[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   16.553892] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.818458] random: sshd: uninitialized urandom read (32 bytes read)
[   21.210117] random: sshd: uninitialized urandom read (32 bytes read)
[   21.953820] random: sshd: uninitialized urandom read (32 bytes read)
[  547.221462] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts.
[  552.645868] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[  717.791172] INFO: task syz-executor745:4470 blocked for more than 140 seconds.
[  717.799179]       Not tainted 4.18.0-rc5-next-20180720+ #12
[  717.804921] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  717.812931] syz-executor745 D22672  4470   4467 0x00000004
[  717.818595] Call Trace:
[  717.821216]  __schedule+0x87c/0x1ea0
[  717.824979]  ? __sched_text_start+0x8/0x8
[  717.829152]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  717.833766]  ? kasan_check_write+0x14/0x20
[  717.838035]  ? do_raw_spin_lock+0xc1/0x200
[  717.842289]  ? trace_hardirqs_on+0xd/0x10
[  717.846456]  ? prepare_to_wait_event+0x396/0xc70
[  717.851841]  ? prepare_to_wait_exclusive+0x550/0x550
[  717.856972]  ? send_sigio+0x340/0x340
[  717.860782]  ? do_raw_spin_unlock+0xa7/0x2f0
[  717.865200]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  717.869802]  schedule+0xfb/0x450
[  717.873195]  ? lock_downgrade+0x8f0/0x8f0
[  717.877359]  ? __schedule+0x1ea0/0x1ea0
[  717.881364]  ? check_same_owner+0x340/0x340
[  717.885698]  ? do_raw_spin_unlock+0xa7/0x2f0
[  717.890126]  ? replenish_dl_entity.cold.54+0x37/0x37
[  717.895240]  request_wait_answer+0x4c8/0x920
[  717.899661]  ? fuse_read_forget.isra.22+0xdc0/0xdc0
[  717.904705]  ? finish_wait+0x430/0x430
[  717.908653]  ? send_sigio+0x340/0x340
[  717.912466]  ? lock_acquire+0x1e4/0x540
[  717.916466]  ? finish_wait+0x430/0x430
[  717.920378]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[  717.925842]  ? finish_wait+0x430/0x430
[  717.929745]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  717.934352]  ? fuse_dev_ioctl+0x430/0x430
[  717.938513]  ? kasan_check_write+0x14/0x20
[  717.942767]  ? do_raw_spin_lock+0xc1/0x200
[  717.947021]  __fuse_request_send+0x12a/0x1d0
[  717.951455]  fuse_request_send+0x62/0xa0
[  717.955534]  fuse_simple_request+0x33d/0x730
[  717.960050]  fuse_lookup_name+0x3ee/0x830
[  717.964223]  ? fuse_valid_type+0xb0/0xb0
[  717.968305]  ? mutex_lock_nested+0x16/0x20
[  717.972550]  fuse_lookup+0xff/0x4c0
[  717.976191]  ? fuse_lookup_name+0x830/0x830
[  717.980533]  ? kasan_check_write+0x14/0x20
[  717.984778]  ? do_raw_spin_lock+0xc1/0x200
[  717.989032]  __lookup_hash+0x12e/0x190
[  717.992942]  filename_create+0x1e5/0x5b0
[  717.997018]  ? kern_path_mountpoint+0x40/0x40
[  718.001540]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.007085]  ? getname_flags+0x26e/0x5a0
[  718.011155]  do_mkdirat+0xda/0x310
[  718.014704]  ? __ia32_sys_mknod+0xb0/0xb0
[  718.018869]  ? syscall_slow_exit_work+0x500/0x500
[  718.023720]  __x64_sys_mkdirat+0x76/0xb0
[  718.027804]  do_syscall_64+0x1b9/0x820
[  718.031709]  ? finish_task_switch+0x1d3/0x870
[  718.036218]  ? syscall_return_slowpath+0x5e0/0x5e0
[  718.041242]  ? syscall_return_slowpath+0x31d/0x5e0
[  718.046179]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  718.051213]  ? prepare_exit_to_usermode+0x291/0x3b0
[  718.056239]  ? perf_trace_sys_enter+0xb10/0xb10
[  718.060928]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  718.065815]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  718.071064] RIP: 0033:0x445849
[  718.074288] Code: e8 7c b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[  718.093442] RSP: 002b:00007ff243259da8 EFLAGS: 00000293 ORIG_RAX: 0000000000000102
[  718.101176] RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 0000000000445849
[  718.108454] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 00000000ffffff9c
[  718.115795] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000
[  718.123078] R10: 0000000000000000 R11: 0000000000000293 R12: 0030656c69662f2e
[  718.130361] R13: 65646f6d746f6f72 R14: 2f30656c69662f2e R15: 0000000000000008
[  718.137656] INFO: task syz-executor745:4471 blocked for more than 140 seconds.
