[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.527317] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.587656] random: sshd: uninitialized urandom read (32 bytes read)
[   22.074915] random: sshd: uninitialized urandom read (32 bytes read)
[   22.965781] random: sshd: uninitialized urandom read (32 bytes read)
[  509.847143] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts.
[  515.341835] random: sshd: uninitialized urandom read (32 bytes read)
2018/07/22 08:58:59 parsed 1 programs
[  517.281156] random: cc1: uninitialized urandom read (8 bytes read)
2018/07/22 08:59:02 executed programs: 0
[  518.561631] IPVS: ftp: loaded support on port[0] = 21
[  717.792256] INFO: task syz-executor0:4584 blocked for more than 140 seconds.
[  717.799634]       Not tainted 4.18.0-rc5+ #61
[  717.804170] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  717.812166] syz-executor0   D23448  4584   4565 0x20020004
[  717.817839] Call Trace:
[  717.820477]  __schedule+0x87c/0x1ed0
[  717.824216]  ? __sched_text_start+0x8/0x8
[  717.828397]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  717.833449]  ? bpf_prog_kallsyms_find+0xde/0x4c0
[  717.838229]  ? graph_lock+0x170/0x170
[  717.842051]  ? graph_lock+0x170/0x170
[  717.845883]  ? is_bpf_text_address+0xae/0x170
[  717.850422]  ? lock_downgrade+0x8f0/0x8f0
[  717.854608]  schedule+0xfb/0x450
[  717.857992]  ? lock_downgrade+0x8f0/0x8f0
[  717.862174]  ? __schedule+0x1ed0/0x1ed0
[  717.866182]  ? mark_held_locks+0xc9/0x160
[  717.870353]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  717.874954]  ? _raw_spin_unlock_irq+0x27/0x70
[  717.879474]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  717.884519]  __rwsem_down_write_failed_common+0x95d/0x1630
[  717.890185]  ? rwsem_spin_on_owner+0xa40/0xa40
[  717.894806]  ? trace_hardirqs_on+0x10/0x10
[  717.899091]  ? lock_downgrade+0x8f0/0x8f0
[  717.903272]  ? kasan_check_read+0x11/0x20
[  717.907457]  ? do_raw_spin_unlock+0xa7/0x2f0
[  717.911902]  ? graph_lock+0x170/0x170
[  717.915744]  ? graph_lock+0x170/0x170
[  717.919576]  ? trace_hardirqs_on+0xd/0x10
[  717.923768]  ? graph_lock+0x170/0x170
[  717.927605]  ? find_held_lock+0x36/0x1c0
[  717.931691]  ? graph_lock+0x170/0x170
[  717.935513]  ? find_held_lock+0x36/0x1c0
[  717.939602]  ? lock_acquire+0x1e4/0x540
[  717.943611]  ? fuse_reverse_inval_entry+0xae/0x6d0
[  717.948655]  ? lock_release+0xa30/0xa30
[  717.952658]  ? check_same_owner+0x340/0x340
[  717.957016]  rwsem_down_write_failed+0xe/0x10
[  717.961559]  ? rwsem_down_write_failed+0xe/0x10
[  717.966262]  call_rwsem_down_write_failed+0x17/0x30
[  717.971404]  down_write+0xaa/0x130
[  717.975413]  ? fuse_reverse_inval_entry+0xae/0x6d0
[  717.980369]  ? down_read+0x1d0/0x1d0
[  717.984106]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  717.989752]  ? ilookup5+0x103/0x140
[  717.993414]  ? fuse_init_file_inode+0x70/0x70
[  717.997954]  fuse_reverse_inval_entry+0xae/0x6d0
