[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.297051] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.877753] random: sshd: uninitialized urandom read (32 bytes read)
[   22.199692] random: sshd: uninitialized urandom read (32 bytes read)
[   23.098781] random: sshd: uninitialized urandom read (32 bytes read)
[  787.316290] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts.
[  792.851168] random: sshd: uninitialized urandom read (32 bytes read)
2018/07/30 22:16:12 parsed 1 programs
[  794.170997] random: cc1: uninitialized urandom read (8 bytes read)
2018/07/30 22:16:14 executed programs: 0
[  795.603396] IPVS: ftp: loaded support on port[0] = 21
[  795.893965] bridge0: port 1(bridge_slave_0) entered blocking state
[  795.900769] bridge0: port 1(bridge_slave_0) entered disabled state
[  795.909357] device bridge_slave_0 entered promiscuous mode
[  795.928553] bridge0: port 2(bridge_slave_1) entered blocking state
[  795.935153] bridge0: port 2(bridge_slave_1) entered disabled state
[  795.942580] device bridge_slave_1 entered promiscuous mode
[  795.962732] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  795.980589] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  796.033958] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  796.055656] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  796.133496] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  796.140906] team0: Port device team_slave_0 added
[  796.158364] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  796.165968] team0: Port device team_slave_1 added
[  796.188689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  796.209670] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  796.229173] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  796.251964] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  796.403400] bridge0: port 2(bridge_slave_1) entered blocking state
[  796.410064] bridge0: port 2(bridge_slave_1) entered forwarding state
[  796.417043] bridge0: port 1(bridge_slave_0) entered blocking state
[  796.423554] bridge0: port 1(bridge_slave_0) entered forwarding state
[  796.872237] 8021q: adding VLAN 0 to HW filter on device bond0
[  796.915273] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  796.958149] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  796.964470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  796.972339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  797.011346] 8021q: adding VLAN 0 to HW filter on device team0
2018/07/30 22:16:19 executed programs: 4
2018/07/30 22:16:25 executed programs: 10
2018/07/30 22:16:30 executed programs: 16
[ 1004.511277] INFO: task syz-executor0:4824 blocked for more than 140 seconds.
[ 1004.518740]       Not tainted 4.18.0-rc7+ #169
[ 1004.523685] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1004.534347] syz-executor0   D25544  4824   4408 0x00000004
[ 1004.540146] Call Trace:
[ 1004.542901]  __schedule+0x87c/0x1ec0
[ 1004.546692]  ? __sched_text_start+0x8/0x8
[ 1004.550943]  ? do_raw_spin_trylock+0x1c0/0x1c0
[ 1004.555604]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[ 1004.560752]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1004.565807]  ? trace_hardirqs_on+0xd/0x10
[ 1004.570030]  ? prepare_to_wait_event+0x396/0xc70
[ 1004.575890]  ? prepare_to_wait_exclusive+0x550/0x550
[ 1004.581056]  schedule+0xfb/0x450
[ 1004.584491]  ? __schedule+0x1ec0/0x1ec0
[ 1004.588634]  ? check_same_owner+0x340/0x340
[ 1004.593055]  ? do_raw_spin_unlock+0xa7/0x2f0
[ 1004.597635]  ? replenish_dl_entity.cold.53+0x37/0x37
[ 1004.602898]  request_wait_answer+0x4c8/0x920
