[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 31.742753] random: sshd: uninitialized urandom read (32 bytes read) [ 32.103513] kauditd_printk_skb: 10 callbacks suppressed [ 32.103522] audit: type=1400 audit(1582605638.382:35): avc: denied { map } for pid=7231 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 32.158628] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.885414] random: sshd: uninitialized urandom read (32 bytes read) [ 760.895117] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts. [ 766.604512] random: sshd: uninitialized urandom read (32 bytes read) [ 766.724096] audit: type=1400 audit(1582606373.002:36): avc: denied { map } for pid=7244 comm="syz-executor447" path="/root/syz-executor447438160" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 766.960978] IPVS: ftp: loaded support on port[0] = 21 executing program [ 768.033922] IPVS: ftp: loaded support on port[0] = 21 [ 768.684182] Cannot find add_set index 0 as target executing program [ 769.021321] IPVS: ftp: loaded support on port[0] = 21 executing program [ 770.031376] IPVS: ftp: loaded support on port[0] = 21 executing program [ 771.081356] IPVS: ftp: loaded support on port[0] = 21 executing program [ 772.091457] IPVS: ftp: loaded support on port[0] = 21 executing program executing program [ 817.015062] Cannot find add_set index 0 as target [ 818.390064] Cannot find add_set index 0 as target [ 821.170081] Cannot find add_set index 0 as target [ 823.960077] Cannot find add_set index 0 as target [ 827.000877] Cannot find add_set index 0 as target [ 829.790553] Cannot find add_set index 0 as target [ 1001.430137] INFO: task khugepaged:1065 blocked for more than 140 seconds. [ 1001.437655] Not tainted 4.14.171-syzkaller #0 [ 1001.460047] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1001.468053] khugepaged D27176 1065 2 0x80000000 [ 1001.490044] Call Trace: [ 1001.492752] __schedule+0x7b8/0x1cd0 [ 1001.496476] ? firmware_map_remove+0x196/0x196 [ 1001.510058] schedule+0x92/0x1c0 [ 1001.513442] schedule_timeout+0x93b/0xe10 [ 1001.518283] ? wait_for_completion+0x274/0x420 [ 1001.540075] ? find_held_lock+0x35/0x130 [ 1001.544155] ? usleep_range+0x130/0x130 [ 1001.548129] ? wait_for_completion+0x274/0x420 [ 1001.560059] ? mark_held_locks+0xb1/0x100 [ 1001.564215] ? _raw_spin_unlock_irq+0x28/0x90 [ 1001.568798] ? trace_hardirqs_on_caller+0x400/0x590 [ 1001.590056] wait_for_completion+0x27c/0x420 [ 1001.594494] ? wait_for_completion_interruptible+0x490/0x490 [ 1001.610135] ? wake_up_q+0xf0/0xf0 [ 1001.613724] flush_work+0x3eb/0x730 [ 1001.618658] ? insert_work+0x320/0x320 [ 1001.640071] ? flush_workqueue_prep_pwqs+0x470/0x470 [ 1001.645261] ? find_next_bit+0x28/0x30 [ 1001.649202] drain_all_pages+0x3a6/0x570 [ 1001.660084] __alloc_pages_slowpath+0xa82/0x2930 [ 1001.664870] ? save_trace+0x290/0x290 [ 1001.668686] ? warn_alloc+0xf0/0xf0 [ 1001.690074] ? __might_sleep+0x93/0xb0 [ 1001.694036] __alloc_pages_nodemask+0x62c/0x7a0 [ 1001.698711] ? find_held_lock+0x35/0x130 [ 