[....] Starting OpenBSD Secure Shell server: sshd[ 24.502412] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.109803] random: sshd: uninitialized urandom read (32 bytes read) [ 30.543107] random: sshd: uninitialized urandom read (32 bytes read) [ 31.136825] random: sshd: uninitialized urandom read (32 bytes read) [ 411.080278] random: sshd: uninitialized urandom read (32 bytes read) [ 411.258409] sshd (5327) used greatest stack depth: 16344 bytes left Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. [ 416.637649] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program [ 574.721772] INFO: task syz-executor186:5347 blocked for more than 140 seconds. [ 574.729546] Not tainted 4.19.0-rc4+ #250 [ 574.734831] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 574.743054] syz-executor186 D25176 5347 5332 0x00000004 [ 574.748702] Call Trace: [ 574.751412] __schedule+0x86c/0x1ed0 [ 574.755406] ? __switch_to_asm+0x34/0x70 [ 574.759474] ? __switch_to_asm+0x34/0x70 [ 574.763740] ? __sched_text_start+0x8/0x8 [ 574.767887] ? _raw_spin_unlock+0x2c/0x50 [ 574.772091] ? __sched_text_start+0x8/0x8 [ 574.776318] ? max_active_store+0x170/0x170 [ 574.780677] ? is_bpf_text_address+0xd3/0x170 [ 574.785383] ? graph_lock+0x170/0x170 [ 574.789192] schedule+0xfe/0x460 [ 574.792645] ? __local_bh_enable_ip+0x160/0x260 [ 574.797319] ? __schedule+0x1ed0/0x1ed0 [ 574.801286] ? find_held_lock+0x36/0x1c0 [ 574.805412] ? mark_held_locks+0xc7/0x130 [ 574.809565] schedule_timeout+0x1cc/0x260 [ 574.813870] ? usleep_range+0x1a0/0x1a0 [ 574.818016] ? wait_for_completion+0x41f/0x8a0 [ 574.822782] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 574.828286] ? kasan_check_write+0x14/0x20 [ 574.832590] ? do_raw_spin_lock+0xc1/0x200 [ 574.836842] wait_for_completion+0x427/0x8a0 [ 574.841240] ? wait_for_completion_interruptible+0x840/0x840 [ 574.847140] ? wake_up_q+0x100/0x100 [ 574.850926] ? pcrypt_aead_enc+0x190/0x190 [ 574.855263] ? rcu_read_lock_sched_held+0x108/0x120 [ 574.860406] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 574.866760] ? pcrypt_aead_encrypt+0x370/0x460 [ 574.871620] tls_push_record+0xf96/0x1480 [ 574.875847] ? check_preemption_disabled+0x48/0x200 [ 574.880865] tls_sw_sendmsg+0xbfd/0x1310 [ 574.885125] ? decrypt_skb_update+0x6a0/0x6a0 [ 574.889673] ? aa_sk_perm+0x218/0x8b0 [ 574.893544] ? aa_af_perm+0x5a0/0x5a0 [ 574.897404] ? usercopy_warn+0x110/0x110 [ 574.901579] inet_sendmsg+0x1a1/0x690 [ 574.905404] ? ipip_gro_receive+0x100/0x100 [ 574.909768] ? apparmor_socket_sendmsg+0x29/0x30 [ 574.914604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 574.920235] ? security_socket_sendmsg+0x94/0xc0 [ 574.925254] ? ipip_gro_receive+0x100/0x100 [ 574.929665] sock_sendmsg+0xd5/0x120 [ 574.933456] __sys_sendto+0x3d7/0x670 [ 574.937272] ? __ia32_sys_getpeername+0xb0/0xb0 [ 574.941999] ? _raw_spin_unlock_bh+0x30/0x40 [ 574.946412] ? release_sock+0x1ec/0x2c0 [ 574.950370] ? tls_sw_free_resources_rx+0x80/0x80 [ 574.955297] ? __release_sock+0x3a0/0x3a0 [ 574.959471] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 574.965251] ? _copy_from_user+0xdf/0x150 [ 574.969434] ? sk_stream_wait_memory+0x1290/0x1290 [ 574.974429] ? tls_setsockopt+0xb2/0x770 [ 574.978503] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 574.984193] ? do_syscall_64+0x9a/0x820 [ 574.988179] ? do_syscall_64+0x9a/0x820 [ 574.993035] ? lockdep_hardirqs_on+0x421/0x5c0 [ 574.997617] ? trace_hardirqs_on+0xbd/0x310 [ 575.002007] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 575.007437] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 575.013105] __x64_sys_sendto+0xe1/0x1a0 [ 575.017181] do_syscall_64+0x1b9/0x820 [ 575.021055] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 575.026676] ? syscall_return_slowpath+0x5e0/0x5e0 [ 575.031662] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 575.036783] ? trace_hardirqs_on_caller+0x310/0x310 [ 575.041921] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 575.046949] ? prepare_exit_to_usermode+0x291/0x3b0 [ 575.052137] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 575.057062] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 575.062354] RIP: 0033:0x440fd9 [ 575.065556] Code: Bad RIP value. [ 575.068905] RSP: 002b:00007ffe0d1ac078 EFLAGS: 00000216 ORIG_RAX: 000000000000002c [ 575.076939] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440fd9 [ 575.084272] RDX: 00000000000000b4 RSI: 0000000020000200 RDI: 0000000000000003 [ 575.091641] RBP: 0000000000000000 R08: 0000000020000040 R09: 000000000000001c [ 575.098963] R10: 0000000000000000 R11: 0000000000000216 R12: 0000000000065c02 [ 575.106372] R13: 0000000000401fb0 R14: 0000000000000000 R15: 0000000000000000 [ 575.113727] [ 575.113727] Showing all locks held in the system: [ 575.120131] 1 lock held by khungtaskd/983: [ 575.125394] #0: 000000003117463c (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x424 [ 575.134131] 1 lock held by rsyslogd/5214: [ 575.138290] #0: 00000000109ea6d7 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200 [ 