[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   24.724383] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   28.178493] random: sshd: uninitialized urandom read (32 bytes read)
[   28.881825] random: sshd: uninitialized urandom read (32 bytes read)
[   29.658676] random: sshd: uninitialized urandom read (32 bytes read)
[  444.447956] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts.
[  449.886987] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
[  615.391229] INFO: task syz-executor413:4623 blocked for more than 120 seconds.
[  615.398873]       Not tainted 4.17.0-rc6+ #66
[  615.403469] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  615.411512] syz-executor413 D23216  4623   4621 0x00000000
[  615.417211] Call Trace:
[  615.419869]  __schedule+0x801/0x1e30
[  615.423655]  ? __sched_text_start+0x8/0x8
[  615.427872]  ? do_raw_spin_trylock+0x1b0/0x1b0
[  615.432522]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  615.437684]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  615.442763]  ? trace_hardirqs_on+0xd/0x10
[  615.446996]  ? prepare_to_wait_event+0x38e/0xc50
[  615.451846]  ? prepare_to_wait_exclusive+0x540/0x540
[  615.457068]  schedule+0xef/0x430
[  615.460506]  ? __schedule+0x1e30/0x1e30
[  615.464542]  ? check_same_owner+0x320/0x320
[  615.468922]  ? replenish_dl_entity.cold.53+0x37/0x37
[  615.474130]  blk_mq_freeze_queue_wait+0x1ce/0x460
[  615.479062]  ? blk_mq_poll+0x930/0x930
[  615.483052]  ? blk_mq_run_hw_queue+0x119/0x390
[  615.487699]  ? blk_mq_run_work_fn+0x70/0x70
[  615.492083]  ? finish_wait+0x420/0x420
[  615.496041]  blk_freeze_queue+0x4a/0x80
[  615.500069]  blk_mq_freeze_queue+0x15/0x20
[  615.504400]  lo_ioctl+0xa9a/0x2130
[  615.508068]  ? lo_rw_aio_complete+0x430/0x430
[  615.512624]  blkdev_ioctl+0x9b6/0x2020
[  615.516572]  ? blkpg_ioctl+0xc40/0xc40
[  615.520526]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  615.525609]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  615.530702]  ? current_kernel_time64+0x1f4/0x2f0
[  615.535560]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  615.541363]  ? timespec_trunc+0xe7/0x170
[  615.545505]  ? put_itimerspec64+0x310/0x310
[  615.549903]  ? find_held_lock+0x36/0x1c0
[  615.554046]  ? lock_downgrade+0x8e0/0x8e0
[  615.558260]  ? graph_lock+0x170/0x170
[  615.562123]  ? fsnotify+0xfc0/0xfc0
[  615.565796]  ? fsnotify_first_mark+0x330/0x330
[  615.570451]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  615.576061]  block_ioctl+0xee/0x130
[  615.579738]  ? blkdev_fallocate+0x400/0x400
[  615.584125]  do_vfs_ioctl+0x1cf/0x16a0
[  615.588102]  ? ioctl_preallocate+0x2e0/0x2e0
[  615.592587]  ? fget_raw+0x20/0x20
[  615.596128]  ? __lock_is_held+0xb5/0x140
[  615.600270]  ? security_file_ioctl+0x94/0xc0
[  615.604746]  ksys_ioctl+0xa9/0xd0
[  615.608273]  __x64_sys_ioctl+0x73/0xb0
[  615.612322]  do_syscall_64+0x1b1/0x800
[  615.616296]  ? syscall_return_slowpath+0x5c0/0x5c0
[  615.621321]  ? syscall_return_slowpath+0x30f/0x5c0
[  615.626367]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  615.631897]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  615.636846]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  615.642147] RIP: 0033:0x443dc9
[  615.645398] RSP: 002b:00007ffef2d3a7a8 EFLAGS: 00000286 ORIG_RAX: 0000000000000010
[  615.653461] RAX: ffffffffffffffda RBX: 6f6f6c2f7665642f RCX: 0000000000443dc9
[  615.660808] RDX: 0000000000000007 RSI: 0000000000004c06 RDI: 0000000000000007
[  615.668171] RBP: 00000000006ce018 R08: 00000000004002e0 R09: 00000000004002e0
[  615.675505] R10: 00000000004002e0 R11: 0000000000000286 R12: 0000000000401a70
[  615.682866] R13: 0000000000401b00 R14: 0000000000000000 R15: 0000000000000000
[  615.690230] 
[  615.690230] Showing all locks held in the system:
[  615.696651] 2 locks held by khungtaskd/891:
[  615.701141]  #0:         (ptrval) (rcu_read_lock){....}, at: watchdog+0x1ff/0xf60
[  615.708871]  #1:         (ptrval) (tasklist_lock){.+.+}, at: debug_show_all_locks+0xde/0x34a
[  615.717583] 1 lock held by rsyslogd/4506:
[  615.721786]  #0:         (ptrval) (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1a9/0x1e0
[  615.729860] 2 locks held by getty/4597:
[  615.733930]  #0:         (ptrval) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  615.742328]  #1:         (ptrval) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0