[  718.002742]  ? fuse_update_attributes+0xd0/0xd0
[  718.007443]  ? print_usage_bug+0xc0/0xc0
[  718.011552]  fuse_dev_do_write+0x2b97/0x3700
[  718.015987]  ? refill_pi_state_cache.part.8+0x320/0x320
[  718.021392]  ? kasan_check_write+0x14/0x20
[  718.025647]  ? do_raw_spin_lock+0xc1/0x200
[  718.029915]  ? fuse_dev_read+0x250/0x250
[  718.034014]  ? futex_wait_setup+0x281/0x410
[  718.038476]  ? trace_hardirqs_on+0x10/0x10
[  718.042746]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  718.048315]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  718.053453]  ? futex_wait+0x5d2/0xa20
[  718.057376]  ? futex_wait_setup+0x410/0x410
[  718.061721]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  718.066942]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  718.072499]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  718.077631]  ? futex_wake+0x304/0x760
[  718.081461]  ? pick_next_task_fair+0x997/0x17a0
[  718.086159]  ? graph_lock+0x170/0x170
[  718.089992]  ? find_held_lock+0x36/0x1c0
[  718.094093]  ? lock_downgrade+0x8f0/0x8f0
[  718.098288]  ? kasan_check_read+0x11/0x20
[  718.102459]  ? rcu_is_watching+0x8c/0x150
[  718.106638]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  718.111100]  ? memset+0x31/0x40
[  718.114417]  fuse_dev_write+0x19a/0x240
[  718.118423]  ? fuse_dev_splice_write+0xe60/0xe60
[  718.123211]  ? expand_files.part.8+0x9c0/0x9c0
[  718.127927]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.134137]  ? iov_iter_init+0xc9/0x1f0
[  718.138153]  __vfs_write+0x6c6/0x9f0
[  718.141902]  ? kernel_read+0x120/0x120
[  718.145851]  ? fsnotify+0x14e0/0x14e0
[  718.149698]  ? rw_verify_area+0x118/0x360
[  718.153879]  vfs_write+0x1f8/0x560
[  718.157445]  ksys_write+0x101/0x260
[  718.161104]  ? __ia32_sys_read+0xb0/0xb0
[  718.165201]  ? syscall_slow_exit_work+0x500/0x500
[  718.170080]  __ia32_sys_write+0x71/0xb0
[  718.174104]  do_fast_syscall_32+0x34d/0xfb2
[  718.178483]  ? do_int80_syscall_32+0x890/0x890
[  718.183127]  ? _raw_spin_unlock_irq+0x27/0x70
[  718.187661]  ? finish_task_switch+0x1d3/0x870
[  718.192207]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.197785]  ? syscall_return_slowpath+0x31d/0x5e0
[  718.202762]  ? sysret32_from_system_call+0x5/0x46
[  718.207645]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  718.212536]  entry_SYSENTER_compat+0x70/0x7f
[  718.216975] RIP: 0023:0xf7f1fcb9
[  718.220366] Code: Bad RIP value.
[  718.223895] RSP: 002b:00000000f7f1b0ac EFLAGS: 00000282 ORIG_RAX: 0000000000000004
[  718.231638] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0
[  718.238936] RDX: 0000000000000029 RSI: 0000000000000000 RDI: 0000000000000000
[  718.246252] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  718.253562] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  718.260870] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  718.268190] INFO: task syz-executor0:4585 blocked for more than 140 seconds.
