[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.770252] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   20.809954] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.168133] random: sshd: uninitialized urandom read (32 bytes read)
[   22.054592] random: sshd: uninitialized urandom read (32 bytes read)
[  572.608660] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts.
[  578.167651] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[  861.152227] INFO: task syz-executor014:4533 blocked for more than 140 seconds.
[  861.159794]       Not tainted 4.18.0-rc4+ #143
[  861.164421] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  861.172449] syz-executor014 D22216  4533   4530 0x00000004
[  861.178141] Call Trace:
[  861.180798]  __schedule+0x87c/0x1ed0
[  861.184577]  ? __sched_text_start+0x8/0x8
[  861.188803]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.193463]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  861.198628]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  861.203703]  ? trace_hardirqs_on+0xd/0x10
[  861.207939]  ? prepare_to_wait_event+0x396/0xc70
[  861.212768]  ? prepare_to_wait_exclusive+0x550/0x550
[  861.217948]  schedule+0xfb/0x450
[  861.221384]  ? __schedule+0x1ed0/0x1ed0
[  861.225436]  ? check_same_owner+0x340/0x340
[  861.229835]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.234327]  ? replenish_dl_entity.cold.53+0x37/0x37
[  861.239509]  request_wait_answer+0x4c8/0x920
[  861.243986]  ? fuse_read_forget.isra.22+0xdc0/0xdc0
[  861.249087]  ? finish_wait+0x430/0x430
[  861.253079]  ? finish_wait+0x430/0x430
[  861.257063]  ? finish_wait+0x430/0x430
[  861.261042]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.265700]  ? fuse_dev_ioctl+0x430/0x430
[  861.269923]  ? kasan_check_write+0x14/0x20
[  861.274228]  ? do_raw_spin_lock+0xc1/0x200
[  861.278529]  __fuse_request_send+0x12a/0x1d0
[  861.283005]  fuse_request_send+0x62/0xa0
[  861.287160]  fuse_simple_request+0x33d/0x730
[  861.291631]  fuse_lookup_name+0x3ee/0x830
[  861.295871]  ? fuse_valid_type+0xb0/0xb0
[  861.299993]  fuse_lookup+0xf9/0x4c0
[  861.303780]  ? fuse_lookup_name+0x830/0x830
[  861.308168]  ? __lockdep_init_map+0x105/0x590
[  861.312745]  __lookup_slow+0x2b5/0x540
[  861.316704]  ? vfs_unlink+0x510/0x510
[  861.320583]  ? down_read+0xb5/0x1d0
[  861.324288]  ? lookup_slow+0x49/0x80
[  861.328067]  ? __down_interruptible+0x700/0x700
[  861.332800]  ? lookup_fast+0x470/0x12a0
[  861.336873]  ? __follow_mount_rcu.isra.36.part.37+0x890/0x890
[  861.342849]  lookup_slow+0x57/0x80
[  861.346475]  walk_component+0x94a/0x2630
[  861.350662]  ? inode_permission+0xb2/0x560
[  861.354997]  ? path_init+0x2340/0x2340
[  861.358973]  ? walk_component+0x2630/0x2630
[  861.363393]  ? save_stack+0xa9/0xd0
[  861.367160]  ? save_stack+0x43/0xd0
[  861.370869]  ? kmem_cache_alloc+0x12e/0x760
[  861.375250]  ? getname_flags+0xd0/0x5a0
[  861.379281]  ? user_path_at_empty+0x2d/0x50
[  861.383675]  ? vfs_statx+0x129/0x210
[  861.387467]  path_lookupat.isra.45+0x202/0xbf0
[  861.392127]  ? find_held_lock+0x36/0x1c0
[  861.396261]  ? path_parentat.isra.43+0x160/0x160
[  861.401089]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  861.406338]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  861.411518]  ? __check_object_size+0x9d/0x5f2
[  861.416075]  ? usercopy_warn+0x120/0x120
[  861.420207]  ? kasan_check_read+0x11/0x20
[  861.424424]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.428923]  filename_lookup+0x264/0x510
[  861.433076]  ? filename_parentat.isra.58+0x570/0x570
[  861.438260]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  861.443871]  ? mpi_free.cold.1+0x19/0x19
[  861.448048]  ? kfree+0xd9/0x260
