[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.639902] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   20.367182] random: sshd: uninitialized urandom read (32 bytes read)
[   20.681373] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.538303] random: sshd: uninitialized urandom read (32 bytes read)
[  576.823874] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.15.201' (ECDSA) to the list of known hosts.
[  582.254861] random: sshd: uninitialized urandom read (32 bytes read)
2018/07/21 03:35:57 parsed 1 programs
[  584.262154] random: cc1: uninitialized urandom read (8 bytes read)
2018/07/21 03:35:59 executed programs: 0
[  585.545662] IPVS: ftp: loaded support on port[0] = 21
[  861.152334] INFO: task syz-executor0:4597 blocked for more than 140 seconds.
[  861.160307]       Not tainted 4.18.0-rc5+ #59
[  861.165285] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  861.173550] syz-executor0   D22568  4597   4578 0x20020004
[  861.179560] Call Trace:
[  861.182674]  __schedule+0x87c/0x1ed0
[  861.186625]  ? __sched_text_start+0x8/0x8
[  861.191109]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.196399]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  861.202070]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  861.207280]  ? trace_hardirqs_on+0xd/0x10
[  861.211710]  ? prepare_to_wait_event+0x396/0xc70
[  861.217229]  ? prepare_to_wait_exclusive+0x550/0x550
[  861.222977]  schedule+0xfb/0x450
[  861.226505]  ? __schedule+0x1ed0/0x1ed0
[  861.230822]  ? check_same_owner+0x340/0x340
[  861.235618]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.240205]  ? replenish_dl_entity.cold.53+0x37/0x37
[  861.245507]  request_wait_answer+0x4c8/0x920
[  861.250030]  ? fuse_read_forget.isra.22+0xdc0/0xdc0
[  861.256063]  ? finish_wait+0x430/0x430
[  861.260268]  ? finish_wait+0x430/0x430
[  861.264461]  ? finish_wait+0x430/0x430
[  861.268498]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.273186]  ? fuse_dev_ioctl+0x430/0x430
[  861.277675]  ? kasan_check_write+0x14/0x20
[  861.282039]  ? do_raw_spin_lock+0xc1/0x200
[  861.286359]  __fuse_request_send+0x12a/0x1d0
[  861.291019]  fuse_request_send+0x62/0xa0
[  861.295301]  fuse_simple_request+0x33d/0x730
[  861.299856]  fuse_lookup_name+0x3ee/0x830
[  861.304333]  ? fuse_valid_type+0xb0/0xb0
[  861.309231]  ? mutex_lock_nested+0x16/0x20
[  861.313775]  fuse_lookup+0xf9/0x4c0
[  861.317547]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.322420]  ? fuse_lookup_name+0x830/0x830
[  861.326902]  ? kasan_check_write+0x14/0x20
[  861.331360]  ? do_raw_spin_lock+0xc1/0x200
[  861.335998]  __lookup_hash+0x12e/0x190
[  861.340013]  filename_create+0x1e5/0x5b0
[  861.344198]  ? kern_path_mountpoint+0x40/0x40
[  861.348887]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  861.354531]  ? getname_flags+0x26e/0x5a0
[  861.358712]  do_mkdirat+0xda/0x310
[  861.362356]  ? __ia32_sys_mknod+0xb0/0xb0
[  861.366679]  ? syscall_slow_exit_work+0x500/0x500
[  861.371769]  __ia32_sys_mkdirat+0x74/0xb0
[  861.376156]  do_fast_syscall_32+0x34d/0xfb2
[  861.380610]  ? do_int80_syscall_32+0x890/0x890
[  861.385301]  ? kasan_check_write+0x14/0x20
[  861.389622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  861.395397]  ? syscall_return_slowpath+0x31d/0x5e0
[  861.400961]  ? sysret32_from_system_call+0x5/0x46
[  861.405884]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  861.410838]  entry_SYSENTER_compat+0x70/0x7f
[  861.415351] RIP: 0023:0xf7f8fcb9
[  861.418790] Code: Bad RIP value.
