[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.346993] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 20.208441] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.573202] random: sshd: uninitialized urandom read (32 bytes read) [ 21.341863] random: sshd: uninitialized urandom read (32 bytes read) [ 442.493311] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts. [ 447.934595] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 448.028253] XFS (loop0): Mounting V4 Filesystem [ 448.033540] XFS (loop0): Log size 9371840 blocks too large, maximum size is 1048576 blocks [ 448.042287] XFS (loop0): Log size out of supported range. [ 448.047841] XFS (loop0): Continuing onwards, but if log hangs are experienced then please report this message in the bug report. [ 448.060712] XFS (loop0): totally zeroed log [ 448.066046] XFS (loop0): Metadata corruption detected at xfs_agi_verify+0x187/0x4f0, xfs_agi block 0x2 [ 448.075713] XFS (loop0): Unmount and run xfs_repair [ 448.080742] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 448.087421] (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 448.096285] (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 448.105140] (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 448.113996] (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 448.122853] (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 448.131746] (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 448.140597] (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 448.150042] (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 448.158996] XFS (loop0): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x2 len 1 error 117 [ 448.168437] XFS (loop0): xfs_imap_lookup: xfs_ialloc_read_agi() returned error -117, agno 0 [ 448.177240] XFS (loop0): failed to read root inode [ 615.391179] INFO: task syz-executor060:4501 blocked for more than 120 seconds. [ 615.398717] Not tainted 4.17.0-rc5+ #60 [ 615.403239] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 615.411227] syz-executor060 D17168 4501 4499 0x00000000 [ 615.416967] Call Trace: [ 615.419641] __schedule+0x801/0x1e30 [ 615.423386] ? __sched_text_start+0x8/0x8 [ 615.427618] ? trace_hardirqs_off+0x10/0x10 [ 615.431971] ? graph_lock+0x170/0x170 [ 615.435802] ? save_stack_trace+0x1a/0x20 [ 615.439976] ? save_trace+0xe0/0x290 [ 615.443755] ? kasan_check_read+0x11/0x20 [ 615.447936] ? find_held_lock+0x36/0x1c0 [ 615.452035] schedule+0xef/0x430 [ 615.455420] ? lock_downgrade+0x8e0/0x8e0 [ 615.459592] ? __schedule+0x1e30/0x1e30 [ 615.463601] ? __lock_is_held+0xb5/0x140 [ 615.467747] xlog_grant_head_wait+0x260/0xf80 [ 615.472291] ? xlog_iodone+0x220/0x220 [ 615.476204] ? graph_lock+0x170/0x170 [ 615.480035] ? __lock_is_held+0xb5/0x140 [ 615.484121] ? __lock_is_held+0xb5/0x140 [ 615.488207] ? lock_acquire+0x1dc/0x520 [ 615.492197] ? xlog_grant_head_check+0x4a7/0x550 [ 615.496992] ? lock_release+0xa10/0xa10 [ 615.500991] ? xlog_get_iclog_buffer_size+0x560/0x560 [ 615.506213] ? graph_lock+0x170/0x170 [ 615.510046] ? kasan_check_write+0x14/0x20 [ 615.514317] ? do_raw_spin_lock+0xc1/0x200 [ 615.518578] xlog_grant_head_check+0x4d6/0x550 [ 615.523213] ? xlog_grant_head_wait+0xf80/0xf80 [ 615.527902] xfs_log_reserve+0x398/0xd20 [ 615.531991] ? xlog_ticket_alloc+0x5c0/0x5c0 [ 615.536428] ? print_usage_bug+0xc0/0xc0 [ 615.540515] ? lock_downgrade+0x8e0/0x8e0 [ 615.544688] xfs_log_unmount_write+0x2c4/0xfb0 [ 615.549311] ? xfs_log_reserve+0xd20/0xd20 [ 615.553602] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 615.558735] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 615.563768] ? __lock_is_held+0xb5/0x140 [ 615.567914] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 615.573521] ? xfs_buf_unlock+0xc7/0x420 [ 615.577629] ? xfs_ail_push_all+0x1d0/0x1d0 [ 615.581977] ? xfs_log_quiesce+0xf1/0x130 [ 615.586154] ? xfs_buf_get_map+0xf90/0xf90 [ 615.590405] ? xfs_err+0x250/0x250 [ 615.594004] ? kobject_init_and_add+0xf5/0x130 [ 615.598656] ? finish_wait+0x420/0x420 [ 615.602684] xfs_log_quiesce+0xf9/0x130 [ 615.606680] xfs_log_unmount+0x22/0xb0 [ 615.610598] xfs_log_mount_cancel+0x44/0x60 [ 615.614937] xfs_mountfs+0x17d9/0x2b80 [ 615.618894] ? init_timer_on_stack_key+0xe0/0xe0 [ 615.623686] ? __raw_spin_lock_init+0x1c/0x100 [ 615.628312] ? xfs_default_resblks+0x60/0x60 [ 615.632743] ? __lockdep_init_map+0x105/0x590 [ 615.637275] ? xfs_filestream_put_ag+0x50/0x50 [ 615.641889] ? xfs_mru_cache_uninit+0x20/0x20 [ 615.646411] ? xfs_readsb+0x357/0x5e0 [ 615.650229] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 615.655344] ? set_blocksize+0x2c4/0x350 [ 615.659435] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 615.665016] ? xfs_setsize_buftarg+0x269/0x390 [ 615.669645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 615.675214] xfs_fs_fill_super+0xdef/0x1560 [ 615.679556] ? xfs_test_remount_options+0x90/0x90 [ 615.684427] ? snprintf+0xa5/0xd0 [ 615.687890] ? vsprintf+0x40/0x40 [ 615.691371] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 615.696401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 615.702012] mount_bdev+0x30c/0x3e0 [ 615.705667] ? xfs_test_remount_options+0x90/0x90 [ 615.710547] xfs_fs_mount+0x34/0x40 [ 615.714183] mount_fs+0xae/0x328 [ 615.717580] vfs_kern_mount.part.34+0xd4/0x4d0 [ 615.722187] ? may_umount+0xb0/0xb0 [ 615.725838] ? _raw_read_unlock+0x22/0x30 [ 615.730032] ? __get_fs_type+0x97/0xc0 [ 615.733936] do_mount+0x564/0x3070 [ 615.737504] ? copy_mount_string+0x40/0x40 [ 615.741804] ? rcu_pm_notify+0xc0/0xc0 [ 615.745746] ? copy_mount_options+0x5f/0x380 [ 615.750165] ? rcu_read_lock_sched_held+0x108/0x120 [ 615.755205] ? kmem_cache_alloc_trace+0x616/0x780 [ 615.760069] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 615.765706] ? _copy_from_user+0xdf/0x150 [ 615.769882] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 615.775440] ? copy_mount_options+0x285/0x380 [ 615.779949] ksys_mount+0x12d/0x140 [ 615.783608] __x64_sys_mount+0xbe/0x150 [ 615.787596] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 615.792658] do_syscall_64+0x1b1/0x800 [ 615.796560] ? syscall_return_slowpath+0x5c0/0x5c0 [ 615.801514] ? syscall_return_slowpath+0x30f/0x5c0 [ 615.806465] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 615.811863] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 615.816744] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 615.821962] RIP: 0033:0x442d9a [ 615.825167] RSP: 002b:00007ffc7a9dde88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 615.832907] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442d9a [ 615.840285] RDX: 0000000020000040 RSI: 0000000020000100 RDI: 00007ffc7a9dde90 [ 615.847586] RBP: 0000000000000004 R08: 00000000200001c0 R09: 000000000000000a [ 615.854882] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000401c00 [ 615.862182] R13: 0000000000401c90 R14: 0000000000000000 R15: 0000000000000000 [ 615.869484] [ 615.869484] Showing all locks held in the system: [ 615.875846] 2 locks held by khungtaskd/893: [ 615.880240] #0: (ptrval) (rcu_read_lock){....}, at: watchdog+0x1ff/0xf60 [ 615.887928] #1: (ptrval) (tasklist_lock){.+.+}, at: debug_show_all_locks+0xde/0x34a [ 615.896585] 1 lock held by rsyslogd/4384: [ 615.900756] #0: (ptrval) (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1a9/0x1e0 [ 615.908858] 2 locks held by getty/4474: [ 615.912872] #0: (ptrval) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 615.922112] #1: (ptrval) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 [ 615.931081] 2 locks held by getty/4475: [ 615.935073] #0: (ptrval) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 615.943358] #1: (ptrval) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 [ 615.952431] 2 locks held by getty/4476: [ 615.956424] #0: (ptrval) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 615.964694] #1: (ptrval) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 [ 615.973617] 2 locks held by getty/4477: [ 615.977617] #0: (ptrval) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 615.985914] #1: (ptrval) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 [ 615.994813] 2 locks held by getty/4478: [ 615.998808] #0: (ptrval) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 616.007085] #1: (ptrval) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 [ 616.016066] 2 locks held by getty/4479: [ 616.020062] #0: (ptrval) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 616.028363] #1: (ptrval) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 [ 616.037245] 2 locks held by getty/4480: [ 616.041236] #0: (ptrval) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 616.049505] #1: (ptrval) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x321/0x1cc0 [ 616.058403] 1 lock held by syz-executor060/4501: [ 616.063175] #0: (ptrval) (&type->s_umount_key#36/1){+.+.}, at: sget_userns+0x2dd/0xf00 [ 616.072082] [ 616.073720] ============================================= [ 616.073720] [ 616.080773] NMI backtrace for cpu 0 [ 616.084485] CPU: 0 PID: 893 Comm: khungtaskd Not tainted 4.17.0-rc5+ #60 [ 616.091309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 616.100643] Call Trace: [ 616.103254] dump_stack+0x1b9/0x294 [ 616.106868] ? dump_stack_print_info.cold.2+0x52/0x52 [ 616.112039] nmi_cpu_backtrace.cold.4+0x19/0xce [ 616.116723] ? lapic_can_unplug_cpu.cold.26+0x3f/0x3f [ 616.121892] nmi_trigger_cpumask_backtrace+0x151/0x192 [ 616.127150] arch_trigger_cpumask_backtrace+0x14/0x20 [ 616.132557] watchdog+0xc10/0xf60 [ 616.136711] ? reset_hung_task_detector+0xb0/0xb0 [ 616.141541] ? __schedule+0x1e30/0x1e30 [ 616.145494] ? do_raw_spin_unlock+0x9e/0x2e0 [ 616.149884] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 616.154444] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 616.160030] ? __kthread_parkme+0x111/0x1d0 [ 616.164331] ? parse_args.cold.15+0x1b3/0x1b3 [ 616.168804] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 616.173798] ? trace_hardirqs_on+0xd/0x10 [ 616.177927] kthread+0x345/0x410 [ 616.181280] ? reset_hung_task_detector+0xb0/0xb0 [ 616.186101] ? kthread_bind+0x40/0x40 [ 616.189911] ret_from_fork+0x3a/0x50 [ 616.193925] Sending NMI from CPU 0 to CPUs 1: [ 616.198873] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x6/0x10 [ 616.199850] Kernel panic - not syncing: hung_task: blocked tasks [ 616.212905] CPU: 0 PID: 893 Comm: khungtaskd Not tainted 4.17.0-rc5+ #60 [ 616.219750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 616.229103] Call Trace: [ 616.231709] dump_stack+0x1b9/0x294 [ 616.235386] ? dump_stack_print_info.cold.2+0x52/0x52 [ 616.240631] ? printk_safe_log_store+0x260/0x260 [ 616.245468] panic+0x22f/0x4de [ 616.248762] ? add_taint.cold.5+0x16/0x16 [ 616.253798] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 616.259346] ? nmi_trigger_cpumask_backtrace+0x13a/0x192 [ 616.264893] ? printk_safe_flush+0xd7/0x130 [ 616.269220] watchdog+0xc21/0xf60 [ 616.272682] ? reset_hung_task_detector+0xb0/0xb0 [ 616.277520] ? __schedule+0x1e30/0x1e30 [ 616.281481] ? do_raw_spin_unlock+0x9e/0x2e0 [ 616.285874] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 616.290438] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 616.295953] ? __kthread_parkme+0x111/0x1d0 [ 616.300269] ? parse_args.cold.15+0x1b3/0x1b3 [ 616.304741] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 616.309737] ? trace_hardirqs_on+0xd/0x10 [ 616.313864] kthread+0x345/0x410 [ 616.317211] ? reset_hung_task_detector+0xb0/0xb0 [ 616.322037] ? kthread_bind+0x40/0x40 [ 616.325817] ret_from_fork+0x3a/0x50 [ 616.330005] Dumping ftrace buffer: [ 616.333614] (ftrace buffer empty) [ 616.337302] Kernel Offset: disabled [ 616.340914] Rebooting in 86400 seconds..