[....] Starting OpenBSD Secure Shell server: sshd[   18.921299] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.938828] random: sshd: uninitialized urandom read (32 bytes read)
[   21.278882] random: sshd: uninitialized urandom read (32 bytes read)
[   22.142849] random: sshd: uninitialized urandom read (32 bytes read)
[  615.610306] random: sshd: uninitialized urandom read (32 bytes read)
[  615.711371] sshd (4508) used greatest stack depth: 17096 bytes left
Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts.
[  621.046616] random: sshd: uninitialized urandom read (32 bytes read)
2018/07/23 01:17:42 parsed 1 programs
[  622.532199] random: cc1: uninitialized urandom read (8 bytes read)
2018/07/23 01:17:44 executed programs: 0
[  623.707580] IPVS: ftp: loaded support on port[0] = 21
[  623.797965] ip (4542) used greatest stack depth: 16952 bytes left
[  861.151155] INFO: task syz-executor0:4547 blocked for more than 140 seconds.
[  861.158565]       Not tainted 4.18.0-rc5+ #62
[  861.163081] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  861.171055] syz-executor0   D24808  4547   4526 0x20020004
[  861.176754] Call Trace:
[  861.179383]  __schedule+0x87c/0x1ed0
[  861.183109]  ? __sched_text_start+0x8/0x8
[  861.187265]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.191861]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  861.196971]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  861.202004]  ? trace_hardirqs_on+0xd/0x10
[  861.206174]  ? prepare_to_wait_event+0x396/0xc70
[  861.210944]  ? prepare_to_wait_exclusive+0x550/0x550
[  861.216057]  schedule+0xfb/0x450
[  861.219440]  ? __schedule+0x1ed0/0x1ed0
[  861.223422]  ? check_same_owner+0x340/0x340
[  861.227751]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.232166]  ? replenish_dl_entity.cold.53+0x37/0x37
[  861.237288]  request_wait_answer+0x4c8/0x920
[  861.241711]  ? fuse_read_forget.isra.22+0xdc0/0xdc0
[  861.246741]  ? finish_wait+0x430/0x430
[  861.250641]  ? finish_wait+0x430/0x430
[  861.254549]  ? finish_wait+0x430/0x430
[  861.258460]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.263084]  ? fuse_dev_ioctl+0x430/0x430
[  861.267606]  ? kasan_check_write+0x14/0x20
[  861.271873]  ? do_raw_spin_lock+0xc1/0x200
[  861.276136]  __fuse_request_send+0x12a/0x1d0
[  861.280609]  fuse_request_send+0x62/0xa0
[  861.284685]  fuse_simple_request+0x33d/0x730
[  861.289115]  fuse_lookup_name+0x3ee/0x830
[  861.293283]  ? fuse_valid_type+0xb0/0xb0
[  861.297375]  fuse_lookup+0xf9/0x4c0
[  861.301029]  ? fuse_lookup_name+0x830/0x830
[  861.305371]  ? __lockdep_init_map+0x105/0x590
[  861.309898]  __lookup_slow+0x2b5/0x540
[  861.313802]  ? vfs_unlink+0x510/0x510
[  861.317610]  ? down_read+0xb5/0x1d0
[  861.321245]  ? lookup_slow+0x49/0x80
[  861.324961]  ? __down_interruptible+0x700/0x700
[  861.329638]  ? lookup_fast+0x470/0x12a0
[  861.333622]  ? __follow_mount_rcu.isra.36.part.37+0x890/0x890
[  861.339515]  lookup_slow+0x57/0x80
[  861.343064]  walk_component+0x94a/0x2630
[  861.347138]  ? inode_permission+0xb2/0x560
[  861.351384]  ? path_init+0x2340/0x2340
[  861.355288]  ? walk_component+0x2630/0x2630
[  861.359618]  ? trace_hardirqs_on+0xd/0x10
[  861.363777]  ? depot_save_stack+0x291/0x470
[  861.368105]  ? save_stack+0xa9/0xd0
[  861.371738]  ? save_stack+0x43/0xd0
[  861.375388]  ? kmem_cache_alloc+0x12e/0x760
[  861.379732]  ? getname_flags+0xd0/0x5a0
[  861.383722]  ? user_path_at_empty+0x2d/0x50
[  861.388053]  ? ksys_chroot+0xc0/0x2f0
[  861.391856]  path_lookupat.isra.45+0x202/0xbf0
[  861.396450]  ? find_held_lock+0x36/0x1c0
[  861.400515]  ? path_parentat.isra.43+0x160/0x160
[  861.405280]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  861.410502]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  861.415541]  ? __check_object_size+0x9d/0x5f2
[  861.420045]  ? usercopy_warn+0x120/0x120
[  861.424118]  ? kasan_check_read+0x11/0x20
[  861.428265]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.432685]  filename_lookup+0x264/0x510
[  861.436749]  ? filename_parentat.isra.58+0x570/0x570
[  861.441861]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  861.447421]  ? mpi_free.cold.1+0x19/0x19
[  861.451504]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  861.457051]  ? getname_flags+0x26e/0x5a0
[  861.461121]  ? find_held_lock+0x36/0x1c0
[  861.465185]  user_path_at_empty+0x40/0x50
[  861.469347]  ksys_chroot+0xc0/0x2f0
[  861.472983]  ? __ia32_sys_fchdir+0x1f0/0x1f0
[  861.477405]  ? kasan_check_read+0x11/0x20
[  861.481557]  ? do_fast_syscall_32+0x150/0xfb2
[  861.486075]  __ia32_sys_chroot+0x30/0x40
[  861.490144]  do_fast_syscall_32+0x34d/0xfb2
[  861.494484]  ? do_int80_syscall_32+0x890/0x890
[  861.499076]  ? kasan_check_write+0x14/0x20
[  861.503330]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  861.508882]  ? syscall_return_slowpath+0x31d/0x5e0
[  861.513840]  ? sysret32_from_system_call+0x5/0x46
[  861.518727]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  861.523591]  entry_SYSENTER_compat+0x70/0x7f
[  861.528027] RIP: 0023:0xf7fc6cb9
[  861.531392] Code: Bad RIP value.