[  718.145030]       Not tainted 4.18.0-rc5-next-20180720+ #12
[  718.150747] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  718.158745] syz-executor745 D25408  4471   4467 0x00000004
[  718.164561] Call Trace:
[  718.167169]  __schedule+0x87c/0x1ea0
[  718.170897]  ? lock_downgrade+0x8f0/0x8f0
[  718.175062]  ? __sched_text_start+0x8/0x8
[  718.179233]  ? d_alloc_cursor+0xe0/0xe0
[  718.183232]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.188789]  ? __follow_mount_rcu.isra.35.part.36+0x175/0x890
[  718.194703]  ? trailing_symlink+0x980/0x980
[  718.199041]  schedule+0xfb/0x450
[  718.202417]  ? lock_downgrade+0x8f0/0x8f0
[  718.206579]  ? __schedule+0x1ea0/0x1ea0
[  718.210563]  ? kasan_check_read+0x11/0x20
[  718.214720]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.219146]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  718.223747]  ? kasan_check_write+0x14/0x20
[  718.228013]  ? do_raw_spin_lock+0xc1/0x200
[  718.232287]  __rwsem_down_write_failed_common+0x95d/0x1630
[  718.237929]  ? rwsem_spin_on_owner+0xa40/0xa40
[  718.242880]  ? path_parentat.isra.43+0x20/0x160
[  718.247562]  ? trace_hardirqs_on+0x10/0x10
[  718.251812]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  718.256845]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.262424]  ? security_inode_permission+0xd2/0x100
[  718.267465]  ? lock_acquire+0x1e4/0x540
[  718.271461]  ? lockref_get_not_dead+0x70/0x90
[  718.275992]  ? lock_downgrade+0x8f0/0x8f0
[  718.280159]  ? link_path_walk.part.42+0xcc8/0x1540
[  718.285103]  ? lock_downgrade+0x8f0/0x8f0
[  718.289259]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  718.293850]  ? kasan_check_write+0x14/0x20
[  718.298113]  ? do_raw_spin_lock+0xc1/0x200
[  718.302364]  ? dput.part.26+0x276/0x7a0
[  718.306354]  ? shrink_dcache_sb+0x350/0x350
[  718.310691]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  718.315737]  ? mntput+0x74/0xa0
[  718.319032]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.324593]  ? terminate_walk+0x20a/0x5e0
[  718.328772]  ? lock_acquire+0x1e4/0x540
[  718.332761]  ? filename_create+0x1b2/0x5b0
[  718.337004]  ? mnt_want_write+0x3f/0xc0
[  718.341006]  ? lock_release+0xa30/0xa30
[  718.345037]  ? check_same_owner+0x340/0x340
[  718.349384]  rwsem_down_write_failed+0xe/0x10
[  718.353890]  ? rwsem_down_write_failed+0xe/0x10
[  718.358580]  call_rwsem_down_write_failed+0x17/0x30
[  718.363612]  down_write_nested+0xae/0x130
[  718.367789]  ? filename_create+0x1b2/0x5b0
[  718.372033]  ? _down_write_nest_lock+0x130/0x130
[  718.376803]  ? __sb_start_write+0x17f/0x300
[  718.381147]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.386698]  filename_create+0x1b2/0x5b0
[  718.390769]  ? kern_path_mountpoint+0x40/0x40
[  718.395286]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.400849]  ? getname_flags+0x26e/0x5a0
[  718.404935]  do_mkdirat+0xda/0x310
[  718.408484]  ? __ia32_sys_mknod+0xb0/0xb0
[  718.412657]  __x64_sys_mkdirat+0x76/0xb0
[  718.416736]  do_syscall_64+0x1b9/0x820
[  718.420653]  ? syscall_return_slowpath+0x5e0/0x5e0
[  718.425594]  ? syscall_return_slowpath+0x31d/0x5e0
[  718.430546]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  718.435575]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  718.440438]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  718.445635] RIP: 0033:0x445849
[  718.448842] Code: e8 7c b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[  718.468032] RSP: 002b:00007ff243238da8 EFLAGS: 00000293 ORIG_RAX: 0000000000000102
[  718.475756] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 0000000000445849
[  718.483042] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 00000000ffffff9c
[  718.490332] RBP: 00000000006dac38 R08: 0000000000000000 R09: 0000000000000000
[  718.497626] R10: 0000000000000000 R11: 0000000000000293 R12: 0030656c69662f2e
[  718.504931] R13: 65646f6d746f6f72 R14: 2f30656c69662f2e R15: 0000000000000008
[  718.512244] INFO: lockdep is turned off.
