[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   34.677346] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   36.897993] random: sshd: uninitialized urandom read (32 bytes read)
[   37.438017] random: sshd: uninitialized urandom read (32 bytes read)
[   39.348791] random: sshd: uninitialized urandom read (32 bytes read)
[  587.392002] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts.
[  592.899607] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[  861.151400] INFO: task syz-executor375:4558 blocked for more than 140 seconds.
[  861.158958]       Not tainted 4.18.0-rc4+ #27
[  861.163515] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  861.171537] syz-executor375 D57104  4558   4554 0x00000004
[  861.177382] Call Trace:
[  861.180086]  __schedule+0x652/0x780
[  861.183794]  schedule+0x1cc/0x300
[  861.187374]  __fuse_request_send+0x105a/0x1a90
[  861.192057]  ? init_wait_entry+0x1a0/0x1a0
[  861.196407]  fuse_simple_request+0x9cc/0xc10
[  861.200885]  fuse_lookup_name+0x472/0xc80
[  861.205142]  ? rcu_all_qs+0x3f/0x210
[  861.208932]  fuse_lookup+0x193/0x810
[  861.212746]  ? kmsan_set_origin_inline+0x6b/0x120
[  861.217680]  fuse_atomic_open+0x2b7/0x1f00
[  861.221975]  ? fuse_dentry_revalidate+0x13d0/0x13d0
[  861.227152]  ? __list_add_valid+0xb8/0x450
[  861.231513]  ? d_alloc_parallel+0x2172/0x2470
[  861.236130]  ? rcu_all_qs+0x3f/0x210
[  861.239899]  ? fuse_rename2+0x4e0/0x4e0
[  861.243937]  path_openat+0x1fa2/0x69c0
[  861.247965]  ? hash_netport6_del+0x21c/0x1a10
[  861.252536]  ? do_filp_open+0x88/0x740
[  861.256463]  do_filp_open+0x2c1/0x740
[  861.260345]  do_open_execat+0x1d1/0x720
[  861.264384]  __do_execve_file+0xb6f/0x3020
[  861.268727]  ? strncpy_from_user+0x3bc/0x4b0
[  861.273216]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  861.278681]  __x64_sys_execve+0x131/0x180
[  861.282885]  ? set_binfmt+0x1b0/0x1b0
[  861.286785]  do_syscall_64+0x15b/0x230
[  861.290749]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  861.296006] RIP: 0033:0x445889
[  861.299223] Code: Bad RIP value.
[  861.302665] RSP: 002b:00007f11e6f42da8 EFLAGS: 00000297 ORIG_RAX: 000000000000003b
[  861.310469] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 0000000000445889
[  861.317810] RDX: 0000000020000500 RSI: 0000000020000480 RDI: 00000000200001c0
[  861.325132] RBP: 00000000006dac38 R08: 00007f11e6f43700 R09: 0000000000000000
[  861.332463] R10: 00007f11e6f43700 R11: 0000000000000297 R12: 64695f70756f7267
[  861.339789] R13: 7375662f7665642f R14: 2f30656c69662f2e R15: 0000000000000001
[  861.347127] NMI backtrace for cpu 1
[  861.350834] CPU: 1 PID: 809 Comm: khungtaskd Not tainted 4.18.0-rc4+ #27
[  861.357665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  861.367011] Call Trace:
[  861.369657]  dump_stack+0x185/0x1e0
[  861.373282]  nmi_trigger_cpumask_backtrace+0x26f/0x4e0
[  861.378572]  ? arch_trigger_cpumask_backtrace+0x40/0x40
[  861.383935]  arch_trigger_cpumask_backtrace+0x2c/0x40
[  861.389149]  trigger_all_cpu_backtrace+0x2b/0x30
[  861.393896]  watchdog+0x1107/0x1130
[  861.397555]  kthread+0x473/0x4b0
[  861.400927]  ? reset_hung_task_detector+0x30/0x30
[  861.405761]  ? kthread_blkcg+0xf0/0xf0
[  861.409732]  ret_from_fork+0x35/0x40
[  861.413540] Sending NMI from CPU 1 to CPUs 0:
[  861.418203] ------------[ cut here ]------------
[  861.423004] kernel BUG at mm/kmsan/kmsan_entry.c:81!
