[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.355816] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.896402] random: sshd: uninitialized urandom read (32 bytes read)
[   23.188845] random: sshd: uninitialized urandom read (32 bytes read)
[   24.037627] random: sshd: uninitialized urandom read (32 bytes read)
[  661.500484] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts.
[  666.984633] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[  861.151181] INFO: task syz-executor842:4559 blocked for more than 140 seconds.
[  861.158736]       Not tainted 4.18.0-rc6+ #160
[  861.163343] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  861.171329] syz-executor842 D23528  4559   4556 0x00000004
[  861.177051] Call Trace:
[  861.179739]  __schedule+0x87c/0x1ed0
[  861.183515]  ? __sched_text_start+0x8/0x8
[  861.187689]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  861.192743]  ? bpf_prog_kallsyms_find+0xde/0x4c0
[  861.197525]  ? graph_lock+0x170/0x170
[  861.201357]  ? graph_lock+0x170/0x170
[  861.205167]  ? is_bpf_text_address+0xae/0x170
[  861.209695]  ? lock_downgrade+0x8f0/0x8f0
[  861.213861]  schedule+0xfb/0x450
[  861.217250]  ? lock_downgrade+0x8f0/0x8f0
[  861.221415]  ? __schedule+0x1ed0/0x1ed0
[  861.225436]  ? mark_held_locks+0xc9/0x160
[  861.229601]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.234217]  ? _raw_spin_unlock_irq+0x27/0x70
[  861.238739]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  861.243791]  __rwsem_down_write_failed_common+0x95d/0x1630
[  861.249455]  ? rwsem_spin_on_owner+0xa40/0xa40
[  861.254075]  ? trace_hardirqs_on+0x10/0x10
[  861.258336]  ? print_usage_bug+0xc0/0xc0
[  861.262428]  ? kasan_check_read+0x11/0x20
[  861.266586]  ? graph_lock+0x170/0x170
[  861.270415]  ? graph_lock+0x170/0x170
[  861.274224]  ? graph_lock+0x170/0x170
[  861.278051]  ? find_held_lock+0x36/0x1c0
[  861.282122]  ? graph_lock+0x170/0x170
[  861.285940]  ? find_held_lock+0x36/0x1c0
[  861.290038]  ? lock_acquire+0x1e4/0x540
[  861.294039]  ? fuse_reverse_inval_entry+0xae/0x6d0
[  861.298994]  ? lock_release+0xa30/0xa30
[  861.302993]  ? check_same_owner+0x340/0x340
[  861.307353]  rwsem_down_write_failed+0xe/0x10
[  861.311864]  ? rwsem_down_write_failed+0xe/0x10
[  861.316560]  call_rwsem_down_write_failed+0x17/0x30
[  861.321596]  down_write+0xaa/0x130
[  861.325165]  ? fuse_reverse_inval_entry+0xae/0x6d0
[  861.330123]  ? down_read+0x1d0/0x1d0
[  861.333866]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  861.339440]  ? ilookup5+0x103/0x140
[  861.343096]  ? fuse_init_file_inode+0x70/0x70
[  861.347616]  fuse_reverse_inval_entry+0xae/0x6d0
[  861.352404]  ? fuse_update_attributes+0xd0/0xd0
[  861.357096]  ? print_usage_bug+0xc0/0xc0
[  861.361199]  fuse_dev_do_write+0x2b97/0x3700
[  861.365634]  ? refill_pi_state_cache.part.8+0x320/0x320
[  861.371041]  ? kasan_check_write+0x14/0x20
[  861.375289]  ? do_raw_spin_lock+0xc1/0x200
[  861.379554]  ? fuse_dev_read+0x250/0x250
[  861.383631]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  861.388681]  ? futex_wait_setup+0x281/0x410
[  861.393067]  ? trace_hardirqs_on+0x10/0x10
[  861.397326]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  861.402883]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  861.408031]  ? futex_wait+0x5d2/0xa20
[  861.411872]  ? end_requests+0x460/0x460
[  861.415875]  ? futex_wait_setup+0x410/0x410
[  861.420212]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  861.425792]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  861.430923]  ? futex_wake+0x304/0x760
[  861.434766]  ? pick_next_task_fair+0x997/0x17a0
[  861.439465]  ? graph_lock+0x170/0x170
[  861.443304]  ? find_held_lock+0x36/0x1c0
[  861.447407]  ? lock_downgrade+0x8f0/0x8f0
[  861.452053]  ? kasan_check_read+0x11/0x20
[  861.456224]  ? rcu_is_watching+0x8c/0x150
[  861.460409]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  861.464839]  ? memset+0x31/0x40
[  861.468146]  fuse_dev_write+0x19a/0x240
[  861.472134]  ? fuse_dev_splice_write+0xe60/0xe60
[  861.476921]  ? expand_files.part.8+0x9c0/0x9c0
[  861.481540]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  861.487115]  ? iov_iter_init+0xc9/0x1f0
[  861.491108]  __vfs_write+0x6c6/0x9f0
[  861.494850]  ? kernel_read+0x120/0x120
[  861.498768]  ? vfs_copy_file_range+0xb90/0xb90
[  861.503396]  ? fsnotify_first_mark+0x350/0x350
[  861.508043]  ? rw_verify_area+0x118/0x360
[  861.512210]  vfs_write+0x1f8/0x560
[  861.515798]  ksys_write+0x101/0x260
[  861.519460]  ? __ia32_sys_read+0xb0/0xb0
[  861.523565]  ? syscall_slow_exit_work+0x500/0x500
[  861.528430]  __x64_sys_write+0x73/0xb0
[  861.532358]  do_syscall_64+0x1b9/0x820
[  861.536273]  ? finish_task_switch+0x1d3/0x870
[  861.540817]  ? syscall_return_slowpath+0x5e0/0x5e0
[  861.545784]  ? syscall_return_slowpath+0x31d/0x5e0
[  861.550746]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  861.556137]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  861.561037]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  861.566387] RIP: 0033:0x445869
[  861.569600] Code: Bad RIP value.
