[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.752650] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   25.721975] random: sshd: uninitialized urandom read (32 bytes read)
[   26.302600] random: sshd: uninitialized urandom read (32 bytes read)
[   27.150423] random: sshd: uninitialized urandom read (32 bytes read)
[  509.561095] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts.
[  515.003615] random: sshd: uninitialized urandom read (32 bytes read)
2018/07/17 13:12:04 parsed 1 programs
[  516.812995] random: cc1: uninitialized urandom read (8 bytes read)
2018/07/17 13:12:06 executed programs: 0
[  518.239169] IPVS: ftp: loaded support on port[0] = 21
[  717.792247] INFO: task syz-executor0:4623 blocked for more than 140 seconds.
[  717.799670]       Not tainted 4.18.0-rc5+ #54
[  717.804231] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  717.812255] syz-executor0   D22776  4623   4602 0x20020004
[  717.818024] Call Trace:
[  717.820702]  __schedule+0x87c/0x1ed0
[  717.824486]  ? __sched_text_start+0x8/0x8
[  717.828678]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  717.833443]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  717.838611]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  717.843666]  ? trace_hardirqs_on+0xd/0x10
[  717.847872]  ? prepare_to_wait_event+0x396/0xc70
[  717.852683]  ? prepare_to_wait_exclusive+0x550/0x550
[  717.857850]  schedule+0xfb/0x450
[  717.861263]  ? __schedule+0x1ed0/0x1ed0
[  717.865294]  ? check_same_owner+0x340/0x340
[  717.869655]  ? do_raw_spin_unlock+0xa7/0x2f0
[  717.874230]  ? replenish_dl_entity.cold.53+0x37/0x37
[  717.879394]  request_wait_answer+0x4c8/0x920
[  717.883849]  ? fuse_read_forget.isra.22+0xdc0/0xdc0
[  717.888899]  ? finish_wait+0x430/0x430
[  717.892859]  ? finish_wait+0x430/0x430
[  717.896798]  ? finish_wait+0x430/0x430
[  717.900757]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  717.905391]  ? fuse_dev_ioctl+0x430/0x430
[  717.909607]  ? kasan_check_write+0x14/0x20
[  717.913886]  ? do_raw_spin_lock+0xc1/0x200
[  717.918205]  __fuse_request_send+0x12a/0x1d0
[  717.923075]  fuse_request_send+0x62/0xa0
[  717.927253]  fuse_simple_request+0x33d/0x730
[  717.932029]  fuse_lookup_name+0x3ee/0x830
[  717.936356]  ? fuse_valid_type+0xb0/0xb0
[  717.940941]  ? __d_lookup_rcu+0xaa0/0xaa0
[  717.945226]  ? mutex_lock_nested+0x16/0x20
[  717.949612]  fuse_lookup+0xf9/0x4c0
[  717.953365]  ? fuse_lookup_name+0x830/0x830
[  717.957863]  ? d_lookup+0x221/0x340
[  717.961614]  fuse_atomic_open+0x214/0x350
[  717.965905]  ? fuse_lookup+0x4c0/0x4c0
[  717.969897]  lookup_open+0xdb1/0x1b40
[  717.973789]  ? complete_walk+0x260/0x260
[  717.977904]  ? down_read+0xb5/0x1d0