[  861.428133] invalid opcode: 0000 [#1] SMP PTI
[  861.432638] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.18.0-rc4+ #27
[  861.439223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  861.448593] RIP: 0010:kmsan_nmi_enter+0x42/0x70
[  861.453247] Code: 00 74 27 65 8b 04 25 80 90 03 00 83 c0 01 83 f8 08 7d 27 65 89 04 25 80 90 03 00 65 c6 04 25 15 6e 0b 00 ff c3 0f 0b 90 eb fe <0f> 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 0b 66 90 66 2e 
[  861.472710] RSP: 0018:fffffe000000eea8 EFLAGS: 00010046
[  861.478084] RAX: 0000000080000100 RBX: 0000000000000001 RCX: 00000000c0000101
[  861.485361] RDX: 00000000ffff8802 RSI: ffffffff8a40136c RDI: ffffea00003f05a0
[  861.492629] RBP: fffffe000000eef9 R08: 0000000000000000 R09: 0000000000000000
[  861.499903] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  861.507174] R13: 0000000000000000 R14: 000000019249e000 R15: 0000000000000000
[  861.514463] FS:  0000000000000000(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
[  861.522700] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  861.528584] CR2: ffffffffff600400 CR3: 000000019249e000 CR4: 00000000001406f0
[  861.535854] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  861.543121] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  861.550388] Call Trace:
[  861.552991]  <NMI>
[  861.555205]  ? end_repeat_nmi+0x19/0x8e
[  861.559187]  ? end_repeat_nmi+0x7/0x8e
[  861.563128]  ? task_change_group_fair+0xda0/0xda0
[  861.567979]  ? update_cfs_rq_load_avg+0x917/0x1aa0
[  861.572913]  ? update_cfs_rq_load_avg+0x917/0x1aa0
[  861.577850]  ? update_cfs_rq_load_avg+0x917/0x1aa0
[  861.582781]  </NMI>
[  861.585054]  <IRQ>
[  861.587231]  ? update_blocked_averages+0x607/0xe60
[  861.592174]  ? _nohz_idle_balance+0xbb5/0xe80
[  861.596677]  ? __msan_poison_alloca+0x183/0x220
[  861.601361]  ? kmsan_set_origin_inline+0x6b/0x120
[  861.606207]  ? __msan_poison_alloca+0x183/0x220
[  861.610886]  ? run_rebalance_domains+0x40/0x350
[  861.615563]  ? run_rebalance_domains+0x288/0x350
[  861.620352]  ? task_change_group_fair+0xda0/0xda0
[  861.625224]  ? __do_softirq+0x55f/0x934
[  861.629266]  ? irq_exit+0x22a/0x270
[  861.632900]  ? scheduler_ipi+0x25f/0x490
[  861.636991]  ? flat_init_apic_ldr+0x170/0x170
[  861.641494]  ? smp_reschedule_interrupt+0xc7/0x430
[  861.646430]  ? reschedule_interrupt+0xf/0x20
[  861.650828]  </IRQ>
[  861.653072]  ? __cpuidle_text_start+0x8/0x8
[  861.657398]  ? default_idle+0x210/0x3f0
[  861.661386]  ? __cpuidle_text_start+0x8/0x8
[  861.665717]  ? __cpuidle_text_start+0x8/0x8
[  861.670076]  ? arch_cpu_idle+0x26/0x30
[  861.673989]  ? do_idle+0x36c/0x830
[  861.677564]  ? cpu_startup_entry+0x105/0x150
[  861.681976]  ? rest_init+0x1c1/0x1f0
[  861.685746]  ? hpet_time_init+0xd0/0xe0
[  861.689728]  ? start_kernel+0x11bd/0x11e0
[  861.693880]  ? x86_64_start_kernel+0xf0/0x100
[  861.698417]  ? secondary_startup_64+0xa5/0xb0
[  861.702925] Modules linked in:
[  861.706130] Dumping ftrace buffer:
[  861.709659]    (ftrace buffer empty)
[  861.713382] ---[ end trace dc5c57ef0e568b13 ]---