[  718.516327] NMI backtrace for cpu 1
[  718.519978] CPU: 1 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc5-next-20180720+ #12
[  718.528013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.537373] Call Trace:
[  718.539948]  dump_stack+0x1c9/0x2b4
[  718.543558]  ? dump_stack_print_info.cold.2+0x52/0x52
[  718.548741]  ? vprintk_default+0x28/0x30
[  718.552780]  ? lapic_can_unplug_cpu.cold.28+0x3f/0x3f
[  718.557952]  nmi_cpu_backtrace.cold.3+0x48/0x88
[  718.562635]  ? lapic_can_unplug_cpu.cold.28+0x3f/0x3f
[  718.567804]  nmi_trigger_cpumask_backtrace+0x151/0x192
[  718.573057]  arch_trigger_cpumask_backtrace+0x14/0x20
[  718.578223]  watchdog+0xb39/0x10b0
[  718.581741]  ? reset_hung_task_detector+0xd0/0xd0
[  718.586573]  ? kasan_check_read+0x11/0x20
[  718.590700]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.595090]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  718.600179]  ? __kthread_parkme+0x58/0x1b0
[  718.604487]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.609490]  ? trace_hardirqs_on+0xd/0x10
[  718.613621]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.619147]  ? __kthread_parkme+0x106/0x1b0
[  718.623448]  kthread+0x345/0x410
[  718.626793]  ? reset_hung_task_detector+0xd0/0xd0
[  718.631694]  ? kthread_bind+0x40/0x40
[  718.635718]  ret_from_fork+0x3a/0x50
[  718.639472] Sending NMI from CPU 1 to CPUs 0:
[  718.644044] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
[  718.644989] Kernel panic - not syncing: hung_task: blocked tasks
[  718.657779] CPU: 1 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc5-next-20180720+ #12
[  718.665819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  718.675163] Call Trace:
[  718.677737]  dump_stack+0x1c9/0x2b4
[  718.681357]  ? dump_stack_print_info.cold.2+0x52/0x52
[  718.686529]  ? printk_safe_log_store+0x2f0/0x2f0
[  718.691264]  panic+0x238/0x4e7
[  718.694436]  ? add_taint.cold.5+0x16/0x16
[  718.698564]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  718.704094]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[  718.709522]  ? printk_safe_flush+0xd7/0x130
[  718.713853]  watchdog+0xb4a/0x10b0
[  718.717404]  ? reset_hung_task_detector+0xd0/0xd0
[  718.722245]  ? kasan_check_read+0x11/0x20
[  718.726377]  ? do_raw_spin_unlock+0xa7/0x2f0
[  718.730767]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  718.735849]  ? __kthread_parkme+0x58/0x1b0
[  718.740074]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  718.745068]  ? trace_hardirqs_on+0xd/0x10
[  718.749206]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  718.754736]  ? __kthread_parkme+0x106/0x1b0
[  718.759054]  kthread+0x345/0x410
[  718.762400]  ? reset_hung_task_detector+0xd0/0xd0
[  718.767219]  ? kthread_bind+0x40/0x40
[  718.771000]  ret_from_fork+0x3a/0x50
[  718.775230] Dumping ftrace buffer:
[  718.778746]    (ftrace buffer empty)
[  718.782443] Kernel Offset: disabled
[  718.786057] Rebooting in 86400 seconds..