[  717.981611]  ? path_openat+0x204c/0x4e10
[  717.985743]  ? __down_interruptible+0x700/0x700
[  717.990825]  ? print_usage_bug+0xc0/0xc0
[  717.994998]  ? kasan_check_read+0x11/0x20
[  717.999248]  path_openat+0x207d/0x4e10
[  718.003221]  ? path_lookupat.isra.45+0xbf0/0xbf0
[  718.008057]  ? __save_stack_trace+0x8d/0xf0
[  718.012472]  ? trace_hardirqs_on+0x10/0x10
[  718.016772]  ? save_stack+0xa9/0xd0
[  718.020459]  ? save_stack+0x43/0xd0
[  718.024176]  ? kasan_kmalloc+0xc4/0xe0
[  718.028187]  ? kasan_slab_alloc+0x12/0x20
[  718.032403]  ? kmem_cache_alloc+0x12e/0x760
[  718.036865]  ? prepare_creds+0x80/0x3f0
[  718.041074]  ? prepare_exec_creds+0x11/0xf0
[  718.045487]  ? prepare_bprm_creds+0x70/0x120
[  718.049972]  ? __do_execve_file.isra.35+0x475/0x2730
[  718.055162]  ? __ia32_compat_sys_execve+0x94/0xc0
[  718.060579]  ? do_fast_syscall_32+0x34d/0xfb2
[  718.065190]  ? entry_SYSENTER_compat+0x70/0x7f
[  718.069830]  ? lock_downgrade+0x8f0/0x8f0
[  718.074074]  ? __lock_is_held+0xb5/0x140
[  718.078225]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  718.082725]  ? graph_lock+0x170/0x170
[  718.086622]  do_filp_open+0x255/0x380
[  718.090495]  ? may_open_dev+0x100/0x100
[  718.094574]  ? lock_downgrade+0x8f0/0x8f0
[  718.098791]  do_open_execat+0x1fe/0x670
[  718.102831]  ? unregister_binfmt+0x2a0/0x2a0
[  718.107312]  ? do_raw_spin_lock+0xc1/0x200
[  718.111636]  __do_execve_file.isra.35+0x1827/0x2730
[  718.116778]  ? prepare_bprm_creds+0x120/0x120
[  718.121357]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  718.126739]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  718.131845]  ? __check_object_size+0x9d/0x5f2
[  718.136422]  ? usercopy_warn+0x120/0x120
[  718.140548]  ? kasan_check_read+0x11/0x20
[  718.144768]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.149238]  ? kasan_check_read+0x11/0x20
[  718.153467]  ? rcu_is_watching+0x8c/0x150
[  718.157730]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.163404]  ? strncpy_from_user+0x3be/0x510
[  718.167915]  ? mpi_free.cold.1+0x19/0x19
[  718.172095]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.177710]  ? getname_flags+0x26e/0x5a0
[  718.181921]  __ia32_compat_sys_execve+0x94/0xc0
[  718.186705]  do_fast_syscall_32+0x34d/0xfb2
[  718.191152]  ? do_int80_syscall_32+0x890/0x890
[  718.195846]  ? kasan_check_write+0x14/0x20
[  718.200227]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.205894]  ? syscall_return_slowpath+0x31d/0x5e0
[  718.210991]  ? sysret32_from_system_call+0x5/0x46
[  718.215953]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  718.220929]  entry_SYSENTER_compat+0x70/0x7f
[  718.225524] RIP: 0023:0xf7fe8cb9
[  718.228980] Code: Bad RIP value.