[ 1004.607360]  ? fuse_read_forget.isra.22+0xdc0/0xdc0
[ 1004.612400]  ? finish_wait+0x430/0x430
[ 1004.616324]  ? finish_wait+0x430/0x430
[ 1004.620238]  ? finish_wait+0x430/0x430
[ 1004.624166]  ? do_raw_spin_trylock+0x1c0/0x1c0
[ 1004.629242]  ? fuse_dev_ioctl+0x430/0x430
[ 1004.633642]  ? kasan_check_write+0x14/0x20
[ 1004.637998]  ? do_raw_spin_lock+0xc1/0x200
[ 1004.642343]  __fuse_request_send+0x12a/0x1d0
[ 1004.646887]  fuse_request_send+0x62/0xa0
[ 1004.651063]  fuse_simple_request+0x33d/0x730
[ 1004.655533]  fuse_do_setattr+0xb03/0x1c90
[ 1004.659780]  ? fuse_flush_times+0x6f0/0x6f0
[ 1004.664218]  ? mark_held_locks+0xc9/0x160
[ 1004.668959]  ? ktime_get_coarse_real_ts64+0x243/0x3a0
[ 1004.674741]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1004.681043]  ? timespec64_trunc+0xea/0x180
[ 1004.685374]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1004.690438]  fuse_setattr+0x244/0x570
[ 1004.694269]  ? fuse_do_setattr+0x1c90/0x1c90
[ 1004.698764]  notify_change+0xc0c/0x10f0
[ 1004.702876]  ? setattr_prepare+0x830/0x830
[ 1004.707442]  ? down_read+0x1d0/0x1d0
[ 1004.711310]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1004.717268]  chmod_common+0x2a0/0x590
[ 1004.721137]  ? filp_close+0x250/0x250
[ 1004.725199]  do_fchmodat+0xc3/0x160
[ 1004.728867]  ? __ia32_sys_fchmod+0x80/0x80
[ 1004.733130]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1004.737656]  __x64_sys_chmod+0x5c/0x80
[ 1004.741685]  do_syscall_64+0x1b9/0x820
[ 1004.745653]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1004.750654]  ? syscall_return_slowpath+0x31d/0x5e0
[ 1004.755641]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[ 1004.761151]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1004.766091]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1004.771435] RIP: 0033:0x456a09
[ 1004.774731] Code: 07 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 07 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 07 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 <07> 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 07 48 83 c7 10 0f 10 06 
[ 1004.794764] RSP: 002b:00007f09a8e3ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000005a
[ 1004.802724] RAX: ffffffffffffffda RBX: 00007f09a8e3b6d4 RCX: 0000000000456a09
[ 1004.810110] RDX: 0000000000000000 RSI: 0000000000000150 RDI: 0000000020000140
[ 1004.817441] RBP: 0000000000930140 R08: 0000000000000000 R09: 0000000000000000
[ 1004.825045] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1004.832865] R13: 00000000004ca568 R14: 00000000004c1c78 R15: 0000000000000001
[ 1004.840389] INFO: task syz-executor0:4825 blocked for more than 140 seconds.
[ 1004.848308]       Not tainted 4.18.0-rc7+ #169
[ 1004.853771] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1004.861852] syz-executor0   D25800  4825   4408 0x00000004
[ 1004.867798] Call Trace:
[ 1004.870439]  __schedule+0x87c/0x1ec0
[ 1004.874254]  ? __sched_text_start+0x8/0x8
[ 1004.878559]  ? trace_hardirqs_on+0x10/0x10
[ 1004.882922]  ? graph_lock+0x170/0x170
[ 1004.886843]  ? trace_hardirqs_on+0x10/0x10
[ 1004.891206]  schedule+0xfb/0x450
[ 1004.894764]  ? lock_downgrade+0x8f0/0x8f0
[ 1004.899009]  ? __schedule+0x1ec0/0x1ec0
[ 1004.903074]  ? mark_held_locks+0xc9/0x160
[ 1004.908366]  ? do_raw_spin_trylock+0x1c0/0x1c0
[ 1004.913450]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1004.918265]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1004.923336]  rwsem_down_read_failed+0x362/0x600
[ 1004.928052]  ? rwsem_down_write_failed_killable+0x10/0x10
[ 1004.933818]  ? find_held_lock+0x36/0x1c0
