[ 32.951077] audit: type=1800 audit(1581321848.791:34): pid=7122 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.898038] random: sshd: uninitialized urandom read (32 bytes read) [ 38.133493] audit: type=1400 audit(1581321854.001:35): avc: denied { map } for pid=7297 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.186097] random: sshd: uninitialized urandom read (32 bytes read) [ 38.924242] random: sshd: uninitialized urandom read (32 bytes read) [ 805.393797] audit: type=1400 audit(1581322621.261:36): avc: denied { map } for pid=7305 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 872.097577] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.184' (ECDSA) to the list of known hosts. [ 877.626971] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program executing program executing program executing program [ 877.746255] audit: type=1400 audit(1581322693.611:37): avc: denied { map } for pid=7312 comm="syz-executor666" path="/root/syz-executor666175807" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program executing program executing program [ 1144.800224] INFO: task syz-executor666:7323 blocked for more than 140 seconds. [ 1144.807735] Not tainted 4.14.170-syzkaller #0 [ 1144.815002] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.823037] syz-executor666 D28016 7323 7315 0x00000004 [ 1144.828743] Call Trace: [ 1144.831601] __schedule+0x7b8/0x1cd0 [ 1144.835332] ? __mutex_lock+0x737/0x1470 [ 1144.839401] ? firmware_map_remove+0x196/0x196 [ 1144.844696] schedule+0x92/0x1c0 [ 1144.852498] schedule_preempt_disabled+0x13/0x20 [ 1144.857280] __mutex_lock+0x73c/0x1470 [ 1144.861571] ? hashlimit_mt_check_common.isra.0+0x2b8/0x11b0 [ 1144.867399] ? mutex_trylock+0x1c0/0x1c0 [ 1144.871954] mutex_lock_nested+0x16/0x20 [ 1144.876035] ? mutex_lock_nested+0x16/0x20 [ 1144.880757] hashlimit_mt_check_common.isra.0+0x2b8/0x11b0 [ 1144.886409] hashlimit_mt_check_v2+0x304/0x390 [ 1144.891352] ? hashlimit_mt_check+0xc0/0xc0 [ 1144.895755] ? xt_find_match+0x3e/0x1e0 [ 1144.899818] ? nf_logger_find_get+0x154/0x2e2 [ 1144.904807] ? hashlimit_mt_check+0xc0/0xc0 [ 1144.909509] xt_check_match+0x254/0x530 [ 1144.913852] ? xt_check_target+0x510/0x510 [ 1144.918099] ? wait_for_completion+0x420/0x420 [ 1144.923026] ? mutex_unlock+0xd/0x10 [ 1144.926854] ? xt_find_match+0x178/0x1e0 [ 1144.931348] ? xt_request_find_match+0x4b/0xe0 [ 1144.936144] find_check_entry.isra.0+0x2f9/0x920 [ 1144.941917] ? ipt_do_table+0x1770/0x1770 [ 1144.946174] ? kfree+0x183/0x270 [ 1144.949603] ? kvfree+0x4d/0x60 [ 1144.953264] translate_table+0xb3f/0x15a0 [ 1144.957444] ? __do_replace+0x5b0/0x5b0 [ 1144.961807] ? _copy_from_user+0x99/0x110 [ 1144.966086] do_ipt_set_ctl+0x268/0x3ee [ 1144.970439] ? compat_do_ipt_set_ctl+0x150/0x150 [ 1144.975216] ? mutex_unlock+0xd/0x10 [ 1144.978934] ? nf_sockopt_find.constprop.0+0x1b7/0x230 [ 1144.984674] nf_setsockopt+0x67/0xc0 [ 1144.988485] ip_setsockopt+0x9b/0xb0 [ 1144.992882] tcp_setsockopt+0x84/0xd0 [ 1144.996725] sock_common_setsockopt+0x94/0xd0 [ 1145.001671] SyS_setsockopt+0x13c/0x210 [ 1145.005652] ? SyS_recv+0x40/0x40 [ 1145.009126] ? do_syscall_64+0x53/0x640 [ 1145.013482] ? SyS_recv+0x40/0x40 [ 1145.016959] do_syscall_64+0x1e8/0x640 [ 1145.021212] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1145.026134] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1145.031756] RIP: 0033:0x441cd9 [ 1145.034953] RSP: 002b:00007fff818b1178 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1145.043059] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441cd9 [ 1145.050395] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 1145.057676] RBP: 00000000006cc018 