[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.805648] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.454456] random: sshd: uninitialized urandom read (32 bytes read)
[   22.796553] random: sshd: uninitialized urandom read (32 bytes read)
[   23.665674] random: sshd: uninitialized urandom read (32 bytes read)
[  555.818574] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts.
[  561.503932] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[  717.791257] INFO: task syz-executor287:4542 blocked for more than 140 seconds.
[  717.798942]       Not tainted 4.18.0-rc5+ #149
[  717.803587] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  717.811619] syz-executor287 D23528  4542   4539 0x00000004
[  717.817363] Call Trace:
[  717.820052]  __schedule+0x87c/0x1ed0
[  717.823804]  ? __sched_text_start+0x8/0x8
[  717.828024]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  717.832682]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  717.837840]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  717.842870]  ? trace_hardirqs_on+0xd/0x10
[  717.847046]  ? prepare_to_wait_event+0x396/0xc70
[  717.851813]  ? prepare_to_wait_exclusive+0x550/0x550
[  717.856941]  schedule+0xfb/0x450
[  717.860331]  ? __schedule+0x1ed0/0x1ed0
[  717.864713]  ? check_same_owner+0x340/0x340
[  717.869118]  ? do_raw_spin_unlock+0xa7/0x2f0
[  717.873653]  ? replenish_dl_entity.cold.53+0x37/0x37
[  717.878866]  request_wait_answer+0x4c8/0x920
[  717.883327]  ? fuse_read_forget.isra.22+0xdc0/0xdc0
[  717.888361]  ? finish_wait+0x430/0x430
[  717.892457]  ? finish_wait+0x430/0x430
[  717.896488]  ? finish_wait+0x430/0x430
[  717.900390]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  717.904995]  ? fuse_dev_ioctl+0x430/0x430
[  717.909235]  ? kasan_check_write+0x14/0x20
[  717.913478]  ? do_raw_spin_lock+0xc1/0x200
[  717.917748]  __fuse_request_send+0x12a/0x1d0
[  717.922167]  fuse_request_send+0x62/0xa0
[  717.926247]  fuse_simple_request+0x33d/0x730
[  717.930663]  fuse_lookup_name+0x3ee/0x830
[  717.934827]  ? fuse_valid_type+0xb0/0xb0
[  717.938905]  ? mutex_lock_nested+0x16/0x20
[  717.943168]  fuse_lookup+0xf9/0x4c0
[  717.946806]  ? do_raw_spin_unlock+0xa7/0x2f0
[  717.951230]  ? fuse_lookup_name+0x830/0x830
[  717.955562]  ? kasan_check_write+0x14/0x20
[  717.959819]  ? do_raw_spin_lock+0xc1/0x200
[  717.964152]  __lookup_hash+0x12e/0x190
[  717.968067]  filename_create+0x1e5/0x5b0
[  717.972151]  ? kern_path_mountpoint+0x40/0x40
[  717.976749]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  717.982327]  ? getname_flags+0x26e/0x5a0
[  717.986413]  do_mkdirat+0xda/0x310
[  717.989967]  ? __ia32_sys_mknod+0xb0/0xb0
[  717.994190]  ? syscall_slow_exit_work+0x500/0x500
[  717.999057]  __x64_sys_mkdirat+0x76/0xb0
[  718.003217]  do_syscall_64+0x1b9/0x820
[  718.007208]  ? finish_task_switch+0x1d3/0x870
[  718.011810]  ? syscall_return_slowpath+0x5e0/0x5e0
[  718.016784]  ? syscall_return_slowpath+0x31d/0x5e0
[  718.021786]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  718.027221]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  718.032126]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  718.037340] RIP: 0033:0x445849
[  718.040556] Code: Bad RIP value.
[  718.043951] RSP: 002b:00007f1dac5d6da8 EFLAGS: 00000293 ORIG_RAX: 0000000000000102
[  718.051736] RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 0000000000445849
[  718.059049] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 00000000ffffff9c
[  718.066355] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000
[  718.073649] R10: 0000000000000000 R11: 0000000000000293 R12: 0030656c69662f2e
[  718.080950] R13: 65646f6d746f6f72 R14: 2f30656c69662f2e R15: 0000000000000008
[  718.088908] INFO: task syz-executor287:4543 blocked for more than 140 seconds.