[ 1004.938115]  ? lock_acquire+0x1e4/0x540
[ 1004.942294]  ? lookup_slow+0x49/0x80
[ 1004.946171]  ? lock_release+0xa30/0xa30
[ 1004.950315]  ? check_same_owner+0x340/0x340
[ 1004.954701]  call_rwsem_down_read_failed+0x18/0x30
[ 1004.959713]  down_read+0xc3/0x1d0
[ 1004.963326]  ? lookup_slow+0x49/0x80
[ 1004.967205]  ? __down_interruptible+0x700/0x700
[ 1004.971927]  ? lookup_fast+0x470/0x12a0
[ 1004.976220]  ? __follow_mount_rcu.isra.36.part.37+0x890/0x890
[ 1004.982169]  lookup_slow+0x49/0x80
[ 1004.985755]  walk_component+0x94a/0x2630
[ 1004.989872]  ? inode_permission+0xb2/0x560
[ 1004.994156]  ? path_init+0x2340/0x2340
[ 1004.998194]  ? walk_component+0x2630/0x2630
[ 1005.002539]  ? save_stack+0xa9/0xd0
[ 1005.006191]  ? save_stack+0x43/0xd0
[ 1005.009832]  ? kmem_cache_alloc+0x12e/0x760
[ 1005.014184]  ? getname_flags+0xd0/0x5a0
[ 1005.018202]  ? user_path_at_empty+0x2d/0x50
[ 1005.023332]  ? vfs_statx+0x129/0x210
[ 1005.027424]  path_lookupat.isra.45+0x202/0xbf0
[ 1005.032123]  ? find_held_lock+0x36/0x1c0
[ 1005.036215]  ? path_parentat.isra.43+0x160/0x160
[ 1005.040996]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 1005.046425]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1005.051470]  ? __check_object_size+0x9d/0x5f2
[ 1005.056005]  ? usercopy_warn+0x120/0x120
[ 1005.060108]  ? kasan_check_read+0x11/0x20
[ 1005.064379]  ? do_raw_spin_unlock+0xa7/0x2f0
[ 1005.069185]  filename_lookup+0x264/0x510
[ 1005.073856]  ? filename_parentat.isra.58+0x570/0x570
[ 1005.079060]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1005.084931]  ? mpi_free.cold.1+0x19/0x19
[ 1005.089542]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1005.095173]  ? getname_flags+0x26e/0x5a0
[ 1005.099412]  ? graph_lock+0x170/0x170
[ 1005.103320]  user_path_at_empty+0x40/0x50
[ 1005.107526]  vfs_statx+0x129/0x210
[ 1005.111113]  ? vfs_statx_fd+0xc0/0xc0
[ 1005.115290]  ? find_held_lock+0x36/0x1c0
[ 1005.119834]  __do_sys_newlstat+0x8f/0x110
[ 1005.124303]  ? __do_sys_newstat+0x110/0x110
[ 1005.129420]  ? finish_task_switch+0x18a/0x870
[ 1005.134063]  ? kasan_check_read+0x11/0x20
[ 1005.138316]  ? do_raw_spin_unlock+0xa7/0x2f0
[ 1005.142829]  ? do_raw_spin_trylock+0x1c0/0x1c0
[ 1005.147494]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1005.152181]  ? do_syscall_64+0x9a/0x820
[ 1005.156338]  __x64_sys_newlstat+0x54/0x80
[ 1005.160543]  do_syscall_64+0x1b9/0x820
[ 1005.164598]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1005.169620]  ? syscall_return_slowpath+0x31d/0x5e0
[ 1005.174703]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[ 1005.180159]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1005.185171]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1005.190451] RIP: 0033:0x456a09
[ 1005.193744] Code: 07 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 07 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 07 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 <07> 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 07 48 83 c7 10 0f 10 06 
[ 1005.213760] RSP: 002b:00007f09a8e19c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[ 1005.221611] RAX: ffffffffffffffda RBX: 00007f09a8e1a6d4 RCX: 0000000000456a09
[ 1005.229100] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000020000000
[ 1005.236552] RBP: 00000000009301e0 R08: 0000000000000000 R09: 0000000000000000
[ 1005.243879] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1005.251245] R13: 00000000004d14f8 R14: 00000000004c6d78 R15: 0000000000000002
[ 1005.258716] INFO: task syz-executor0:4826 blocked for more than 140 seconds.