R08: 0000000000000584 R09: 00000000004002c8 [ 1145.065308] R10: 0000000020000580 R11: 0000000000000246 R12: 0000000000402a50 [ 1145.073303] R13: 0000000000402ae0 R14: 0000000000000000 R15: 0000000000000000 [ 1145.081046] [ 1145.081046] Showing all locks held in the system: [ 1145.087483] 1 lock held by khungtaskd/1046: [ 1145.091931] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7f/0x21f [ 1145.101118] 2 locks held by getty/7283: [ 1145.105099] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1145.113851] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1145.123324] 2 locks held by getty/7284: [ 1145.127293] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1145.136043] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1145.145412] 2 locks held by getty/7285: [ 1145.149378] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1145.158303] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1145.167755] 2 locks held by getty/7286: [ 1145.171780] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1145.180504] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1145.189813] 2 locks held by getty/7287: [ 1145.193863] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1145.202927] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1145.212301] 2 locks held by getty/7288: [ 1145.216378] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1145.225114] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1145.234485] 2 locks held by getty/7289: [ 1145.238456] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1145.247206] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1145.256572] 1 lock held by syz-executor666/7322: [ 1145.261366] #0: (hashlimit_mutex){+.+.}, at: [] hashlimit_mt_check_common.isra.0+0x2b8/0x11b0 [ 1145.271961] 1 lock held by syz-executor666/7323: [ 1145.276727] #0: (hashlimit_mutex){+.+.}, at: [] hashlimit_mt_check_common.isra.0+0x2b8/0x11b0 [ 1145.287240] 1 lock held by syz-executor666/7325: [ 1145.292038] #0: (hashlimit_mutex){+.+.}, at: [] hashlimit_mt_check_common.isra.0+0x2b8/0x11b0 [ 1145.302530] 1 lock held by syz-executor666/7326: [ 1145.307286] #0: (hashlimit_mutex){+.+.}, at: [] hashlimit_mt_check_common.isra.0+0x2b8/0x11b0 [ 1145.317918] 1 lock held by syz-executor666/7327: [ 1145.322706] #0: (hashlimit_mutex){+.+.}, at: [] hashlimit_mt_check_common.isra.0+0x2b8/0x11b0 [ 1145.333271] [ 1145.334891] ============================================= [ 1145.334891] [ 1145.342939] NMI backtrace for cpu 0 [ 1145.346711] CPU: 0 PID: 1046 Comm: khungtaskd Not tainted 4.14.170-syzkaller #0 [ 1145.354159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1145.363520] Call Trace: [ 1145.366239] dump_stack+0x142/0x197 [ 1145.369873] nmi_cpu_backtrace.cold+0x57/0x94 [ 1145.374381] ? irq_force_complete_move.cold+0x7d/0x7d [ 1145.379585] nmi_trigger_cpumask_backtrace+0x141/0x189 [ 1145.384897] arch_trigger_cpumask_backtrace+0x14/0x20 [ 1145.390157] watchdog+0x5e7/0xb90 [ 1145.393674] kthread+0x319/0x430 [ 1145.397056] ? hungtask_pm_notify+0x50/0x50 [ 1145.401384] ? kthread_create_on_node+0xd0/0xd0 [ 1145.406066] ret_from_fork+0x24/0x30 [ 1145.409897] Sending NMI from CPU 0 to CPUs 1: [ 1145.414879] NMI backtrace for cpu 1 [ 1145.414883] CPU: 1 PID: 7324 Comm: syz-executor666 Not tainted 4.14.170-syzkaller #0 [ 1145.414887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1145.414889] task: ffff888080fda040 task.stack: ffff888094478000 [ 1145.414891] RIP: 0010:match_held_lock+0x2d5/0x5f0 [ 1145.414894] RSP: 0018:ffff88809447f928 EFLAGS: 00000046 [ 1145.414899] RAX: dffffc0000000000 RBX: ffff888080fda8c0 RCX: ffff888080fda8c0 [ 1145.414902] RDX: 