[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   17.647526] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.776777] random: sshd: uninitialized urandom read (32 bytes read)
[   24.013864] random: sshd: uninitialized urandom read (32 bytes read)
[   24.930230] random: sshd: uninitialized urandom read (32 bytes read)
[  528.200237] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts.
[  533.615554] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[  717.792203] INFO: task syz-executor209:4474 blocked for more than 140 seconds.
[  717.799784]       Not tainted 4.18.0-rc5+ #158
[  717.804412] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  717.812415] syz-executor209 D23528  4474   4471 0x00000004
[  717.818094] Call Trace:
[  717.820716]  __schedule+0x87c/0x1ed0
[  717.824493]  ? __sched_text_start+0x8/0x8
[  717.828668]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  717.833807]  ? bpf_prog_kallsyms_find+0xde/0x4c0
[  717.838600]  ? graph_lock+0x170/0x170
[  717.842437]  ? graph_lock+0x170/0x170
[  717.846294]  ? is_bpf_text_address+0xae/0x170
[  717.850868]  ? lock_downgrade+0x8f0/0x8f0
[  717.855054]  schedule+0xfb/0x450
[  717.858446]  ? lock_downgrade+0x8f0/0x8f0
[  717.862599]  ? __schedule+0x1ed0/0x1ed0
[  717.866596]  ? mark_held_locks+0xc9/0x160
[  717.870767]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  717.875370]  ? _raw_spin_unlock_irq+0x27/0x70
[  717.879889]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  717.884944]  __rwsem_down_write_failed_common+0x95d/0x1630
[  717.890587]  ? rwsem_spin_on_owner+0xa40/0xa40
[  717.895216]  ? trace_hardirqs_on+0x10/0x10
[  717.899470]  ? print_usage_bug+0xc0/0xc0
[  717.903558]  ? kasan_check_read+0x11/0x20
[  717.907711]  ? do_raw_spin_unlock+0xa7/0x2f0
[  717.912132]  ? graph_lock+0x170/0x170
[  717.915940]  ? graph_lock+0x170/0x170
[  717.919760]  ? graph_lock+0x170/0x170
[  717.923576]  ? find_held_lock+0x36/0x1c0
[  717.927665]  ? graph_lock+0x170/0x170
[  717.931479]  ? find_held_lock+0x36/0x1c0
[  717.935565]  ? lock_acquire+0x1e4/0x540
[  717.939554]  ? fuse_reverse_inval_entry+0xae/0x6d0
[  717.944505]  ? lock_release+0xa30/0xa30
[  717.948482]  ? check_same_owner+0x340/0x340
[  717.952824]  rwsem_down_write_failed+0xe/0x10
[  717.957334]  ? rwsem_down_write_failed+0xe/0x10
[  717.962035]  call_rwsem_down_write_failed+0x17/0x30
[  717.967060]  down_write+0xaa/0x130
[  717.970613]  ? fuse_reverse_inval_entry+0xae/0x6d0
[  717.975543]  ? down_read+0x1d0/0x1d0
[  717.979274]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  717.984819]  ? ilookup5+0x103/0x140
[  717.988459]  ? fuse_init_file_inode+0x70/0x70
[  717.992960]  fuse_reverse_inval_entry+0xae/0x6d0
[  717.997727]  ? fuse_update_attributes+0xd0/0xd0
[  718.002408]  ? print_usage_bug+0xc0/0xc0
[  718.006497]  fuse_dev_do_write+0x2b97/0x3700
[  718.010923]  ? refill_pi_state_cache.part.8+0x320/0x320
[  718.016338]  ? kasan_check_write+0x14/0x20
[  718.020585]  ? do_raw_spin_lock+0xc1/0x200
[  718.024836]  ? fuse_dev_read+0x250/0x250
[  718.028916]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  718.033956]  ? futex_wait_setup+0x281/0x410
[  718.038304]  ? trace_hardirqs_on+0x10/0x10
[  718.042584]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  718.048144]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  718.053289]  ? futex_wait+0x5d2/0xa20
[  718.057118]  ? end_requests+0x460/0x460
[  718.061125]  ? futex_wait_setup+0x410/0x410
[  718.065475]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  718.071048]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  718.076166]  ? futex_wake+0x304/0x760
[  718.080007]  ? graph_lock+0x170/0x170
[  718.083846]  ? find_held_lock+0x36/0x1c0
[  718.087938]  ? lock_downgrade+0x8f0/0x8f0
[  718.092107]  ? kasan_check_read+0x11/0x20
[  718.096299]  ? rcu_is_watching+0x8c/0x150
[  718.100472]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  718.104910]  ? memset+0x31/0x40
[  718.108205]  fuse_dev_write+0x19a/0x240
[  718.112207]  ? fuse_dev_splice_write+0xe60/0xe60
[  718.116986]  ? expand_files.part.8+0x9c0/0x9c0
[  718.121599]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.127161]  ? iov_iter_init+0xc9/0x1f0
[  718.131161]  __vfs_write+0x6c6/0x9f0
[  718.134903]  ? kernel_read+0x120/0x120
[  718.138811]  ? vfs_copy_file_range+0xb90/0xb90
[  718.143432]  ? fsnotify_first_mark+0x350/0x350
[  718.148057]  ? rw_verify_area+0x118/0x360
[  718.152237]  vfs_write+0x1f8/0x560
[  718.155801]  ksys_write+0x101/0x260
[  718.159438]  ? __ia32_sys_read+0xb0/0xb0
[  718.163540]  ? ksys_mount+0xa8/0x140
[  718.167266]  __x64_sys_write+0x73/0xb0
[  718.171175]  do_syscall_64+0x1b9/0x820
[  718.175070]  ? finish_task_switch+0x1d3/0x870
[  718.179595]  ? syscall_return_slowpath+0x5e0/0x5e0
[  718.184538]  ? syscall_return_slowpath+0x31d/0x5e0
[  718.189491]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  718.194869]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  718.199815]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  718.205026] RIP: 0033:0x445869
[  718.208225] Code: Bad RIP value.