[ 1005.266181]       Not tainted 4.18.0-rc7+ #169
[ 1005.270886] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1005.278966] syz-executor0   D25208  4826   4408 0x00000004
[ 1005.285100] Call Trace:
[ 1005.287740]  __schedule+0x87c/0x1ec0
[ 1005.291530]  ? __lock_acquire+0x7fc/0x5020
[ 1005.296202]  ? __sched_text_start+0x8/0x8
[ 1005.300491]  ? graph_lock+0x170/0x170
[ 1005.304472]  ? graph_lock+0x170/0x170
[ 1005.308499]  ? rcu_note_context_switch+0x730/0x730
[ 1005.313542]  ? lock_acquire+0x1e4/0x540
[ 1005.317619]  ? print_usage_bug+0xc0/0xc0
[ 1005.321786]  schedule+0xfb/0x450
[ 1005.325427]  ? lock_downgrade+0x8f0/0x8f0
[ 1005.329714]  ? __schedule+0x1ec0/0x1ec0
[ 1005.334076]  ? mark_held_locks+0xc9/0x160
[ 1005.338286]  ? do_raw_spin_trylock+0x1c0/0x1c0
[ 1005.343038]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1005.348087]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1005.353274]  __rwsem_down_write_failed_common+0x95d/0x1630
[ 1005.359091]  ? rwsem_spin_on_owner+0xa40/0xa40
[ 1005.364022]  ? __lock_acquire+0x7fc/0x5020
[ 1005.368389]  ? trace_hardirqs_on+0x10/0x10
[ 1005.372693]  ? trace_hardirqs_on+0x10/0x10
[ 1005.377088]  ? kernel_text_address+0x79/0xf0
[ 1005.381815]  ? unwind_get_return_address+0x61/0xa0
[ 1005.386886]  ? __save_stack_trace+0x8d/0xf0
[ 1005.391415]  ? save_stack+0xa9/0xd0
[ 1005.395179]  ? save_stack+0x43/0xd0
[ 1005.398915]  ? __kasan_slab_free+0x11a/0x170
[ 1005.403692]  ? kasan_slab_free+0xe/0x10
[ 1005.407857]  ? kmem_cache_free+0x86/0x2d0
[ 1005.412123]  ? putname+0xf2/0x130
[ 1005.415658]  ? filename_lookup+0x397/0x510
[ 1005.421271]  ? user_path_at_empty+0x40/0x50
[ 1005.426410]  ? do_fchmodat+0xa3/0x160
[ 1005.430506]  ? __x64_sys_chmod+0x5c/0x80
[ 1005.434857]  ? graph_lock+0x170/0x170
[ 1005.438788]  ? do_raw_spin_unlock+0xa7/0x2f0
[ 1005.443488]  ? do_raw_spin_trylock+0x1c0/0x1c0
[ 1005.448282]  ? lock_acquire+0x1e4/0x540
[ 1005.452403]  ? chmod_common+0x1b1/0x590
[ 1005.456996]  ? mnt_want_write+0x3f/0xc0
[ 1005.461791]  ? lock_release+0xa30/0xa30
[ 1005.465895]  ? check_same_owner+0x340/0x340
[ 1005.470742]  rwsem_down_write_failed+0xe/0x10
[ 1005.475367]  ? rwsem_down_write_failed+0xe/0x10
[ 1005.480628]  call_rwsem_down_write_failed+0x17/0x30
[ 1005.486240]  down_write+0xaa/0x130
[ 1005.490942]  ? chmod_common+0x1b1/0x590
[ 1005.495859]  ? down_read+0x1d0/0x1d0
[ 1005.499677]  ? __sb_start_write+0x17f/0x300
[ 1005.504316]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1005.510156]  chmod_common+0x1b1/0x590
[ 1005.514041]  ? filp_close+0x250/0x250
[ 1005.517896]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1005.523826]  ? getname_flags+0x26e/0x5a0
[ 1005.527937]  do_fchmodat+0xc3/0x160
[ 1005.531704]  ? __ia32_sys_fchmod+0x80/0x80
[ 1005.536150]  __x64_sys_chmod+0x5c/0x80
[ 1005.540364]  do_syscall_64+0x1b9/0x820
[ 1005.544423]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1005.549838]  ? syscall_return_slowpath+0x31d/0x5e0
[ 1005.555185]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[ 1005.560813]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1005.565898]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1005.571650] RIP: 0033:0x456a09
[ 1005.574918] Code: 07 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 07 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 07 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 <07> 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 07 48 83 c7 10 0f 10 06 
[ 1005.594824] RSP: 002b:00007f09a8df8c78 EFLAGS: 00000246 ORIG_RAX: 000000000000005a
[ 1005.602729] RAX: ffffffffffffffda RBX: 00007f09a8df96d4 RCX: 0000000000456a09
[ 1005.610200] RDX: 0000000000000000 RSI: 0000000000000150 RDI: 0000000020000140
[ 1005.617734] RBP: 0000000000930280 R08: 0000000000000000 R09: 0000000000000000
[ 1005.625090] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1005.632382] R13: 00000000004ca568 R14: 00000000004c1c78 R15: 0000000000000003
[ 1005.639728] INFO: task syz-executor0:4828 blocked for more than 140 seconds.