[  861.572993] RSP: 002b:00007ffa2ef7fda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  861.580741] RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 0000000000445869
[  861.588042] RDX: 0000000000000029 RSI: 00000000200000c0 RDI: 0000000000000003
[  861.595343] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000
[  861.602652] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  861.609954] R13: 64695f70756f7267 R14: 2f30656c69662f2e R15: 0000000000000001
[  861.617271] INFO: task syz-executor842:4560 blocked for more than 140 seconds.
[  861.624659]       Not tainted 4.18.0-rc6+ #160
[  861.629256] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  861.637250] syz-executor842 D26008  4560   4556 0x00000004
[  861.642906] Call Trace:
[  861.645521]  __schedule+0x87c/0x1ed0
[  861.649249]  ? __sched_text_start+0x8/0x8
[  861.653417]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.658011]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  861.663169]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  861.668212]  ? trace_hardirqs_on+0xd/0x10
[  861.672386]  ? prepare_to_wait_event+0x396/0xc70
[  861.677165]  ? prepare_to_wait_exclusive+0x550/0x550
[  861.682291]  schedule+0xfb/0x450
[  861.685690]  ? __schedule+0x1ed0/0x1ed0
[  861.689681]  ? check_same_owner+0x340/0x340
[  861.694031]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.698454]  ? replenish_dl_entity.cold.53+0x37/0x37
[  861.703592]  request_wait_answer+0x4c8/0x920
[  861.708034]  ? fuse_read_forget.isra.22+0xdc0/0xdc0
[  861.713088]  ? finish_wait+0x430/0x430
[  861.716989]  ? finish_wait+0x430/0x430
[  861.720906]  ? finish_wait+0x430/0x430
[  861.724805]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.729425]  ? fuse_dev_ioctl+0x430/0x430
[  861.733596]  ? kasan_check_write+0x14/0x20
[  861.737849]  ? do_raw_spin_lock+0xc1/0x200
[  861.742103]  __fuse_request_send+0x12a/0x1d0
[  861.746557]  fuse_request_send+0x62/0xa0
[  861.750659]  fuse_simple_request+0x33d/0x730
[  861.755102]  fuse_lookup_name+0x3ee/0x830
[  861.759271]  ? fuse_valid_type+0xb0/0xb0
[  861.763371]  ? mutex_lock_nested+0x16/0x20
[  861.767629]  fuse_lookup+0xf9/0x4c0
[  861.771286]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.775717]  ? fuse_lookup_name+0x830/0x830
[  861.780072]  ? kasan_check_write+0x14/0x20
[  861.784326]  ? do_raw_spin_lock+0xc1/0x200
[  861.788605]  __lookup_hash+0x12e/0x190
[  861.792516]  filename_create+0x1e5/0x5b0
[  861.796620]  ? kern_path_mountpoint+0x40/0x40
[  861.801152]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  861.806730]  ? getname_flags+0x26e/0x5a0
[  861.810824]  do_mkdirat+0xda/0x310
[  861.814404]  ? __ia32_sys_mknod+0xb0/0xb0
[  861.818576]  ? _raw_spin_unlock_irq+0x27/0x70
[  861.823108]  __x64_sys_mkdirat+0x76/0xb0
[  861.827193]  do_syscall_64+0x1b9/0x820
[  861.831111]  ? syscall_return_slowpath+0x5e0/0x5e0
[  861.836064]  ? syscall_return_slowpath+0x31d/0x5e0
[  861.841049]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  861.846440]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  861.851316]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  861.856544] RIP: 0033:0x445869
[  861.859758] Code: Bad RIP value.
