[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   25.505768] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   29.177931] random: sshd: uninitialized urandom read (32 bytes read)
[   29.420753] random: sshd: uninitialized urandom read (32 bytes read)
[   30.079493] random: sshd: uninitialized urandom read (32 bytes read)
[  395.946608] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts.
[  401.516621] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
[  554.903504] INFO: task syz-executor630:5364 blocked for more than 140 seconds.
[  554.911221]       Not tainted 4.19.0-rc4+ #27
[  554.916549] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  554.924665] syz-executor630 D25176  5364   5349 0x00000004
[  554.930303] Call Trace:
[  554.933007]  __schedule+0x86c/0x1ed0
[  554.936805]  ? __switch_to_asm+0x34/0x70
[  554.940858]  ? __switch_to_asm+0x34/0x70
[  554.944977]  ? __sched_text_start+0x8/0x8
[  554.949114]  ? _raw_spin_unlock+0x2c/0x50
[  554.953301]  ? __sched_text_start+0x8/0x8
[  554.957507]  ? max_active_store+0x170/0x170
[  554.961862]  ? is_bpf_text_address+0xd3/0x170
[  554.966454]  ? graph_lock+0x170/0x170
[  554.970252]  schedule+0xfe/0x460
[  554.973695]  ? __local_bh_enable_ip+0x160/0x260
[  554.978415]  ? __schedule+0x1ed0/0x1ed0
[  554.982384]  ? find_held_lock+0x36/0x1c0
[  554.986575]  ? mark_held_locks+0xc7/0x130
[  554.990817]  schedule_timeout+0x1cc/0x260
[  554.995028]  ? usleep_range+0x1a0/0x1a0
[  554.999004]  ? wait_for_completion+0x41f/0x8a0
[  555.003712]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  555.009260]  ? kasan_check_write+0x14/0x20
[  555.013560]  ? do_raw_spin_lock+0xc1/0x200
[  555.017792]  wait_for_completion+0x427/0x8a0
[  555.022190]  ? wait_for_completion_interruptible+0x840/0x840
[  555.028094]  ? wake_up_q+0x100/0x100
[  555.031868]  ? pcrypt_aead_enc+0x190/0x190
[  555.036171]  ? rcu_read_lock_sched_held+0x108/0x120
[  555.041203]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  555.046801]  ? pcrypt_aead_encrypt+0x370/0x460
[  555.051438]  tls_push_record+0xf96/0x1480
[  555.055682]  ? check_preemption_disabled+0x48/0x200
[  555.060709]  tls_sw_sendmsg+0xbfd/0x1310
[  555.064805]  ? trace_hardirqs_on+0xbd/0x310
[  555.069128]  ? decrypt_skb_update+0x6a0/0x6a0
[  555.073769]  ? smack_socket_getpeersec_stream+0x1d0/0x1d0
[  555.079341]  ? usercopy_warn+0x110/0x110
[  555.083461]  inet_sendmsg+0x1a1/0x690
[  555.087257]  ? ipip_gro_receive+0x100/0x100
[  555.091591]  ? smack_socket_sendmsg+0xb0/0x190
[  555.096218]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  555.101768]  ? security_socket_sendmsg+0x94/0xc0
[  555.106578]  ? ipip_gro_receive+0x100/0x100
[  555.110977]  sock_sendmsg+0xd5/0x120
[  555.114732]  __sys_sendto+0x3d7/0x670
[  555.118523]  ? __ia32_sys_getpeername+0xb0/0xb0
[  555.123178]  ? _raw_spin_unlock_bh+0x30/0x40
[  555.127644]  ? release_sock+0x1ec/0x2c0
[  555.131614]  ? tls_sw_free_resources_rx+0x80/0x80
[  555.136498]  ? __release_sock+0x3a0/0x3a0
[  555.140695]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  555.146349]  ? _copy_from_user+0xdf/0x150
[  555.150509]  ? sk_stream_wait_memory+0x1290/0x1290
[  555.155480]  ? tls_setsockopt+0xb2/0x770
[  555.159538]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  555.165162]  ? do_syscall_64+0x9a/0x820
[  555.169132]  ? do_syscall_64+0x9a/0x820
[  555.173099]  ? lockdep_hardirqs_on+0x421/0x5c0
[  555.177787]  ? trace_hardirqs_on+0xbd/0x310
[  555.182161]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  555.187591]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  555.193168]  __x64_sys_sendto+0xe1/0x1a0
[  555.197292]  do_syscall_64+0x1b9/0x820
[  555.201181]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  555.206602]  ? syscall_return_slowpath+0x5e0/0x5e0
[  555.211522]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  555.216409]  ? trace_hardirqs_on_caller+0x310/0x310
[  555.221419]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  555.226477]  ? prepare_exit_to_usermode+0x291/0x3b0
[  555.231496]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  555.236392]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  555.241616] RIP: 0033:0x440fd9
[  555.244874] Code: 68 65 72 65 20 61 72 65 20 6e 6f 20 61 63 74 69 76 65 20 61 63 74 69 6f 6e 73 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 49 6e 70 <75> 74 73 20 77 69 6c 6c 20 72 75 6e 2c 20 62 75 74 20 6e 6f 20 6f
[  555.263934] RSP: 002b:00007fff2d150978 EFLAGS: 00000216 ORIG_RAX: 000000000000002c
[  555.271632] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440fd9
[  555.278953] RDX: 00000000000000b4 RSI: 0000000020000200 RDI: 0000000000000003
[  555.286239] RBP: 0000000000000000 R08: 0000000020000040 R09: 000000000000001c
[  555.293541] R10: 0000000000000000 R11: 0000000000000216 R12: 00000000000620fc
[  555.300797] R13: 0000000000401fb0 R14: 0000000000000000 R15: 0000000000000000
[  555.308106] 
[  555.308106] Showing all locks held in the system:
[  555.314462] 1 lock held by khungtaskd/983:
[  555.318681]  #0: 00000000c5c3673e (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x424
[  555.327354] 1 lock held by rsyslogd/5227:
[  555.331487]  #0: 000000002c662c45 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
[  555.339609] 2 locks held by getty/5317:
[  555.343596]  #0: 00000000a7df1347 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  555.351843]  #1: 000000004e2bd6b9 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  555.360850] 2 locks held by getty/5318:
[  555.364839]  #0: 000000001f256084 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  555.373081]  #1: 000000002fc7b522 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  555.381982] 2 locks held by getty/5319:
[  555.385975]  #0: 00000000c234f0e1 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  555.394274]  #1: 00000000944e1b42 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  555.403119] 2 locks held by getty/5320:
[  555.407113]  #0: 00000000f2d98e44 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  555.415379]  #1: 000000008ffb783d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  555.424271] 2 locks held by getty/5321:
[  555.428227]  #0: 0000000053d195e7 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  555.436513]  #1: 00000000bff8714a (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  555.445409] 2 locks held by getty/5322:
[  555.449362]  #0: 00000000e63ee762 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  555.457654]  #1: 000000008e693bcc (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  555.466537] 2 locks held by getty/5323:
[  555.470566]  #0: 00000000d96cfc4c (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  555.478865]  #1: 000000008004b0ef (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  555.487756] 1 lock held by syz-executor630/5364:
[  555.492491]  #0: 000000006ac37c29 (sk_lock-AF_INET6){+.+.}, at: tls_sw_sendmsg+0x226/0x1310
[  555.501063] 
[  555.502678] =============================================
[  555.502678] 
[  555.509724] NMI backtrace for cpu 0
[  555.513369] CPU: 0 PID: 983 Comm: khungtaskd Not tainted 4.19.0-rc4+ #27
[  555.520189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  555.529520] Call Trace:
[  555.532182]  dump_stack+0x1c4/0x2b4
[  555.535800]  ? dump_stack_print_info.cold.2+0x52/0x52
[  555.540983]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  555.546507]  nmi_cpu_backtrace.cold.3+0x63/0xa2
[  555.551205]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  555.556383]  nmi_trigger_cpumask_backtrace+0x1b3/0x1ed
[  555.561674]  arch_trigger_cpumask_backtrace+0x14/0x20
[  555.566846]  watchdog+0xb3e/0x1050
[  555.570375]  ? reset_hung_task_detector+0xd0/0xd0
[  555.575201]  ? __kthread_parkme+0xce/0x1a0
[  555.579420]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  555.584537]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  555.589625]  ? lockdep_hardirqs_on+0x421/0x5c0
[  555.594192]  ? trace_hardirqs_on+0xbd/0x310
[  555.598573]  ? kasan_check_read+0x11/0x20
[  555.602714]  ? __kthread_parkme+0xce/0x1a0
[  555.606948]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  555.612411]  ? kasan_check_write+0x14/0x20
[  555.616641]  ? do_raw_spin_lock+0xc1/0x200
[  555.620863]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  555.625956]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  555.631478]  ? __kthread_parkme+0xfb/0x1a0
[  555.635701]  kthread+0x35a/0x420
[  555.639056]  ? reset_hung_task_detector+0xd0/0xd0
[  555.643889]  ? kthread_bind+0x40/0x40
[  555.647702]  ret_from_fork+0x3a/0x50
[  555.651559] Sending NMI from CPU 0 to CPUs 1:
[  555.656168] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x6/0x10
[  555.657402] Kernel panic - not syncing: hung_task: blocked tasks
[  555.669878] CPU: 0 PID: 983 Comm: khungtaskd Not tainted 4.19.0-rc4+ #27
[  555.676701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  555.686037] Call Trace:
[  555.688611]  dump_stack+0x1c4/0x2b4
[  555.692226]  ? dump_stack_print_info.cold.2+0x52/0x52
[  555.697407]  panic+0x238/0x4e7
[  555.700582]  ? add_taint.cold.5+0x16/0x16
[  555.704718]  ? nmi_trigger_cpumask_backtrace+0x16a/0x1ed
[  555.710150]  ? nmi_trigger_cpumask_backtrace+0x1c4/0x1ed
[  555.715581]  ? nmi_trigger_cpumask_backtrace+0x173/0x1ed
[  555.721017]  ? nmi_trigger_cpumask_backtrace+0x16a/0x1ed
[  555.726454]  watchdog+0xb4f/0x1050
[  555.729984]  ? reset_hung_task_detector+0xd0/0xd0
[  555.734815]  ? __kthread_parkme+0xce/0x1a0
[  555.739033]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  555.744122]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  555.749266]  ? lockdep_hardirqs_on+0x421/0x5c0
[  555.753844]  ? trace_hardirqs_on+0xbd/0x310
[  555.758155]  ? kasan_check_read+0x11/0x20
[  555.762286]  ? __kthread_parkme+0xce/0x1a0
[  555.766559]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  555.772005]  ? kasan_check_write+0x14/0x20
[  555.776224]  ? do_raw_spin_lock+0xc1/0x200
[  555.780445]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  555.785537]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  555.791062]  ? __kthread_parkme+0xfb/0x1a0
[  555.795288]  kthread+0x35a/0x420
[  555.798640]  ? reset_hung_task_detector+0xd0/0xd0
[  555.803462]  ? kthread_bind+0x40/0x40
[  555.807249]  ret_from_fork+0x3a/0x50
[  555.812151] Kernel Offset: disabled
[  555.815779] Rebooting in 86400 seconds..