[  861.451433]  ? do_syscall_64+0x1b9/0x820
[  861.455639]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  861.461318]  ? getname_flags+0x26e/0x5a0
[  861.465466]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.469950]  user_path_at_empty+0x40/0x50
[  861.474186]  vfs_statx+0x129/0x210
[  861.477845]  ? vfs_statx_fd+0xc0/0xc0
[  861.481747]  ? debug_check_no_obj_freed+0x30b/0x595
[  861.486874]  __do_sys_newstat+0x8f/0x110
[  861.491006]  ? cp_new_stat+0xa50/0xa50
[  861.494968]  ? __x64_sys_futex+0x47f/0x6a0
[  861.499265]  ? do_futex+0x27d0/0x27d0
[  861.503383]  ? trace_hardirqs_on+0xd/0x10
[  861.507588]  ? ksys_mount+0xa8/0x140
[  861.511471]  ? do_syscall_64+0x9a/0x820
[  861.515527]  __x64_sys_newstat+0x54/0x80
[  861.519653]  do_syscall_64+0x1b9/0x820
[  861.523600]  ? finish_task_switch+0x1d3/0x870
[  861.528157]  ? syscall_return_slowpath+0x5e0/0x5e0
[  861.533200]  ? syscall_return_slowpath+0x31d/0x5e0
[  861.538244]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  861.544358]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  861.549332]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  861.554641] RIP: 0033:0x445869
[  861.557907] Code: Bad RIP value.
[  861.561385] RSP: 002b:00007f83371b5da8 EFLAGS: 00000297 ORIG_RAX: 0000000000000004
[  861.569211] RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 0000000000445869
[  861.576647] RDX: 0000000000445869 RSI: 0000000020000480 RDI: 00000000200000c0
[  861.583997] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000
[  861.591331] R10: 0000000000000000 R11: 0000000000000297 R12: 0030656c69662f2e
[  861.598675] R13: 7375662f7665642f R14: 2f30656c69662f2e R15: 0000000000000001
[  861.606050] INFO: task syz-executor014:4534 blocked for more than 140 seconds.
[  861.613457]       Not tainted 4.18.0-rc4+ #143
[  861.618101] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  861.626121] syz-executor014 D24376  4534   4530 0x00000004
[  861.631830] Call Trace:
[  861.634476]  __schedule+0x87c/0x1ed0
[  861.638248]  ? __sched_text_start+0x8/0x8
[  861.642474]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  861.647547]  ? bpf_prog_kallsyms_find+0xde/0x4c0
[  861.652373]  ? graph_lock+0x170/0x170
[  861.656513]  ? graph_lock+0x170/0x170
[  861.660385]  ? is_bpf_text_address+0xae/0x170
[  861.664940]  ? lock_downgrade+0x8f0/0x8f0
[  861.669171]  schedule+0xfb/0x450
[  861.672646]  ? lock_downgrade+0x8f0/0x8f0
[  861.676874]  ? __schedule+0x1ed0/0x1ed0
[  861.680932]  ? mark_held_locks+0xc9/0x160
[  861.685150]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.689842]  ? _raw_spin_unlock_irq+0x27/0x70
[  861.694631]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  861.699752]  __rwsem_down_write_failed_common+0x95d/0x1630
[  861.705457]  ? rwsem_spin_on_owner+0xa40/0xa40
[  861.710115]  ? trace_hardirqs_on+0x10/0x10
[  861.714425]  ? lock_downgrade+0x8f0/0x8f0
[  861.718846]  ? kasan_check_read+0x11/0x20
[  861.723093]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.727622]  ? graph_lock+0x170/0x170
[  861.731476]  ? graph_lock+0x170/0x170
[  861.735363]  ? trace_hardirqs_on+0xd/0x10
[  861.739589]  ? graph_lock+0x170/0x170
[  861.743464]  ? find_held_lock+0x36/0x1c0
[  861.747780]  ? graph_lock+0x170/0x170
[  861.751661]  ? find_held_lock+0x36/0x1c0
[  861.755898]  ? lock_acquire+0x1e4/0x540
[  861.759939]  ? fuse_reverse_inval_entry+0xae/0x6d0
[  861.764944]  ? lock_release+0xa30/0xa30
[  861.769065]  ? check_same_owner+0x340/0x340
[  861.773452]  rwsem_down_write_failed+0xe/0x10
[  861.778397]  ? rwsem_down_write_failed+0xe/0x10
[  861.783237]  call_rwsem_down_write_failed+0x17/0x30
[  861.788376]  down_write+0xaa/0x130
[  861.792032]  ? fuse_reverse_inval_entry+0xae/0x6d0
