[....] Starting OpenBSD Secure Shell server: sshd[   29.920098] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   34.605064] random: sshd: uninitialized urandom read (32 bytes read)
[   35.291019] audit: type=1400 audit(1537699004.919:6): avc:  denied  { map } for  pid=5493 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   35.349945] random: sshd: uninitialized urandom read (32 bytes read)
[   35.973632] random: sshd: uninitialized urandom read (32 bytes read)
[  391.841628] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.102' (ECDSA) to the list of known hosts.
[  397.547890] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
[  397.691507] audit: type=1400 audit(1537699367.319:7): avc:  denied  { map } for  pid=5507 comm="syz-executor182" path="/root/syz-executor182570039" dev="sda1" ino=16145 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[  558.736430] INFO: task syz-executor182:5522 blocked for more than 140 seconds.
[  558.744003]       Not tainted 4.19.0-rc4+ #29
[  558.748586] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  558.756653] syz-executor182 D24936  5522   5507 0x00000004
[  558.762284] Call Trace:
[  558.764942]  __schedule+0x86c/0x1ed0
[  558.768727]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  558.773318]  ? __sched_text_start+0x8/0x8
[  558.777530]  ? _raw_spin_unlock+0x2c/0x50
[  558.781673]  ? print_usage_bug+0xc0/0xc0
[  558.785721]  ? print_usage_bug+0xc0/0xc0
[  558.789832]  ? graph_lock+0x170/0x170
[  558.793625]  ? max_active_store+0x170/0x170
[  558.798008]  ? is_bpf_text_address+0xd3/0x170
[  558.802500]  ? graph_lock+0x170/0x170
[  558.806361]  schedule+0xfe/0x460
[  558.809725]  ? __local_bh_enable_ip+0x160/0x260
[  558.814387]  ? __schedule+0x1ed0/0x1ed0
[  558.818424]  ? find_held_lock+0x36/0x1c0
[  558.822544]  ? mark_held_locks+0xc7/0x130
[  558.826850]  schedule_timeout+0x1cc/0x260
[  558.831004]  ? usleep_range+0x1a0/0x1a0
[  558.835056]  ? wait_for_completion+0x41f/0x8a0
[  558.839728]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  558.845274]  ? kasan_check_write+0x14/0x20
[  558.849627]  ? do_raw_spin_lock+0xc1/0x200
[  558.853939]  wait_for_completion+0x427/0x8a0
[  558.858445]  ? wait_for_completion_interruptible+0x840/0x840
[  558.864246]  ? wake_up_q+0x100/0x100
[  558.868046]  ? pcrypt_aead_enc+0x190/0x190
[  558.872278]  ? rcu_read_lock_sched_held+0x108/0x120
[  558.877364]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  558.882896]  ? pcrypt_aead_encrypt+0x370/0x460
[  558.887599]  tls_push_record+0xf96/0x1480
[  558.891802]  ? check_preemption_disabled+0x48/0x200
[  558.896903]  tls_sw_sendmsg+0xbfd/0x1310
[  558.901032]  ? trace_hardirqs_on+0xbd/0x310
[  558.905363]  ? decrypt_skb_update+0x6a0/0x6a0
[  558.909930]  ? sock_has_perm+0x297/0x3e0
[  558.914078]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[  558.919530]  ? lock_release+0x970/0x970
[  558.923564]  ? trace_event_raw_event_sched_process_exec+0x3e2/0x480
[  558.930046]  ? usercopy_warn+0x110/0x110
[  558.934135]  inet_sendmsg+0x1a1/0x690
[  558.937993]  ? ipip_gro_receive+0x100/0x100
[  558.942311]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  558.947989]  ? security_socket_sendmsg+0x94/0xc0
[  558.952751]  ? ipip_gro_receive+0x100/0x100
[  558.957215]  sock_sendmsg+0xd5/0x120
[  558.960935]  __sys_sendto+0x3d7/0x670
[  558.964730]  ? __ia32_sys_getpeername+0xb0/0xb0
[  558.969470]  ? _raw_spin_unlock_bh+0x30/0x40
[  558.974009]  ? release_sock+0x1ec/0x2c0
[  558.978057]  ? tls_sw_free_resources_rx+0x80/0x80
[  558.982900]  ? __release_sock+0x3a0/0x3a0