[  861.422260] RSP: 002b:00000000f7f8b0ac EFLAGS: 00000282 ORIG_RAX: 0000000000000128
[  861.430154] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000500
[  861.437560] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  861.445016] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  861.452511] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  861.460047] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  861.467395] INFO: task syz-executor0:4599 blocked for more than 140 seconds.
[  861.474658]       Not tainted 4.18.0-rc5+ #59
[  861.479753] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  861.488089] syz-executor0   D23120  4599   4578 0x20020004
[  861.494193] Call Trace:
[  861.497082]  __schedule+0x87c/0x1ed0
[  861.501660]  ? lock_downgrade+0x8f0/0x8f0
[  861.506211]  ? __sched_text_start+0x8/0x8
[  861.510677]  ? print_usage_bug+0xc0/0xc0
[  861.514956]  ? graph_lock+0x170/0x170
[  861.518976]  ? graph_lock+0x170/0x170
[  861.523247]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  861.528383]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  861.535091]  schedule+0xfb/0x450
[  861.538637]  ? lock_downgrade+0x8f0/0x8f0
[  861.542973]  ? __schedule+0x1ed0/0x1ed0
[  861.547149]  ? mark_held_locks+0xc9/0x160
[  861.551476]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.556177]  ? _raw_spin_unlock_irq+0x27/0x70
[  861.560796]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  861.565932]  __rwsem_down_write_failed_common+0x95d/0x1630
[  861.573543]  ? rwsem_spin_on_owner+0xa40/0xa40
[  861.578253]  ? __lock_acquire+0x7fc/0x5020
[  861.582728]  ? trace_hardirqs_on+0x10/0x10
[  861.587077]  ? find_held_lock+0x36/0x1c0
[  861.591276]  ? find_held_lock+0x36/0x1c0
[  861.595476]  ? lock_downgrade+0x8f0/0x8f0
[  861.599754]  ? kasan_check_read+0x11/0x20
[  861.603980]  ? dput.part.26+0x276/0x7a0
[  861.608040]  ? graph_lock+0x170/0x170
[  861.612183]  ? shrink_dcache_sb+0x350/0x350
[  861.616738]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  861.621975]  ? mntput+0x74/0xa0
[  861.625617]  ? lock_acquire+0x1e4/0x540
[  861.629702]  ? filename_create+0x1b2/0x5b0
[  861.634108]  ? mnt_want_write+0x3f/0xc0
[  861.638158]  ? lock_release+0xa30/0xa30
[  861.642191]  ? check_same_owner+0x340/0x340
[  861.646584]  rwsem_down_write_failed+0xe/0x10
[  861.651142]  ? rwsem_down_write_failed+0xe/0x10
[  861.655876]  call_rwsem_down_write_failed+0x17/0x30
[  861.660963]  down_write_nested+0xae/0x130
[  861.665255]  ? filename_create+0x1b2/0x5b0
[  861.670006]  ? _down_write_nest_lock+0x130/0x130
[  861.675089]  ? __sb_start_write+0x17f/0x300
[  861.679796]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  861.685486]  filename_create+0x1b2/0x5b0
[  861.689713]  ? kern_path_mountpoint+0x40/0x40
[  861.694397]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  861.700148]  ? getname_flags+0x26e/0x5a0
[  861.704431]  do_mkdirat+0xda/0x310
[  861.708161]  ? __ia32_sys_mknod+0xb0/0xb0
[  861.712900]  __ia32_sys_mkdirat+0x74/0xb0
[  861.717575]  do_fast_syscall_32+0x34d/0xfb2
[  861.721989]  ? do_int80_syscall_32+0x890/0x890
[  861.726759]  ? _raw_spin_unlock_irq+0x27/0x70
[  861.731358]  ? finish_task_switch+0x1d3/0x870
[  861.735919]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  861.741528]  ? syscall_return_slowpath+0x31d/0x5e0
[  861.746949]  ? sysret32_from_system_call+0x5/0x46
[  861.751932]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  861.756990]  entry_SYSENTER_compat+0x70/0x7f
[  861.761521] RIP: 0023:0xf7f8fcb9
[  861.764962] Code: Bad RIP value.
