[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 18.515473] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.379667] random: sshd: uninitialized urandom read (32 bytes read) [ 22.695760] random: sshd: uninitialized urandom read (32 bytes read) [ 23.578920] random: sshd: uninitialized urandom read (32 bytes read) [ 700.437289] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.6' (ECDSA) to the list of known hosts. [ 706.013680] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 861.151162] INFO: task syz-executor483:4533 blocked for more than 140 seconds. [ 861.158738] Not tainted 4.18.0-rc6+ #160 [ 861.163370] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.171363] syz-executor483 D23640 4533 4529 0x00000004 [ 861.177108] Call Trace: [ 861.179785] __schedule+0x87c/0x1ed0 [ 861.183541] ? __sched_text_start+0x8/0x8 [ 861.187728] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 861.192345] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 861.197478] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 861.202521] ? trace_hardirqs_on+0xd/0x10 [ 861.206707] ? prepare_to_wait_event+0x396/0xc70 [ 861.211485] ? prepare_to_wait_exclusive+0x550/0x550 [ 861.216612] schedule+0xfb/0x450 [ 861.219995] ? __schedule+0x1ed0/0x1ed0 [ 861.223986] ? check_same_owner+0x340/0x340 [ 861.228341] ? do_raw_spin_unlock+0xa7/0x2f0 [ 861.232764] ? replenish_dl_entity.cold.53+0x37/0x37 [ 861.237896] request_wait_answer+0x4c8/0x920 [ 861.242342] ? fuse_read_forget.isra.22+0xdc0/0xdc0 [ 861.247385] ? finish_wait+0x430/0x430 [ 861.251291] ? finish_wait+0x430/0x430 [ 861.255204] ? finish_wait+0x430/0x430 [ 861.259103] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 861.263720] ? fuse_dev_ioctl+0x430/0x430 [ 861.267879] ? kasan_check_write+0x14/0x20 [ 861.272132] ? do_raw_spin_lock+0xc1/0x200 [ 861.276373] __fuse_request_send+0x12a/0x1d0 [ 861.280810] fuse_request_send+0x62/0xa0 [ 861.284881] fuse_simple_request+0x33d/0x730 [ 861.289320] fuse_lookup_name+0x3ee/0x830 [ 861.293483] ? fuse_valid_type+0xb0/0xb0 [ 861.297570] fuse_lookup+0xf9/0x4c0 [ 861.301205] ? fuse_lookup_name+0x830/0x830 [ 861.305548] ? __lockdep_init_map+0x105/0x590 [ 861.310088] __lookup_slow+0x2b5/0x540 [ 861.314008] ? vfs_unlink+0x510/0x510 [ 861.317835] ? down_read+0xb5/0x1d0 [ 861.321480] ? lookup_slow+0x49/0x80 [ 861.325210] ? __down_interruptible+0x700/0x700 [ 861.329898] ? lookup_fast+0x470/0x12a0 [ 861.333889] ? __follow_mount_rcu.isra.36.part.37+0x890/0x890 [ 861.339808] lookup_slow+0x57/0x80 [ 861.343364] walk_component+0x94a/0x2630 [ 861.347460] ? inode_permission+0xb2/0x560 [ 861.351708] ? path_init+0x2340/0x2340 [ 861.355623] ? walk_component+0x2630/0x2630 [ 861.359969] ? save_stack+0xa9/0xd0 [ 861.363614] ? save_stack+0x43/0xd0 [ 861.367266] ? kmem_cache_alloc+0x12e/0x760 [ 861.371611] ? getname_flags+0xd0/0x5a0 [ 861.375598] ? user_path_at_empty+0x2d/0x50 [ 861.379948] ? ksys_chroot+0xc0/0x2f0 [ 861.383775] path_lookupat.isra.45+0x202/0xbf0 [ 861.388395] ? find_held_lock+0x36/0x1c0 [ 861.392490] ? path_parentat.isra.43+0x160/0x160 [ 861.397294] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 861.402509] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 861.407551] ? __check_object_size+0x9d/0x5f2 [ 861.412071] ? usercopy_warn+0x120/0x120 [ 861.416159] ? kasan_check_read+0x11/0x20 [ 861.420321] ? do_raw_spin_unlock+0xa7/0x2f0 [ 861.424767] filename_lookup+0x264/0x510 [ 861.428866] ? filename_parentat.isra.58+0x570/0x570 [ 861.434010] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 861.439610] ? mpi_free.cold.1+0x19/0x19 [ 861.443707] ? find_held_lock+0x36/0x1c0 [ 861.447788] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 861.453363] ? getname_flags+0x26e/0x5a0 [ 861.457440] user_path_at_empty+0x40/0x50 [ 861.461618] ksys_chroot+0xc0/0x2f0 [ 861.465276] ? __ia32_sys_fchdir+0x1f0/0x1f0 [ 861.469715] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 861.474319] ? _raw_spin_unlock_irq+0x27/0x70 [ 861.478846] ? do_syscall_64+0x9a/0x820 [ 861.482838] __x64_sys_chroot+0x31/0x40 [ 861.486936] do_syscall_64+0x1b9/0x820 [ 861.490832] ? syscall_return_slowpath+0x5e0/0x5e0 [ 861.495784] ? syscall_return_slowpath+0x31d/0x5e0 [ 861.500728] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 861.506118] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 861.511005] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 861.516262] RIP: 0033:0x4457e9 [ 861.519482] Code: Bad RIP value. [ 861.522878] RSP: 002b:00007f2009954da8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a1 [ 861.530640] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 00000000004457e9 [ 861.537928] RDX: 0000000000402534 RSI: c5ddecdc863f677d RDI: 0000000020000040 [ 861.545235] RBP: 00000000006dac38 R08: 00007f2009955700 R09: 0000000000000000 [ 861.552509] R10: 00007f2009955700 R11: 0000000000000297 R12: 