[ 32.227295] audit: type=1800 audit(1575360261.771:33): pid=6802 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 32.254628] audit: type=1800 audit(1575360261.771:34): pid=6802 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.912309] random: sshd: uninitialized urandom read (32 bytes read) [ 36.149234] audit: type=1400 audit(1575360265.691:35): avc: denied { map } for pid=6973 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.252545] random: sshd: uninitialized urandom read (32 bytes read) [ 36.850701] random: sshd: uninitialized urandom read (32 bytes read) [ 550.421478] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.75' (ECDSA) to the list of known hosts. [ 556.055322] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 556.172267] audit: type=1400 audit(1575360785.721:36): avc: denied { map } for pid=6986 comm="syz-executor833" path="/root/syz-executor833830099" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 714.720294] INFO: task syz-executor833:6988 blocked for more than 140 seconds. [ 714.720304] Not tainted 4.14.157-syzkaller #0 [ 714.720307] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 714.720312] syz-executor833 D28904 6988 6984 0x00000004 [ 714.720331] Call Trace: [ 714.720434] __schedule+0x7b8/0x1cd0 [ 714.720442] ? __mutex_lock+0x737/0x1470 [ 714.720454] ? firmware_map_remove+0x196/0x196 [ 714.720465] schedule+0x92/0x1c0 [ 714.720474] schedule_preempt_disabled+0x13/0x20 [ 714.720481] __mutex_lock+0x73c/0x1470 [ 714.720548] ? fb_open+0xb7/0x420 [ 714.720559] ? mutex_trylock+0x1c0/0x1c0 [ 714.720569] ? __mutex_unlock_slowpath+0x71/0x800 [ 714.720579] ? find_held_lock+0x35/0x130 [ 714.720595] mutex_lock_nested+0x16/0x20 [ 714.720602] ? mutex_lock_nested+0x16/0x20 [ 714.720607] fb_open+0xb7/0x420 [ 714.720616] ? get_fb_info.part.0+0x80/0x80 [ 714.720673] chrdev_open+0x207/0x590 [ 714.720683] ? cdev_put.part.0+0x50/0x50 [ 714.720712] ? security_file_open+0x89/0x190 [ 714.720747] do_dentry_open+0x73b/0xeb0 [ 714.720757] ? cdev_put.part.0+0x50/0x50 [ 714.720769] vfs_open+0x105/0x220 [ 714.720780] path_openat+0x8bd/0x3f70 [ 714.720787] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 714.720798] ? trace_hardirqs_on+0x10/0x10 [ 714.720813] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 714.720821] ? __lock_is_held+0xb6/0x140 [ 714.720829] ? save_trace+0x290/0x290 [ 714.720847] ? __alloc_fd+0x1d4/0x4a0 [ 714.720857] do_filp_open+0x18e/0x250 [ 714.720864] ? __alloc_fd+0x1d4/0x4a0 [ 714.720872] ? may_open_dev+0xe0/0xe0 [ 714.720887] ? do_raw_spin_unlock+0x16b/0x260 [ 714.720896] ? _raw_spin_unlock+0x2d/0x50 [ 714.720904] ? __alloc_fd+0x1d4/0x4a0 [ 714.720921] do_sys_open+0x2c5/0x430 [ 714.720931] ? filp_open+0x70/0x70 [ 714.720939] ? _raw_spin_unlock_irq+0x28/0x90 [ 714.720951] SyS_openat+0x30/0x40 [ 714.720958] ? SyS_open+0x40/0x40 [ 714.720970] do_syscall_64+0x1e8/0x640 [ 714.720977] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 714.720990] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 714.720997] RIP: 0033:0x445979 [ 714.721002] RSP: 002b:00007fdb83cc7db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 714.721012] RAX: ffffffffffffffda RBX: 00000000006dac38 RCX: 0000000000445979 [ 714.721017] RDX: 0000000000000000 RSI: 0000000020000280 RDI: ffffffffffffff9c [ 714.721021] RBP: 