[  718.232413] RSP: 002b:00000000f7fc30ac EFLAGS: 00000282 ORIG_RAX: 000000000000000b
[  718.240246] RAX: ffffffffffffffda RBX: 00000000200001c0 RCX: 0000000020000480
[  718.247613] RDX: 0000000020000500 RSI: 0000000000000000 RDI: 0000000000000000
[  718.254972] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  718.262366] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  718.269735] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  718.277129] 
[  718.277129] Showing all locks held in the system:
[  718.283552] 1 lock held by khungtaskd/902:
[  718.287838]  #0: (____ptrval____) (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428
[  718.296570] 1 lock held by rsyslogd/4472:
[  718.300790]  #0: (____ptrval____) (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
[  718.308926] 2 locks held by getty/4563:
[  718.312974]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.321439]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.330477] 2 locks held by getty/4564:
[  718.335252]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.343655]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.352646] 2 locks held by getty/4565:
[  718.356906]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.365240]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.374394] 2 locks held by getty/4566:
[  718.378442]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.386775]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.395702] 2 locks held by getty/4567:
[  718.399767]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.408160]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.417161] 2 locks held by getty/4568:
[  718.421184]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.431863]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.440796] 2 locks held by getty/4569:
[  718.444819]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.453148]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.462397] 3 locks held by syz-executor0/4623:
[  718.467097]  #0: (____ptrval____) (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x53/0x120
[  718.476375]  #1: (____ptrval____) (&type->i_mutex_dir_key#5){.+.+}, at: path_openat+0x204c/0x4e10
[  718.485724]  #2: (____ptrval____) (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0
[  718.493696] 
[  718.495353] =============================================
[  718.495353] 
[  718.502588] NMI backtrace for cpu 1
[  718.506267] CPU: 1 PID: 902 Comm: khungtaskd Not tainted 4.18.0-rc5+ #54
[  718.513192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.523747] Call Trace:
[  718.526405]  dump_stack+0x1c9/0x2b4
[  718.530036]  ? dump_stack_print_info.cold.2+0x52/0x52
[  718.535213]  ? vprintk_default+0x28/0x30
[  718.539277]  nmi_cpu_backtrace.cold.4+0x19/0xce
[  718.543936]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  718.548336]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  718.553616]  nmi_trigger_cpumask_backtrace+0x151/0x192
[  718.558907]  arch_trigger_cpumask_backtrace+0x14/0x20
[  718.564256]  watchdog+0x9c4/0xf80
[  718.567871]  ? reset_hung_task_detector+0xd0/0xd0
[  718.572709]  ? kasan_check_read+0x11/0x20
[  718.576844]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.581981]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  718.587169]  ? __kthread_parkme+0x58/0x1b0
[  718.591389]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.596387]  ? trace_hardirqs_on+0xd/0x10
[  718.600608]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.606400]  ? __kthread_parkme+0x106/0x1b0
[  718.610748]  kthread+0x345/0x410
[  718.614128]  ? reset_hung_task_detector+0xd0/0xd0
[  718.618961]  ? kthread_bind+0x40/0x40
[  718.622758]  ret_from_fork+0x3a/0x50
[  718.626585] Sending NMI from CPU 1 to CPUs 0:
[  718.631596] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
[  718.632572] Kernel panic - not syncing: hung_task: blocked tasks
[  718.645955] CPU: 1 PID: 902 Comm: khungtaskd Not tainted 4.18.0-rc5+ #54
[  718.652807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.662159] Call Trace:
[  718.664743]  dump_stack+0x1c9/0x2b4
[  718.668359]  ? dump_stack_print_info.cold.2+0x52/0x52
[  718.673545]  ? printk_safe_log_store+0x2f0/0x2f0
[  718.678299]  panic+0x238/0x4e7
[  718.681497]  ? add_taint.cold.5+0x16/0x16
[  718.685638]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.691175]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[  718.696699]  ? printk_safe_flush+0xd7/0x130
[  718.701017]  watchdog+0x9d5/0xf80
[  718.704465]  ? reset_hung_task_detector+0xd0/0xd0
[  718.709529]  ? kasan_check_read+0x11/0x20
[  718.713686]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.718101]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  718.723202]  ? __kthread_parkme+0x58/0x1b0
[  718.727551]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.732578]  ? trace_hardirqs_on+0xd/0x10
[  718.737070]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.742597]  ? __kthread_parkme+0x106/0x1b0
[  718.746916]  kthread+0x345/0x410
[  718.750280]  ? reset_hung_task_detector+0xd0/0xd0
[  718.755108]  ? kthread_bind+0x40/0x40
[  718.758910]  ret_from_fork+0x3a/0x50
[  718.763212] Dumping ftrace buffer:
[  718.766841]    (ftrace buffer empty)
[  718.770540] Kernel Offset: disabled
[  718.774162] Rebooting in 86400 seconds..