[  558.987117]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  558.992659]  ? _copy_from_user+0xdf/0x150
[  558.996921]  ? sk_stream_wait_memory+0x1290/0x1290
[  559.001855]  ? tls_setsockopt+0xb2/0x770
[  559.005912]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  559.011523]  ? do_syscall_64+0x9a/0x820
[  559.015502]  ? do_syscall_64+0x9a/0x820
[  559.019552]  ? lockdep_hardirqs_on+0x421/0x5c0
[  559.024131]  ? trace_hardirqs_on+0xbd/0x310
[  559.028541]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  559.034023]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  559.039571]  __x64_sys_sendto+0xe1/0x1a0
[  559.043636]  do_syscall_64+0x1b9/0x820
[  559.047641]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  559.053013]  ? syscall_return_slowpath+0x5e0/0x5e0
[  559.058071]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  559.062926]  ? trace_hardirqs_on_caller+0x310/0x310
[  559.068075]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  559.073090]  ? prepare_exit_to_usermode+0x291/0x3b0
[  559.078166]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  559.083010]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  559.088234] RIP: 0033:0x440fd9
[  559.091427] Code: Bad RIP value.
[  559.094775] RSP: 002b:00007ffe02439d18 EFLAGS: 00000216 ORIG_RAX: 000000000000002c
[  559.102528] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440fd9
[  559.109838] RDX: 00000000000000b4 RSI: 0000000020000200 RDI: 0000000000000003
[  559.117172] RBP: 0000000000000000 R08: 0000000020000040 R09: 000000000000001c
[  559.124437] R10: 0000000000000000 R11: 0000000000000216 R12: 0000000000061198
[  559.131764] R13: 0000000000401fb0 R14: 0000000000000000 R15: 0000000000000000
[  559.139072] 
[  559.139072] Showing all locks held in the system:
[  559.145455] 1 lock held by khungtaskd/984:
[  559.149747]  #0: 00000000cc240446 (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x424
[  559.158482] 1 lock held by rsyslogd/5356:
[  559.162627]  #0: 000000003d15bd5d (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
[  559.170681] 2 locks held by getty/5478:
[  559.174643]  #0: 000000006d1115d3 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  559.182943]  #1: 00000000f15121f4 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  559.191838] 2 locks held by getty/5479:
[  559.195798]  #0: 000000002ff985d9 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  559.204142]  #1: 00000000c2027dac (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  559.213039] 2 locks held by getty/5480:
[  559.217169]  #0: 000000000de5119d (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  559.225410]  #1: 00000000f44ddc1a (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  559.234335] 2 locks held by getty/5481:
[  559.238322]  #0: 00000000ab844ea3 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  559.246613]  #1: 0000000075d54b56 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  559.255463] 2 locks held by getty/5482:
[  559.259492]  #0: 000000009cd6a083 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  559.267807]  #1: 000000008187b67c (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  559.276743] 2 locks held by getty/5483:
[  559.280711]  #0: 00000000e99f781a (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  559.289021]  #1: 000000009d8c244c (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  559.297989] 2 locks held by getty/5484:
[  559.301953]  #0: 00000000cca38336 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40
[  559.310265]  #1: 000000005ef40493 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  559.319172] 1 lock held by syz-executor182/5522:
[  559.323911]  #0: 00000000b49640fd (sk_lock-AF_INET6){+.+.}, at: tls_sw_sendmsg+0x226/0x1310
[  559.332469] 
[  559.334097] =============================================
[  559.334097] 
[  559.341170] NMI backtrace for cpu 1
[  559.344838] CPU: 1 PID: 984 Comm: khungtaskd Not tainted 4.19.0-rc4+ #29
[  559.351662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  559.361104] Call Trace:
[  559.363742]  dump_stack+0x1c4/0x2b4
[  559.367363]  ? dump_stack_print_info.cold.2+0x52/0x52
[  559.372546]  ? check_preemption_disabled+0x48/0x200
[  559.377552]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  559.383081]  nmi_cpu_backtrace.cold.3+0x63/0xa2
[  559.387793]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  559.392976]  nmi_trigger_cpumask_backtrace+0x1b3/0x1ed
[  559.398253]  arch_trigger_cpumask_backtrace+0x14/0x20
[  559.403444]  watchdog+0xb3e/0x1050
[  559.407028]  ? reset_hung_task_detector+0xd0/0xd0
[  559.411869]  ? __kthread_parkme+0xce/0x1a0
[  559.416140]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  559.421239]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  559.426332]  ? lockdep_hardirqs_on+0x421/0x5c0
[  559.430907]  ? trace_hardirqs_on+0xbd/0x310
[  559.435216]  ? kasan_check_read+0x11/0x20
[  559.439356]  ? __kthread_parkme+0xce/0x1a0
[  559.443583]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  559.449027]  ? kasan_check_write+0x14/0x20
[  559.453258]  ? do_raw_spin_lock+0xc1/0x200
[  559.457489]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  559.462653]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  559.468184]  ? __kthread_parkme+0xfb/0x1a0
[  559.472410]  kthread+0x35a/0x420
[  559.475763]  ? reset_hung_task_detector+0xd0/0xd0
[  559.480690]  ? kthread_bind+0x40/0x40
[  559.484482]  ret_from_fork+0x3a/0x50
[  559.488347] Sending NMI from CPU 1 to CPUs 0:
[  559.492905] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
[  559.493850] Kernel panic - not syncing: hung_task: blocked tasks
[  559.506994] CPU: 1 PID: 984 Comm: khungtaskd Not tainted 4.19.0-rc4+ #29
[  559.513877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  559.523221] Call Trace:
[  559.525798]  dump_stack+0x1c4/0x2b4
[  559.529479]  ? dump_stack_print_info.cold.2+0x52/0x52
[  559.534666]  ? printk_safe_log_store+0x2f0/0x2f0
[  559.539418]  panic+0x238/0x4e7
[  559.542598]  ? add_taint.cold.5+0x16/0x16
[  559.546733]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  559.552265]  ? nmi_trigger_cpumask_backtrace+0x173/0x1ed
[  559.557712]  ? nmi_trigger_cpumask_backtrace+0x16a/0x1ed
[  559.563158]  watchdog+0xb4f/0x1050
[  559.566702]  ? reset_hung_task_detector+0xd0/0xd0
[  559.571542]  ? __kthread_parkme+0xce/0x1a0
[  559.575769]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  559.580865]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  559.585967]  ? lockdep_hardirqs_on+0x421/0x5c0
[  559.590540]  ? trace_hardirqs_on+0xbd/0x310
[  559.594845]  ? kasan_check_read+0x11/0x20
[  559.598990]  ? __kthread_parkme+0xce/0x1a0
[  559.603215]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  559.608658]  ? kasan_check_write+0x14/0x20
[  559.612885]  ? do_raw_spin_lock+0xc1/0x200
[  559.617116]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  559.622263]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  559.627800]  ? __kthread_parkme+0xfb/0x1a0
[  559.632029]  kthread+0x35a/0x420
[  559.635392]  ? reset_hung_task_detector+0xd0/0xd0
[  559.640225]  ? kthread_bind+0x40/0x40
[  559.644019]  ret_from_fork+0x3a/0x50
[  559.648815] Kernel Offset: disabled
[  559.652492] Rebooting in 86400 seconds..