[....] Starting OpenBSD Secure Shell server: sshd[ 10.609983] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 39.592170] random: sshd: uninitialized urandom read (32 bytes read) [ 39.997174] audit: type=1400 audit(1551098690.926:6): avc: denied { map } for pid=1779 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 40.041264] random: sshd: uninitialized urandom read (32 bytes read) [ 40.537672] random: sshd: uninitialized urandom read (32 bytes read) [ 40.684154] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.69' (ECDSA) to the list of known hosts. [ 46.624207] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 46.708687] audit: type=1400 audit(1551098697.636:7): avc: denied { map } for pid=1797 comm="syz-executor070" path="/root/syz-executor070093446" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 46.713638] dl_rq->running_bw > dl_rq->this_bw [ 46.734843] ------------[ cut here ]------------ [ 46.744155] WARNING: CPU: 1 PID: 1798 at kernel/sched/deadline.c:125 switched_from_dl.cold+0x5b/0x62 [ 46.753457] Kernel panic - not syncing: panic_on_warn set ... [ 46.753457] [ 46.760799] CPU: 1 PID: 1798 Comm: syz-executor070 Not tainted 4.14.103+ #18 [ 46.767965] Call Trace: [ 46.770525] dump_stack+0xb9/0x10e [ 46.774043] panic+0x1d9/0x3c2 [ 46.777211] ? add_taint.cold+0x16/0x16 [ 46.781165] ? switched_from_dl.cold+0x5b/0x62 [ 46.785722] ? __probe_kernel_read+0x163/0x1c0 [ 46.790276] ? switched_from_dl.cold+0x5b/0x62 [ 46.794829] __warn.cold+0x2f/0x3b [ 46.798342] ? switched_from_dl.cold+0x5b/0x62 [ 46.802897] ? report_bug+0x20a/0x248 [ 46.806675] ? do_error_trap+0x1bf/0x2d0 [ 46.810759] ? math_error+0x2d0/0x2d0 [ 46.814552] ? vprintk_emit+0x252/0x330 [ 46.818502] ? vprintk_emit+0xd5/0x330 [ 46.822366] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.827198] ? invalid_op+0x18/0x40 [ 46.830818] ? switched_from_dl.cold+0x5b/0x62 [ 46.835390] ? switched_from_dl.cold+0x5b/0x62 [ 46.839949] ? __sched_setscheduler+0x992/0x2780 [ 46.844682] ? cpu_cgroup_fork+0x120/0x120 [ 46.848894] ? rcu_is_watching+0x11/0xb0 [ 46.852929] ? SyS_sched_setattr+0x23c/0x390 [ 46.857350] ? SyS_sched_setparam+0x20/0x20 [ 46.861650] ? check_preemption_disabled+0x35/0x1f0 [ 46.866646] ? SyS_getpgid+0x270/0x270 [ 46.870516] ? do_syscall_64+0x43/0x4b0 [ 46.874475] ? SyS_sched_setparam+0x20/0x20 [ 46.878887] ? do_syscall_64+0x19b/0x4b0 [ 46.882938] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.888279] [ 46.888281] ====================================================== [ 46.888282] WARNING: possible circular locking dependency detected [ 46.888283] 4.14.103+ #18 Not tainted [ 46.888285] ------------------------------------------------------ [ 46.888287] syz-executor070/1798 is trying to acquire lock: [ 46.888287] (console_owner){-...}, at: [] vprintk_emit+0x1b8/0x330 [ 46.888292] [ 46.888293] but task is already holding lock: [ 46.888294] (&rq->lock){-.-.}, at: [] task_rq_lock+0xc8/0x330 [ 46.888297] [ 46.888299] which lock already depends on the new lock. [ 46.888299] [ 46.888300] [ 46.888302] the existing dependency chain (in reverse order) is: [ 46.888302] [ 46.888303] -> #4 (&rq->lock){-.-.}: [ 46.888307] [ 46.888307] -> #3 (&p->pi_lock){-.-.}: [ 46.888311] [ 46.888312] -> #2 (&tty->write_wait){-.-.}: [ 46.888315] [ 46.888316] -> #1 (&port_lock_key){-.-.}: [ 46.888319] [ 46.888320] -> #0 (console_owner){-...}: [ 46.888324] [ 46.888325] other info that might help us debug this: [ 46.888326] [ 46.888327] Chain exists of: [ 46.888327] console_owner --> &p->pi_lock --> &rq->lock [ 46.888332] [ 46.888334] Possible unsafe locking scenario: [ 46.888334] [ 46.888335] CPU0 CPU1 [ 46.888337] ---- ---- [ 46.888337] lock(&rq->lock); [ 46.888340] lock(&p->pi_lock); [ 46.888343] lock(&rq->lock); [ 46.888345] lock(console_owner); [ 46.888347] [ 46.888348] *** DEADLOCK *** [ 46.888349] [ 46.888350] 3 locks held by syz-executor070/1798: [ 46.888351] #0: (rcu_read_lock){....}, at: [] SyS_sched_setattr+0x1d0/0x390 [ 46.888355] #1: (&p->pi_lock){-.-.}, at: [] task_rq_lock+0x6a/0x330 [ 46.888359] #2: (&rq->lock){-.-.}, at: [] task_rq_lock+0xc8/0x330 [ 46.888364] [ 46.888365] stack backtrace: [ 46.888366] CPU: 1 PID: 1798 Comm: syz-executor070 Not tainted 4.14.103+ #18 [ 46.888367] Call Trace: [ 46.888368] dump_stack+0xb9/0x10e [ 46.888370] print_circular_bug.isra.0.cold+0x2dc/0x425 [ 46.888371] ? __lock_acquire+0x2d83/0x3fa0 [ 46.888372] ? trace_hardirqs_on+0x10/0x10 [ 46.888373] ? vprintk_emit+0x1d0/0x330 [ 46.888374] ? lock_acquire+0x10f/0x380 [ 46.888375] ? vprintk_emit+0x1b8/0x330 [ 46.888376] ? vprintk_emit+0x1f5/0x330 [ 46.888377] ? vprintk_emit+0x1b8/0x330 [ 46.888379] ? vprintk_func+0x58/0x152 [ 46.888380] ? printk+0xba/0xed [ 46.888381] ? show_regs_print_info+0x5b/0x5b [ 46.888382] ? sched_dl_overflow+0x1a1/0xc80 [ 46.888383] ? switched_from_dl.cold+0x5b/0x62 [ 46.888384] ? __sched_setscheduler+0x992/0x2780 [ 46.888386] ? cpu_cgroup_fork+0x120/0x120 [ 46.888387] ? rcu_is_watching+0x11/0xb0 [ 46.888388] ? SyS_sched_setattr+0x23c/0x390 [ 46.888389] ? SyS_sched_setparam+0x20/0x20 [ 46.888390] ? check_preemption_disabled+0x35/0x1f0 [ 46.888391] ? SyS_getpgid+0x270/0x270 [ 46.888392] ? do_syscall_64+0x43/0x4b0 [ 46.888394] ? SyS_sched_setparam+0x20/0x20 [ 46.888395] ? do_syscall_64+0x19b/0x4b0 [ 46.888396] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.888725] Kernel Offset: 0x1dc00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 47.203706] Rebooting in 86400 seconds..