1001.710055] ? __alloc_pages_slowpath+0x2930/0x2930 [ 1001.715091] ? lock_downgrade+0x740/0x740 [ 1001.719311] khugepaged_alloc_page+0x7c/0x150 [ 1001.740072] collapse_huge_page+0x112/0x2d50 [ 1001.744509] ? find_held_lock+0x35/0x130 [ 1001.748568] ? khugepaged+0x217f/0x2de0 [ 1001.770076] ? find_held_lock+0x35/0x130 [ 1001.774179] ? khugepaged+0x217f/0x2de0 [ 1001.778175] ? __collapse_huge_page_swapin+0xde0/0xde0 [ 1001.790061] ? lock_downgrade+0x740/0x740 [ 1001.794296] ? __pte_alloc_kernel+0x210/0x210 [ 1001.798822] ? do_raw_spin_unlock+0x174/0x260 [ 1001.820067] ? khugepaged_find_target_node+0xe6/0x120 [ 1001.825304] khugepaged+0x21a0/0x2de0 [ 1001.829124] ? collapse_huge_page+0x2d50/0x2d50 [ 1001.850063] ? __kthread_parkme+0x117/0x1c0 [ 1001.854418] ? finish_wait+0x260/0x260 [ 1001.858309] kthread+0x319/0x430 [ 1001.870055] ? collapse_huge_page+0x2d50/0x2d50 [ 1001.874755] ? kthread_create_on_node+0xd0/0xd0 [ 1001.879431] ret_from_fork+0x24/0x30 [ 1001.900123] INFO: task syz-executor447:7259 blocked for more than 140 seconds. [ 1001.907511] Not tainted 4.14.171-syzkaller #0 [ 1001.920064] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1001.930066] syz-executor447 D28400 7259 7251 0x00000006 [ 1001.935735] Call Trace: [ 1001.938329] __schedule+0x7b8/0x1cd0 [ 1001.970083] ? __mutex_lock+0x737/0x1470 [ 1001.974218] ? firmware_map_remove+0x196/0x196 [ 1001.978804] schedule+0x92/0x1c0 [ 1001.990067] schedule_preempt_disabled+0x13/0x20 [ 1001.994846] __mutex_lock+0x73c/0x1470 [ 1001.998799] ? htable_put+0x21/0x210 [ 1002.010098] ? printk+0x2d/0xbc [ 1002.013398] ? show_regs_print_info+0x63/0x63 [ 1002.017900] ? mutex_trylock+0x1c0/0x1c0 [ 1002.040104] ? nfnl_unlock+0x22/0x30 [ 1002.040144] ? set_match_v0_destroy+0xb0/0xb0 [ 1002.040158] mutex_lock_nested+0x16/0x20 [ 1002.040166] ? wait_for_completion+0x420/0x420 [ 1002.040173] ? mutex_lock_nested+0x16/0x20 [ 1002.040181] htable_put+0x21/0x210 [ 1002.040188] ? htable_put+0x210/0x210 [ 1002.040196] hashlimit_mt_destroy+0x56/0x70 [ 1002.040221] cleanup_match+0xc2/0x140 [ 1002.040230] ? icmp_checkentry+0x90/0x90 [ 1002.040240] ? xt_request_find_target+0x4b/0xe0 [ 1002.040249] find_check_entry.isra.0+0x3fe/0x920 [ 1002.140071] ? ipt_do_table+0x1770/0x1770 [ 1002.144325] ? kfree+0x183/0x270 [ 1002.147736] ? kvfree+0x4d/0x60 [ 1002.160077] translate_table+0xb3f/0x15a0 [ 1002.164267] ? __do_replace+0x5b0/0x5b0 [ 1002.168242] ? _copy_from_user+0x99/0x110 [ 1002.190056] do_ipt_set_ctl+0x268/0x3ee [ 1002.204094] ? compat_do_ipt_set_ctl+0x150/0x150 [ 1002.208907] ? mutex_unlock+0xd/0x10 [ 1002.220069] ? nf_sockopt_find.constprop.0+0x1b7/0x230 [ 1002.225373] nf_setsockopt+0x67/0xc0 [ 1002.229316] ip_setsockopt+0x9b/0xb0 [ 1002.250229] tcp_setsockopt+0x84/0xd0 [ 1002.254111] sock_common_setsockopt+0x94/0xd0 [ 1002.258610] SyS_setsockopt+0x13c/0x210 [ 1002.270056] ? SyS_recv+0x40/0x40 [ 1002.273543] ? do_syscall_64+0x53/0x640 [ 1002.277556] ? SyS_recv+0x40/0x40 [ 1002.290057] do_syscall_64+0x1e8/0x640 [ 