[   32.480724] audit: type=1800 audit(1562054913.551:34): pid=6836 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   34.836426] random: sshd: uninitialized urandom read (32 bytes read)
[   35.277695] audit: type=1400 audit(1562054916.371:35): avc:  denied  { map } for  pid=7009 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   35.327213] random: sshd: uninitialized urandom read (32 bytes read)
[   35.895970] random: sshd: uninitialized urandom read (32 bytes read)
[  540.100117] audit: type=1400 audit(1562055421.191:36): avc:  denied  { map } for  pid=7017 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[  549.360770] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts.
[  555.074786] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[  555.201832] audit: type=1400 audit(1562055436.301:37): avc:  denied  { map } for  pid=7024 comm="syz-executor838" path="/root/syz-executor838660176" dev="sda1" ino=2233 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[  714.720290] INFO: task syz-executor838:7026 blocked for more than 140 seconds.
[  714.728252]       Not tainted 4.14.131 #25
[  714.733190] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  714.741560] syz-executor838 D28352  7026   7024 0x00000004
[  714.747351] Call Trace:
[  714.749969]  __schedule+0x7b8/0x1cd0
[  714.753760]  ? pci_mmcfg_check_reserved+0x150/0x150
[  714.758836]  ? _raw_spin_unlock_irq+0x28/0x90
[  714.763468]  schedule+0x92/0x1c0
[  714.766889]  rwsem_down_read_failed+0x1f6/0x390
[  714.771610]  ? __rwsem_down_read_failed_common.part.0+0x80/0x80
[  714.777733]  ? __lock_is_held+0xb6/0x140
[  714.781854]  call_rwsem_down_read_failed+0x18/0x30
[  714.786794]  down_read+0x49/0xb0
[  714.790218]  ? __get_super.part.0+0x1cb/0x280
[  714.794792]  __get_super.part.0+0x1cb/0x280
[  714.799100]  get_super+0x2e/0x50
[  714.802669]  fsync_bdev+0x19/0xd0
[  714.806174]  invalidate_partition+0x36/0x60
[  714.810532]  rescan_partitions+0xe3/0x860
[  714.814783]  ? __lock_is_held+0xb6/0x140
[  714.818845]  __blkdev_reread_part+0x15c/0x1e0
[  714.823615]  blkdev_reread_part+0x27/0x40
[  714.828013]  loop_reread_partitions+0x7c/0x90
[  714.832849]  loop_set_status+0xc25/0x11f0
[  714.837181]  loop_set_status64+0xa6/0xf0
[  714.841278]  ? loop_set_status_old+0x2d0/0x2d0
[  714.845869]  ? avc_ss_reset+0x110/0x110
[  714.849830]  lo_ioctl+0x5c1/0x1ce0
[  714.853937]  ? loop_probe+0x160/0x160
[  714.858185]  blkdev_ioctl+0x96b/0x1860
[  714.862660]  ? blkpg_ioctl+0x980/0x980
[  714.866542]  ? __might_sleep+0x93/0xb0
[  714.870459]  ? __fget+0x210/0x370
[  714.873908]  block_ioctl+0xde/0x120
[  714.877514]  ? blkdev_fallocate+0x3b0/0x3b0
[  714.881941]  do_vfs_ioctl+0x7ae/0x1060
[  714.885831]  ? selinux_file_mprotect+0x5d0/0x5d0
[  714.890624]  ? lock_downgrade+0x6e0/0x6e0
[  714.894769]  ? ioctl_preallocate+0x1c0/0x1c0
[  714.899153]  ? __fget+0x237/0x370
[  714.902639]  ? security_file_ioctl+0x7d/0xb0
[  714.907050]  ? security_file_ioctl+0x89/0xb0
[  714.911504]  SyS_ioctl+0x8f/0xc0
[  714.914870]  ? do_vfs_ioctl+0x1060/0x1060
[  714.919008]  do_syscall_64+0x1e8/0x640
[  714.922947]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  714.927796]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  714.933015] RIP: 0033:0x446b97
[  714.936201] RSP: 002b:00007fd6d528cb68 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[  714.943985] RAX: ffffffffffffffda RBX: 00007fd6d528d6d0 RCX: 0000000000446b97
[  714.951279] RDX: 00007fd6d528cc00 RSI: 0000000000004c04 RDI: 0000000000000004
[  714.958532] RBP: 0000000000000006 R08: 0000000000000000 R09: 000000000000000a
[  714.965835] R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000003
[  714.973142] R13: 0000000000000003 R14: 0000000000000004 R15: 20c49ba5e353f7cf
[  714.980473] INFO: task syz-executor838:7029 blocked for more than 140 seconds.