[  861.718161] RIP: 0010:kmsan_nmi_enter+0x42/0x70
[  861.722814] Code: 00 74 27 65 8b 04 25 80 90 03 00 83 c0 01 83 f8 08 7d 27 65 89 04 25 80 90 03 00 65 c6 04 25 15 6e 0b 00 ff c3 0f 0b 90 eb fe <0f> 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 0b 66 90 66 2e 
[  861.742259] RSP: 0018:fffffe000000eea8 EFLAGS: 00010046
[  861.747622] RAX: 0000000080000100 RBX: 0000000000000001 RCX: 00000000c0000101
[  861.754895] RDX: 00000000ffff8802 RSI: ffffffff8a40136c RDI: ffffea00003f05a0
[  861.762171] RBP: fffffe000000eef9 R08: 0000000000000000 R09: 0000000000000000
[  861.769434] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  861.776703] R13: 0000000000000000 R14: 000000019249e000 R15: 0000000000000000
[  861.783975] FS:  0000000000000000(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
[  861.792206] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  861.798082] CR2: ffffffffff600400 CR3: 000000019249e000 CR4: 00000000001406f0
[  861.805351] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  861.812628] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  861.819949] Kernel panic - not syncing: Fatal exception in interrupt
[  863.025871] Shutting down cpus with NMI
[  863.029998] ------------[ cut here ]------------
[  863.034774] kernel BUG at mm/kmsan/kmsan_entry.c:81!
[  863.039908] invalid opcode: 0000 [#2] SMP PTI
[  863.043356] Dumping ftrace buffer:
[  863.044436] CPU: 1 PID: 809 Comm: khungtaskd Tainted: G      D           4.18.0-rc4+ #27
[  863.048239]    (ftrace buffer empty)
[  863.056439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  863.060138] Kernel Offset: disabled
[[   8 8663.3.007371935]19 R5]e bRoeobotoitnig ngin  i8n6 840604 0s0e cosnedcson..ds
..2
/0x70
[  863.081789] Code: 00 74 27 65 8b 04 25 80 90 03 00 83 c0 01 83 f8 08 7d 27 65 89 04 25 80 90 03 00 65 c6 04 25 15 6e 0b 00 ff c3 0f 0b 90 eb fe <0f> 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 0b 66 90 66 2e 
[  863.101513] RSP: 0018:fffffe0000049ea8 EFLAGS: 00010046
[  863.106898] RAX: 0000000000010000 RBX: 0000000000000001 RCX: 00000000c0000101
[  863.114180] RDX: 00000000ffff8802 RSI: ffffffff8a40136c RDI: ffff88021fcb9d00
[  863.121460] RBP: fffffe0000049ef9 R08: 0000000000000000 R09: 0000000000000000
[  863.128736] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  863.136015] R13: 0000000000000000 R14: 00000001c2422000 R15: 0000000000000000
[  863.143301] FS:  0000000000000000(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
[  863.151535] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  863.157433] CR2: 000000000044585f CR3: 00000001c2422000 CR4: 00000000001406e0
[  863.164744] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  863.172028] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  863.179303] Call Trace:
[  863.181920]  <NMI>
[  863.184102]  ? end_repeat_nmi+0x19/0x8e
[  863.188094]  ? end_repeat_nmi+0x7/0x8e
[  863.192024]  ? __msan_metadata_ptr_for_store_2+0x20/0x20
[  863.197495]  ? __msan_metadata_ptr_for_store_2+0x20/0x20
[  863.202964]  ? __msan_metadata_ptr_for_store_2+0x20/0x20