[  718.211622] RSP: 002b:00007f629dd9dda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  718.219382] RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 0000000000445869
[  718.226662] RDX: 0000000000000029 RSI: 00000000200000c0 RDI: 0000000000000003
[  718.233950] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000
[  718.241229] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  718.248538] R13: 64695f70756f7267 R14: 2f30656c69662f2e R15: 0000000000000001
[  718.255841] INFO: task syz-executor209:4475 blocked for more than 140 seconds.
[  718.263227]       Not tainted 4.18.0-rc5+ #158
[  718.267821] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  718.275820] syz-executor209 D25496  4475   4471 0x00000004
[  718.281468] Call Trace:
[  718.284075]  __schedule+0x87c/0x1ed0
[  718.287804]  ? __sched_text_start+0x8/0x8
[  718.291973]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  718.296589]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  718.301724]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.306759]  ? trace_hardirqs_on+0xd/0x10
[  718.310938]  ? prepare_to_wait_event+0x396/0xc70
[  718.315715]  ? prepare_to_wait_exclusive+0x550/0x550
[  718.320853]  schedule+0xfb/0x450
[  718.324241]  ? __schedule+0x1ed0/0x1ed0
[  718.328261]  ? check_same_owner+0x340/0x340
[  718.332605]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.337056]  ? replenish_dl_entity.cold.53+0x37/0x37
[  718.342191]  request_wait_answer+0x4c8/0x920
[  718.346636]  ? fuse_read_forget.isra.22+0xdc0/0xdc0
[  718.351679]  ? finish_wait+0x430/0x430
[  718.355609]  ? finish_wait+0x430/0x430
[  718.359525]  ? finish_wait+0x430/0x430
[  718.363470]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  718.368070]  ? fuse_dev_ioctl+0x430/0x430
[  718.372248]  ? kasan_check_write+0x14/0x20
[  718.376507]  ? do_raw_spin_lock+0xc1/0x200
[  718.380775]  __fuse_request_send+0x12a/0x1d0
[  718.385203]  fuse_request_send+0x62/0xa0
[  718.389287]  fuse_simple_request+0x33d/0x730
[  718.393728]  fuse_lookup_name+0x3ee/0x830
[  718.397904]  ? fuse_valid_type+0xb0/0xb0
[  718.401988]  ? mutex_lock_nested+0x16/0x20
[  718.406265]  fuse_lookup+0xf9/0x4c0
[  718.409908]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.414350]  ? fuse_lookup_name+0x830/0x830
[  718.418690]  ? kasan_check_write+0x14/0x20
[  718.422955]  ? do_raw_spin_lock+0xc1/0x200
[  718.427228]  __lookup_hash+0x12e/0x190
[  718.431150]  filename_create+0x1e5/0x5b0
[  718.435226]  ? kern_path_mountpoint+0x40/0x40
[  718.439752]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.445313]  ? getname_flags+0x26e/0x5a0
[  718.449394]  do_mkdirat+0xda/0x310
[  718.452946]  ? __ia32_sys_mknod+0xb0/0xb0
[  718.457135]  ? syscall_slow_exit_work+0x500/0x500
[  718.462008]  ? _raw_spin_unlock_irq+0x27/0x70
[  718.466553]  __x64_sys_mkdirat+0x76/0xb0
[  718.470641]  do_syscall_64+0x1b9/0x820
[  718.474548]  ? syscall_return_slowpath+0x5e0/0x5e0
[  718.479521]  ? syscall_return_slowpath+0x31d/0x5e0
[  718.484477]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  718.489874]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  718.494756]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  718.499978] RIP: 0033:0x445869
[  718.503175] Code: Bad RIP value.