[  714.987826]       Not tainted 4.14.131 #25
[  714.992439] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  715.000496] syz-executor838 D29152  7029   7024 0x80000004
[  715.006118] Call Trace:
[  715.008690]  __schedule+0x7b8/0x1cd0
[  715.012642]  ? __mutex_lock+0x737/0x1470
[  715.016712]  ? pci_mmcfg_check_reserved+0x150/0x150
[  715.021833]  schedule+0x92/0x1c0
[  715.025203]  schedule_preempt_disabled+0x13/0x20
[  715.029940]  __mutex_lock+0x73c/0x1470
[  715.033868]  ? trace_hardirqs_on_caller+0x400/0x590
[  715.038890]  ? lo_ioctl+0x8f/0x1ce0
[  715.042649]  ? mutex_trylock+0x1c0/0x1c0
[  715.046723]  ? save_stack+0xa9/0xd0
[  715.050420]  ? save_stack_trace+0x16/0x20
[  715.054558]  ? save_stack+0x45/0xd0
[  715.058166]  ? mount_fs+0x97/0x2a1
[  715.061739]  ? vfs_kern_mount.part.0+0x5e/0x3d0
[  715.066408]  ? do_mount+0x417/0x27d0
[  715.070169]  ? SyS_mount+0xab/0x120
[  715.073804]  ? do_syscall_64+0x1e8/0x640
[  715.077859]  mutex_lock_nested+0x16/0x20
[  715.082088]  ? mutex_lock_nested+0x16/0x20
[  715.086323]  lo_ioctl+0x8f/0x1ce0
[  715.089805]  ? save_trace+0x290/0x290
[  715.093658]  ? loop_probe+0x160/0x160
[  715.097541]  blkdev_ioctl+0x96b/0x1860
[  715.101458]  ? blkpg_ioctl+0x980/0x980
[  715.105331]  ? udf_parse_options+0xde3/0x10a0
[  715.109809]  ioctl_by_bdev+0xa5/0x110
[  715.113667]  udf_get_last_session+0x87/0xe0
[  715.118028]  ? udf_bread+0x1f0/0x1f0
[  715.122474]  ? lockdep_init_map+0x9/0x10
[  715.126535]  udf_fill_super+0x114d/0x157f
[  715.130724]  ? udf_load_vrs+0xae0/0xae0
[  715.134784]  ? snprintf+0xa5/0xd0
[  715.138218]  ? vsprintf+0x40/0x40
[  715.141708]  mount_bdev+0x2be/0x370
[  715.145332]  ? udf_load_vrs+0xae0/0xae0
[  715.149285]  udf_mount+0x35/0x40
[  715.152740]  mount_fs+0x97/0x2a1
[  715.156115]  vfs_kern_mount.part.0+0x5e/0x3d0
[  715.160665]  do_mount+0x417/0x27d0
[  715.164286]  ? copy_mount_string+0x40/0x40
[  715.168695]  ? memdup_user+0x58/0xa0
[  715.172452]  ? copy_mount_options+0x1fe/0x2f0
[  715.176950]  SyS_mount+0xab/0x120
[  715.180439]  ? copy_mnt_ns+0x8c0/0x8c0
[  715.184326]  do_syscall_64+0x1e8/0x640
[  715.188188]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  715.193069]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  715.198252] RIP: 0033:0x446c89
[  715.201487] RSP: 002b:00007fd6d526bdb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  715.209199] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 0000000000446c89
[  715.216520] RDX: 00000000200001c0 RSI: 0000000020000180 RDI: 0000000020000140
[  715.223822] RBP: 00000000006dbc30 R08: 0000000000000000 R09: 0000000000000000
[  715.231124] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc3c
[  715.238395] R13: 00007ffc2548ef9f R14: 00007fd6d526c9c0 R15: 20c49ba5e353f7cf
[  715.245721] INFO: task blkid:7028 blocked for more than 140 seconds.