00000000006dac30 R08: 00007fdb83cc8700 R09: 0000000000000000 [ 714.721026] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac3c [ 714.721031] R13: 00007ffed720031f R14: 00007fdb83cc89c0 R15: 20c49ba5e353f7cf [ 714.721049] INFO: task syz-executor833:6989 blocked for more than 140 seconds. [ 714.721053] Not tainted 4.14.157-syzkaller #0 [ 714.721057] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 714.721060] syz-executor833 D29664 6989 6984 0x00000004 [ 714.721078] Call Trace: [ 714.721088] __schedule+0x7b8/0x1cd0 [ 714.721100] ? firmware_map_remove+0x196/0x196 [ 714.721107] ? __lock_acquire+0x5f7/0x4620 [ 714.721118] schedule+0x92/0x1c0 [ 714.721126] schedule_timeout+0x93b/0xe10 [ 714.721132] ? __down+0x158/0x290 [ 714.721141] ? find_held_lock+0x35/0x130 [ 714.721148] ? usleep_range+0x130/0x130 [ 714.721154] ? __down+0x158/0x290 [ 714.721163] ? save_trace+0x290/0x290 [ 714.721173] ? _raw_spin_unlock_irq+0x28/0x90 [ 714.721189] ? trace_hardirqs_on_caller+0x400/0x590 [ 714.721199] __down+0x160/0x290 [ 714.721209] ? ww_mutex_lock+0xc0/0xc0 [ 714.721223] down+0x64/0x90 [ 714.721232] console_lock+0x28/0x80 [ 714.721239] do_fb_ioctl+0x36a/0x940 [ 714.721246] ? lock_downgrade+0x740/0x740 [ 714.721253] ? fb_read+0x520/0x520 [ 714.721264] ? avc_has_extended_perms+0x8ec/0xe40 [ 714.721276] ? avc_ss_reset+0x110/0x110 [ 714.721287] ? __lock_acquire+0x5f7/0x4620 [ 714.721313] ? __might_sleep+0x93/0xb0 [ 714.721319] ? __fget+0x210/0x370 [ 714.721330] fb_ioctl+0xe6/0x130 [ 714.721338] ? do_fb_ioctl+0x940/0x940 [ 714.721345] do_vfs_ioctl+0x7ae/0x1060 [ 714.721374] ? selinux_file_mprotect+0x5d0/0x5d0 [ 714.721381] ? lock_downgrade+0x740/0x740 [ 714.721390] ? ioctl_preallocate+0x1c0/0x1c0 [ 714.721399] ? __fget+0x237/0x370 [ 714.721412] ? security_file_ioctl+0x7d/0xb0 [ 714.721419] ? security_file_ioctl+0x89/0xb0 [ 714.721429] SyS_ioctl+0x8f/0xc0 [ 714.721437] ? do_vfs_ioctl+0x1060/0x1060 [ 714.721446] do_syscall_64+0x1e8/0x640 [ 714.721453] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 714.721465] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 714.721471] RIP: 0033:0x445979 [ 714.721475] RSP: 002b:00007fdb83ca6db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 714.721484] RAX: ffffffffffffffda RBX: 00000000006dac48 RCX: 0000000000445979 [ 714.721488] RDX: 00000000200003c0 RSI: 0000000000004601 RDI: 0000000000000003 [ 714.721493] RBP: 00000000006dac40 R08: 00007fdb83ca7700 R09: 0000000000000000 [ 714.721498] R10: 00007fdb83ca7700 R11: 0000000000000246 R12: 00000000006dac4c [ 714.721503] R13: 00007ffed720031f R14: 00007fdb83ca79c0 R15: 20c49ba5e353f7cf [ 714.721518] [ 714.721518] Showing all locks held in the system: [ 714.721527] 1 lock held by khungtaskd/1042: [ 714.721531] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7f/0x21f [ 714.721561] 1 lock held by rsyslogd/6840: [ 714.721564] #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0xab/0xd0 [ 714.721584] 2 locks held by getty/6963: [ 714.721587] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 714.721604] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 714.721647] 2 locks held by getty/6964: [ 714.721650] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 714.721667] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 714.721686] 2 locks held by getty/6965: [ 