[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 24.432253] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.312749] random: sshd: uninitialized urandom read (32 bytes read) [ 26.690021] random: sshd: uninitialized urandom read (32 bytes read) [ 27.295369] random: sshd: uninitialized urandom read (32 bytes read) [ 411.465142] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.83' (ECDSA) to the list of known hosts. [ 417.067592] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program [ 574.697059] INFO: task syz-executor128:5354 blocked for more than 140 seconds. [ 574.705175] Not tainted 4.19.0-rc5+ #251 [ 574.710014] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 574.718241] syz-executor128 D25176 5354 5339 0x00000004 [ 574.723879] Call Trace: [ 574.726575] __schedule+0x86c/0x1ed0 [ 574.730368] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 574.735281] ? __sched_text_start+0x8/0x8 [ 574.739500] ? _raw_spin_unlock+0x2c/0x50 [ 574.743785] ? print_usage_bug+0xc0/0xc0 [ 574.748714] ? print_usage_bug+0xc0/0xc0 [ 574.752790] ? graph_lock+0x170/0x170 [ 574.756820] ? max_active_store+0x170/0x170 [ 574.761150] ? is_bpf_text_address+0xd3/0x170 [ 574.765646] ? graph_lock+0x170/0x170 [ 574.769654] schedule+0xfe/0x460 [ 574.773028] ? __local_bh_enable_ip+0x160/0x260 [ 574.777749] ? __schedule+0x1ed0/0x1ed0 [ 574.781843] ? find_held_lock+0x36/0x1c0 [ 574.785909] ? mark_held_locks+0xc7/0x130 [ 574.790299] schedule_timeout+0x1cc/0x260 [ 574.794456] ? usleep_range+0x1a0/0x1a0 [ 574.798485] ? wait_for_completion+0x41f/0x8a0 [ 574.803337] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 574.808857] ? kasan_check_write+0x14/0x20 [ 574.813244] ? do_raw_spin_lock+0xc1/0x200 [ 574.817576] wait_for_completion+0x427/0x8a0 [ 574.821994] ? wait_for_completion_interruptible+0x840/0x840 [ 574.827857] ? wake_up_q+0x100/0x100 [ 574.831702] ? pcrypt_aead_enc+0x190/0x190 [ 574.836120] ? rcu_read_lock_sched_held+0x108/0x120 [ 574.841205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 574.847106] ? pcrypt_aead_encrypt+0x370/0x460 [ 574.851755] tls_push_record+0xf96/0x1480 [ 574.856138] ? check_preemption_disabled+0x48/0x200 [ 574.861437] tls_sw_sendmsg+0xbfd/0x1310 [ 574.865540] ? decrypt_skb_update+0x6a0/0x6a0 [ 574.870089] ? aa_sk_perm+0x218/0x8b0 [ 574.873895] ? aa_af_perm+0x5a0/0x5a0 [ 574.878543] ? usercopy_warn+0x110/0x110 [ 574.882882] inet_sendmsg+0x1a1/0x690 [ 574.886756] ? ipip_gro_receive+0x100/0x100 [ 574.891083] ? apparmor_socket_sendmsg+0x29/0x30 [ 574.895959] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 574.901590] ? security_socket_sendmsg+0x94/0xc0 [ 574.906350] ? ipip_gro_receive+0x100/0x100 [ 574.910986] sock_sendmsg+0xd5/0x120 [ 574.914711] __sys_sendto+0x3d7/0x670 [ 574.918595] ? __ia32_sys_getpeername+0xb0/0xb0 [ 574.923273] ? _raw_spin_unlock_bh+0x30/0x40 [ 574.927746] ? release_sock+0x1ec/0x2c0 [ 574.932193] ? tls_sw_free_resources_rx+0x80/0x80 [ 574.937439] ? __release_sock+0x3a0/0x3a0 [ 574.941606] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 574.947378] ? _copy_from_user+0xdf/0x150 [ 574.951589] ? sk_stream_wait_memory+0x1290/0x1290 [ 574.956705] ? tls_setsockopt+0xb2/0x770 [ 574.960784] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 574.966451] ? do_syscall_64+0x9a/0x820 [ 574.970667] ? do_syscall_64+0x9a/0x820 [ 574.974656] ? lockdep_hardirqs_on+0x421/0x5c0 [ 574.979432] ? trace_hardirqs_on+0xbd/0x310 [ 574.984089] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 574.989547] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 574.995006] __x64_sys_sendto+0xe1/0x1a0 [ 574.999129] do_syscall_64+0x1b9/0x820 [ 575.003023] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 575.009298] ? syscall_return_slowpath+0x5e0/0x5e0 [ 575.014386] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 575.019469] ? trace_hardirqs_on_caller+0x310/0x310 [ 575.024491] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 575.029701] ? prepare_exit_to_usermode+0x291/0x3b0 [ 575.034865] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 575.039940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 575.045137] RIP: 0033:0x440fd9 [ 575.048384] Code: Bad RIP value. [ 575.051751] RSP: 002b:00007ffe11792288 EFLAGS: 00000212 ORIG_RAX: 000000000000002c [ 575.059681] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440fd9 [ 575.067007] RDX: 00000000000000b4 RSI: 0000000020000200 RDI: 0000000000000003 [ 575.074547] RBP: 0000000000000000 R08: 0000000020000040 R09: 000000000000001c [ 575.081918] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000065db4 [ 575.089407] R13: 0000000000401fb0 R14: 0000000000000000 R15: 0000000000000000 [ 575.096931] [ 575.096931] Showing all locks held in the system: [ 575.103402] 1 lock held by khungtaskd/984: [ 575.107700] #0: 00000000a71ea946 (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x424 [ 575.116692] 1 lock held by rsyslogd/5220: [ 575.120839] #0: 00000000326f36c5 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200 [ 575.128911] 2 