0000000000000000 RSI: ffffffff87f84e60 RDI: ffff888080fda8e2 [ 1145.414905] RBP: ffff88809447f9a0 R08: 0000000000000001 R09: ffff888080fda8e0 [ 1145.414908] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1145.414911] R13: 1ffff1101288ff27 R14: ffffffff87f84e60 R15: ffff88809447f978 [ 1145.414915] FS: 000000000177d880(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000 [ 1145.414917] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1145.414920] CR2: 00000000017868b8 CR3: 000000009967e000 CR4: 00000000001406e0 [ 1145.414923] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1145.414926] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1145.414928] Call Trace: [ 1145.414930] ? firmware_map_remove+0x196/0x196 [ 1145.414932] ? save_trace+0x290/0x290 [ 1145.414934] ? find_held_lock+0x35/0x130 [ 1145.414936] __lock_is_held+0xb6/0x140 [ 1145.414938] ? mark_held_locks+0xb1/0x100 [ 1145.414940] ? esp_mt+0x3c0/0x3c0 [ 1145.414942] lock_is_held_type+0x110/0x210 [ 1145.414944] ___might_sleep+0x231/0x2b0 [ 1145.414946] ? esp_mt+0x3c0/0x3c0 [ 1145.414948] htable_selective_cleanup+0x217/0x300 [ 1145.414950] htable_put+0x164/0x210 [ 1145.414952] ? hashlimit_mt_destroy+0x70/0x70 [ 1145.414954] hashlimit_mt_destroy_v2+0x56/0x70 [ 1145.414956] cleanup_match+0xc2/0x140 [ 1145.414958] ? icmp_checkentry+0x90/0x90 [ 1145.414960] ? tee_tg_check+0x1e2/0x280 [ 1145.414962] ? trace_tg+0x50/0x50 [ 1145.414964] cleanup_entry+0xbf/0x230 [ 1145.414966] ? cleanup_match+0x140/0x140 [ 1145.414968] ? _copy_from_user+0x99/0x110 [ 1145.414970] do_ipt_set_ctl+0x305/0x3ee [ 1145.414972] ? compat_do_ipt_set_ctl+0x150/0x150 [ 1145.414974] ? mutex_unlock+0xd/0x10 [ 1145.414976] ? nf_sockopt_find.constprop.0+0x1b7/0x230 [ 1145.414978] nf_setsockopt+0x67/0xc0 [ 1145.414980] ip_setsockopt+0x9b/0xb0 [ 1145.414982] tcp_setsockopt+0x84/0xd0 [ 1145.414984] sock_common_setsockopt+0x94/0xd0 [ 1145.414986] SyS_setsockopt+0x13c/0x210 [ 1145.414988] ? SyS_recv+0x40/0x40 [ 1145.414990] ? do_syscall_64+0x53/0x640 [ 1145.414992] ? SyS_recv+0x40/0x40 [ 1145.414994] do_syscall_64+0x1e8/0x640 [ 1145.414996] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1145.414999] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1145.415000] RIP: 0033:0x441cd9 [ 1145.415003] RSP: 002b:00007fff818b1178 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1145.415008] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441cd9 [ 1145.415011] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 1145.415014] RBP: 00000000006cc018 R08: 0000000000000584 R09: 00000000004002c8 [ 1145.415017] R10: 0000000020000580 R11: 0000000000000246 R12: 0000000000402a50 [ 1145.415020] R13: 0000000000402ae0 R14: 0000000000000000 R15: 0000000000000000 [ 1145.415021] Code: 85 00 03 00 00 44 8b 25 ea b0 6d 08 45 85 e4 0f 84 7e ec 00 00 45 31 e4 48 b8 00 00 00 00 00 fc ff df 49 c7 44 05 00 00 00 00 00 <48> 83 c4 50 44 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 41 bc 01 [ 1145.415453] Kernel panic - not syncing: hung_task: blocked tasks [ 1145.742834] CPU: 0 PID: 1046 Comm: khungtaskd Not tainted 4.14.170-syzkaller #0 [ 1145.750280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1145.759632] Call Trace: [ 1145.762236] dump_stack+0x142/0x197 [ 1145.765952] panic+0x1f9/0x42d [ 1145.769164] ? add_taint.cold+0x16/0x16 [ 1145.774640] ? irq_force_complete_move.cold+0x7d/0x7d [ 1145.779849] watchdog+0x5f8/0xb90 [ 1145.783326] kthread+0x319/0x430 [ 1145.786693] ? hungtask_pm_notify+0x50/0x50 [ 1145.791011] ? kthread_create_on_node+0xd0/0xd0 [ 1145.795677] ret_from_fork+0x24/0x30 [ 1145.801232] Kernel Offset: disabled [ 1145.805024] Rebooting in 86400 seconds..