[  715.253084]       Not tainted 4.14.131 #25
[  715.257343] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  715.265355] blkid           D28720  7028   6681 0x00000004
[  715.271014] Call Trace:
[  715.273602]  __schedule+0x7b8/0x1cd0
[  715.277307]  ? __mutex_lock+0x737/0x1470
[  715.281417]  ? pci_mmcfg_check_reserved+0x150/0x150
[  715.286436]  schedule+0x92/0x1c0
[  715.289781]  schedule_preempt_disabled+0x13/0x20
[  715.294568]  __mutex_lock+0x73c/0x1470
[  715.298455]  ? lo_ioctl+0x8f/0x1ce0
[  715.302114]  ? mutex_trylock+0x1c0/0x1c0
[  715.306184]  ? avc_has_extended_perms+0x8ec/0xe40
[  715.311106]  ? avc_ss_reset+0x110/0x110
[  715.315086]  mutex_lock_nested+0x16/0x20
[  715.319129]  ? mutex_lock_nested+0x16/0x20
[  715.323394]  lo_ioctl+0x8f/0x1ce0
[  715.326846]  ? loop_probe+0x160/0x160
[  715.330676]  blkdev_ioctl+0x96b/0x1860
[  715.334619]  ? blkpg_ioctl+0x980/0x980
[  715.338496]  ? __might_sleep+0x93/0xb0
[  715.342536]  ? save_trace+0x290/0x290
[  715.346406]  block_ioctl+0xde/0x120
[  715.350069]  ? blkdev_fallocate+0x3b0/0x3b0
[  715.354390]  do_vfs_ioctl+0x7ae/0x1060
[  715.358257]  ? selinux_file_mprotect+0x5d0/0x5d0
[  715.363043]  ? ioctl_preallocate+0x1c0/0x1c0
[  715.367456]  ? lock_downgrade+0x6e0/0x6e0
[  715.371670]  ? security_file_ioctl+0x7d/0xb0
[  715.376079]  ? security_file_ioctl+0x89/0xb0
[  715.380997]  SyS_ioctl+0x8f/0xc0
[  715.384355]  ? do_vfs_ioctl+0x1060/0x1060
[  715.388482]  do_syscall_64+0x1e8/0x640
[  715.392411]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  715.397328]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  715.402555] RIP: 0033:0x7f70c56dd347
[  715.406264] RSP: 002b:00007ffe0ede3878 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  715.414020] RAX: ffffffffffffffda RBX: 0000000000a03030 RCX: 00007f70c56dd347
[  715.421354] RDX: 0000000000000000 RSI: 0000000000005331 RDI: 0000000000000003
[  715.428617] RBP: 0000000000000003 R08: 00007f70c598d5a0 R09: 0000000000000008
[  715.435920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  715.443234] R13: 000000000001d000 R14: 0000000000000003 R15: 0000000000000005
[  715.450583] 
[  715.450583] Showing all locks held in the system:
[  715.457032] 1 lock held by khungtaskd/1009:
[  715.461477]  #0:  (tasklist_lock){.+.+}, at: [<ffffffff81483348>] debug_show_all_locks+0x7f/0x21f
[  715.470580] 1 lock held by rsyslogd/6874:
[  715.474706]  #0:  (&f->f_pos_lock){+.+.}, at: [<ffffffff8193eafb>] __fdget_pos+0xab/0xd0
[  715.483010] 2 locks held by getty/6998:
[  715.486971]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861a5c53>] ldsem_down_read+0x33/0x40
[  715.495697]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83106146>] n_tty_read+0x1e6/0x17b0
[  715.505084] 2 locks held by getty/6999:
[  715.509041]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861a5c53>] ldsem_down_read+0x33/0x40
[  715.517795]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83106146>] n_tty_read+0x1e6/0x17b0
[  715.527257] 2 locks held by getty/7000:
[  715.531269]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861a5c53>] ldsem_down_read+0x33/0x40
[  715.539997]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83106146>] n_tty_read+0x1e6/0x17b0
[  715.549346] 2 locks held by getty/7001:
[  715.553344]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861a5c53>] ldsem_down_read+0x33/0x40
[  715.562077]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83106146>] n_tty_read+0x1e6/0x17b0
[  715.571414] 2 locks held by getty/7002:
[  715.575379]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861a5c53>] ldsem_down_read+0x33/0x40
[  715.584116]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83106146>] n_tty_read+0x1e6/0x17b0
[  715.593463] 2 locks held by getty/7003:
[  715.597436]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861a5c53>] ldsem_down_read+0x33/0x40
[  715.606139]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83106146>] n_tty_read+0x1e6/0x17b0
[  715.615515] 2 locks held by getty/7004:
[  715.619486]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff861a5c53>] ldsem_down_read+0x33/0x40
[  715.628472]  #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffff83106146>] n_tty_read+0x1e6/0x17b0
[  715.638025] 3 locks held by syz-executor838/7026:
[  715.642913]  #0:  (&lo->lo_ctl_mutex/1){+.+.}, at: [<ffffffff837309cf>] lo_ioctl+0x8f/0x1ce0
[  715.651546]  #1:  (&bdev->bd_mutex){+.+.}, at: [<ffffffff82ca4def>] blkdev_reread_part+0x1f/0x40
[  715.660525]  #2:  (&type->s_umount_key#52){.+.+}, at: [<ffffffff818db08b>] __get_super.part.0+0x1cb/0x280
[  715.670339] 2 locks held by syz-executor838/7029:
[  715.675256]  #0:  (&type->s_umount_key#51/1){+.+.}, at: [<ffffffff818dbc71>] sget_userns+0x551/0xc30
[  715.684580]  #1:  (&lo->lo_ctl_mutex/1){+.+.}, at: [<ffffffff837309cf>] lo_ioctl+0x8f/0x1ce0
[  715.698013] 1 lock held by blkid/7028:
[  715.701936]  #0:  (&lo->lo_ctl_mutex/1){+.+.}, at: [<ffffffff837309cf>] lo_ioctl+0x8f/0x1ce0
[  715.710565] 
[  715.712182] =============================================
[  715.712182] 
[  715.719250] NMI backtrace for cpu 1
[  715.722930] CPU: 1 PID: 1009 Comm: khungtaskd Not tainted 4.14.131 #25
[  715.729598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  715.738936] Call Trace:
[  715.741510]  dump_stack+0x138/0x19c
[  715.745120]  nmi_cpu_backtrace.cold+0x57/0x94
[  715.749597]  ? irq_force_complete_move.cold+0x7d/0x7d
[  715.754780]  nmi_trigger_cpumask_backtrace+0x141/0x189
[  715.760044]  arch_trigger_cpumask_backtrace+0x14/0x20
[  715.765293]  watchdog+0x5e7/0xb90
[  715.768741]  kthread+0x319/0x430
[  715.772093]  ? hungtask_pm_notify+0x50/0x50
[  715.776392]  ? kthread_create_on_node+0xd0/0xd0
[  715.781083]  ret_from_fork+0x24/0x30
[  715.784928] Sending NMI from CPU 1 to CPUs 0:
[  715.789546] NMI backtrace for cpu 0 skipped: idling at pc 0xffffffff861a673e
[  715.790489] Kernel panic - not syncing: hung_task: blocked tasks
[  715.802868] CPU: 1 PID: 1009 Comm: khungtaskd Not tainted 4.14.131 #25
[  715.809508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  715.818943] Call Trace:
[  715.821517]  dump_stack+0x138/0x19c
[  715.825126]  panic+0x1f2/0x426
[  715.828297]  ? add_taint.cold+0x16/0x16
[  715.832266]  ? irq_force_complete_move.cold+0x7d/0x7d
[  715.837444]  watchdog+0x5f8/0xb90
[  715.840887]  kthread+0x319/0x430
[  715.844232]  ? hungtask_pm_notify+0x50/0x50
[  715.848636]  ? kthread_create_on_node+0xd0/0xd0
[  715.853318]  ret_from_fork+0x24/0x30
[  715.858433] Kernel Offset: disabled
[  715.862104] Rebooting in 86400 seconds..