1002.293983] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1002.298827] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1002.320070] RIP: 0033:0x441e89 [ 1002.323387] RSP: 002b:00007ffd71161278 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1002.350043] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441e89 [ 1002.357346] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 1002.380042] RBP: 00000000004a3310 R08: 00000000000003c8 R09: 0000000120080522 [ 1002.387342] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000402ca0 [ 1002.410068] R13: 0000000000402d30 R14: 0000000000000000 R15: 0000000000000000 [ 1002.417412] INFO: task syz-executor447:7260 blocked for more than 140 seconds. [ 1002.440060] Not tainted 4.14.171-syzkaller #0 [ 1002.445105] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1002.460042] syz-executor447 D28336 7260 7254 0x00000006 [ 1002.465693] Call Trace: [ 1002.468286] __schedule+0x7b8/0x1cd0 [ 1002.490064] ? __mutex_lock+0x737/0x1470 [ 1002.494157] ? firmware_map_remove+0x196/0x196 [ 1002.498807] schedule+0x92/0x1c0 [ 1002.510070] schedule_preempt_disabled+0x13/0x20 [ 1002.514848] __mutex_lock+0x73c/0x1470 [ 1002.518740] ? htable_put+0x21/0x210 [ 1002.530061] ? printk+0x2d/0xbc [ 1002.533360] ? show_regs_print_info+0x63/0x63 [ 1002.537858] ? mutex_trylock+0x1c0/0x1c0 [ 1002.560056] ? nfnl_unlock+0x22/0x30 [ 1002.563800] ? set_match_v0_destroy+0xb0/0xb0 [ 1002.568297] mutex_lock_nested+0x16/0x20 [ 1002.580049] ? wait_for_completion+0x420/0x420 [ 1002.584641] ? mutex_lock_nested+0x16/0x20 [ 1002.588879] htable_put+0x21/0x210 [ 1002.610055] ? htable_put+0x210/0x210 [ 1002.613895] hashlimit_mt_destroy+0x56/0x70 [ 1002.618218] cleanup_match+0xc2/0x140 [ 1002.630054] ? icmp_checkentry+0x90/0x90 [ 1002.634140] ? xt_request_find_target+0x4b/0xe0 [ 1002.638807] find_check_entry.isra.0+0x3fe/0x920 [ 1002.660079] ? ipt_do_table+0x1770/0x1770 [ 1002.664248] ? kfree+0x183/0x270 [ 1002.667697] ? kvfree+0x4d/0x60 [ 1002.680078] translate_table+0xb3f/0x15a0 [ 1002.684333] ? __do_replace+0x5b0/0x5b0 [ 1002.688306] ? _copy_from_user+0x99/0x110 [ 1002.710057] do_ipt_set_ctl+0x268/0x3ee [ 1002.714061] ? compat_do_ipt_set_ctl+0x150/0x150 [ 1002.718822] ? mutex_unlock+0xd/0x10 [ 1002.730052] ? nf_sockopt_find.constprop.0+0x1b7/0x230 [ 1002.735350] nf_setsockopt+0x67/0xc0 [ 1002.739062] ip_setsockopt+0x9b/0xb0 [ 1002.760070] tcp_setsockopt+0x84/0xd0 [ 1002.763910] sock_common_setsockopt+0x94/0xd0 [ 1002.768411] SyS_setsockopt+0x13c/0x210 [ 1002.780048] ? SyS_recv+0x40/0x40 [ 1002.783521] ? do_syscall_64+0x53/0x640 [ 1002.787584] ? SyS_recv+0x40/0x40 [ 1002.800057] do_syscall_64+0x1e8/0x640 [ 1002.803963] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1002.808825] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1002.830064] RIP: 0033:0x441e89 [ 1002.833285] RSP: 002b:00007ffd71161278 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1002.850058] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441e89 [ 1002.857361] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 