[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   35.473105] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   40.550806] random: sshd: uninitialized urandom read (32 bytes read)
[   40.851836] random: sshd: uninitialized urandom read (32 bytes read)
[   42.269421] random: sshd: uninitialized urandom read (32 bytes read)
[  464.906390] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts.
[  470.416422] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[  717.791295] INFO: task syz-executor429:4595 blocked for more than 140 seconds.
[  717.798774]       Not tainted 4.18.0-rc5+ #29
[  717.803334] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  717.811488] syz-executor429 D58432  4595   4592 0x00000004
[  717.817296] Call Trace:
[  717.819954]  __schedule+0x652/0x780
[  717.823654]  schedule+0x1cc/0x300
[  717.827200]  __rwsem_down_write_failed_common+0x807/0x1480
[  717.832906]  rwsem_down_write_failed+0x2c/0x30
[  717.837555]  call_rwsem_down_write_failed+0x17/0x30
[  717.842648]  ? fuse_change_attributes+0x820/0x820
[  717.847555]  down_write+0x5e/0xc0
[  717.851144]  fuse_reverse_inval_entry+0x154/0xad0
[  717.856092]  ? _cond_resched+0x3b/0x100
[  717.860154]  ? down_read+0x2c/0x100
[  717.863868]  fuse_dev_do_write+0xcacf/0xcea0
[  717.868364]  ? do_futex+0x3b8/0x6c80
[  717.872163]  ? __se_sys_futex+0x626/0x800
[  717.876413]  fuse_dev_write+0x1d0/0x250
[  717.880490]  ? fuse_dev_read+0x2b0/0x2b0
[  717.884638]  __vfs_write+0x87e/0xb90
[  717.888442]  vfs_write+0x467/0x8c0
[  717.892098]  __x64_sys_write+0x1cf/0x400
[  717.896253]  ? ksys_write+0x380/0x380
[  717.900150]  do_syscall_64+0x15b/0x230
[  717.904110]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  717.909364] RIP: 0033:0x445869
[  717.912580] Code: Bad RIP value.
[  717.916014] RSP: 002b:00007f373f011da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  717.923819] RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 0000000000445869
[  717.931147] RDX: 0000000000000029 RSI: 00000000200000c0 RDI: 0000000000000003
[  717.938477] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000
[  717.945814] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  717.953134] R13: 64695f70756f7267 R14: 2f30656c69662f2e R15: 0000000000000001
[  717.960481] INFO: task syz-executor429:4596 blocked for more than 140 seconds.
[  717.967882]       Not tainted 4.18.0-rc5+ #29
[  717.972432] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  717.980448] syz-executor429 D58832  4596   4592 0x00000004
[  717.986234] Call Trace:
[  717.988868]  __schedule+0x652/0x780
[  717.992567]  schedule+0x1cc/0x300
[  717.996100]  __fuse_request_send+0x105a/0x1a90
[  718.000736]  ? init_wait_entry+0x1a0/0x1a0
[  718.005024]  fuse_simple_request+0x9cc/0xc10
[  718.009507]  fuse_lookup_name+0x472/0xc80
[  718.013714]  ? rcu_all_qs+0x3f/0x210
[  718.017487]  ? _cond_resched+0x4c/0x100
[  718.021529]  fuse_lookup+0x193/0x810
[  718.025297]  ? __list_add_valid+0xb8/0x450
[  718.029598]  ? fuse_getattr+0x8a0/0x8a0
[  718.033651]  __lookup_hash+0x26c/0x510
[  718.037597]  filename_create+0x322/0xbe0
[  718.041724]  do_mkdirat+0x120/0x690
[  718.045417]  __x64_sys_mkdirat+0xe1/0x120
[  718.049633]  ? do_mkdirat+0x690/0x690
[  718.053495]  do_syscall_64+0x15b/0x230
[  718.057451]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  718.062681] RIP: 0033:0x445869
[  718.065925] Code: Bad RIP value.
[  718.069348] RSP: 002b:00007f373eff0da8 EFLAGS: 00000297 ORIG_RAX: 0000000000000102
[  718.077148] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 0000000000445869
[  718.084481] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 00000000ffffff9c
[  718.091825] RBP: 00000000006dac38 R08: 0000000000000000 R09: 0000000000000000
[  718.099150] R10: 0000000000000000 R11: 0000000000000297 R12: 0030656c69662f2e
[  718.106479] R13: 64695f70756f7267 R14: 2f30656c69662f2e R15: 0000000000000001
[  718.113806] NMI backtrace for cpu 1
[  718.117490] CPU: 1 PID: 808 Comm: khungtaskd Not tainted 4.18.0-rc5+ #29
[  718.124322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.133677] Call Trace:
[  718.136290]  dump_stack+0x185/0x1e0
[  718.139919]  nmi_trigger_cpumask_backtrace+0x26f/0x4e0
[  718.145196]  ? arch_trigger_cpumask_backtrace+0x40/0x40
[  718.150558]  arch_trigger_cpumask_backtrace+0x2c/0x40
[  718.155754]  trigger_all_cpu_backtrace+0x2b/0x30
[  718.160503]  watchdog+0x1107/0x1130
[  718.164133]  kthread+0x473/0x4b0
[  718.167506]  ? reset_hung_task_detector+0x30/0x30
[  718.172347]  ? kthread_blkcg+0xf0/0xf0
[  718.176236]  ret_from_fork+0x35/0x40
[  718.180069] Sending NMI from CPU 1 to CPUs 0:
[  718.184674] ------------[ cut here ]------------
[  718.189472] kernel BUG at mm/kmsan/kmsan_entry.c:81!