[  718.506580] RSP: 002b:00007f629dd7cda8 EFLAGS: 00000297 ORIG_RAX: 0000000000000102
[  718.514313] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 0000000000445869
[  718.521612] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 00000000ffffff9c
[  718.528895] RBP: 00000000006dac38 R08: 0000000000000000 R09: 0000000000000000
[  718.536186] R10: 0000000000000000 R11: 0000000000000297 R12: 0030656c69662f2e
[  718.543486] R13: 64695f70756f7267 R14: 2f30656c69662f2e R15: 0000000000000001
[  718.550793] 
[  718.550793] Showing all locks held in the system:
[  718.557136] 1 lock held by khungtaskd/901:
[  718.561383]  #0: (____ptrval____) (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428
[  718.570044] 1 lock held by rsyslogd/4354:
[  718.574220] 2 locks held by getty/4445:
[  718.578192]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.586464]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.595334] 2 locks held by getty/4446:
[  718.599322]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.607577]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.616452] 2 locks held by getty/4447:
[  718.620435]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.628695]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.637565] 2 locks held by getty/4448:
[  718.641550]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.649815]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.658725] 2 locks held by getty/4449:
[  718.662723]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.671021]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.679917] 2 locks held by getty/4450:
[  718.683920]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.692191]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.701098] 2 locks held by getty/4451:
[  718.705110]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.713389]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.722349] 2 locks held by syz-executor209/4474:
[  718.727211]  #0: (____ptrval____) (&fc->killsb){.+.+}, at: fuse_dev_do_write+0x2b2d/0x3700
[  718.735643]  #1: (____ptrval____) (&type->i_mutex_dir_key#4){+.+.}, at: fuse_reverse_inval_entry+0xae/0x6d0
[  718.745574] 3 locks held by syz-executor209/4475:
[  718.750425]  #0: (____ptrval____) (sb_writers#9){.+.+}, at: mnt_want_write+0x3f/0xc0
[  718.758376]  #1: (____ptrval____) (&type->i_mutex_dir_key#3/1){+.+.}, at: filename_create+0x1b2/0x5b0
[  718.768411]  #2: (____ptrval____) (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0
[  718.776260] 
[  718.777915] =============================================
[  718.777915] 
[  718.784950] NMI backtrace for cpu 1
[  718.788597] CPU: 1 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc5+ #158
[  718.795517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.804856] Call Trace:
[  718.807455]  dump_stack+0x1c9/0x2b4
[  718.811068]  ? dump_stack_print_info.cold.2+0x52/0x52
[  718.816242]  ? vprintk_default+0x28/0x30
[  718.820301]  nmi_cpu_backtrace.cold.4+0x19/0xce
[  718.824955]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  718.829347]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  718.834929]  nmi_trigger_cpumask_backtrace+0x151/0x192
[  718.840196]  arch_trigger_cpumask_backtrace+0x14/0x20
[  718.845366]  watchdog+0x9c4/0xf80
[  718.848817]  ? reset_hung_task_detector+0xd0/0xd0
[  718.853648]  ? kasan_check_read+0x11/0x20
[  718.857783]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.862177]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  718.867259]  ? __kthread_parkme+0x58/0x1b0
[  718.871477]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.876473]  ? trace_hardirqs_on+0xd/0x10
[  718.880601]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.886117]  ? __kthread_parkme+0x106/0x1b0
[  718.890425]  kthread+0x345/0x410
[  718.893780]  ? reset_hung_task_detector+0xd0/0xd0
[  718.898600]  ? kthread_bind+0x40/0x40
[  718.902380]  ret_from_fork+0x3a/0x50
[  718.906187] Sending NMI from CPU 1 to CPUs 0:
[  718.910712] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
[  718.911700] Kernel panic - not syncing: hung_task: blocked tasks
[  718.924449] CPU: 1 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc5+ #158
[  718.931358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.940780] Call Trace:
[  718.943357]  dump_stack+0x1c9/0x2b4
[  718.946965]  ? dump_stack_print_info.cold.2+0x52/0x52
[  718.952139]  ? printk_safe_log_store+0x2f0/0x2f0
[  718.956877]  panic+0x238/0x4e7
[  718.960138]  ? add_taint.cold.5+0x16/0x16
[  718.964267]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.969791]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[  718.975222]  ? printk_safe_flush+0xd7/0x130
[  718.979526]  watchdog+0x9d5/0xf80
[  718.983051]  ? reset_hung_task_detector+0xd0/0xd0
[  718.987878]  ? kasan_check_read+0x11/0x20
[  718.992008]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.996400]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  719.001482]  ? __kthread_parkme+0x58/0x1b0
[  719.005696]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  719.010694]  ? trace_hardirqs_on+0xd/0x10
[  719.014834]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  719.020348]  ? __kthread_parkme+0x106/0x1b0
[  719.024661]  kthread+0x345/0x410
[  719.028007]  ? reset_hung_task_detector+0xd0/0xd0
[  719.032837]  ? kthread_bind+0x40/0x40
[  719.036618]  ret_from_fork+0x3a/0x50
[  719.040923] Dumping ftrace buffer:
[  719.044516]    (ftrace buffer empty)
[  719.048205] Kernel Offset: disabled
[  719.051825] Rebooting in 86400 seconds..