[ 1005.647029]       Not tainted 4.18.0-rc7+ #169
[ 1005.651715] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1005.659809] syz-executor0   D25800  4828   4408 0x00000004
[ 1005.665610] Call Trace:
[ 1005.668414]  __schedule+0x87c/0x1ec0
[ 1005.672363]  ? __sched_text_start+0x8/0x8
[ 1005.676875]  ? trace_hardirqs_on+0x10/0x10
[ 1005.681234]  ? graph_lock+0x170/0x170
[ 1005.685301]  ? trace_hardirqs_on+0x10/0x10
[ 1005.689793]  schedule+0xfb/0x450
[ 1005.693278]  ? lock_downgrade+0x8f0/0x8f0
[ 1005.697641]  ? __schedule+0x1ec0/0x1ec0
[ 1005.701851]  ? mark_held_locks+0xc9/0x160
[ 1005.706285]  ? do_raw_spin_trylock+0x1c0/0x1c0
[ 1005.710926]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1005.715621]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1005.720836]  rwsem_down_read_failed+0x362/0x600
[ 1005.728067]  ? rwsem_down_write_failed_killable+0x10/0x10
[ 1005.733691]  ? find_held_lock+0x36/0x1c0
[ 1005.737922]  ? lock_acquire+0x1e4/0x540
[ 1005.741966]  ? lookup_slow+0x49/0x80
[ 1005.745773]  ? lock_release+0xa30/0xa30
[ 1005.749903]  ? check_same_owner+0x340/0x340
[ 1005.754336]  call_rwsem_down_read_failed+0x18/0x30
[ 1005.759320]  down_read+0xc3/0x1d0
[ 1005.762903]  ? lookup_slow+0x49/0x80
[ 1005.766800]  ? __down_interruptible+0x700/0x700
[ 1005.771583]  ? lookup_fast+0x470/0x12a0
[ 1005.775659]  ? __follow_mount_rcu.isra.36.part.37+0x890/0x890
[ 1005.782109]  lookup_slow+0x49/0x80
[ 1005.785756]  walk_component+0x94a/0x2630
[ 1005.790724]  ? inode_permission+0xb2/0x560
[ 1005.795262]  ? path_init+0x2340/0x2340
[ 1005.799312]  ? walk_component+0x2630/0x2630
[ 1005.803745]  ? save_stack+0xa9/0xd0
[ 1005.807429]  ? save_stack+0x43/0xd0
[ 1005.811094]  ? kmem_cache_alloc+0x12e/0x760
[ 1005.815458]  ? getname_flags+0xd0/0x5a0
[ 1005.819458]  ? user_path_at_empty+0x2d/0x50
[ 1005.823818]  ? vfs_statx+0x129/0x210
[ 1005.827570]  path_lookupat.isra.45+0x202/0xbf0
[ 1005.832295]  ? find_held_lock+0x36/0x1c0
[ 1005.836688]  ? path_parentat.isra.43+0x160/0x160
[ 1005.841547]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 1005.847064]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1005.852324]  ? __check_object_size+0x9d/0x5f2
[ 1005.856874]  ? usercopy_warn+0x120/0x120
[ 1005.861973]  ? kasan_check_read+0x11/0x20
[ 1005.866239]  ? do_raw_spin_unlock+0xa7/0x2f0
[ 1005.870735]  filename_lookup+0x264/0x510
[ 1005.874846]  ? filename_parentat.isra.58+0x570/0x570
[ 1005.880016]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1005.885602]  ? mpi_free.cold.1+0x19/0x19
[ 1005.889755]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1005.895344]  ? getname_flags+0x26e/0x5a0
[ 1005.900284]  ? graph_lock+0x170/0x170
[ 1005.904136]  user_path_at_empty+0x40/0x50
[ 1005.908323]  vfs_statx+0x129/0x210
[ 1005.911892]  ? vfs_statx_fd+0xc0/0xc0
[ 1005.915721]  ? find_held_lock+0x36/0x1c0
[ 1005.919808]  __do_sys_newlstat+0x8f/0x110
[ 1005.923982]  ? __do_sys_newstat+0x110/0x110
[ 1005.928383]  ? finish_task_switch+0x18a/0x870
[ 1005.932988]  ? kasan_check_read+0x11/0x20
[ 1005.937192]  ? do_raw_spin_unlock+0xa7/0x2f0
[ 1005.941737]  ? do_raw_spin_trylock+0x1c0/0x1c0
[ 1005.946384]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1005.950975]  ? do_syscall_64+0x9a/0x820