[  861.863148] RSP: 002b:00007ffa2ef5eda8 EFLAGS: 00000297 ORIG_RAX: 0000000000000102
[  861.870910] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 0000000000445869
[  861.878210] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 00000000ffffff9c
[  861.885517] RBP: 00000000006dac38 R08: 0000000000000000 R09: 0000000000000000
[  861.892829] R10: 0000000000000000 R11: 0000000000000297 R12: 0030656c69662f2e
[  861.900133] R13: 64695f70756f7267 R14: 2f30656c69662f2e R15: 0000000000000001
[  861.908065] 
[  861.908065] Showing all locks held in the system:
[  861.914425] 1 lock held by khungtaskd/901:
[  861.918684]  #0: (____ptrval____) (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428
[  861.927356] 1 lock held by rsyslogd/4441:
[  861.931521]  #0: (____ptrval____) (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
[  861.939565] 2 locks held by getty/4531:
[  861.943550]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.951844]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.960736] 2 locks held by getty/4532:
[  861.964729]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.973035]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.981923] 2 locks held by getty/4533:
[  861.985900]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.994180]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  862.003093] 2 locks held by getty/4534:
[  862.007085]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  862.015375]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  862.024260] 2 locks held by getty/4535:
[  862.028249]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  862.036529]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  862.045430] 2 locks held by getty/4536:
[  862.049422]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  862.057712]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  862.066610] 2 locks held by getty/4537:
[  862.070598]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  862.078869]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  862.087758] 2 locks held by syz-executor842/4559:
[  862.092631]  #0: (____ptrval____) (&fc->killsb){.+.+}, at: fuse_dev_do_write+0x2b2d/0x3700
[  862.101085]  #1: (____ptrval____) (&type->i_mutex_dir_key#4){+.+.}, at: fuse_reverse_inval_entry+0xae/0x6d0
[  862.111036] 3 locks held by syz-executor842/4560:
[  862.115893]  #0: (____ptrval____) (sb_writers#9){.+.+}, at: mnt_want_write+0x3f/0xc0
[  862.123815]  #1: (____ptrval____) (&type->i_mutex_dir_key#3/1){+.+.}, at: filename_create+0x1b2/0x5b0
[  862.133227]  #2: (____ptrval____) (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0
[  862.141062] 
[  862.142704] =============================================
[  862.142704] 
[  862.149760] NMI backtrace for cpu 1
[  862.153415] CPU: 1 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc6+ #160
[  862.160326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  862.169658] Call Trace:
[  862.172279]  dump_stack+0x1c9/0x2b4
[  862.175889]  ? dump_stack_print_info.cold.2+0x52/0x52
[  862.181060]  ? vprintk_default+0x28/0x30
[  862.185127]  nmi_cpu_backtrace.cold.4+0x19/0xce
[  862.189775]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  862.194165]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  862.199777]  nmi_trigger_cpumask_backtrace+0x151/0x192
[  862.205033]  arch_trigger_cpumask_backtrace+0x14/0x20
[  862.210210]  watchdog+0x9c4/0xf80
[  862.213647]  ? reset_hung_task_detector+0xd0/0xd0
[  862.218492]  ? kasan_check_read+0x11/0x20
[  862.222620]  ? do_raw_spin_unlock+0xa7/0x2f0
[  862.227009]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  862.232098]  ? __kthread_parkme+0x58/0x1b0
[  862.236321]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  862.241322]  ? trace_hardirqs_on+0xd/0x10
[  862.245453]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  862.250970]  ? __kthread_parkme+0x106/0x1b0
[  862.255281]  kthread+0x345/0x410
[  862.258633]  ? reset_hung_task_detector+0xd0/0xd0
[  862.263455]  ? kthread_bind+0x40/0x40
[  862.267247]  ret_from_fork+0x3a/0x50
[  862.271026] Sending NMI from CPU 1 to CPUs 0:
[  862.275577] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
[  862.276559] Kernel panic - not syncing: hung_task: blocked tasks
[  862.289999] CPU: 1 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc6+ #160
[  862.296916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  862.306248] Call Trace:
[  862.308824]  dump_stack+0x1c9/0x2b4
[  862.312434]  ? dump_stack_print_info.cold.2+0x52/0x52
[  862.317605]  ? printk_safe_log_store+0x2f0/0x2f0
[  862.322344]  panic+0x238/0x4e7
[  862.325516]  ? add_taint.cold.5+0x16/0x16
[  862.329644]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  862.335160]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[  862.340597]  ? printk_safe_flush+0xd7/0x130
[  862.344905]  watchdog+0x9d5/0xf80
[  862.348342]  ? reset_hung_task_detector+0xd0/0xd0
[  862.353168]  ? kasan_check_read+0x11/0x20
[  862.357312]  ? do_raw_spin_unlock+0xa7/0x2f0
[  862.361704]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  862.366785]  ? __kthread_parkme+0x58/0x1b0
[  862.371000]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  862.375996]  ? trace_hardirqs_on+0xd/0x10
[  862.380141]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  862.385654]  ? __kthread_parkme+0x106/0x1b0
[  862.389966]  kthread+0x345/0x410
[  862.393315]  ? reset_hung_task_detector+0xd0/0xd0
[  862.398135]  ? kthread_bind+0x40/0x40
[  862.401917]  ret_from_fork+0x3a/0x50
[  862.406158] Dumping ftrace buffer:
[  862.409725]    (ftrace buffer empty)
[  862.413418] Kernel Offset: disabled
[  862.417029] Rebooting in 86400 seconds..