[  718.275412]       Not tainted 4.18.0-rc5+ #61
[  718.279935] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  718.287943] syz-executor0   D24984  4585   4565 0x20020004
[  718.293629] Call Trace:
[  718.296275]  __schedule+0x87c/0x1ed0
[  718.300044]  ? __sched_text_start+0x8/0x8
[  718.304234]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  718.308859]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  718.314009]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.319073]  ? trace_hardirqs_on+0xd/0x10
[  718.323254]  ? prepare_to_wait_event+0x396/0xc70
[  718.328070]  ? prepare_to_wait_exclusive+0x550/0x550
[  718.333217]  schedule+0xfb/0x450
[  718.336638]  ? __schedule+0x1ed0/0x1ed0
[  718.340740]  ? check_same_owner+0x340/0x340
[  718.345292]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.349742]  ? replenish_dl_entity.cold.53+0x37/0x37
[  718.354896]  request_wait_answer+0x4c8/0x920
[  718.359344]  ? fuse_read_forget.isra.22+0xdc0/0xdc0
[  718.364393]  ? finish_wait+0x430/0x430
[  718.368324]  ? finish_wait+0x430/0x430
[  718.372254]  ? finish_wait+0x430/0x430
[  718.376179]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  718.380792]  ? fuse_dev_ioctl+0x430/0x430
[  718.384990]  ? kasan_check_write+0x14/0x20
[  718.389274]  ? do_raw_spin_lock+0xc1/0x200
[  718.393550]  __fuse_request_send+0x12a/0x1d0
[  718.398036]  fuse_request_send+0x62/0xa0
[  718.402139]  fuse_simple_request+0x33d/0x730
[  718.406596]  fuse_lookup_name+0x3ee/0x830
[  718.410776]  ? fuse_valid_type+0xb0/0xb0
[  718.414876]  ? mutex_lock_nested+0x16/0x20
[  718.419138]  fuse_lookup+0xf9/0x4c0
[  718.422793]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.427232]  ? fuse_lookup_name+0x830/0x830
[  718.431590]  ? kasan_check_write+0x14/0x20
[  718.435871]  ? do_raw_spin_lock+0xc1/0x200
[  718.440266]  __lookup_hash+0x12e/0x190
[  718.444214]  filename_create+0x1e5/0x5b0
[  718.448311]  ? kern_path_mountpoint+0x40/0x40
[  718.452844]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.458421]  ? getname_flags+0x26e/0x5a0
[  718.462531]  do_mkdirat+0xda/0x310
[  718.466107]  ? __ia32_sys_mknod+0xb0/0xb0
[  718.470304]  ? kasan_check_read+0x11/0x20
[  718.474493]  __ia32_sys_mkdirat+0x74/0xb0
[  718.478690]  do_fast_syscall_32+0x34d/0xfb2
[  718.483072]  ? do_int80_syscall_32+0x890/0x890
[  718.487690]  ? kasan_check_write+0x14/0x20
[  718.491972]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.497571]  ? syscall_return_slowpath+0x31d/0x5e0
[  718.502545]  ? sysret32_from_system_call+0x5/0x46
[  718.507450]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  718.512425]  entry_SYSENTER_compat+0x70/0x7f
[  718.516894] RIP: 0023:0xf7f1fcb9
[  718.520293] Code: Bad RIP value.
[  718.523700] RSP: 002b:00000000f7efa0ac EFLAGS: 00000282 ORIG_RAX: 0000000000000128
[  718.531452] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000500
[  718.538777] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  718.546089] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  718.553533] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  718.560855] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  718.568177] 
[  718.568177] Showing all locks held in the system:
[  718.574550] 1 lock held by khungtaskd/902:
[  718.578813]  #0: (____ptrval____) (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428
[  718.587774] 1 lock held by rsyslogd/4432:
[  718.591980] 2 locks held by getty/4522:
[  718.596005]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.604364]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.613289] 2 locks held by getty/4523:
[  718.617308]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.625598]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.634537] 2 locks held by getty/4524:
[  718.638578]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.647344]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.657230] 2 locks held by getty/4525:
[  718.661243]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.669621]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.678534] 2 locks held by getty/4526:
[  718.682540]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.690825]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.699729] 2 locks held by getty/4527:
[  718.705320]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.713715]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.722637] 2 locks held by getty/4528:
[  718.726652]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.734952]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.743856] 2 locks held by syz-executor0/4584:
[  718.748558]  #0: (____ptrval____) (&fc->killsb){.+.+}, at: fuse_dev_do_write+0x2b2d/0x3700
[  718.757100]  #1: (____ptrval____) (&type->i_mutex_dir_key#6){+.+.}, at: fuse_reverse_inval_entry+0xae/0x6d0
[  718.767176] 3 locks held by syz-executor0/4585:
[  718.771903]  #0: (____ptrval____) (sb_writers#13){.+.+}, at: mnt_want_write+0x3f/0xc0
[  718.779943]  #1: (____ptrval____) (&type->i_mutex_dir_key#5/1){+.+.}, at: filename_create+0x1b2/0x5b0
[  718.789381]  #2: (____ptrval____) (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0
[  718.797241] 
[  718.798918] =============================================
[  718.798918] 
[  718.805964] NMI backtrace for cpu 1
[  718.809637] CPU: 1 PID: 902 Comm: khungtaskd Not tainted 4.18.0-rc5+ #61
[  718.816461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.825800] Call Trace:
[  718.828374]  dump_stack+0x1c9/0x2b4
[  718.831995]  ? dump_stack_print_info.cold.2+0x52/0x52
[  718.837185]  ? vprintk_default+0x28/0x30
[  718.841235]  nmi_cpu_backtrace.cold.4+0x19/0xce
[  718.846411]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  718.850808]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  718.855998]  nmi_trigger_cpumask_backtrace+0x151/0x192
[  718.861266]  arch_trigger_cpumask_backtrace+0x14/0x20
[  718.866482]  watchdog+0x9c4/0xf80
[  718.869988]  ? reset_hung_task_detector+0xd0/0xd0
[  718.874846]  ? kasan_check_read+0x11/0x20
[  718.879094]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.883492]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  718.888589]  ? __kthread_parkme+0x58/0x1b0
[  718.892824]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.897821]  ? trace_hardirqs_on+0xd/0x10
[  718.901958]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.907488]  ? __kthread_parkme+0x106/0x1b0
[  718.911793]  kthread+0x345/0x410
[  718.915149]  ? reset_hung_task_detector+0xd0/0xd0
[  718.919974]  ? kthread_bind+0x40/0x40
[  718.923763]  ret_from_fork+0x3a/0x50
[  718.927573] Sending NMI from CPU 1 to CPUs 0:
[  718.932275] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
[  718.933236] Kernel panic - not syncing: hung_task: blocked tasks
[  718.946778] CPU: 1 PID: 902 Comm: khungtaskd Not tainted 4.18.0-rc5+ #61
[  718.953613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.962954] Call Trace:
[  718.965534]  dump_stack+0x1c9/0x2b4
[  718.969145]  ? dump_stack_print_info.cold.2+0x52/0x52
[  718.974320]  ? printk_safe_log_store+0x2f0/0x2f0
[  718.979066]  panic+0x238/0x4e7
[  718.982244]  ? add_taint.cold.5+0x16/0x16
[  718.986376]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.991913]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[  718.997369]  ? printk_safe_flush+0xd7/0x130
[  719.001700]  watchdog+0x9d5/0xf80
[  719.005144]  ? reset_hung_task_detector+0xd0/0xd0
[  719.009979]  ? kasan_check_read+0x11/0x20
[  719.014114]  ? do_raw_spin_unlock+0xa7/0x2f0
[  719.018522]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  719.023626]  ? __kthread_parkme+0x58/0x1b0
[  719.027874]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  719.032891]  ? trace_hardirqs_on+0xd/0x10
[  719.037308]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  719.042833]  ? __kthread_parkme+0x106/0x1b0
[  719.047140]  kthread+0x345/0x410
[  719.050491]  ? reset_hung_task_detector+0xd0/0xd0
[  719.055320]  ? kthread_bind+0x40/0x40
[  719.059126]  ret_from_fork+0x3a/0x50
[  719.064168] Dumping ftrace buffer:
[  719.067790]    (ftrace buffer empty)
[  719.071616] Kernel Offset: disabled
[  719.075271] Rebooting in 86400 seconds..