[ 1005.955107]  __x64_sys_newlstat+0x54/0x80
[ 1005.959295]  do_syscall_64+0x1b9/0x820
[ 1005.963213]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 1005.968186]  ? syscall_return_slowpath+0x31d/0x5e0
[ 1005.973252]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[ 1005.978754]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1005.983779]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1005.989040] RIP: 0033:0x456a09
[ 1005.992247] Code: 07 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 07 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 07 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 <07> 48 83 c7 10 0f 10 06 48 83 c6 10 0f 11 07 48 83 c7 10 0f 10 06 
[ 1006.011530] RSP: 002b:00007f09a8db6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[ 1006.019308] RAX: ffffffffffffffda RBX: 00007f09a8db76d4 RCX: 0000000000456a09
[ 1006.026680] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000020000000
[ 1006.034054] RBP: 00000000009303c0 R08: 0000000000000000 R09: 0000000000000000
[ 1006.041437] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1006.048728] R13: 00000000004d14f8 R14: 00000000004c6d78 R15: 0000000000000005
[ 1006.056089] 
[ 1006.056089] Showing all locks held in the system:
[ 1006.062507] 1 lock held by khungtaskd/773:
[ 1006.066781]  #0: (____ptrval____) (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428
[ 1006.075429] 1 lock held by rsyslogd/4277:
[ 1006.079606] 2 locks held by getty/4367:
[ 1006.083584]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[ 1006.091891]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[ 1006.100982] 2 locks held by getty/4368:
[ 1006.105031]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[ 1006.113342]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[ 1006.122303] 2 locks held by getty/4369:
[ 1006.126719]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[ 1006.135046]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[ 1006.143988] 2 locks held by getty/4370:
[ 1006.148044]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[ 1006.156377]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[ 1006.165397] 2 locks held by getty/4371:
[ 1006.169469]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[ 1006.177995]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[ 1006.187139] 2 locks held by getty/4372:
[ 1006.191194]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[ 1006.199964]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[ 1006.208938] 2 locks held by getty/4373:
[ 1006.212959]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[ 1006.221501]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[ 1006.230466] 2 locks held by syz-executor0/4824:
[ 1006.235227]  #0: (____ptrval____) (sb_writers#13){.+.+}, at: mnt_want_write+0x3f/0xc0
[ 1006.243393]  #1: (____ptrval____) (&type->i_mutex_dir_key#5){++++}, at: chmod_common+0x1b1/0x590
[ 1006.252674] 1 lock held by syz-executor0/4825:
[ 1006.257349]  #0: (____ptrval____) (&type->i_mutex_dir_key#5){++++}, at: lookup_slow+0x49/0x80
[ 1006.266156] 2 locks held by syz-executor0/4826:
[ 1006.270873]  #0: (____ptrval____) (sb_writers#13){.+.+}, at: mnt_want_write+0x3f/0xc0