[  861.768451] RSP: 002b:00000000f7f6a0ac EFLAGS: 00000282 ORIG_RAX: 0000000000000128
[  861.776239] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000500
[  861.783607] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  861.791148] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  861.798783] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  861.806848] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  861.814293] 
[  861.814293] Showing all locks held in the system:
[  861.821199] 1 lock held by khungtaskd/902:
[  861.825499]  #0: (____ptrval____) (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428
[  861.835334] 1 lock held by rsyslogd/4447:
[  861.839625] 2 locks held by getty/4537:
[  861.843719]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.852508]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.861981] 2 locks held by getty/4538:
[  861.866135]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.874692]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.883762] 2 locks held by getty/4539:
[  861.887861]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.896286]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.905400] 2 locks held by getty/4540:
[  861.909486]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.918767]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.927870] 2 locks held by getty/4541:
[  861.932039]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.940618]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.949790] 2 locks held by getty/4542:
[  861.953859]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.962262]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.972212] 2 locks held by getty/4543:
[  861.976310]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.984642]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.993657] 3 locks held by syz-executor0/4597:
[  861.998446]  #0: (____ptrval____) (sb_writers#13){.+.+}, at: mnt_want_write+0x3f/0xc0
[  862.006595]  #1: (____ptrval____) (&type->i_mutex_dir_key#5/1){+.+.}, at: filename_create+0x1b2/0x5b0
[  862.016125]  #2: (____ptrval____) (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0
[  862.024432] 2 locks held by syz-executor0/4599:
[  862.029407]  #0: (____ptrval____) (sb_writers#13){.+.+}, at: mnt_want_write+0x3f/0xc0
[  862.037578]  #1: (____ptrval____) (&type->i_mutex_dir_key#5/1){+.+.}, at: filename_create+0x1b2/0x5b0
[  862.047291] 
[  862.049004] =============================================
[  862.049004] 
[  862.056710] NMI backtrace for cpu 1
[  862.060600] CPU: 1 PID: 902 Comm: khungtaskd Not tainted 4.18.0-rc5+ #59
[  862.067545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  862.076907] Call Trace:
[  862.079553]  dump_stack+0x1c9/0x2b4
[  862.083758]  ? dump_stack_print_info.cold.2+0x52/0x52
[  862.088991]  ? vprintk_default+0x28/0x30
[  862.093051]  nmi_cpu_backtrace.cold.4+0x19/0xce
[  862.097932]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  862.103188]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  862.108429]  nmi_trigger_cpumask_backtrace+0x151/0x192
[  862.113764]  arch_trigger_cpumask_backtrace+0x14/0x20
[  862.119083]  watchdog+0x9c4/0xf80
[  862.122674]  ? reset_hung_task_detector+0xd0/0xd0
[  862.127817]  ? kasan_check_read+0x11/0x20
[  862.131955]  ? do_raw_spin_unlock+0xa7/0x2f0
[  862.140437]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  862.145582]  ? __kthread_parkme+0x58/0x1b0
[  862.149813]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  862.154811]  ? trace_hardirqs_on+0xd/0x10
[  862.159083]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  862.164623]  ? __kthread_parkme+0x106/0x1b0
[  862.169277]  kthread+0x345/0x410
[  862.172643]  ? reset_hung_task_detector+0xd0/0xd0
[  862.177469]  ? kthread_bind+0x40/0x40
[  862.181283]  ret_from_fork+0x3a/0x50
[  862.185420] Sending NMI from CPU 1 to CPUs 0:
[  862.189998] NMI backtrace for cpu 0
[  862.190011] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.18.0-rc5+ #59
