bytes read) [ 21.093154] audit: type=1400 audit(1549422925.001:6): avc: denied { map } for pid=1763 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 21.133528] random: sshd: uninitialized urandom read (32 bytes read) [ 21.598685] random: sshd: uninitialized urandom read (32 bytes read) [ 41.393213] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. [ 46.943415] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 47.026807] audit: type=1400 audit(1549422950.931:7): avc: denied { map } for pid=1787 comm="syz-executor232" path="/root/syz-executor232883635" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.058446] dl_rq->running_bw > dl_rq->this_bw [ 47.058749] ------------[ cut here ]------------ [ 47.068374] WARNING: CPU: 1 PID: 1790 at kernel/sched/deadline.c:125 switched_from_dl.cold+0x5b/0x62 [ 47.077624] Kernel panic - not syncing: panic_on_warn set ... [ 47.077624] [ 47.084969] CPU: 1 PID: 1790 Comm: syz-executor232 Not tainted 4.14.97+ #4 [ 47.091962] Call Trace: [ 47.094537] dump_stack+0xb9/0x10e [ 47.098063] panic+0x1d9/0x3c2 [ 47.101231] ? add_taint.cold+0x16/0x16 [ 47.105183] ? switched_from_dl.cold+0x5b/0x62 [ 47.109742] ? __probe_kernel_read+0x163/0x1c0 [ 47.114301] ? switched_from_dl.cold+0x5b/0x62 [ 47.118875] __warn.cold+0x2f/0x3b [ 47.122391] ? switched_from_dl.cold+0x5b/0x62 [ 47.126961] ? report_bug+0x20a/0x248 [ 47.130743] ? do_error_trap+0x1bf/0x2d0 [ 47.134905] ? math_error+0x2d0/0x2d0 [ 47.138689] ? vprintk_emit+0x11a/0x330 [ 47.142645] ? vprintk_emit+0xd5/0x330 [ 47.146513] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.151340] ? invalid_op+0x18/0x40 [ 47.154948] ? switched_from_dl.cold+0x5b/0x62 [ 47.159510] ? switched_from_dl.cold+0x5b/0x62 [ 47.164070] ? __sched_setscheduler+0x992/0x2780 [ 47.168810] ? cpu_cgroup_fork+0x120/0x120 [ 47.173029] ? rcu_is_watching+0x11/0xb0 [ 47.177071] ? SyS_sched_setattr+0x23c/0x390 [ 47.181458] ? SyS_sched_setparam+0x20/0x20 [ 47.185767] ? do_syscall_64+0x43/0x4b0 [ 47.189746] ? SyS_sched_setparam+0x20/0x20 [ 47.194045] ? do_syscall_64+0x19b/0x4b0 [ 47.198196] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 47.203546] [ 47.203548] ====================================================== [ 47.203550] WARNING: possible circular locking dependency detected [ 47.203551] 4.14.97+ #4 Not tainted [ 47.203552] ------------------------------------------------------ [ 47.203554] syz-executor232/1790 is trying to acquire lock: [ 47.203555] ((console_sem).lock){-...}, at: [] down_trylock+0xe/0x60 [ 47.203559] [ 47.203561] but task is already holding lock: [ 47.203561] (&rq->lock){-.-.}, at: [] task_rq_lock+0xc8/0x330 [ 47.203565] [ 47.203567] which lock already depends on the new lock. [ 47.203568] [ 47.203569] [ 47.203570] the existing dependency chain (in reverse order) is: [ 47.203571] [ 47.203572] -> #2 (&rq->lock){-.-.}: [ 47.203575] [ 47.203576] -> #1 (&p->pi_lock){-.-.}: [ 47.203580] [ 47.203581] -> #0 ((console_sem).lock){-...}: [ 47.203584] [ 47.203586] other info that might help us debug this: [ 47.203587] [ 47.203588] Chain exists of: [ 47.203588] (console_sem).lock --> &p->pi_lock --> &rq->lock [ 47.203594] [ 47.203595] Possible unsafe locking scenario: [ 47.203596] [ 47.203597] CPU0 CPU1 [ 47.203598] ---- ---- [ 47.203599] lock(&rq->lock); [ 47.203602] lock(&p->pi_lock); [ 47.203604] lock(&rq->lock); [ 47.203607] lock((console_sem).lock); [ 47.203609] [ 47.203610] *** DEADLOCK *** [ 47.203611] [ 47.203613] 3 locks held by syz-executor232/1790: [ 47.203613] #0: (rcu_read_lock){....}, at: [] SyS_sched_setattr+0x1d0/0x390 [ 47.203618] #1: (&p->pi_lock){-.-.}, at: [] task_rq_lock+0x6a/0x330 [ 47.203623] #2: (&rq->lock){-.-.}, at: [] task_rq_lock+0xc8/0x330 [ 47.203627] [ 47.203628] stack backtrace: [ 47.203630] CPU: 1 PID: 1790 Comm: syz-executor232 Not tainted 4.14.97+ #4 [ 47.203631] Call Trace: [ 47.203632] dump_stack+0xb9/0x10e [ 47.203634] print_circular_bug.isra.0.cold+0x2dc/0x425 [ 47.203635] ? __lock_acquire+0x2d83/0x3fa0 [ 47.203636] ? add_lock_to_list.isra.0+0x17f/0x300 [ 47.203638] ? trace_hardirqs_on+0x10/0x10 [ 47.203639] ? format_decode+0x1e1/0x8f0 [ 47.203640] ? trace_hardirqs_on+0x10/0x10 [ 47.203641] ? lock_acquire+0x10f/0x380 [ 47.203642] ? down_trylock+0xe/0x60 [ 47.203643] ? vprintk_emit+0xa4/0x330 [ 47.203645] ? _raw_spin_lock_irqsave+0x42/0x60 [ 47.203646] ? down_trylock+0xe/0x60 [ 47.203647] ? down_trylock+0xe/0x60 [ 47.203648] ? vprintk_emit+0x11a/0x330 [ 47.203649] ? __down_trylock_console_sem+0x33/0xd0 [ 47.203651] ? console_trylock+0x14/0x70 [ 47.203652] ? vprintk_emit+0x11a/0x330 [ 47.203653] ? vprintk_func+0x58/0x152 [ 47.203654] ? printk+0xba/0xed [ 47.203655] ? show_regs_print_info+0x5b/0x5b [ 47.203656] ? sched_dl_overflow+0x1a1/0xc80 [ 47.203658] ? switched_from_dl.cold+0x5b/0x62 [ 47.203659] ? __sched_setscheduler+0x992/0x2780 [ 47.203660] ? cpu_cgroup_fork+0x120/0x120 [ 47.203661] ? rcu_is_watching+0x11/0xb0 [ 47.203663] ? SyS_sched_setattr+0x23c/0x390 [ 47.203664] ? SyS_sched_setparam+0x20/0x20 [ 47.203665] ? do_syscall_64+0x43/0x4b0 [ 47.203666] ? SyS_sched_setparam+0x20/0x20 [ 47.203667] ? do_syscall_64+0x19b/0x4b0 [ 47.203669] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 48.323930] Shutting down cpus with NMI [ 48.647312] Kernel Offset: 0x3a600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 48.658228] Rebooting in 86400 seconds..