[  718.194604] invalid opcode: 0000 [#1] SMP PTI
[  718.199116] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.18.0-rc5+ #29
[  718.205695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.215081] RIP: 0010:kmsan_nmi_enter+0x42/0x70
[  718.219738] Code: 00 74 27 65 8b 04 25 80 90 03 00 83 c0 01 83 f8 08 7d 27 65 89 04 25 80 90 03 00 65 c6 04 25 15 6e 0b 00 ff c3 0f 0b 90 eb fe <0f> 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 0b 66 90 66 2e 
[  718.239202] RSP: 0018:fffffe000000eea8 EFLAGS: 00010046
[  718.244582] RAX: 0000000080000000 RBX: 0000000000000001 RCX: 00000000c0000101
[  718.251856] RDX: 00000000ffff8802 RSI: ffffffff8a40136c RDI: ffffea0000439620
[  718.259128] RBP: fffffe000000eef9 R08: 0000000000000000 R09: 0000000000000000
[  718.266404] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  718.273677] R13: 0000000000000000 R14: 0000000194f6e000 R15: 0000000000000000
[  718.280955] FS:  0000000000000000(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
[  718.289197] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  718.295091] CR2: ffffffffff600400 CR3: 0000000194f6e000 CR4: 00000000001406f0
[  718.302361] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  718.309632] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  718.316898] Call Trace:
[  718.319491]  <NMI>
[  718.321658]  ? end_repeat_nmi+0x19/0x8e
[  718.325639]  ? end_repeat_nmi+0x7/0x8e
[  718.329535]  ? __cpuidle_text_start+0x8/0x8
[  718.333866]  ? default_idle+0x210/0x3f0
[  718.337845]  ? default_idle+0x210/0x3f0
[  718.341823]  ? default_idle+0x210/0x3f0
[  718.345789]  </NMI>
[  718.348036]  ? __cpuidle_text_start+0x8/0x8
[  718.352369]  ? __cpuidle_text_start+0x8/0x8
[  718.356698]  ? arch_cpu_idle+0x26/0x30
[  718.360588]  ? do_idle+0x36c/0x830
[  718.364164]  ? cpu_startup_entry+0x105/0x150
[  718.368579]  ? rest_init+0x1c1/0x1f0
[  718.372324]  ? hpet_time_init+0xd0/0xe0
[  718.376315]  ? start_kernel+0x11bd/0x11e0
[  718.380482]  ? x86_64_start_kernel+0xf0/0x100
[  718.384982]  ? secondary_startup_64+0xa5/0xb0
[  718.389477] Modules linked in:
[  718.392675] Dumping ftrace buffer:
[  718.396205]    (ftrace buffer empty)
[  718.399927] ---[ end trace b037576abc7cfb45 ]---
[  718.404781] RIP: 0010:kmsan_nmi_enter+0x42/0x70
[  718.409437] Code: 00 74 27 65 8b 04 25 80 90 03 00 83 c0 01 83 f8 08 7d 27 65 89 04 25 80 90 03 00 65 c6 04 25 15 6e 0b 00 ff c3 0f 0b 90 eb fe <0f> 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 0b 66 90 66 2e 
[  718.428881] RSP: 0018:fffffe000000eea8 EFLAGS: 00010046
[  718.434260] RAX: 0000000080000000 RBX: 0000000000000001 RCX: 00000000c0000101
[  718.441534] RDX: 00000000ffff8802 RSI: ffffffff8a40136c RDI: ffffea0000439620
[  718.448823] RBP: fffffe000000eef9 R08: 0000000000000000 R09: 0000000000000000
[  718.456110] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  718.463392] R13: 0000000000000000 R14: 0000000194f6e000 R15: 0000000000000000
[  718.470670] FS:  0000000000000000(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
[  718.478896] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  718.484788] CR2: ffffffffff600400 CR3: 0000000194f6e000 CR4: 00000000001406f0
[  718.492063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  718.499344] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  718.506617] Kernel panic - not syncing: Fatal exception
[  718.512373] Dumping ftrace buffer:
[  718.515908]    (ftrace buffer empty)
[  718.519614] Kernel Offset: disabled
[  718.523260] Rebooting in 86400 seconds..