1002.880239] RBP: 00000000004a3310 R08: 00000000000003c8 R09: 0000000120080522 [ 1002.887525] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000402ca0 [ 1002.910047] R13: 0000000000402d30 R14: 0000000000000000 R15: 0000000000000000 [ 1002.917368] INFO: task syz-executor447:7261 blocked for more than 140 seconds. [ 1002.940064] Not tainted 4.14.171-syzkaller #0 [ 1002.945182] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1002.970041] syz-executor447 D28232 7261 7255 0x00000006 [ 1002.975901] Call Trace: [ 1002.978502] __schedule+0x7b8/0x1cd0 [ 1002.982555] ? __mutex_lock+0x737/0x1470 [ 1002.986641] ? firmware_map_remove+0x196/0x196 [ 1002.991560] schedule+0x92/0x1c0 [ 1002.994939] schedule_preempt_disabled+0x13/0x20 [ 1002.999699] __mutex_lock+0x73c/0x1470 [ 1003.020097] ? htable_put+0x21/0x210 [ 1003.023849] ? printk+0x2d/0xbc [ 1003.027131] ? show_regs_print_info+0x63/0x63 [ 1003.040082] ? mutex_trylock+0x1c0/0x1c0 [ 1003.044171] ? nfnl_unlock+0x22/0x30 [ 1003.047892] ? set_match_v0_destroy+0xb0/0xb0 [ 1003.070060] mutex_lock_nested+0x16/0x20 [ 1003.074143] ? wait_for_completion+0x420/0x420 [ 1003.078722] ? mutex_lock_nested+0x16/0x20 [ 1003.090220] htable_put+0x21/0x210 [ 1003.093770] ? htable_put+0x210/0x210 [ 1003.097570] hashlimit_mt_destroy+0x56/0x70 [ 1003.120057] cleanup_match+0xc2/0x140 [ 1003.123889] ? icmp_checkentry+0x90/0x90 [ 1003.127954] ? xt_request_find_target+0x4b/0xe0 [ 1003.140053] find_check_entry.isra.0+0x3fe/0x920 [ 1003.144828] ? ipt_do_table+0x1770/0x1770 [ 1003.148976] ? kfree+0x183/0x270 [ 1003.170050] ? kvfree+0x4d/0x60 [ 1003.173359] translate_table+0xb3f/0x15a0 [ 1003.177521] ? __do_replace+0x5b0/0x5b0 [ 1003.190068] ? _copy_from_user+0x99/0x110 [ 1003.194257] do_ipt_set_ctl+0x268/0x3ee [ 1003.198385] ? compat_do_ipt_set_ctl+0x150/0x150 [ 1003.220061] ? mutex_unlock+0xd/0x10 [ 1003.223803] ? nf_sockopt_find.constprop.0+0x1b7/0x230 [ 1003.229086] nf_setsockopt+0x67/0xc0 [ 1003.240057] ip_setsockopt+0x9b/0xb0 [ 1003.243793] tcp_setsockopt+0x84/0xd0 [ 1003.247596] sock_common_setsockopt+0x94/0xd0 [ 1003.270060] SyS_setsockopt+0x13c/0x210 [ 1003.274068] ? SyS_recv+0x40/0x40 [ 1003.277526] ? do_syscall_64+0x53/0x640 [ 1003.290055] ? SyS_recv+0x40/0x40 [ 1003.293525] do_syscall_64+0x1e8/0x640 [ 1003.297426] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1003.310068] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1003.315271] RIP: 0033:0x441e89 [ 1003.318462] RSP: 002b:00007ffd71161278 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1003.350048] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441e89 [ 1003.357402] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 1003.380044] RBP: 00000000004a3310 R08: 00000000000003c8 R09: 0000000120080522 [ 1003.387335] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000402ca0 [ 1003.410046] R13: 0000000000402d30 R14: 0000000000000000 R15: 0000000000000000 [ 1003.417360] INFO: task syz-executor447:7262 blocked for more than 140 seconds. [ 