[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   18.700847] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.154839] random: sshd: uninitialized urandom read (32 bytes read)
[   22.660289] random: sshd: uninitialized urandom read (32 bytes read)
[   23.522580] random: sshd: uninitialized urandom read (32 bytes read)
[  552.672690] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts.
[  558.172483] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[  717.791169] INFO: task syz-executor751:4533 blocked for more than 140 seconds.
[  717.798672]       Not tainted 4.18.0-rc5+ #151
[  717.803290] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  717.811284] syz-executor751 D22856  4533   4529 0x00000004
[  717.817009] Call Trace:
[  717.819664]  __schedule+0x87c/0x1ed0
[  717.823413]  ? __sched_text_start+0x8/0x8
[  717.827578]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  717.832224]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  717.837367]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  717.842416]  ? trace_hardirqs_on+0xd/0x10
[  717.846576]  ? prepare_to_wait_event+0x396/0xc70
[  717.851361]  ? prepare_to_wait_exclusive+0x550/0x550
[  717.856490]  schedule+0xfb/0x450
[  717.859883]  ? __schedule+0x1ed0/0x1ed0
[  717.863877]  ? check_same_owner+0x340/0x340
[  717.868228]  ? do_raw_spin_unlock+0xa7/0x2f0
[  717.872653]  ? replenish_dl_entity.cold.53+0x37/0x37
[  717.877799]  request_wait_answer+0x4c8/0x920
[  717.882217]  ? fuse_read_forget.isra.22+0xdc0/0xdc0
[  717.887282]  ? finish_wait+0x430/0x430
[  717.891185]  ? finish_wait+0x430/0x430
[  717.895096]  ? finish_wait+0x430/0x430
[  717.898991]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  717.903608]  ? fuse_dev_ioctl+0x430/0x430
[  717.907767]  ? kasan_check_write+0x14/0x20
[  717.912042]  ? do_raw_spin_lock+0xc1/0x200
[  717.916288]  __fuse_request_send+0x12a/0x1d0
[  717.920726]  fuse_request_send+0x62/0xa0
[  717.924799]  fuse_simple_request+0x33d/0x730
[  717.929238]  fuse_lookup_name+0x3ee/0x830
[  717.933412]  ? fuse_valid_type+0xb0/0xb0
[  717.937498]  ? __d_lookup_rcu+0xaa0/0xaa0
[  717.941667]  ? mutex_lock_nested+0x16/0x20
[  717.945927]  fuse_lookup+0xf9/0x4c0
[  717.949564]  ? fuse_lookup_name+0x830/0x830
[  717.953925]  ? d_lookup+0x221/0x340
[  717.957568]  fuse_atomic_open+0x214/0x350
[  717.961742]  ? fuse_lookup+0x4c0/0x4c0
[  717.965647]  lookup_open+0xdb1/0x1b40
[  717.969475]  ? complete_walk+0x260/0x260
[  717.973549]  ? down_read+0xb5/0x1d0
[  717.977189]  ? path_openat+0x204c/0x4e10
[  717.981262]  ? __down_interruptible+0x700/0x700
[  717.985962]  ? print_usage_bug+0xc0/0xc0
[  717.990045]  ? kasan_check_read+0x11/0x20
[  717.994225]  path_openat+0x207d/0x4e10
[  717.998126]  ? lock_acquire+0x1e4/0x540
[  718.002135]  ? path_lookupat.isra.45+0xbf0/0xbf0
[  718.006910]  ? __save_stack_trace+0x8d/0xf0
[  718.011259]  ? trace_hardirqs_on+0x10/0x10
[  718.015518]  ? save_stack+0xa9/0xd0
[  718.019185]  ? save_stack+0x43/0xd0
[  718.022819]  ? kasan_kmalloc+0xc4/0xe0
[  718.026731]  ? kasan_slab_alloc+0x12/0x20
[  718.030893]  ? kmem_cache_alloc+0x12e/0x760
[  718.035243]  ? prepare_creds+0x80/0x3f0
[  718.039229]  ? prepare_exec_creds+0x11/0xf0
[  718.043578]  ? prepare_bprm_creds+0x70/0x120
[  718.048005]  ? __do_execve_file.isra.35+0x475/0x2730
[  718.053165]  ? __x64_sys_execve+0x8f/0xc0
[  718.057348]  ? do_syscall_64+0x1b9/0x820
[  718.061419]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  718.066815]  ? find_held_lock+0x36/0x1c0
[  718.070893]  ? print_usage_bug+0xc0/0xc0
[  718.074979]  ? __lock_is_held+0xb5/0x140
[  718.079068]  ? graph_lock+0x170/0x170
[  718.082896]  do_filp_open+0x255/0x380
[  718.086719]  ? may_open_dev+0x100/0x100
[  718.090733]  ? lock_downgrade+0x8f0/0x8f0
[  718.094909]  do_open_execat+0x1fe/0x670
[  718.098913]  ? unregister_binfmt+0x2a0/0x2a0
[  718.103345]  ? do_raw_spin_lock+0xc1/0x200
[  718.107615]  __do_execve_file.isra.35+0x1827/0x2730
[  718.112659]  ? prepare_bprm_creds+0x120/0x120
[  718.117185]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  718.122396]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  718.127447]  ? __check_object_size+0x9d/0x5f2
[  718.131964]  ? usercopy_warn+0x120/0x120
[  718.136061]  ? kasan_check_read+0x11/0x20
[  718.140231]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.144675]  ? kasan_check_read+0x11/0x20
[  718.148839]  ? rcu_is_watching+0x8c/0x150
[  718.153038]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.158604]  ? strncpy_from_user+0x3be/0x510
[  718.163056]  ? mpi_free.cold.1+0x19/0x19
[  718.167149]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.172711]  ? getname_flags+0x26e/0x5a0
[  718.176794]  __x64_sys_execve+0x8f/0xc0
[  718.180801]  do_syscall_64+0x1b9/0x820
[  718.184715]  ? syscall_return_slowpath+0x5e0/0x5e0
[  718.189670]  ? syscall_return_slowpath+0x31d/0x5e0
[  718.194624]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  718.200474]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  718.205338]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  718.210549] RIP: 0033:0x445869