[  861.534771] RSP: 002b:00000000f7fa10ac EFLAGS: 00000282 ORIG_RAX: 000000000000003d
[  861.542495] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000000000
[  861.549769] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  861.557052] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  861.564336] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  861.571618] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  861.578913] 
[  861.578913] Showing all locks held in the system:
[  861.585251] 1 lock held by khungtaskd/901:
[  861.589482]  #0: (____ptrval____) (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428
[  861.598120] 2 locks held by rsyslogd/4392:
[  861.602354]  #0: (____ptrval____) (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
[  861.610349]  #1: (____ptrval____) (&rq->lock){-.-.}, at: debug_check_no_obj_freed+0x16c/0x595
[  861.619410] 2 locks held by getty/4482:
[  861.623390]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.631652]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.640523] 2 locks held by getty/4483:
[  861.644495]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.652752]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.661615] 2 locks held by getty/4484:
[  861.665595]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.673864]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.682743] 2 locks held by getty/4485:
[  861.686718]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.694981]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.703872] 2 locks held by getty/4486:
[  861.707852]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.716112]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.724983] 2 locks held by getty/4487:
[  861.728984]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.737264]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.746134] 2 locks held by getty/4488:
[  861.750110]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.758371]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.767252] 2 locks held by syz-executor0/4547:
[  861.771929]  #0: (____ptrval____) (&type->i_mutex_dir_key#5){.+.+}, at: lookup_slow+0x49/0x80
[  861.780631]  #1: (____ptrval____) (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0
[  861.788460] 
[  861.790088] =============================================
[  861.790088] 
[  861.797116] NMI backtrace for cpu 0
[  861.800750] CPU: 0 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc5+ #62
[  861.807564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  861.816896] Call Trace:
[  861.819517]  dump_stack+0x1c9/0x2b4
[  861.823131]  ? dump_stack_print_info.cold.2+0x52/0x52
[  861.828304]  ? vprintk_default+0x28/0x30
[  861.832371]  nmi_cpu_backtrace.cold.4+0x19/0xce
[  861.837021]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  861.841410]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  861.846576]  nmi_trigger_cpumask_backtrace+0x151/0x192
[  861.851834]  arch_trigger_cpumask_backtrace+0x14/0x20
[  861.857002]  watchdog+0x9c4/0xf80
[  861.860437]  ? reset_hung_task_detector+0xd0/0xd0
[  861.865261]  ? kasan_check_read+0x11/0x20
[  861.869383]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.873772]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  861.878854]  ? __kthread_parkme+0x58/0x1b0
[  861.883069]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  861.888064]  ? trace_hardirqs_on+0xd/0x10
[  861.892190]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  861.897700]  ? __kthread_parkme+0x106/0x1b0
[  861.901998]  kthread+0x345/0x410
[  861.905340]  ? reset_hung_task_detector+0xd0/0xd0
[  861.910158]  ? kthread_bind+0x40/0x40
[  861.913939]  ret_from_fork+0x3a/0x50
[  861.917704] Sending NMI from CPU 0 to CPUs 1:
[  861.922213] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x6/0x10
[  861.923201] Kernel panic - not syncing: hung_task: blocked tasks
[  861.935908] CPU: 0 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc5+ #62
[  861.942720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  861.952050] Call Trace:
[  861.954623]  dump_stack+0x1c9/0x2b4
[  861.958230]  ? dump_stack_print_info.cold.2+0x52/0x52
[  861.963400]  ? printk_safe_log_store+0x2f0/0x2f0
[  861.968138]  panic+0x238/0x4e7
[  861.971310]  ? add_taint.cold.5+0x16/0x16
[  861.975439]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  861.980957]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[  861.986386]  ? printk_safe_flush+0xd7/0x130
[  861.990686]  watchdog+0x9d5/0xf80
[  861.994126]  ? reset_hung_task_detector+0xd0/0xd0
[  861.998954]  ? kasan_check_read+0x11/0x20
[  862.003079]  ? do_raw_spin_unlock+0xa7/0x2f0
[  862.007466]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  862.012547]  ? __kthread_parkme+0x58/0x1b0
[  862.016762]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  862.021770]  ? trace_hardirqs_on+0xd/0x10
[  862.025902]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  862.031415]  ? __kthread_parkme+0x106/0x1b0
[  862.035716]  kthread+0x345/0x410
[  862.039059]  ? reset_hung_task_detector+0xd0/0xd0
[  862.043879]  ? kthread_bind+0x40/0x40
[  862.047663]  ret_from_fork+0x3a/0x50
[  862.052584] Dumping ftrace buffer:
[  862.056130]    (ftrace buffer empty)
[  862.059817] Kernel Offset: disabled
[  862.063430] Rebooting in 86400 seconds..