[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   18.837641] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.942270] random: sshd: uninitialized urandom read (32 bytes read)
[   22.274966] random: sshd: uninitialized urandom read (32 bytes read)
[   23.111255] random: sshd: uninitialized urandom read (32 bytes read)
[  585.072846] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.6' (ECDSA) to the list of known hosts.
[  590.544487] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[  861.152209] INFO: task syz-executor255:4549 blocked for more than 140 seconds.
[  861.159827]       Not tainted 4.18.0-rc5+ #149
[  861.164444] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  861.172424] syz-executor255 D22856  4549   4545 0x00000004
[  861.178164] Call Trace:
[  861.180897]  __schedule+0x87c/0x1ed0
[  861.184709]  ? __sched_text_start+0x8/0x8
[  861.188871]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.193600]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  861.198718]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  861.203755]  ? trace_hardirqs_on+0xd/0x10
[  861.207909]  ? prepare_to_wait_event+0x396/0xc70
[  861.212686]  ? prepare_to_wait_exclusive+0x550/0x550
[  861.217820]  schedule+0xfb/0x450
[  861.221213]  ? __schedule+0x1ed0/0x1ed0
[  861.225202]  ? check_same_owner+0x340/0x340
[  861.229545]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.233965]  ? replenish_dl_entity.cold.53+0x37/0x37
[  861.239100]  request_wait_answer+0x4c8/0x920
[  861.243520]  ? fuse_read_forget.isra.22+0xdc0/0xdc0
[  861.248557]  ? finish_wait+0x430/0x430
[  861.252474]  ? finish_wait+0x430/0x430
[  861.256384]  ? finish_wait+0x430/0x430
[  861.260284]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.264885]  ? fuse_dev_ioctl+0x430/0x430
[  861.269048]  ? kasan_check_write+0x14/0x20
[  861.273312]  ? do_raw_spin_lock+0xc1/0x200
[  861.277559]  __fuse_request_send+0x12a/0x1d0
[  861.282030]  fuse_request_send+0x62/0xa0
[  861.286125]  fuse_simple_request+0x33d/0x730
[  861.290562]  fuse_lookup_name+0x3ee/0x830
[  861.294720]  ? fuse_valid_type+0xb0/0xb0
[  861.298809]  ? __d_lookup_rcu+0xaa0/0xaa0
[  861.302986]  ? mutex_lock_nested+0x16/0x20
[  861.307256]  fuse_lookup+0xf9/0x4c0
[  861.310894]  ? fuse_lookup_name+0x830/0x830
[  861.315251]  ? d_lookup+0x221/0x340
[  861.318900]  fuse_atomic_open+0x214/0x350
[  861.323082]  ? fuse_lookup+0x4c0/0x4c0
[  861.327013]  lookup_open+0xdb1/0x1b40
[  861.330864]  ? complete_walk+0x260/0x260
[  861.334965]  ? down_read+0xb5/0x1d0
[  861.338614]  ? path_openat+0x204c/0x4e10
[  861.342723]  ? __down_interruptible+0x700/0x700
[  861.347426]  ? print_usage_bug+0xc0/0xc0
[  861.351517]  ? kasan_check_read+0x11/0x20
[  861.355688]  path_openat+0x207d/0x4e10
[  861.359605]  ? lock_acquire+0x1e4/0x540
[  861.363614]  ? path_lookupat.isra.45+0xbf0/0xbf0
[  861.368405]  ? __save_stack_trace+0x8d/0xf0
[  861.372744]  ? trace_hardirqs_on+0x10/0x10
[  861.377038]  ? save_stack+0xa9/0xd0
[  861.380674]  ? save_stack+0x43/0xd0
[  861.384332]  ? kasan_kmalloc+0xc4/0xe0
[  861.388227]  ? kasan_slab_alloc+0x12/0x20
[  861.392401]  ? kmem_cache_alloc+0x12e/0x760
[  861.396744]  ? prepare_creds+0x80/0x3f0
[  861.400760]  ? prepare_exec_creds+0x11/0xf0
[  861.405111]  ? prepare_bprm_creds+0x70/0x120
[  861.409555]  ? __do_execve_file.isra.35+0x475/0x2730
[  861.414674]  ? __x64_sys_execve+0x8f/0xc0
[  861.418870]  ? do_syscall_64+0x1b9/0x820
[  861.422959]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  861.428364]  ? find_held_lock+0x36/0x1c0
[  861.432440]  ? print_usage_bug+0xc0/0xc0
[  861.436547]  ? __lock_is_held+0xb5/0x140
[  861.440625]  ? graph_lock+0x170/0x170
[  861.444452]  do_filp_open+0x255/0x380
[  861.448268]  ? may_open_dev+0x100/0x100
[  861.452278]  ? lock_downgrade+0x8f0/0x8f0
[  861.456438]  do_open_execat+0x1fe/0x670
[  861.460432]  ? unregister_binfmt+0x2a0/0x2a0
[  861.464854]  ? do_raw_spin_lock+0xc1/0x200
[  861.469199]  __do_execve_file.isra.35+0x1827/0x2730
[  861.474256]  ? prepare_bprm_creds+0x120/0x120
[  861.478783]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  861.484031]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  861.489097]  ? __check_object_size+0x9d/0x5f2
[  861.493624]  ? usercopy_warn+0x120/0x120
[  861.497717]  ? kasan_check_read+0x11/0x20
[  861.501888]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.506344]  ? kasan_check_read+0x11/0x20
[  861.510915]  ? rcu_is_watching+0x8c/0x150
[  861.515101]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  861.520665]  ? strncpy_from_user+0x3be/0x510
[  861.525104]  ? mpi_free.cold.1+0x19/0x19
[  861.529196]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  861.534774]  ? getname_flags+0x26e/0x5a0
[  861.538870]  __x64_sys_execve+0x8f/0xc0
[  861.542884]  do_syscall_64+0x1b9/0x820
[  861.546791]  ? syscall_return_slowpath+0x5e0/0x5e0
[  861.551759]  ? syscall_return_slowpath+0x31d/0x5e0
[  861.556713]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  861.562112]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  861.566984]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  861.572207] RIP: 0033:0x445869