1003.440052] Not tainted 4.14.171-syzkaller #0 [ 1003.445083] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1003.460040] syz-executor447 D28400 7262 7256 0x00000006 [ 1003.470057] Call Trace: [ 1003.472689] __schedule+0x7b8/0x1cd0 [ 1003.476537] ? __mutex_lock+0x737/0x1470 [ 1003.490084] ? firmware_map_remove+0x196/0x196 [ 1003.494713] schedule+0x92/0x1c0 [ 1003.498080] schedule_preempt_disabled+0x13/0x20 [ 1003.520069] __mutex_lock+0x73c/0x1470 [ 1003.523972] ? htable_put+0x21/0x210 [ 1003.527688] ? printk+0x2d/0xbc [ 1003.540092] ? mutex_trylock+0x1c0/0x1c0 [ 1003.544296] ? nfnl_unlock+0x22/0x30 [ 1003.548023] ? set_match_v0_destroy+0xb0/0xb0 [ 1003.560093] mutex_lock_nested+0x16/0x20 [ 1003.564187] ? wait_for_completion+0x420/0x420 [ 1003.568769] ? mutex_lock_nested+0x16/0x20 [ 1003.590068] htable_put+0x21/0x210 [ 1003.593660] ? htable_put+0x210/0x210 [ 1003.597460] hashlimit_mt_destroy+0x56/0x70 [ 1003.610063] cleanup_match+0xc2/0x140 [ 1003.613895] ? icmp_checkentry+0x90/0x90 [ 1003.617960] ? xt_request_find_target+0x4b/0xe0 [ 1003.640062] find_check_entry.isra.0+0x3fe/0x920 [ 1003.644860] ? ipt_do_table+0x1770/0x1770 [ 1003.649010] ? kfree+0x183/0x270 [ 1003.670060] ? kvfree+0x4d/0x60 [ 1003.673384] translate_table+0xb3f/0x15a0 [ 1003.677548] ? __do_replace+0x5b0/0x5b0 [ 1003.690057] ? _copy_from_user+0x99/0x110 [ 1003.694226] do_ipt_set_ctl+0x268/0x3ee [ 1003.698202] ? compat_do_ipt_set_ctl+0x150/0x150 [ 1003.710059] ? mutex_unlock+0xd/0x10 [ 1003.713879] ? nf_sockopt_find.constprop.0+0x1b7/0x230 [ 1003.719157] nf_setsockopt+0x67/0xc0 [ 1003.740069] ip_setsockopt+0x9b/0xb0 [ 1003.743988] tcp_setsockopt+0x84/0xd0 [ 1003.747794] sock_common_setsockopt+0x94/0xd0 [ 1003.770057] SyS_setsockopt+0x13c/0x210 [ 1003.774202] ? SyS_recv+0x40/0x40 [ 1003.777659] ? do_syscall_64+0x53/0x640 [ 1003.790052] ? SyS_recv+0x40/0x40 [ 1003.793693] do_syscall_64+0x1e8/0x640 [ 1003.797582] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1003.810063] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1003.815420] RIP: 0033:0x441e89 [ 1003.818613] RSP: 002b:00007ffd71161278 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1003.850055] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441e89 [ 1003.857369] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 1003.880042] RBP: 00000000004a3310 R08: 00000000000003c8 R09: 0000000120080522 [ 1003.887345] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000402ca0 [ 1003.910058] R13: 0000000000402d30 R14: 0000000000000000 R15: 0000000000000000 [ 1003.917513] INFO: task syz-executor447:7263 blocked for more than 140 seconds. [ 1003.940056] Not tainted 4.14.171-syzkaller #0 [ 1003.945087] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1003.960046] syz-executor447 D28160 7263 7252 0x00000006 [ 1003.965703] Call Trace: [ 1003.968300] __schedule+0x7b8/0x1cd0 [ 1003.990076] ? __mutex_lock+0x737/0x1470 [ 1003.994176] ? firmware_map_remove+0x196/0x196 [ 1003.998765] schedule+0x92/0x1c0 [ 1004.010055] schedule_preempt_disabled+0x13/0x20 [ 1004.014830] __mutex_lock+0x73c/0x1470 [ 1004.018741] ? htable_put+0x21/0x210 [ 1004.040065] ? printk+0x2d/0xbc [ 1004.043380] ? show_regs_print_info+0x63/0x63 [ 1004.048030] ? mutex_trylock+0x1c0/0x1c0 [ 1004.060065] ? nfnl_unlock+0x22/0x30 [ 1004.063814] ? set_match_v0_destroy+0xb0/0xb0 [ 1004.068317] mutex_lock_nested+0x16/0x20 [ 1004.090064] ? wait_for_completion+0x420/0x420 [ 1004.094684] ? mutex_lock_nested+0x16/0x20 [ 1004.098925] htable_put+0x21/0x210 [ 1004.110057] ? htable_put+0x210/0x210 [ 1004.113887] hashlimit_mt_destroy+0x56/0x70 [ 1004.118348] cleanup_match+0xc2/0x140 [ 1004.140274] ? icmp_checkentry+0x90/0x90 [ 1004.144372] ? xt_request_find_target+0x4b/0xe0 [ 1004.149048] find_check_entry.isra.0+0x3fe/0x920 [ 1004.160088] ? ipt_do_table+0x1770/0x1770 [ 1004.164350] ? kfree+0x183/0x270 [ 1004.167716] ? kvfree+0x4d/0x60 [ 1004.190120] translate_table+0xb3f/0x15a0 [ 1004.194409] ? __do_replace+0x5b0/0x5b0 [ 1004.198390] ? _copy_from_user+0x99/0x110 [ 1004.210115] do_ipt_set_ctl+0x268/0x3ee [ 1004.214131] ? compat_do_ipt_set_ctl+0x150/0x150 [ 1004.218898] ? mutex_unlock+0xd/0x10 [ 1004.240066] ? nf_sockopt_find.constprop.0+0x1b7/0x230 [ 1004.245388] nf_setsockopt+0x67/0xc0 [ 1004.249262] ip_setsockopt+0x9b/0xb0 [ 1004.270112] tcp_setsockopt+0x84/0xd0 [ 1004.273967] sock_common_setsockopt+0x94/0xd0 [ 1004.278469] SyS_setsockopt+0x13c/0x210 [ 1004.290105] ? SyS_recv+0x40/0x40 [ 1004.293599] ? do_syscall_64+0x53/0x640 [ 1004.297603] ? SyS_recv+0x40/0x40 [ 1004.310104] do_syscall_64+0x1e8/0x640 [ 1004.314028] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1004.318884] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1004.340127] RIP: 0033:0x441e89 [ 1004.343353] RSP: 002b:00007ffd71161278 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1004.370066] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441e89 [ 1004.377577] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 1004.400100] RBP: 00000000000bb729 R08: 00000000000003c8 R09: 0000000100000009 [ 1004.407444] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000402ca0 [ 1004.430053] R13: 0000000000402d30 R14: 0000000000000000 R15: 0000000000000000 [ 1004.437612] [ 1004.437612] Showing all locks held in the system: [ 1004.450097] 1 lock held by khungtaskd/1058: [ 1004.454609] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7f/0x21f [ 1004.463743] 1 lock held by khugepaged/1065: [ 1004.468064] #0: (pcpu_drain_mutex){+.+.}, at: [] drain_all_pages+0x4d/0x570 [ 1004.477080] 2 locks held by getty/7218: [ 1004.481084] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1004.489861] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1004.499296] 2 locks held by getty/7219: [ 1004.503294] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1004.511998] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1004.521316] 2 locks held by getty/7220: [ 1004.525282] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1004.533990] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1004.543309] 