[  718.213744] Code: e8 7c b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[  718.232979] RSP: 002b:00007f6b9cf62da8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[  718.240723] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 0000000000445869
[  718.248047] RDX: 00000000200003c0 RSI: 0000000020000340 RDI: 0000000020000000
[  718.255439] RBP: 00000000006dac38 R08: 0000000000000000 R09: 0000000000000000
[  718.262737] R10: 0000000000000000 R11: 0000000000000246 R12: 64695f70756f7267
[  718.270042] R13: 7375662f7665642f R14: 2f30656c69662f2e R15: 0000000000000001
[  718.277357] 
[  718.277357] Showing all locks held in the system:
[  718.283708] 1 lock held by khungtaskd/902:
[  718.287963]  #0: (____ptrval____) (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428
[  718.296614] 1 lock held by rsyslogd/4414:
[  718.300780] 2 locks held by getty/4504:
[  718.304761]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.313054]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.321927] 2 locks held by getty/4505:
[  718.325915]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.334182]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.343074] 2 locks held by getty/4506:
[  718.347057]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.355326]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.364209] 2 locks held by getty/4507:
[  718.368216]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.376473]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.385355] 2 locks held by getty/4508:
[  718.389330]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.397595]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.406467] 2 locks held by getty/4509:
[  718.410470]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.418725]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.427608] 2 locks held by getty/4510:
[  718.431586]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  718.439861]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  718.448741] 3 locks held by syz-executor751/4533:
[  718.453605]  #0: (____ptrval____) (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x53/0x120
[  718.462841]  #1: (____ptrval____) (&type->i_mutex_dir_key#3){.+.+}, at: path_openat+0x204c/0x4e10
[  718.471908]  #2: (____ptrval____) (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0
[  718.479751] 
[  718.481404] =============================================
[  718.481404] 
[  718.488456] NMI backtrace for cpu 1
[  718.492113] CPU: 1 PID: 902 Comm: khungtaskd Not tainted 4.18.0-rc5+ #151
[  718.499024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.508368] Call Trace:
[  718.511018]  dump_stack+0x1c9/0x2b4
[  718.514632]  ? dump_stack_print_info.cold.2+0x52/0x52
[  718.519803]  ? vprintk_default+0x28/0x30
[  718.523850]  nmi_cpu_backtrace.cold.4+0x19/0xce
[  718.528509]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  718.532901]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  718.538069]  nmi_trigger_cpumask_backtrace+0x151/0x192
[  718.543323]  arch_trigger_cpumask_backtrace+0x14/0x20
[  718.548498]  watchdog+0x9c4/0xf80
[  718.551936]  ? reset_hung_task_detector+0xd0/0xd0
[  718.556762]  ? kasan_check_read+0x11/0x20
[  718.560888]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.565279]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  718.570371]  ? __kthread_parkme+0x58/0x1b0
[  718.574585]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.579579]  ? trace_hardirqs_on+0xd/0x10
[  718.583709]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.589221]  ? __kthread_parkme+0x106/0x1b0
[  718.593523]  kthread+0x345/0x410
[  718.596870]  ? reset_hung_task_detector+0xd0/0xd0
[  718.601688]  ? kthread_bind+0x40/0x40
[  718.605468]  ret_from_fork+0x3a/0x50
[  718.609258] Sending NMI from CPU 1 to CPUs 0:
[  718.613793] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
[  718.614780] Kernel panic - not syncing: hung_task: blocked tasks
[  718.627511] CPU: 1 PID: 902 Comm: khungtaskd Not tainted 4.18.0-rc5+ #151
[  718.634417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.643749] Call Trace:
[  718.646327]  dump_stack+0x1c9/0x2b4
[  718.649942]  ? dump_stack_print_info.cold.2+0x52/0x52
[  718.655121]  ? printk_safe_log_store+0x2f0/0x2f0
[  718.659860]  panic+0x238/0x4e7
[  718.663033]  ? add_taint.cold.5+0x16/0x16
[  718.667164]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.672683]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[  718.678125]  ? printk_safe_flush+0xd7/0x130
[  718.682435]  watchdog+0x9d5/0xf80
[  718.685878]  ? reset_hung_task_detector+0xd0/0xd0
[  718.690706]  ? kasan_check_read+0x11/0x20
[  718.694833]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.699238]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  718.704317]  ? __kthread_parkme+0x58/0x1b0
[  718.708534]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.713530]  ? trace_hardirqs_on+0xd/0x10
[  718.717658]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.723174]  ? __kthread_parkme+0x106/0x1b0
[  718.727475]  kthread+0x345/0x410
[  718.730821]  ? reset_hung_task_detector+0xd0/0xd0
[  718.735640]  ? kthread_bind+0x40/0x40
[  718.739422]  ret_from_fork+0x3a/0x50
[  718.743654] Dumping ftrace buffer:
[  718.747247]    (ftrace buffer empty)
[  718.750937] Kernel Offset: disabled
[  718.754609] Rebooting in 86400 seconds..