[ 1006.279340]  #1: (____ptrval____) (&type->i_mutex_dir_key#5){++++}, at: chmod_common+0x1b1/0x590
[ 1006.288496] 1 lock held by syz-executor0/4828:
[ 1006.293133]  #0: (____ptrval____) (&type->i_mutex_dir_key#5){++++}, at: lookup_slow+0x49/0x80
[ 1006.302172] 
[ 1006.303870] =============================================
[ 1006.303870] 
[ 1006.310983] NMI backtrace for cpu 0
[ 1006.314842] CPU: 0 PID: 773 Comm: khungtaskd Not tainted 4.18.0-rc7+ #169
[ 1006.322396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1006.332390] Call Trace:
[ 1006.335770]  dump_stack+0x1c9/0x2b4
[ 1006.339864]  ? dump_stack_print_info.cold.2+0x52/0x52
[ 1006.345199]  ? vprintk_default+0x28/0x30
[ 1006.349280]  nmi_cpu_backtrace.cold.4+0x19/0xce
[ 1006.354571]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[ 1006.359564]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[ 1006.364879]  nmi_trigger_cpumask_backtrace+0x151/0x192
[ 1006.370182]  arch_trigger_cpumask_backtrace+0x14/0x20
[ 1006.375390]  watchdog+0x9c4/0xf80
[ 1006.378872]  ? reset_hung_task_detector+0xd0/0xd0
[ 1006.383748]  ? kasan_check_read+0x11/0x20
[ 1006.388058]  ? do_raw_spin_unlock+0xa7/0x2f0
[ 1006.392479]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[ 1006.397690]  ? __kthread_parkme+0x58/0x1b0
[ 1006.402053]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1006.407092]  ? trace_hardirqs_on+0xd/0x10
[ 1006.412216]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1006.417777]  ? __kthread_parkme+0x106/0x1b0
[ 1006.422105]  kthread+0x345/0x410
[ 1006.425552]  ? reset_hung_task_detector+0xd0/0xd0
[ 1006.430396]  ? kthread_bind+0x40/0x40
[ 1006.434378]  ret_from_fork+0x3a/0x50
[ 1006.438195] Sending NMI from CPU 0 to CPUs 1:
[ 1006.442856] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x6/0x10
[ 1006.443841] Kernel panic - not syncing: hung_task: blocked tasks
[ 1006.457092] CPU: 0 PID: 773 Comm: khungtaskd Not tainted 4.18.0-rc7+ #169
[ 1006.464027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1006.473533] Call Trace:
[ 1006.476233]  dump_stack+0x1c9/0x2b4
[ 1006.481536]  ? dump_stack_print_info.cold.2+0x52/0x52
[ 1006.486957]  ? printk_safe_log_store+0x2f0/0x2f0
[ 1006.493475]  panic+0x238/0x4e7
[ 1006.496684]  ? add_taint.cold.5+0x16/0x16
[ 1006.500855]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1006.506596]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[ 1006.512402]  ? printk_safe_flush+0xd7/0x130
[ 1006.516731]  watchdog+0x9d5/0xf80
[ 1006.520217]  ? reset_hung_task_detector+0xd0/0xd0
[ 1006.525096]  ? kasan_check_read+0x11/0x20
[ 1006.529564]  ? do_raw_spin_unlock+0xa7/0x2f0
[ 1006.533979]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[ 1006.539169]  ? __kthread_parkme+0x58/0x1b0
[ 1006.543427]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1006.548502]  ? trace_hardirqs_on+0xd/0x10
[ 1006.552776]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1006.558343]  ? __kthread_parkme+0x106/0x1b0
[ 1006.562892]  kthread+0x345/0x410
[ 1006.566283]  ? reset_hung_task_detector+0xd0/0xd0
[ 1006.571147]  ? kthread_bind+0x40/0x40
[ 1006.575126]  ret_from_fork+0x3a/0x50
[ 1006.580295] Dumping ftrace buffer:
[ 1006.584161]    (ftrace buffer empty)
[ 1006.588062] Kernel Offset: disabled
[ 1006.591898] Rebooting in 86400 seconds..