0030656c69662f2e [ 861.559805] R13: 65646f6d746f6f72 R14: 2f30656c69662f2e R15: 0000000000000001 [ 861.567105] [ 861.567105] Showing all locks held in the system: [ 861.573487] 1 lock held by khungtaskd/901: [ 861.577741] #0: (____ptrval____) (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428 [ 861.586398] 1 lock held by rsyslogd/4414: [ 861.590557] #0: (____ptrval____) (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200 [ 861.598595] 2 locks held by getty/4504: [ 861.602575] #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 861.610859] #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 861.619763] 2 locks held by getty/4505: [ 861.623756] #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 861.632046] #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 861.640942] 2 locks held by getty/4506: [ 861.644929] #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 861.653220] #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 861.662109] 2 locks held by getty/4507: [ 861.666103] #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 861.674378] #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 861.683273] 2 locks held by getty/4508: [ 861.687283] #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 861.695568] #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 861.704445] 2 locks held by getty/4509: [ 861.708445] #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 861.716736] #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 861.725664] 2 locks held by getty/4510: [ 861.729647] #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 861.737948] #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0 [ 861.746842] 2 locks held by syz-executor483/4533: [ 861.751707] #0: (____ptrval____) (&type->i_mutex_dir_key#3){.+.+}, at: lookup_slow+0x49/0x80 [ 861.760418] #1: (____ptrval____) (&fi->mutex){+.+.}, at: fuse_lock_inode+0xaf/0xe0 [ 861.768263] [ 861.769892] ============================================= [ 861.769892] [ 861.776930] NMI backtrace for cpu 1 [ 861.780574] CPU: 1 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc6+ #160 [ 861.787481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 861.796813] Call Trace: [ 861.799446] dump_stack+0x1c9/0x2b4 [ 861.803071] ? dump_stack_print_info.cold.2+0x52/0x52 [ 861.808241] ? vprintk_default+0x28/0x30 [ 861.812310] nmi_cpu_backtrace.cold.4+0x19/0xce [ 861.816956] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 861.821345] ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f [ 861.826521] nmi_trigger_cpumask_backtrace+0x151/0x192 [ 861.831785] arch_trigger_cpumask_backtrace+0x14/0x20 [ 861.836953] watchdog+0x9c4/0xf80 [ 861.840398] ? reset_hung_task_detector+0xd0/0xd0 [ 861.845239] ? kasan_check_read+0x11/0x20 [ 861.849367] ? do_raw_spin_unlock+0xa7/0x2f0 [ 861.853768] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 861.858858] ? __kthread_parkme+0x58/0x1b0 [ 861.863106] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 861.868121] ? trace_hardirqs_on+0xd/0x10 [ 861.872279] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 861.877818] ? __kthread_parkme+0x106/0x1b0 [ 861.882141] kthread+0x345/0x410 [ 861.885494] ? reset_hung_task_detector+0xd0/0xd0 [ 861.890326] ? kthread_bind+0x40/0x40 [ 861.894107] ret_from_fork+0x3a/0x50 [ 861.897885] Sending NMI from CPU 1 to CPUs 0: [ 861.902439] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10 [ 861.903408] Kernel panic - not syncing: hung_task: blocked tasks [ 861.916246] CPU: 1 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc6+ #160 [ 861.923162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 861.932754] Call Trace: [ 861.935337] dump_stack+0x1c9/0x2b4 [ 861.938946] ? dump_stack_print_info.cold.2+0x52/0x52 [ 861.944201] ? printk_safe_log_store+0x2f0/0x2f0 [ 861.948950] panic+0x238/0x4e7 [ 861.952127] ? add_taint.cold.5+0x16/0x16 [ 861.956256] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 861.961774] ? nmi_trigger_cpumask_backtrace+0x13a/0x192 [ 861.967201] ? printk_safe_flush+0xd7/0x130 [ 861.971511] watchdog+0x9d5/0xf80 [ 861.974950] ? reset_hung_task_detector+0xd0/0xd0 [ 861.979775] ? kasan_check_read+0x11/0x20 [ 861.983900] ? do_raw_spin_unlock+0xa7/0x2f0 [ 861.988288] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 861.993370] ? __kthread_parkme+0x58/0x1b0 [ 861.997597] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 862.002594] ? trace_hardirqs_on+0xd/0x10 [ 862.006725] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 862.012255] ? __kthread_parkme+0x106/0x1b0 [ 862.016557] kthread+0x345/0x410 [ 862.019909] ? reset_hung_task_detector+0xd0/0xd0 [ 862.024739] ? kthread_bind+0x40/0x40 [ 862.028520] ret_from_fork+0x3a/0x50 [ 862.032823] Dumping ftrace buffer: [ 862.036407] (ftrace buffer empty) [ 862.040110] Kernel Offset: disabled [ 862.043739] Rebooting in 86400 seconds..