[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   22.324071] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   25.391754] random: sshd: uninitialized urandom read (32 bytes read)
[   25.799147] random: sshd: uninitialized urandom read (32 bytes read)
[   26.706257] random: sshd: uninitialized urandom read (32 bytes read)
[  519.781800] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts.
[  525.387569] random: sshd: uninitialized urandom read (32 bytes read)
2018/07/12 22:22:31 parsed 1 programs
[  528.155090] random: cc1: uninitialized urandom read (8 bytes read)
2018/07/12 22:22:34 executed programs: 0
[  529.602157] IPVS: ftp: loaded support on port[0] = 21
[  529.809928] bridge0: port 1(bridge_slave_0) entered blocking state
[  529.816406] bridge0: port 1(bridge_slave_0) entered disabled state
[  529.824090] device bridge_slave_0 entered promiscuous mode
[  529.841047] bridge0: port 2(bridge_slave_1) entered blocking state
[  529.847446] bridge0: port 2(bridge_slave_1) entered disabled state
[  529.854698] device bridge_slave_1 entered promiscuous mode
[  529.870595] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  529.888502] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  529.931583] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  529.951079] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  530.017328] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  530.024677] team0: Port device team_slave_0 added
[  530.041687] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  530.049146] team0: Port device team_slave_1 added
[  530.064920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  530.082586] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  530.101146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  530.118540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  530.244194] bridge0: port 2(bridge_slave_1) entered blocking state
[  530.250678] bridge0: port 2(bridge_slave_1) entered forwarding state
[  530.258624] bridge0: port 1(bridge_slave_0) entered blocking state
[  530.265085] bridge0: port 1(bridge_slave_0) entered forwarding state
[  530.714724] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  530.720992] 8021q: adding VLAN 0 to HW filter on device bond0
[  530.768340] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  530.784079] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  530.822167] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  530.828413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  530.836180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  530.876871] 8021q: adding VLAN 0 to HW filter on device team0
[  717.791263] INFO: task syz-executor0:4871 blocked for more than 140 seconds.
[  717.798858]       Not tainted 4.18.0-rc4+ #46
[  717.804775] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  717.812913] syz-executor0   D23832  4871   4609 0x20020004
[  717.818728] Call Trace:
[  717.821437]  __schedule+0x87c/0x1ed0
[  717.825278]  ? __sched_text_start+0x8/0x8
[  717.829520]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  717.834727]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  717.840230]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  717.845503]  ? trace_hardirqs_on+0xd/0x10
[  717.849768]  ? prepare_to_wait_event+0x396/0xc70
[  717.854684]  ? prepare_to_wait_exclusive+0x550/0x550
[  717.859932]  schedule+0xfb/0x450
[  717.863883]  ? __schedule+0x1ed0/0x1ed0
[  717.867984]  ? check_same_owner+0x340/0x340
[  717.872457]  ? do_raw_spin_unlock+0xa7/0x2f0
[  717.877008]  ? replenish_dl_entity.cold.53+0x37/0x37
[  717.882324]  request_wait_answer+0x4c8/0x920
[  717.886892]  ? fuse_read_forget.isra.22+0xdc0/0xdc0