[  863.208418]  </NMI>
[  863.210650]  <IRQ>
[  863.212823]  ? queued_spin_lock_slowpath+0x726/0xb90
[  863.218935]  ? _raw_spin_lock+0x79/0x80
[  863.222928]  ? try_to_wake_up+0x11c9/0x22c0
[  863.227283]  ? default_wake_function+0x92/0xb0
[  863.231912]  ? autoremove_wake_function+0x54/0x320
[  863.236864]  ? __wake_up_common+0x45a/0xa50
[  863.241226]  ? init_wait_entry+0x1a0/0x1a0
[  863.245504]  ? __wake_up_common_lock+0x1a6/0x3b0
[  863.250293]  ? __wake_up+0x4a/0x60
[  863.253850]  ? console_cpu_notify+0xc0/0xc0
[  863.258217]  ? wake_up_klogd_work_func+0xb8/0xe0
[  863.263111]  ? irq_work_tick+0x52d/0x6b0
[  863.267228]  ? update_process_times+0x14b/0x1a0
[  863.271938]  ? tick_sched_timer+0x3bf/0x520
[  863.276286]  ? __hrtimer_run_queues+0xc74/0x1680
[  863.281094]  ? tick_setup_sched_timer+0x600/0x600
[  863.285996]  ? hrtimer_interrupt+0x451/0x13c0
[  863.290544]  ? kmsan_set_origin_inline+0x6b/0x120
[  863.295416]  ? hrtimer_init+0x5f0/0x5f0
[  863.299440]  ? local_apic_timer_interrupt+0x6b/0x250
[  863.304571]  ? smp_apic_timer_interrupt+0x5a/0x90
[  863.309432]  ? apic_timer_interrupt+0xf/0x20
[  863.313925]  </IRQ>
[  863.316182]  ? delay_loop+0x50/0x50
[  863.319825]  ? delay_tsc+0xa2/0xe0
[  863.323380]  ? delay_tsc+0x16/0xe0
[  863.326935]  ? delay_loop+0x50/0x50
[  863.330578]  ? __const_udelay+0xb2/0xe0
[  863.334582]  ? nmi_trigger_cpumask_backtrace+0x449/0x4e0
[  863.340054]  ? arch_trigger_cpumask_backtrace+0x40/0x40
[  863.345452]  ? arch_trigger_cpumask_backtrace+0x2c/0x40
[  863.350837]  ? trigger_all_cpu_backtrace+0x2b/0x30
[  863.355778]  ? watchdog+0x1107/0x1130
[  863.359628]  ? kthread+0x473/0x4b0
[  863.363233]  ? reset_hung_task_detector+0x30/0x30
[  863.368100]  ? kthread_blkcg+0xf0/0xf0
[  863.372028]  ? ret_from_fork+0x35/0x40
[  863.375917] Modules linked in:
[  863.379122] Dumping ftrace buffer:
[  863.382657]    (ftrace buffer empty)
[  863.386382] ---[ end trace dc5c57ef0e568b14 ]---
[  863.391161] RIP: 0010:kmsan_nmi_enter+0x42/0x70
[  863.395828] Code: 00 74 27 65 8b 04 25 80 90 03 00 83 c0 01 83 f8 08 7d 27 65 89 04 25 80 90 03 00 65 c6 04 25 15 6e 0b 00 ff c3 0f 0b 90 eb fe <0f> 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 0b 66 90 66 2e 
[  863.415425] RSP: 0018:fffffe000000eea8 EFLAGS: 00010046
[  863.420811] RAX: 0000000080000100 RBX: 0000000000000001 RCX: 00000000c0000101
[  863.428093] RDX: 00000000ffff8802 RSI: ffffffff8a40136c RDI: ffffea00003f05a0
[  863.435374] RBP: fffffe000000eef9 R08: 0000000000000000 R09: 0000000000000000
[  863.442650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  863.449927] R13: 0000000000000000 R14: 000000019249e000 R15: 0000000000000000
[  863.457214] FS:  0000000000000000(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
[  863.465458] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  863.471355] CR2: 000000000044585f CR3: 00000001c2422000 CR4: 00000000001406e0
[  863.478636] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  863.485914] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400