2 locks held by getty/7221: [ 1004.547281] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1004.556116] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1004.565411] 2 locks held by getty/7222: [ 1004.569403] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1004.578087] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1004.587382] 2 locks held by getty/7223: [ 1004.591358] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1004.600042] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1004.609313] 2 locks held by getty/7224: [ 1004.613284] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 1004.621959] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17d0 [ 1004.631250] 1 lock held by syz-executor447/7260: [ 1004.636027] #0: (hashlimit_mutex){+.+.}, at: [] htable_put+0x21/0x210 [ 1004.644358] 1 lock held by syz-executor447/7261: [ 1004.649308] #0: (hashlimit_mutex){+.+.}, at: [] htable_put+0x21/0x210 [ 1004.657985] 1 lock held by syz-executor447/7262: [ 1004.662747] #0: (hashlimit_mutex){+.+.}, at: [] htable_put+0x21/0x210 [ 1004.671097] 1 lock held by syz-executor447/7263: executing program [ 1004.675837] #0: (hashlimit_mutex){+.+.}, at: [] htable_put+0x21/0x210 [ 1004.684170] [ 1004.685813] ============================================= [ 1004.685813] [ 1004.950045] NMI backtrace for cpu 0 [ 1004.953719] CPU: 0 PID: 1058 Comm: khungtaskd Not tainted 4.14.171-syzkaller #0 [ 1004.961165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1004.970514] Call Trace: [ 1004.973186] dump_stack+0x142/0x197 [ 1004.976818] nmi_cpu_backtrace.cold+0x57/0x94 [ 1004.981321] ? irq_force_complete_move.cold+0x7d/0x7d [ 1004.986517] nmi_trigger_cpumask_backtrace+0x141/0x189 [ 1004.991799] arch_trigger_cpumask_backtrace+0x14/0x20 [ 1004.997047] watchdog+0x5e7/0xb90 [ 1005.000509] kthread+0x319/0x430 [ 1005.003880] ? hungtask_pm_notify+0x50/0x50 [ 1005.008201] ? kthread_create_on_node+0xd0/0xd0 [ 1005.012874] ret_from_fork+0x24/0x30 [ 1005.016643] Sending NMI from CPU 0 to CPUs 1: [ 1005.021514] NMI backtrace for cpu 1 [ 1005.021517] CPU: 1 PID: 7259 Comm: syz-executor447 Not tainted 4.14.171-syzkaller #0 [ 1005.021521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1005.021524] task: ffff8880a0426300 task.stack: ffff888052080000 [ 1005.021526] RIP: 0010:lock_release+0x166/0x940 [ 1005.021529] RSP: 0018:ffff8880520877c8 EFLAGS: 00000093 [ 1005.021534] RAX: 0000000000000001 RBX: 1ffff1100a410eff RCX: 000000008b7c7e60 [ 1005.021537] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8880a0426b7c [ 1005.021539] RBP: ffff888052087860 R08: 0000000000004b02 R09: ffffffff89574090 [ 1005.021542] R10: 0000000000000000 R11: ffff8880a0426300 R12: ffffc90035fd4060 [ 1005.021545] R13: ffffffff854f5284 R14: ffff8880a0426300 R15: ffff888052087838 [ 1005.021549] FS: 0000000001982880(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000 [ 1005.021551] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1005.021554] CR2: 00007ffd71161280 CR3: 