714.721692] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 714.721709] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 714.721728] 2 locks held by getty/6966: [ 714.721731] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 714.721748] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 714.721767] 2 locks held by getty/6967: [ 714.721769] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 714.721786] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 714.721806] 2 locks held by getty/6968: [ 714.721808] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 714.721825] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 714.721844] 2 locks held by getty/6969: [ 714.721847] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 714.721863] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 714.721883] 1 lock held by syz-executor833/6988: [ 714.721886] #0: (&fb_info->lock){+.+.}, at: [] fb_open+0xb7/0x420 [ 714.721902] [ 714.721905] ============================================= [ 714.721905] [ 714.721911] NMI backtrace for cpu 1 [ 714.721919] CPU: 1 PID: 1042 Comm: khungtaskd Not tainted 4.14.157-syzkaller #0 [ 714.721923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 714.721926] Call Trace: [ 714.721985] dump_stack+0x142/0x197 [ 714.721996] nmi_cpu_backtrace.cold+0x57/0x94 [ 714.722007] ? irq_force_complete_move.cold+0x7d/0x7d [ 714.722015] nmi_trigger_cpumask_backtrace+0x141/0x189 [ 714.722025] arch_trigger_cpumask_backtrace+0x14/0x20 [ 714.722076] watchdog+0x5e7/0xb90 [ 714.722091] kthread+0x319/0x430 [ 714.722098] ? hungtask_pm_notify+0x50/0x50 [ 714.722104] ? kthread_create_on_node+0xd0/0xd0 [ 714.722114] ret_from_fork+0x24/0x30 [ 714.722130] Sending NMI from CPU 1 to CPUs 0: [ 714.722690] NMI backtrace for cpu 0 [ 714.722694] CPU: 0 PID: 6987 Comm: syz-executor833 Not tainted 4.14.157-syzkaller #0 [ 714.722697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 714.722699] task: ffff888091f26640 task.stack: ffff88808bd48000 [ 714.722701] RIP: 0010:bitfill_aligned+0xdc/0x190 [ 714.722703] RSP: 0018:ffff88808bd4f270 EFLAGS: 00000297 [ 714.722708] RAX: ffff888091f26640 RBX: 0000000000000050 RCX: 0000000000000000 [ 714.722710] RDX: 0000000000000000 RSI: ffff8880000a0000 RDI: 0000000000000040 [ 714.722713] RBP: ffff88808bd4f2a8 R08: 0000000000001400 R09: 0000000000000040 [ 714.722716] R10: ffffed104323b3b3 R11: ffff8882191d9d9f R12: ffff8880000a0280 [ 714.722718] R13: 0000000000000000 R14: ffff8880000a0140 R15: 0000000000000000 [ 714.722721] FS: 00007fdb83ce9700(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000 [ 714.722724] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 714.722726] CR2: 00007fdb83ca6e78 CR3: 00000000a0858000 CR4: 00000000001406f0 [ 714.722729] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 714.722732] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 714.722733] Call Trace: [ 714.722735] cfb_fillrect+0x3d0/0x720 [ 714.722737] ? cfb_fillrect+0x720/0x720 [ 714.722739] vga16fb_fillrect+0x618/0x1880 [ 714.722740] ? memcpy+0x46/0x50 [ 714.722742] bit_clear_margins+0x2d5/0x4f0 [ 714.722744] ? bit_bmove+0x240/0x240 [ 714.722746] ? efifb_probe.cold+0x1379/0x1379 [ 714.722748] fbcon_clear_margins+0x292/0x320 [ 714.722750] fbcon_switch+0xd38/0x1820 [ 714.722752] ? fbcon_set_def_font+0x360/0x360 [ 