[  717.892074]  ? finish_wait+0x430/0x430
[  717.896119]  ? finish_wait+0x430/0x430
[  717.900158]  ? finish_wait+0x430/0x430
[  717.904171]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  717.908890]  ? fuse_dev_ioctl+0x430/0x430
[  717.913162]  ? kasan_check_write+0x14/0x20
[  717.917519]  ? do_raw_spin_lock+0xc1/0x200
[  717.921998]  __fuse_request_send+0x12a/0x1d0
[  717.926624]  fuse_request_send+0x62/0xa0
[  717.930872]  fuse_simple_request+0x33d/0x730
[  717.935463]  fuse_send_open.isra.17+0x366/0x450
[  717.940348]  ? fuse_file_read_iter+0x250/0x250
[  717.945120]  ? _raw_spin_unlock+0x22/0x30
[  717.949432]  ? fuse_file_alloc+0x298/0x3a0
[  717.953937]  ? fsnotify+0xbb4/0x14e0
[  717.957853]  fuse_do_open+0x25c/0x540
[  717.961837]  ? fuse_file_alloc+0x3a0/0x3a0
[  717.966243]  ? fsnotify+0x14e0/0x14e0
[  717.970183]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  717.974942]  fuse_open_common+0x160/0x2b0
[  717.979272]  fuse_dir_open+0x22/0x30
[  717.983184]  do_dentry_open+0x818/0xe40
[  717.987289]  ? security_inode_permission+0xd2/0x100
[  717.992506]  ? fuse_dir_release+0x20/0x20
[  717.996834]  vfs_open+0x139/0x230
[  718.000453]  path_openat+0x174a/0x4e10
[  718.004499]  ? path_lookupat.isra.45+0xbf0/0xbf0
[  718.009421]  ? __save_stack_trace+0x8d/0xf0
[  718.013931]  ? trace_hardirqs_on+0x10/0x10
[  718.018369]  ? save_stack+0xa9/0xd0
[  718.022127]  ? save_stack+0x43/0xd0
[  718.025915]  ? kasan_kmalloc+0xc4/0xe0
[  718.029954]  ? kasan_slab_alloc+0x12/0x20
[  718.035302]  ? kmem_cache_alloc+0x12e/0x760
[  718.040207]  ? prepare_creds+0x80/0x3f0
[  718.044368]  ? prepare_exec_creds+0x11/0xf0
[  718.048957]  ? prepare_bprm_creds+0x70/0x120
[  718.053494]  ? __do_execve_file.isra.35+0x475/0x2730
[  718.059099]  ? __ia32_compat_sys_execve+0x94/0xc0
[  718.064108]  ? do_fast_syscall_32+0x34d/0xfb2
[  718.068678]  ? entry_SYSENTER_compat+0x70/0x7f
[  718.074207]  ? lock_downgrade+0x8f0/0x8f0
[  718.078506]  ? __lock_is_held+0xb5/0x140
[  718.082731]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  718.087393]  ? graph_lock+0x170/0x170
[  718.091352]  do_filp_open+0x255/0x380
[  718.095281]  ? may_open_dev+0x100/0x100
[  718.099412]  ? lock_downgrade+0x8f0/0x8f0
[  718.103837]  do_open_execat+0x1fe/0x670
[  718.107933]  ? unregister_binfmt+0x2a0/0x2a0
[  718.112487]  ? do_raw_spin_lock+0xc1/0x200
[  718.116803]  __do_execve_file.isra.35+0x1827/0x2730
[  718.121909]  ? prepare_bprm_creds+0x120/0x120
[  718.126484]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  718.131743]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  718.136956]  ? __check_object_size+0x9d/0x5f2
[  718.141578]  ? usercopy_warn+0x120/0x120
[  718.145798]  ? kasan_check_read+0x11/0x20
[  718.150130]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.154719]  ? kasan_check_read+0x11/0x20
[  718.159251]  ? rcu_is_watching+0x8c/0x150
[  718.163927]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.169628]  ? strncpy_from_user+0x3be/0x510
[  718.174216]  ? mpi_free.cold.1+0x19/0x19
[  718.178427]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.184143]  ? getname_flags+0x26e/0x5a0
[  718.188790]  __ia32_compat_sys_execve+0x94/0xc0
[  718.193606]  do_fast_syscall_32+0x34d/0xfb2
[  718.197996]  ? do_int80_syscall_32+0x890/0x890
[  718.202664]  ? kasan_check_write+0x14/0x20
[  718.206960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.213541]  ? syscall_return_slowpath+0x31d/0x5e0
[  718.218531]  ? sysret32_from_system_call+0x5/0x46
[  718.223437]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  718.228324]  entry_SYSENTER_compat+0x70/0x7f
[  718.232795] RIP: 0023:0xf7f51cb9
[  718.236184] Code: Bad RIP value.