[  861.575403] Code: e8 7c b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[  861.594638] RSP: 002b:00007f0856ef5da8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[  861.602368] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 0000000000445869
[  861.609669] RDX: 00000000200003c0 RSI: 0000000020000340 RDI: 0000000020000000
[  861.616984] RBP: 00000000006dac38 R08: 0000000000000000 R09: 0000000000000000
[  861.624289] R10: 0000000000000000 R11: 0000000000000246 R12: 64695f70756f7267
[  861.631581] R13: 7375662f7665642f R14: 2f30656c69662f2e R15: 0000000000000001
[  861.638901] 
[  861.638901] Showing all locks held in the system:
[  861.645267] 1 lock held by khungtaskd/901:
[  861.649524]  #0: (____ptrval____) (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428
[  861.658171] 1 lock held by rsyslogd/4429:
[  861.662350] 2 locks held by getty/4519:
[  861.666334]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.674642]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.683531] 2 locks held by getty/4520:
[  861.687520]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.695779]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.704937] 2 locks held by getty/4521:
[  861.708912]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.717188]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.726063] 2 locks held by getty/4522:
[  861.730071]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.738339]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.747231] 2 locks held by getty/4523:
[  861.751209]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.759485]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.768356] 2 locks held by getty/4524:
[  861.772335]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.780580]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.789446] 2 locks held by getty/4525:
[  861.793418]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.801681]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.810553] 3 locks held by syz-executor255/4549:
[  861.815408]  #0: (____ptrval____) (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x53/0x120
[  861.824636]  #1: (____ptrval____) (&type->i_mutex_dir_key#3){.+.+}, at: path_openat+0x204c/0x4e10
[  861.833688]  #2: (____ptrval____) (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0
[  861.841509] 
[  861.843152] =============================================
[  861.843152] 
[  861.850171] NMI backtrace for cpu 1
[  861.853807] CPU: 1 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc5+ #149
[  861.860710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  861.870041] Call Trace:
[  861.872704]  dump_stack+0x1c9/0x2b4
[  861.876316]  ? dump_stack_print_info.cold.2+0x52/0x52
[  861.881487]  ? vprintk_default+0x28/0x30
[  861.885533]  nmi_cpu_backtrace.cold.4+0x19/0xce
[  861.890180]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  861.894567]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  861.899742]  nmi_trigger_cpumask_backtrace+0x151/0x192
[  861.904998]  arch_trigger_cpumask_backtrace+0x14/0x20
[  861.910166]  watchdog+0x9c4/0xf80
[  861.913602]  ? reset_hung_task_detector+0xd0/0xd0
[  861.918425]  ? kasan_check_read+0x11/0x20
[  861.922566]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.926956]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  861.932046]  ? __kthread_parkme+0x58/0x1b0
[  861.936262]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  861.941256]  ? trace_hardirqs_on+0xd/0x10
[  861.945383]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  861.950898]  ? __kthread_parkme+0x106/0x1b0
[  861.955206]  kthread+0x345/0x410
[  861.958552]  ? reset_hung_task_detector+0xd0/0xd0
[  861.963370]  ? kthread_bind+0x40/0x40
[  861.967148]  ret_from_fork+0x3a/0x50
[  861.970923] Sending NMI from CPU 1 to CPUs 0:
[  861.975435] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
[  861.976424] Kernel panic - not syncing: hung_task: blocked tasks
[  861.989152] CPU: 1 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc5+ #149
[  861.996064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  862.005402] Call Trace:
[  862.007984]  dump_stack+0x1c9/0x2b4
[  862.011591]  ? dump_stack_print_info.cold.2+0x52/0x52
[  862.016761]  ? printk_safe_log_store+0x2f0/0x2f0
[  862.021498]  panic+0x238/0x4e7
[  862.024671]  ? add_taint.cold.5+0x16/0x16
[  862.028801]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  862.034317]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[  862.039745]  ? printk_safe_flush+0xd7/0x130
[  862.044046]  watchdog+0x9d5/0xf80
[  862.047480]  ? reset_hung_task_detector+0xd0/0xd0
[  862.052304]  ? kasan_check_read+0x11/0x20
[  862.056441]  ? do_raw_spin_unlock+0xa7/0x2f0
[  862.060842]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  862.065921]  ? __kthread_parkme+0x58/0x1b0
[  862.070134]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  862.075127]  ? trace_hardirqs_on+0xd/0x10
[  862.079255]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  862.084768]  ? __kthread_parkme+0x106/0x1b0
[  862.089076]  kthread+0x345/0x410
[  862.092423]  ? reset_hung_task_detector+0xd0/0xd0
[  862.097240]  ? kthread_bind+0x40/0x40
[  862.101019]  ret_from_fork+0x3a/0x50
[  862.105201] Dumping ftrace buffer:
[  862.108757]    (ftrace buffer empty)
[  862.112445] Kernel Offset: disabled
[  862.116052] Rebooting in 86400 seconds..