[  718.096312]       Not tainted 4.18.0-rc5+ #149
[  718.100902] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  718.108894] syz-executor287 D25408  4543   4539 0x00000004
[  718.114644] Call Trace:
[  718.117275]  __schedule+0x87c/0x1ed0
[  718.121045]  ? lock_downgrade+0x8f0/0x8f0
[  718.125203]  ? __sched_text_start+0x8/0x8
[  718.129366]  ? print_usage_bug+0xc0/0xc0
[  718.133453]  ? graph_lock+0x170/0x170
[  718.137286]  ? graph_lock+0x170/0x170
[  718.141118]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.146169]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.151721]  ? __follow_mount_rcu.isra.36.part.37+0x175/0x890
[  718.157640]  schedule+0xfb/0x450
[  718.161030]  ? lock_downgrade+0x8f0/0x8f0
[  718.165193]  ? __schedule+0x1ed0/0x1ed0
[  718.169273]  ? mark_held_locks+0xc9/0x160
[  718.173433]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  718.178039]  ? _raw_spin_unlock_irq+0x27/0x70
[  718.182547]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.187591]  __rwsem_down_write_failed_common+0x95d/0x1630
[  718.193249]  ? rwsem_spin_on_owner+0xa40/0xa40
[  718.197894]  ? __lock_acquire+0x7fc/0x5020
[  718.202202]  ? trace_hardirqs_on+0x10/0x10
[  718.206495]  ? find_held_lock+0x36/0x1c0
[  718.210611]  ? find_held_lock+0x36/0x1c0
[  718.214698]  ? lock_downgrade+0x8f0/0x8f0
[  718.218873]  ? kasan_check_read+0x11/0x20
[  718.223045]  ? dput.part.26+0x276/0x7a0
[  718.227046]  ? graph_lock+0x170/0x170
[  718.230861]  ? shrink_dcache_sb+0x350/0x350
[  718.235216]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  718.240324]  ? mntput+0x74/0xa0
[  718.243632]  ? lock_acquire+0x1e4/0x540
[  718.247619]  ? filename_create+0x1b2/0x5b0
[  718.251887]  ? mnt_want_write+0x3f/0xc0
[  718.255875]  ? lock_release+0xa30/0xa30
[  718.259866]  ? check_same_owner+0x340/0x340
[  718.264205]  rwsem_down_write_failed+0xe/0x10
[  718.268728]  ? rwsem_down_write_failed+0xe/0x10
[  718.273406]  call_rwsem_down_write_failed+0x17/0x30
[  718.278457]  down_write_nested+0xae/0x130
[  718.282628]  ? filename_create+0x1b2/0x5b0
[  718.286881]  ? _down_write_nest_lock+0x130/0x130
[  718.291795]  ? __sb_start_write+0x17f/0x300
[  718.296154]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.301711]  filename_create+0x1b2/0x5b0
[  718.305808]  ? kern_path_mountpoint+0x40/0x40
[  718.310318]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.315879]  ? getname_flags+0x26e/0x5a0
[  718.319952]  do_mkdirat+0xda/0x310
[  718.323508]  ? __ia32_sys_mknod+0xb0/0xb0
[  718.327680]  __x64_sys_mkdirat+0x76/0xb0
[  718.331761]  do_syscall_64+0x1b9/0x820
[  718.335660]  ? syscall_return_slowpath+0x5e0/0x5e0
[  718.340612]  ? syscall_return_slowpath+0x31d/0x5e0
[  718.345562]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  718.350954]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  718.355820]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  718.361031] RIP: 0033:0x445849
[  718.364226] Code: Bad RIP value.