locks held by getty/5311: [ 575.132891] #0: 000000007c0f11d0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 575.141992] #1: 00000000af57bb57 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 575.151079] 2 locks held by getty/5312: [ 575.155056] #0: 0000000005e89961 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 575.163450] #1: 000000007cea1d51 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 575.172507] 2 locks held by getty/5313: [ 575.176505] #0: 0000000060e4dbfb (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 575.185008] #1: 0000000054b15077 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 575.193910] 2 locks held by getty/5314: [ 575.197927] #0: 000000003d8ba4bb (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 575.206339] #1: 00000000284a9be6 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 575.215798] 2 locks held by getty/5315: [ 575.220164] #0: 00000000d1bf2519 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 575.228725] #1: 000000002ebe1fed (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 575.238017] 2 locks held by getty/5316: [ 575.242424] #0: 00000000a597f453 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 575.250903] #1: 00000000d96c0e3d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 575.260096] 2 locks held by getty/5317: [ 575.264089] #0: 000000008e39b4a9 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 [ 575.273267] #1: 0000000077e5b07f (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 575.282190] 1 lock held by syz-executor128/5354: [ 575.287133] #0: 000000002939da04 (sk_lock-AF_INET6){+.+.}, at: tls_sw_sendmsg+0x226/0x1310 [ 575.295777] [ 575.297468] ============================================= [ 575.297468] [ 575.304606] NMI backtrace for cpu 1 [ 575.308293] CPU: 1 PID: 984 Comm: khungtaskd Not tainted 4.19.0-rc5+ #251 [ 575.315218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 575.324796] Call Trace: [ 575.327572] dump_stack+0x1c4/0x2b4 [ 575.331201] ? dump_stack_print_info.cold.2+0x52/0x52 [ 575.336394] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 575.342048] nmi_cpu_backtrace.cold.3+0x63/0xa2 [ 575.346722] ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f [ 575.352135] nmi_trigger_cpumask_backtrace+0x1b3/0x1ed [ 575.357413] arch_trigger_cpumask_backtrace+0x14/0x20 [ 575.362601] watchdog+0xb3e/0x1050 [ 575.366145] ? reset_hung_task_detector+0xd0/0xd0 [ 575.371160] ? __kthread_parkme+0xce/0x1a0 [ 575.375399] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 575.380499] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 575.385754] ? lockdep_hardirqs_on+0x421/0x5c0 [ 575.390455] ? trace_hardirqs_on+0xbd/0x310 [ 575.394773] ? kasan_check_read+0x11/0x20 [ 575.398924] ? __kthread_parkme+0xce/0x1a0 [ 575.403566] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 575.409139] ? kasan_check_write+0x14/0x20 [ 575.413382] ? do_raw_spin_lock+0xc1/0x200 [ 575.417846] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 575.422951] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 575.428487] ? __kthread_parkme+0xfb/0x1a0 [ 575.432749] kthread+0x35a/0x420 [ 575.436359] ? reset_hung_task_detector+0xd0/0xd0 [ 575.441556] ? kthread_bind+0x40/0x40 [ 575.445361] ret_from_fork+0x3a/0x50 [ 575.449591] Sending NMI from CPU 1 to CPUs 0: [ 575.454184] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10 [ 575.455607] Kernel panic - not syncing: hung_task: blocked tasks [ 575.467984] CPU: 1 PID: 984 Comm: khungtaskd Not tainted 4.19.0-rc5+ #251 [ 575.474907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 575.484407] Call Trace: [ 575.486999] dump_stack+0x1c4/0x2b4 [ 575.490814] ? dump_stack_print_info.cold.2+0x52/0x52 [ 575.496012] panic+0x238/0x4e7 [ 575.499372] ? add_taint.cold.5+0x16/0x16 [ 575.503550] ? nmi_trigger_cpumask_backtrace+0x16a/0x1ed [ 575.509003] ? nmi_trigger_cpumask_backtrace+0x1c4/0x1ed [ 575.514603] ? nmi_trigger_cpumask_backtrace+0x173/0x1ed [ 575.520389] ? nmi_trigger_cpumask_backtrace+0x16a/0x1ed [ 575.526016] watchdog+0xb4f/0x1050 [ 575.529920] ? reset_hung_task_detector+0xd0/0xd0 [ 575.534944] ? __kthread_parkme+0xce/0x1a0 [ 575.539185] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 575.544537] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 575.549735] ? lockdep_hardirqs_on+0x421/0x5c0 [ 575.554435] ? trace_hardirqs_on+0xbd/0x310 [ 575.558777] ? kasan_check_read+0x11/0x20 [ 575.562928] ? __kthread_parkme+0xce/0x1a0 [ 575.567274] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 575.572829] ? kasan_check_write+0x14/0x20 [ 575.577159] ? do_raw_spin_lock+0xc1/0x200 [ 575.581406] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 575.586509] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 575.592071] ? __kthread_parkme+0xfb/0x1a0 [ 575.596305] kthread+0x35a/0x420 [ 575.599795] ? reset_hung_task_detector+0xd0/0xd0 [ 575.604643] ? kthread_bind+0x40/0x40 [ 575.608583] ret_from_fork+0x3a/0x50 [ 575.613795] Kernel Offset: disabled [ 575.617692] Rebooting in 86400 seconds..