syzbot

random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
INFO: task syz-executor483:4533 blocked for more than 140 seconds.
      Not tainted 4.18.0-rc6+ #160
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor483 D23640  4533   4529 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2853 [inline]
 __schedule+0x87c/0x1ed0 kernel/sched/core.c:3501
 schedule+0xfb/0x450 kernel/sched/core.c:3545
 request_wait_answer+0x4c8/0x920 fs/fuse/dev.c:463
 __fuse_request_send+0x12a/0x1d0 fs/fuse/dev.c:483
 fuse_request_send+0x62/0xa0 fs/fuse/dev.c:496
 fuse_simple_request+0x33d/0x730 fs/fuse/dev.c:554
 fuse_lookup_name+0x3ee/0x830 fs/fuse/dir.c:323
 fuse_lookup+0xf9/0x4c0 fs/fuse/dir.c:360
 __lookup_slow+0x2b5/0x540 fs/namei.c:1630
 lookup_slow+0x57/0x80 fs/namei.c:1647
 walk_component+0x94a/0x2630 fs/namei.c:1769
 lookup_last fs/namei.c:2237 [inline]
 path_lookupat.isra.45+0x202/0xbf0 fs/namei.c:2287
 filename_lookup+0x264/0x510 fs/namei.c:2321
 user_path_at_empty+0x40/0x50 fs/namei.c:2584
 user_path_at include/linux/namei.h:57 [inline]
 ksys_chroot+0xc0/0x2f0 fs/open.c:503
 __do_sys_chroot fs/open.c:532 [inline]
 __se_sys_chroot fs/open.c:530 [inline]
 __x64_sys_chroot+0x31/0x40 fs/open.c:530
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4457e9
Code: Bad RIP value.
RSP: 002b:00007f2009954da8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a1
RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 00000000004457e9
RDX: 0000000000402534 RSI: c5ddecdc863f677d RDI: 0000000020000040
RBP: 00000000006dac38 R08: 00007f2009955700 R09: 0000000000000000
R10: 00007f2009955700 R11: 0000000000000297 R12: 0030656c69662f2e
R13: 65646f6d746f6f72 R14: 2f30656c69662f2e R15: 0000000000000001

Showing all locks held in the system:
1 lock held by khungtaskd/901:
 #0: (____ptrval____) (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428 kernel/locking/lockdep.c:4461
1 lock held by rsyslogd/4414:
 #0: (____ptrval____) (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200 fs/file.c:766
2 locks held by getty/4504:
 #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4505:
 #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4506:
 #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4507:
 #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4508:
 #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4509:
 #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by getty/4510:
 #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 drivers/tty/tty_ldsem.c:365
 #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 drivers/tty/n_tty.c:2140
2 locks held by syz-executor483/4533:
 #0: (____ptrval____) (&type->i_mutex_dir_key#3){.+.+}, at: inode_lock_shared include/linux/fs.h:725 [inline]
 #0: (____ptrval____) (&type->i_mutex_dir_key#3){.+.+}, at: lookup_slow+0x49/0x80 fs/namei.c:1646
 #1: (____ptrval____) (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 fs/fuse/inode.c:363

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc6+ #160
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
 nmi_cpu_backtrace.cold.4+0x19/0xce lib/nmi_backtrace.c:103
 nmi_trigger_cpumask_backtrace+0x151/0x192 lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
 watchdog+0x9c4/0xf80 kernel/hung_task.c:252
 kthread+0x345/0x410 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:54