[  718.239612] RSP: 002b:00000000f7f2c0ac EFLAGS: 00000282 ORIG_RAX: 000000000000000b
[  718.247400] RAX: ffffffffffffffda RBX: 0000000020000180 RCX: 0000000020000700
[  718.254804] RDX: 0000000020000800 RSI: 0000000000000000 RDI: 0000000000000000
[  718.262213] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  718.269634] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  718.277058] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  718.284572] 
[  718.284572] Showing all locks held in the system:
[  718.291367] 1 lock held by khungtaskd/900:
[  718.295708]  #0: (____ptrval____) (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428
[  718.305370] 1 lock held by rsyslogd/4475:
[  718.310037] 2 locks held by getty/4565:
[  718.314116]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.323879]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.333077] 2 locks held by getty/4566:
[  718.337099]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.345433]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.354444] 2 locks held by getty/4567:
[  718.358500]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.367904]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.378302] 2 locks held by getty/4568:
[  718.382339]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.390841]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.399795] 2 locks held by getty/4569:
[  718.403834]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.412267]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.421211] 2 locks held by getty/4570:
[  718.425236]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.433527]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.442458] 2 locks held by getty/4571:
[  718.446450]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.454830]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.463750] 1 lock held by syz-executor0/4871:
[  718.468408]  #0: (____ptrval____) (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x53/0x120
[  718.477667] 
[  718.479339] =============================================
[  718.479339] 
[  718.486475] NMI backtrace for cpu 1
[  718.490224] CPU: 1 PID: 900 Comm: khungtaskd Not tainted 4.18.0-rc4+ #46
[  718.497064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.506433] Call Trace:
[  718.509054]  dump_stack+0x1c9/0x2b4
[  718.512681]  ? dump_stack_print_info.cold.2+0x52/0x52
[  718.517865]  ? vprintk_default+0x28/0x30
[  718.522032]  nmi_cpu_backtrace.cold.4+0x19/0xce
[  718.526717]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  718.531166]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  718.536361]  nmi_trigger_cpumask_backtrace+0x151/0x192
[  718.541677]  arch_trigger_cpumask_backtrace+0x14/0x20
[  718.546926]  watchdog+0x9c4/0xf80
[  718.550449]  ? reset_hung_task_detector+0xd0/0xd0
[  718.555338]  ? kasan_check_read+0x11/0x20
[  718.559492]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.563892]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  718.568988]  ? __kthread_parkme+0x58/0x1b0
[  718.573220]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.578248]  ? trace_hardirqs_on+0xd/0x10
[  718.582418]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.587951]  ? __kthread_parkme+0x106/0x1b0
[  718.592267]  kthread+0x345/0x410
[  718.595628]  ? reset_hung_task_detector+0xd0/0xd0
[  718.600458]  ? kthread_bind+0x40/0x40
[  718.604262]  ret_from_fork+0x3a/0x50
[  718.608103] Sending NMI from CPU 1 to CPUs 0:
[  718.612662] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
[  718.613633] Kernel panic - not syncing: hung_task: blocked tasks
[  718.626449] CPU: 1 PID: 900 Comm: khungtaskd Not tainted 4.18.0-rc4+ #46
[  718.633272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.642907] Call Trace:
[  718.645504]  dump_stack+0x1c9/0x2b4
[  718.650251]  ? dump_stack_print_info.cold.2+0x52/0x52
[  718.655458]  ? printk_safe_log_store+0x2f0/0x2f0
[  718.660217]  panic+0x238/0x4e7
[  718.663398]  ? add_taint.cold.5+0x16/0x16
[  718.667636]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.673168]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[  718.678613]  ? printk_safe_flush+0xd7/0x130
[  718.683035]  watchdog+0x9d5/0xf80
[  718.686489]  ? reset_hung_task_detector+0xd0/0xd0
[  718.691348]  ? kasan_check_read+0x11/0x20
[  718.695512]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.699951]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  718.705081]  ? __kthread_parkme+0x58/0x1b0
[  718.709365]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.714434]  ? trace_hardirqs_on+0xd/0x10
[  718.718644]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.724242]  ? __kthread_parkme+0x106/0x1b0
[  718.728616]  kthread+0x345/0x410
[  718.732033]  ? reset_hung_task_detector+0xd0/0xd0
[  718.736919]  ? kthread_bind+0x40/0x40
[  718.740780]  ret_from_fork+0x3a/0x50
[  718.745300] Dumping ftrace buffer:
[  718.749140]    (ftrace buffer empty)
[  718.752890] Kernel Offset: disabled
[  718.756550] Rebooting in 86400 seconds..