714.722754] ? fbcon_set_origin+0x21/0x50 [ 714.722756] ? fbcon_scrolldelta+0x1100/0x1100 [ 714.722758] ? set_origin+0x108/0x3c0 [ 714.722759] redraw_screen+0x335/0x7c0 [ 714.722761] ? con_flush_chars+0x90/0x90 [ 714.722763] ? fbcon_set_palette+0x203/0x5b0 [ 714.722765] fbcon_modechanged+0x59e/0x880 [ 714.722767] fbcon_event_notify+0x11f/0x17af [ 714.722769] ? lock_acquire+0x16f/0x430 [ 714.722771] notifier_call_chain+0x111/0x1b0 [ 714.722773] blocking_notifier_call_chain+0x80/0xa0 [ 714.722775] fb_notifier_call_chain+0x25/0x30 [ 714.722777] fb_set_var+0xb09/0xcf0 [ 714.722779] ? fb_set_suspend+0x110/0x110 [ 714.722781] ? lock_acquire+0x16f/0x430 [ 714.722782] ? lock_fb_info+0x1f/0x80 [ 714.722784] ? lock_fb_info+0x1f/0x80 [ 714.722786] ? __mutex_lock+0x36a/0x1470 [ 714.722788] ? trace_hardirqs_on+0x10/0x10 [ 714.722790] ? mutex_trylock+0x1c0/0x1c0 [ 714.722792] ? down+0x50/0x90 [ 714.722793] ? mutex_lock_nested+0x16/0x20 [ 714.722795] ? mutex_lock_nested+0x16/0x20 [ 714.722797] do_fb_ioctl+0x3cc/0x940 [ 714.722799] ? fb_read+0x520/0x520 [ 714.722801] ? avc_has_extended_perms+0x8ec/0xe40 [ 714.722803] ? futex_wake+0x134/0x430 [ 714.722804] ? avc_ss_reset+0x110/0x110 [ 714.722806] ? __lock_acquire+0x5f7/0x4620 [ 714.722808] ? do_futex+0x152/0x19e0 [ 714.722810] ? __might_sleep+0x93/0xb0 [ 714.722812] ? __fget+0x210/0x370 [ 714.722813] fb_ioctl+0xe6/0x130 [ 714.722815] ? do_fb_ioctl+0x940/0x940 [ 714.722817] do_vfs_ioctl+0x7ae/0x1060 [ 714.722819] ? selinux_file_mprotect+0x5d0/0x5d0 [ 714.722821] ? lock_downgrade+0x740/0x740 [ 714.722823] ? ioctl_preallocate+0x1c0/0x1c0 [ 714.722825] ? __fget+0x237/0x370 [ 714.722827] ? security_file_ioctl+0x7d/0xb0 [ 714.722829] ? security_file_ioctl+0x89/0xb0 [ 714.722830] SyS_ioctl+0x8f/0xc0 [ 714.722832] ? do_vfs_ioctl+0x1060/0x1060 [ 714.722834] do_syscall_64+0x1e8/0x640 [ 714.722836] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 714.722838] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 714.722840] RIP: 0033:0x445979 [ 714.722842] RSP: 002b:00007fdb83ce8db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 714.722847] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445979 [ 714.722849] RDX: 00000000200003c0 RSI: 0000000000004601 RDI: 0000000000000003 [ 714.722852] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000 [ 714.722855] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac2c [ 714.722857] R13: 00007ffed720031f R14: 00007fdb83ce99c0 R15: 20c49ba5e353f7cf [ 714.722859] Code: 34 fe 89 d8 31 d2 f7 75 d4 83 f8 07 89 c3 41 89 c4 76 49 44 8d 60 f8 41 c1 ec 03 49 83 c4 01 49 c1 e4 06 4d 01 f4 e8 d4 ac 34 fe <4d> 89 3e 4d 89 7e 08 4d 89 7e 10 4d 89 7e 18 4d 89 7e 20 4d 89 [ 714.723145] Kernel panic - not syncing: hung_task: blocked tasks [ 714.723152] CPU: 1 PID: 1042 Comm: khungtaskd Not tainted 4.14.157-syzkaller #0 [ 714.723156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 714.723159] Call Trace: [ 714.723168] dump_stack+0x142/0x197 [ 714.723180] panic+0x1f9/0x42d [ 714.723191] ? add_taint.cold+0x16/0x16 [ 714.723202] ? irq_force_complete_move.cold+0x7d/0x7d [ 714.723214] watchdog+0x5f8/0xb90 [ 714.723228] kthread+0x319/0x430 [ 714.723235] ? hungtask_pm_notify+0x50/0x50 [ 714.723241] ? kthread_create_on_node+0xd0/0xd0 [ 714.723250] ret_from_fork+0x24/0x30 [ 714.724967] Kernel Offset: disabled