[  862.190015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  862.190036] RIP: 0010:reschedule_interrupt+0x0/0x20
[  862.190038] Code: 66 2e 0f 1f 84 00 00 00 00 00 68 03 ff ff ff e8 56 f2 ff ff e8 b1 2c 00 00 e9 4b f3 ff ff 66 90 66 2e 0f 1f 84 00 00 00 00 00 <68> 02 ff ff ff e8 36 f2 ff ff e8 21 26 00 00 e9 2b f3 ff ff 66 90 
[  862.190141] RSP: 0018:ffffffff88e07b98 EFLAGS: 00000086
[  862.190147] RAX: dffffc0000000000 RBX: 1ffffffff11c0f7b RCX: 0000000000000000
[  862.190151] RDX: 1ffffffff11e3618 RSI: 0000000000000001 RDI: ffffffff88f1b0c0
[  862.190155] RBP: ffffffff88e07bc0 R08: ffffed003b5c46d7 R09: 0000000000000000
[  862.190159] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  862.190163] R13: ffffffff88e07c78 R14: ffffffff899ecb60 R15: 0000000000000000
[  862.190169] FS:  0000000000000000(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[  862.190173] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  862.190177] CR2: ffffffffff600400 CR3: 00000001cc344000 CR4: 00000000001406f0
[  862.190183] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  862.190187] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  862.190189] Call Trace:
[  862.190203]  ? native_safe_halt+0x6/0x10
[  862.190212]  default_idle+0xc7/0x450
[  862.190220]  ? __sched_text_end+0x3/0x3
[  862.190295]  ? rcu_idle_enter+0x30a/0x480
[  862.190302]  ? rcu_eqs_special_set+0x1b0/0x1b0
[  862.190312]  ? tsc_verify_tsc_adjust+0x109/0x380
[  862.190319]  ? mark_tsc_async_resets+0x20/0x20
[  862.190341]  ? tick_nohz_idle_enter+0x219/0x320
[  862.190355]  arch_cpu_idle+0x10/0x20
[  862.190382]  default_idle_call+0x6d/0x90
[  862.190390]  do_idle+0x3aa/0x570
[  862.190397]  ? arch_cpu_idle_exit+0x70/0x70
[  862.190403]  ? __schedule+0x1ed0/0x1ed0
[  862.190412]  cpu_startup_entry+0x10c/0x120
[  862.190418]  ? cpu_in_idle+0x20/0x20
[  862.190427]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  862.190434]  ? trace_hardirqs_on+0xd/0x10
[  862.190440]  rest_init+0xe1/0xe4
[  862.190508]  start_kernel+0x90e/0x949
[  862.190516]  ? mem_encrypt_init+0xb/0xb
[  862.190524]  ? early_idt_handler_common+0x3b/0x60
[  862.190535]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  862.190544]  ? x86_family+0x3e/0x50
[  862.190551]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  862.190559]  x86_64_start_reservations+0x29/0x2b
[  862.190566]  x86_64_start_kernel+0x76/0x79
[  862.190575]  secondary_startup_64+0xa5/0xb0
[  862.190990] Kernel panic - not syncing: hung_task: blocked tasks
[  862.439280] CPU: 1 PID: 902 Comm: khungtaskd Not tainted 4.18.0-rc5+ #59
[  862.446139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  862.455519] Call Trace:
[  862.458127]  dump_stack+0x1c9/0x2b4
[  862.461810]  ? dump_stack_print_info.cold.2+0x52/0x52
[  862.467032]  ? printk_safe_log_store+0x2f0/0x2f0
[  862.471903]  panic+0x238/0x4e7
[  862.475118]  ? add_taint.cold.5+0x16/0x16
[  862.479548]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  862.485366]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[  862.490854]  ? printk_safe_flush+0xd7/0x130
[  862.495214]  watchdog+0x9d5/0xf80
[  862.498712]  ? reset_hung_task_detector+0xd0/0xd0
[  862.503598]  ? kasan_check_read+0x11/0x20
[  862.507784]  ? do_raw_spin_unlock+0xa7/0x2f0
[  862.512270]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  862.517413]  ? __kthread_parkme+0x58/0x1b0
[  862.521691]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  862.526744]  ? trace_hardirqs_on+0xd/0x10
[  862.530920]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  862.536454]  ? __kthread_parkme+0x106/0x1b0
[  862.540778]  kthread+0x345/0x410
[  862.544145]  ? reset_hung_task_detector+0xd0/0xd0
[  862.548970]  ? kthread_bind+0x40/0x40
[  862.552759]  ret_from_fork+0x3a/0x50
[  862.557595] Dumping ftrace buffer:
[  862.561233]    (ftrace buffer empty)
[  862.564931] Kernel Offset: disabled
[  862.568881] Rebooting in 86400 seconds..