[  718.367616] RSP: 002b:00007f1dac5b5da8 EFLAGS: 00000293 ORIG_RAX: 0000000000000102
[  718.375338] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 0000000000445849
[  718.382629] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 00000000ffffff9c
[  718.389908] RBP: 00000000006dac38 R08: 0000000000000000 R09: 0000000000000000
[  718.397211] R10: 0000000000000000 R11: 0000000000000293 R12: 0030656c69662f2e
[  718.404500] R13: 65646f6d746f6f72 R14: 2f30656c69662f2e R15: 0000000000000008
[  718.411794] 
[  718.411794] Showing all locks held in the system:
[  718.418136] 1 lock held by khungtaskd/902:
[  718.422393]  #0: (____ptrval____) (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428
[  718.431062] 1 lock held by rsyslogd/4423:
[  718.435217] 2 locks held by getty/4513:
[  718.439280]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.447550]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.456507] 2 locks held by getty/4514:
[  718.460492]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.468756]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.477672] 2 locks held by getty/4515:
[  718.481655]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.489930]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.498805] 2 locks held by getty/4516:
[  718.502789]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.511051]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.519936] 2 locks held by getty/4517:
[  718.523915]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.532174]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.541034] 2 locks held by getty/4518:
[  718.545017]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.553268]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.562141] 2 locks held by getty/4519:
[  718.566128]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.574844]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.583704] 3 locks held by syz-executor287/4542:
[  718.588553]  #0: (____ptrval____) (sb_writers#9){.+.+}, at: mnt_want_write+0x3f/0xc0
[  718.596551]  #1: (____ptrval____) (&type->i_mutex_dir_key#3/1){+.+.}, at: filename_create+0x1b2/0x5b0
[  718.605952]  #2: (____ptrval____) (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0
[  718.613846] 2 locks held by syz-executor287/4543:
[  718.618700]  #0: (____ptrval____) (sb_writers#9){.+.+}, at: mnt_want_write+0x3f/0xc0
[  718.626617]  #1: (____ptrval____) (&type->i_mutex_dir_key#3/1){+.+.}, at: filename_create+0x1b2/0x5b0
[  718.636026] 
[  718.637669] =============================================
[  718.637669] 
[  718.644703] NMI backtrace for cpu 1
[  718.648342] CPU: 1 PID: 902 Comm: khungtaskd Not tainted 4.18.0-rc5+ #149
[  718.655255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.664677] Call Trace:
[  718.667313]  dump_stack+0x1c9/0x2b4
[  718.670921]  ? dump_stack_print_info.cold.2+0x52/0x52
[  718.676105]  ? vprintk_default+0x28/0x30
[  718.680150]  nmi_cpu_backtrace.cold.4+0x19/0xce
[  718.684824]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  718.689264]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  718.694437]  nmi_trigger_cpumask_backtrace+0x151/0x192
[  718.699706]  arch_trigger_cpumask_backtrace+0x14/0x20
[  718.704878]  watchdog+0x9c4/0xf80
[  718.708319]  ? reset_hung_task_detector+0xd0/0xd0
[  718.713152]  ? kasan_check_read+0x11/0x20
[  718.717281]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.721687]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  718.726776]  ? __kthread_parkme+0x58/0x1b0
[  718.730994]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.736009]  ? trace_hardirqs_on+0xd/0x10
[  718.740160]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.745684]  ? __kthread_parkme+0x106/0x1b0
[  718.749992]  kthread+0x345/0x410
[  718.753342]  ? reset_hung_task_detector+0xd0/0xd0
[  718.758175]  ? kthread_bind+0x40/0x40
[  718.761961]  ret_from_fork+0x3a/0x50
[  718.765750] Sending NMI from CPU 1 to CPUs 0:
[  718.770377] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
[  718.771346] Kernel panic - not syncing: hung_task: blocked tasks
[  718.784137] CPU: 1 PID: 902 Comm: khungtaskd Not tainted 4.18.0-rc5+ #149
[  718.791053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.800386] Call Trace:
[  718.802962]  dump_stack+0x1c9/0x2b4
[  718.806582]  ? dump_stack_print_info.cold.2+0x52/0x52
[  718.811876]  ? printk_safe_log_store+0x2f0/0x2f0
[  718.816676]  panic+0x238/0x4e7
[  718.819945]  ? add_taint.cold.5+0x16/0x16
[  718.824077]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.829646]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[  718.835250]  ? printk_safe_flush+0xd7/0x130
[  718.839572]  watchdog+0x9d5/0xf80
[  718.843013]  ? reset_hung_task_detector+0xd0/0xd0
[  718.847978]  ? kasan_check_read+0x11/0x20
[  718.852137]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.856605]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  718.861772]  ? __kthread_parkme+0x58/0x1b0
[  718.866021]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.871071]  ? trace_hardirqs_on+0xd/0x10
[  718.875246]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.880789]  ? __kthread_parkme+0x106/0x1b0
[  718.885122]  kthread+0x345/0x410
[  718.888490]  ? reset_hung_task_detector+0xd0/0xd0
[  718.893317]  ? kthread_bind+0x40/0x40
[  718.897109]  ret_from_fork+0x3a/0x50
[  718.901468] Dumping ftrace buffer:
[  718.905107]    (ftrace buffer empty)
[  718.908809] Kernel Offset: disabled
[  718.912442] Rebooting in 86400 seconds..