575.146489] 2 locks held by getty/5305: [ 575.150521] #0: 00000000f8530c57 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 575.158999] #1: 00000000c922e4da (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 575.168055] 2 locks held by getty/5306: [ 575.172124] #0: 00000000ebfbe2df (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 575.180418] #1: 00000000f80f4eec (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 575.189465] 2 locks held by getty/5307: [ 575.193493] #0: 0000000048dc16f1 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 575.201861] #1: 000000006cfb10fd (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 575.210860] 2 locks held by getty/5308: [ 575.214960] #0: 00000000a04f2229 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 575.223503] #1: 0000000089aef900 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 575.232521] 2 locks held by getty/5309: [ 575.236500] #0: 000000000c22e6bb (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 575.244976] #1: 0000000059622fe1 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 575.254431] 2 locks held by getty/5310: [ 575.258437] #0: 000000001907d59a (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 575.266813] #1: 0000000011b244d1 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 575.275833] 2 locks held by getty/5311: [ 575.279869] #0: 000000004410c456 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 575.288301] #1: 000000003001bf4f (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 575.297381] 1 lock held by syz-executor186/5347: [ 575.302362] #0: 00000000bdf0dbe2 (sk_lock-AF_INET6){+.+.}, at: tls_sw_sendmsg+0x226/0x1310 [ 575.310931] [ 575.312650] ============================================= [ 575.312650] [ 575.319733] NMI backtrace for cpu 0 [ 575.323542] CPU: 0 PID: 983 Comm: khungtaskd Not tainted 4.19.0-rc4+ #250 [ 575.330482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 575.339844] Call Trace: [ 575.342513] dump_stack+0x1c4/0x2b4 [ 575.346200] ? dump_stack_print_info.cold.2+0x52/0x52 [ 575.351391] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 575.356929] nmi_cpu_backtrace.cold.3+0x63/0xa2 [ 575.361659] ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f [ 575.366903] nmi_trigger_cpumask_backtrace+0x1b3/0x1ed [ 575.372182] arch_trigger_cpumask_backtrace+0x14/0x20 [ 575.377358] watchdog+0xb3e/0x1050 [ 575.380897] ? reset_hung_task_detector+0xd0/0xd0 [ 575.385735] ? __kthread_parkme+0xce/0x1a0 [ 575.389970] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 575.395067] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 575.400163] ? lockdep_hardirqs_on+0x421/0x5c0 [ 575.404922] ? trace_hardirqs_on+0xbd/0x310 [ 575.409243] ? kasan_check_read+0x11/0x20 [ 575.413388] ? __kthread_parkme+0xce/0x1a0 [ 575.417618] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 575.423295] ? kasan_check_write+0x14/0x20 [ 575.427524] ? do_raw_spin_lock+0xc1/0x200 [ 575.431752] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 575.436842] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 575.442437] ? __kthread_parkme+0xfb/0x1a0 [ 575.446688] kthread+0x35a/0x420 [ 575.450053] ? reset_hung_task_detector+0xd0/0xd0 [ 575.454898] ? kthread_bind+0x40/0x40 [ 575.458700] ret_from_fork+0x3a/0x50 [ 575.462592] Sending NMI from CPU 0 to CPUs 1: [ 575.467172] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x6/0x10 [ 575.469000] Kernel panic - not syncing: hung_task: blocked tasks [ 575.480903] CPU: 0 PID: 983 Comm: khungtaskd Not tainted 4.19.0-rc4+ #250 [ 575.487821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 575.497169] Call Trace: [ 575.499750] dump_stack+0x1c4/0x2b4 [ 575.503364] ? dump_stack_print_info.cold.2+0x52/0x52 [ 575.508662] panic+0x238/0x4e7 [ 575.511855] ? add_taint.cold.5+0x16/0x16 [ 575.515995] ? nmi_trigger_cpumask_backtrace+0x16a/0x1ed [ 575.521432] ? nmi_trigger_cpumask_backtrace+0x1c4/0x1ed [ 575.526877] ? nmi_trigger_cpumask_backtrace+0x173/0x1ed [ 575.532312] ? nmi_trigger_cpumask_backtrace+0x16a/0x1ed [ 575.537751] watchdog+0xb4f/0x1050 [ 575.541280] ? reset_hung_task_detector+0xd0/0xd0 [ 575.546254] ? __kthread_parkme+0xce/0x1a0 [ 575.550533] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 575.555676] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 575.560777] ? lockdep_hardirqs_on+0x421/0x5c0 [ 575.565348] ? trace_hardirqs_on+0xbd/0x310 [ 575.569651] ? kasan_check_read+0x11/0x20 [ 575.573901] ? __kthread_parkme+0xce/0x1a0 [ 575.578130] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 575.583571] ? kasan_check_write+0x14/0x20 [ 575.587811] ? do_raw_spin_lock+0xc1/0x200 [ 575.592060] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 575.597164] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 575.602768] ? __kthread_parkme+0xfb/0x1a0 [ 575.607023] kthread+0x35a/0x420 [ 575.610385] ? reset_hung_task_detector+0xd0/0xd0 [ 575.615227] ? kthread_bind+0x40/0x40 [ 575.619031] ret_from_fork+0x3a/0x50 [ 575.623935] Kernel Offset: disabled [ 575.627574] Rebooting in 86400 seconds..