[  615.751295] 2 locks held by getty/4598:
[  615.755319]  #0:         (ptrval) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  615.763726]  #1:         (ptrval) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0
[  615.772665] 2 locks held by getty/4599:
[  615.776716]  #0:         (ptrval) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  615.785069]  #1:         (ptrval) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0
[  615.794081] 2 locks held by getty/4600:
[  615.798162]  #0:         (ptrval) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  615.806534]  #1:         (ptrval) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0
[  615.815571] 2 locks held by getty/4601:
[  615.819803]  #0:         (ptrval) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  615.828150]  #1:         (ptrval) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0
[  615.837124] 2 locks held by getty/4602:
[  615.841156]  #0:         (ptrval) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  615.849521]  #1:         (ptrval) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0
[  615.858516] 2 locks held by getty/4603:
[  615.862585]  #0:         (ptrval) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  615.870939]  #1:         (ptrval) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0
[  615.879933] 1 lock held by syz-executor413/4623:
[  615.884793]  #0:         (ptrval) (&lo->lo_ctl_mutex/1){+.+.}, at: lo_ioctl+0x8d/0x2130
[  615.893224] 
[  615.894896] =============================================
[  615.894896] 
[  615.902131] NMI backtrace for cpu 1
[  615.905832] CPU: 1 PID: 891 Comm: khungtaskd Not tainted 4.17.0-rc6+ #66
[  615.912672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  615.922206] Call Trace:
[  615.924800]  dump_stack+0x1b9/0x294
[  615.928419]  ? dump_stack_print_info.cold.2+0x52/0x52
[  615.933618]  nmi_cpu_backtrace.cold.4+0x19/0xce
[  615.938302]  ? lapic_can_unplug_cpu.cold.26+0x3f/0x3f
[  615.943483]  nmi_trigger_cpumask_backtrace+0x151/0x192
[  615.948755]  arch_trigger_cpumask_backtrace+0x14/0x20
[  615.953951]  watchdog+0xc10/0xf60
[  615.957402]  ? reset_hung_task_detector+0xb0/0xb0
[  615.962246]  ? __schedule+0x1e30/0x1e30
[  615.966216]  ? do_raw_spin_unlock+0x9e/0x2e0
[  615.970618]  ? do_raw_spin_trylock+0x1b0/0x1b0
[  615.975192]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  615.980722]  ? __kthread_parkme+0x111/0x1d0
[  615.985035]  ? parse_args.cold.15+0x1b3/0x1b3
[  615.989520]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  615.994528]  ? trace_hardirqs_on+0xd/0x10
[  615.998676]  kthread+0x345/0x410
[  616.002057]  ? reset_hung_task_detector+0xb0/0xb0
[  616.006927]  ? kthread_bind+0x40/0x40
[  616.010754]  ret_from_fork+0x3a/0x50
[  616.014588] Sending NMI from CPU 1 to CPUs 0:
[  616.019200] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
[  616.020169] Kernel panic - not syncing: hung_task: blocked tasks
[  616.033035] CPU: 1 PID: 891 Comm: khungtaskd Not tainted 4.17.0-rc6+ #66
[  616.039992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  616.049350] Call Trace:
[  616.051958]  dump_stack+0x1b9/0x294
[  616.055603]  ? dump_stack_print_info.cold.2+0x52/0x52
[  616.060801]  ? printk_safe_log_store+0x260/0x260
[  616.065569]  panic+0x22f/0x4de
[  616.068760]  ? add_taint.cold.5+0x16/0x16
[  616.072926]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  616.078549]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[  616.084001]  ? printk_safe_flush+0xd7/0x130
[  616.088349]  watchdog+0xc21/0xf60
[  616.091842]  ? reset_hung_task_detector+0xb0/0xb0
[  616.096687]  ? __schedule+0x1e30/0x1e30
[  616.100677]  ? do_raw_spin_unlock+0x9e/0x2e0
[  616.105109]  ? do_raw_spin_trylock+0x1b0/0x1b0
[  616.109711]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  616.115270]  ? __kthread_parkme+0x111/0x1d0
[  616.119618]  ? parse_args.cold.15+0x1b3/0x1b3
[  616.124134]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  616.129155]  ? trace_hardirqs_on+0xd/0x10
[  616.133305]  kthread+0x345/0x410
[  616.136672]  ? reset_hung_task_detector+0xb0/0xb0
[  616.141508]  ? kthread_bind+0x40/0x40
[  616.145318]  ret_from_fork+0x3a/0x50
[  616.149847] Dumping ftrace buffer:
[  616.154010]    (ftrace buffer empty)
[  616.157740] Kernel Offset: disabled
[  616.161370] Rebooting in 86400 seconds..