[  861.797107]  ? down_read+0x1d0/0x1d0
[  861.800948]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  861.806568]  ? ilookup5+0x103/0x140
[  861.810430]  ? fuse_init_file_inode+0x70/0x70
[  861.815003]  fuse_reverse_inval_entry+0xae/0x6d0
[  861.819862]  ? fuse_update_attributes+0xd0/0xd0
[  861.824587]  ? print_usage_bug+0xc0/0xc0
[  861.828895]  fuse_dev_do_write+0x2d4d/0x3700
[  861.833393]  ? fuse_dev_read+0x250/0x250
[  861.837521]  ? trace_hardirqs_on+0x10/0x10
[  861.841837]  ? graph_lock+0x170/0x170
[  861.845734]  ? find_held_lock+0x36/0x1c0
[  861.849873]  ? lock_downgrade+0x8f0/0x8f0
[  861.854218]  ? kasan_check_read+0x11/0x20
[  861.858429]  ? rcu_is_watching+0x8c/0x150
[  861.862729]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  861.867283]  ? memset+0x31/0x40
[  861.870619]  fuse_dev_write+0x19a/0x240
[  861.874652]  ? fuse_dev_splice_write+0xe60/0xe60
[  861.879534]  ? expand_files.part.8+0x9c0/0x9c0
[  861.884208]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  861.889806]  ? iov_iter_init+0xc9/0x1f0
[  861.893862]  __vfs_write+0x6c6/0x9f0
[  861.897648]  ? kernel_read+0x120/0x120
[  861.901612]  ? rw_verify_area+0x118/0x360
[  861.905844]  vfs_write+0x1f8/0x560
[  861.909465]  ksys_write+0x101/0x260
[  861.913148]  ? __ia32_sys_read+0xb0/0xb0
[  861.917289]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.921941]  ? _raw_spin_unlock_irq+0x27/0x70
[  861.926496]  __x64_sys_write+0x73/0xb0
[  861.930476]  do_syscall_64+0x1b9/0x820
[  861.934426]  ? syscall_return_slowpath+0x5e0/0x5e0
[  861.939420]  ? syscall_return_slowpath+0x31d/0x5e0
[  861.944630]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  861.950198]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  861.955118]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  861.960361] RIP: 0033:0x445869
[  861.963619] Code: Bad RIP value.
[  861.967064] RSP: 002b:00007f8337194da8 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  861.974850] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 0000000000445869
[  861.982177] RDX: 0000000000000033 RSI: 0000000020000280 RDI: 0000000000000003
[  861.989506] RBP: 00000000006dac38 R08: 00007f8337195700 R09: 0000000000000000
[  861.996850] R10: 00007f8337195700 R11: 0000000000000293 R12: 0030656c69662f2e
[  862.004193] R13: 7375662f7665642f R14: 2f30656c69662f2e R15: 0000000000000001
[  862.011609] 
[  862.011609] Showing all locks held in the system:
[  862.018010] 1 lock held by khungtaskd/901:
[  862.022323]  #0: (____ptrval____) (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428
[  862.031053] 1 lock held by rsyslogd/4414:
[  862.035249]  #0: (____ptrval____) (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
[  862.043301] 2 locks held by getty/4504:
[  862.047341]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  862.055842]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  862.064791] 2 locks held by getty/4505:
[  862.068818]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  862.077130]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  862.086144] 2 locks held by getty/4506:
[  862.090162]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  862.098530]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  862.107493] 2 locks held by getty/4507:
[  862.111511]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  862.119816]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  862.128759] 2 locks held by getty/4508:
[  862.132777]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  862.141091]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  862.150013] 2 locks held by getty/4509:
[  862.154077]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  862.162405]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  862.171345] 2 locks held by getty/4510:
[  862.175380]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  862.183710]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  862.192675] 2 locks held by syz-executor014/4533:
[  862.197579]  #0: (____ptrval____) (&type->i_mutex_dir_key#3){++++}, at: lookup_slow+0x49/0x80
[  862.206511]  #1: (____ptrval____) (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0
[  862.214436] 2 locks held by syz-executor014/4534:
[  862.219348]  #0: (____ptrval____) (&fc->killsb){.+.+}, at: fuse_dev_do_write+0x2cbe/0x3700
[  862.227972]  #1: (____ptrval____) (&type->i_mutex_dir_key#3){++++}, at: fuse_reverse_inval_entry+0xae/0x6d0
[  862.238029] 
[  862.239701] =============================================
[  862.239701] 
[  862.246773] NMI backtrace for cpu 0
[  862.250521] CPU: 0 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc4+ #143
[  862.257480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  862.266850] Call Trace:
[  862.269459]  dump_stack+0x1c9/0x2b4
[  862.273111]  ? dump_stack_print_info.cold.2+0x52/0x52
[  862.278321]  ? vprintk_default+0x28/0x30
[  862.282410]  nmi_cpu_backtrace.cold.4+0x19/0xce
[  862.287069]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  862.291474]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  862.296649]  nmi_trigger_cpumask_backtrace+0x151/0x192
[  862.301920]  arch_trigger_cpumask_backtrace+0x14/0x20
[  862.307095]  watchdog+0x9c4/0xf80
[  862.310540]  ? reset_hung_task_detector+0xd0/0xd0
[  862.315372]  ? kasan_check_read+0x11/0x20
[  862.319706]  ? do_raw_spin_unlock+0xa7/0x2f0
[  862.324113]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  862.329199]  ? __kthread_parkme+0x58/0x1b0
[  862.333424]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  862.338434]  ? trace_hardirqs_on+0xd/0x10
[  862.342571]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  862.348093]  ? __kthread_parkme+0x106/0x1b0
[  862.352409]  kthread+0x345/0x410
[  862.355779]  ? reset_hung_task_detector+0xd0/0xd0
[  862.360607]  ? kthread_bind+0x40/0x40
[  862.364395]  ret_from_fork+0x3a/0x50
[  862.368212] Sending NMI from CPU 0 to CPUs 1:
[  862.372808] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x6/0x10
[  862.373772] Kernel panic - not syncing: hung_task: blocked tasks
[  862.386608] CPU: 0 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc4+ #143
[  862.393522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  862.402865] Call Trace:
[  862.405462]  dump_stack+0x1c9/0x2b4
[  862.409164]  ? dump_stack_print_info.cold.2+0x52/0x52
[  862.414352]  ? printk_safe_log_store+0x2f0/0x2f0
[  862.419194]  panic+0x238/0x4e7
[  862.422376]  ? add_taint.cold.5+0x16/0x16
[  862.426526]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  862.432062]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[  862.437509]  ? printk_safe_flush+0xd7/0x130
[  862.441821]  watchdog+0x9d5/0xf80
[  862.445275]  ? reset_hung_task_detector+0xd0/0xd0
[  862.450130]  ? kasan_check_read+0x11/0x20
[  862.454275]  ? do_raw_spin_unlock+0xa7/0x2f0
[  862.458680]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  862.463770]  ? __kthread_parkme+0x58/0x1b0
[  862.467989]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  862.472991]  ? trace_hardirqs_on+0xd/0x10
[  862.477151]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  862.482685]  ? __kthread_parkme+0x106/0x1b0
[  862.487864]  kthread+0x345/0x410
[  862.491239]  ? reset_hung_task_detector+0xd0/0xd0
[  862.496103]  ? kthread_bind+0x40/0x40
[  862.499954]  ret_from_fork+0x3a/0x50
[  862.504372] Dumping ftrace buffer:
[  862.508363]    (ftrace buffer empty)
[  862.512128] Kernel Offset: disabled
[  862.515749] Rebooting in 86400 seconds..