0000000052036000 CR4: 00000000001406e0 [ 1005.021557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1005.021560] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1005.021562] Call Trace: [ 1005.021564] ? lock_downgrade+0x740/0x740 [ 1005.021566] ? esp_mt+0x3c0/0x3c0 [ 1005.021568] _raw_spin_unlock_bh+0x1b/0x40 [ 1005.021570] htable_selective_cleanup+0x204/0x300 [ 1005.021572] htable_put+0x164/0x210 [ 1005.021574] ? htable_put+0x210/0x210 [ 1005.021576] hashlimit_mt_destroy+0x56/0x70 [ 1005.021578] cleanup_match+0xc2/0x140 [ 1005.021580] ? icmp_checkentry+0x90/0x90 [ 1005.021582] ? xt_request_find_target+0x4b/0xe0 [ 1005.021584] find_check_entry.isra.0+0x3fe/0x920 [ 1005.021587] ? ipt_do_table+0x1770/0x1770 [ 1005.021588] ? kfree+0x183/0x270 [ 1005.021590] ? kvfree+0x4d/0x60 [ 1005.021592] translate_table+0xb3f/0x15a0 [ 1005.021594] ? __do_replace+0x5b0/0x5b0 [ 1005.021596] ? _copy_from_user+0x99/0x110 [ 1005.021598] do_ipt_set_ctl+0x268/0x3ee [ 1005.021600] ? compat_do_ipt_set_ctl+0x150/0x150 [ 1005.021602] ? mutex_unlock+0xd/0x10 [ 1005.021605] ? nf_sockopt_find.constprop.0+0x1b7/0x230 [ 1005.021607] nf_setsockopt+0x67/0xc0 [ 1005.021609] ip_setsockopt+0x9b/0xb0 [ 1005.021611] tcp_setsockopt+0x84/0xd0 [ 1005.021613] sock_common_setsockopt+0x94/0xd0 [ 1005.021615] SyS_setsockopt+0x13c/0x210 [ 1005.021617] ? SyS_recv+0x40/0x40 [ 1005.021619] ? do_syscall_64+0x53/0x640 [ 1005.021620] ? SyS_recv+0x40/0x40 [ 1005.021622] do_syscall_64+0x1e8/0x640 [ 1005.021625] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1005.021627] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1005.021629] RIP: 0033:0x441e89 [ 1005.021631] RSP: 002b:00007ffd71161278 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1005.021636] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441e89 [ 1005.021639] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 1005.021642] RBP: 00000000004a3310 R08: 00000000000003c8 R09: 0000000120080522 [ 1005.021645] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000402ca0 [ 1005.021648] R13: 0000000000402d30 R14: 0000000000000000 R15: 0000000000000000 [ 1005.021649] Code: 00 41 c7 86 7c 08 00 00 01 00 00 00 0f 1f 44 00 00 65 8b 05 1d 6f b9 7e 83 f8 3f 0f 87 bf 04 00 00 89 c0 48 0f a3 05 72 03 6a 07 <0f> 82 5b 04 00 00 48 c7 c0 60 c3 33 88 48 ba 00 00 00 00 00 fc [ 1005.100060] Kernel panic - not syncing: hung_task: blocked tasks [ 1005.337785] CPU: 0 PID: 1058 Comm: khungtaskd Not tainted 4.14.171-syzkaller #0 [ 1005.345220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1005.354563] Call Trace: [ 1005.357148] dump_stack+0x142/0x197 [ 1005.360831] panic+0x1f9/0x42d [ 1005.364016] ? add_taint.cold+0x16/0x16 [ 1005.367980] ? ___preempt_schedule+0x16/0x18 [ 1005.372388] watchdog+0x5f8/0xb90 [ 1005.375859] kthread+0x319/0x430 [ 1005.379218] ? hungtask_pm_notify+0x50/0x50 [ 1005.383532] ? kthread_create_on_node+0xd0/0xd0 [ 1005.388196] ret_from_fork+0x24/0x30 [ 1005.393391] Kernel Offset: disabled [ 1005.397016] Rebooting in 86400 seconds..