[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.249' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 489.071587][ T35] audit: type=1400 audit(1613014444.108:8): avc: denied { execmem } for pid=8455 comm="syz-executor797" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 489.090408][ T8456] IPVS: ftp: loaded support on port[0] = 21 [ 721.701823][ T1645] INFO: task kworker/u4:4:194 blocked for more than 143 seconds. [ 721.710061][ T1645] Not tainted 5.11.0-rc7-syzkaller #0 [ 721.718423][ T1645] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 721.728230][ T1645] task:kworker/u4:4 state:D stack:23656 pid: 194 ppid: 2 flags:0x00004000 [ 721.738664][ T1645] Workqueue: tc_filter_workqueue tcindex_partial_destroy_work [ 721.747501][ T1645] Call Trace: [ 721.750847][ T1645] __schedule+0x90c/0x21a0 [ 721.758022][ T1645] ? io_schedule_timeout+0x140/0x140 [ 721.764512][ T1645] schedule+0xcf/0x270 [ 721.768637][ T1645] schedule_preempt_disabled+0xf/0x20 [ 721.775702][ T1645] __mutex_lock+0x81a/0x1110 [ 721.780334][ T1645] ? tcindex_partial_destroy_work+0x13/0x50 [ 721.787806][ T1645] ? mutex_lock_io_nested+0xf60/0xf60 [ 721.794238][ T1645] ? lock_release+0x710/0x710 [ 721.799055][ T1645] tcindex_partial_destroy_work+0x13/0x50 [ 721.806396][ T1645] process_one_work+0x98d/0x15f0 [ 721.811473][ T1645] ? pwq_dec_nr_in_flight+0x320/0x320 [ 721.818459][ T1645] ? rwlock_bug.part.0+0x90/0x90 [ 721.824566][ T1645] ? _raw_spin_lock_irq+0x41/0x50 [ 721.829637][ T1645] worker_thread+0x64c/0x1120 [ 721.836882][ T1645] ? process_one_work+0x15f0/0x15f0 [ 721.843176][ T1645] kthread+0x3b1/0x4a0 [ 721.847275][ T1645] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 721.854609][ T1645] ret_from_fork+0x1f/0x30 [ 721.859256][ T1645] INFO: task kworker/0:2:2918 blocked for more than 143 seconds. [ 721.868623][ T1645] Not tainted 5.11.0-rc7-syzkaller #0 [ 721.876555][ T1645] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 721.887499][ T1645] task:kworker/0:2 state:D stack:28872 pid: 2918 ppid: 2 flags:0x00004000 [ 721.897892][ T1645] Workqueue: ipv6_addrconf addrconf_verify_work [ 721.905496][ T1645] Call Trace: [ 721.908803][ T1645] __schedule+0x90c/0x21a0 [ 721.914834][ T1645] ? io_schedule_timeout+0x140/0x140 [ 721.920158][ T1645] ? _raw_spin_unlock_irq+0x1f/0x40 [ 721.926901][ T1645] ? lockdep_hardirqs_on+0x79/0x100 [ 721.933284][ T1645] schedule+0xcf/0x270 [ 721.937389][ T1645] schedule_preempt_disabled+0xf/0x20 [ 721.944617][ T1645] __mutex_lock+0x81a/0x1110 [ 721.949250][ T1645] ? addrconf_verify_work+0xa/0x20 [ 721.955862][ T1645] ? mutex_lock_io_nested+0xf60/0xf60 [ 721.961273][ T1645] ? lock_release+0x710/0x710 [ 721.967612][ T1645] ? lock_downgrade+0x6d0/0x6d0 [ 721.973538][ T1645] addrconf_verify_work+0xa/0x20 [ 721.978515][ T1645] process_one_work+0x98d/0x15f0 [ 721.984926][ T1645] ? pwq_dec_nr_in_flight+0x320/0x320 [ 721.990342][ T1645] ? rwlock_bug.part.0+0x90/0x90 [ 721.996822][ T1645] ? _raw_spin_lock_irq+0x41/0x50 [ 722.002900][ T1645] worker_thread+0x64c/0x1120 [ 722.007628][ T1645] ? __kthread_parkme+0x13f/0x1e0 [ 722.015234][ T1645] ? process_one_work+0x15f0/0x15f0 [ 722.020475][ T1645] kthread+0x3b1/0x4a0 [ 722.025994][ T1645] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 722.032930][ T1645] ret_from_fork+0x1f/0x30 [ 722.037495][ T1645] [ 722.037495][ T1645] Showing all locks held in the system: [ 722.046750][ T1645] 3 locks held by kworker/u4:4/194: [ 722.052994][ T1645] #0: ffff88801638e138 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: process_one_work+0x871/0x15f0 [ 722.066039][ T1645] #1: ffffc90001417da8 ((work_completion)(&(rwork)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x15f0 [ 722.079657][ T1645] #2: ffffffff8d45c2e8 (rtnl_mutex){+.+.}-{3:3}, at: tcindex_partial_destroy_work+0x13/0x50 [ 722.090917][ T1645] 1 lock held by khungtaskd/1645: [ 722.096961][ T1645] #0: ffffffff8bd73da0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 722.107971][ T1645] 3 locks held by kworker/0:2/2918: [ 722.114182][ T1645] #0: ffff888023cb8d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x871/0x15f0 [ 722.126273][ T1645] #1: ffffc900012c7da8 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x8a5/0x15f0 [ 722.137713][ T1645] #2: ffffffff8d45c2e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 [ 722.149401][ T1645] 1 lock held by in:imklog/8147: [ 722.155347][ T1645] #0: ffff88801a916df0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 [ 722.165668][ T1645] 2 locks held by syz-executor797/8477: [ 722.171269][ T1645] [ 722.175552][ T1645] ============================================= [ 722.175552][ T1645] [ 722.186175][ T1645] NMI backtrace for cpu 1 [ 722.190521][ T1645] CPU: 1 PID: 1645 Comm: khungtaskd Not tainted 5.11.0-rc7-syzkaller #0 [ 722.198854][ T1645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 722.208912][ T1645] Call Trace: [ 722.212197][ T1645] dump_stack+0x107/0x163 [ 722.216612][ T1645] nmi_cpu_backtrace.cold+0x44/0xd7 [ 722.221833][ T1645] ? lapic_can_unplug_cpu+0x80/0x80 [ 722.227151][ T1645] nmi_trigger_cpumask_backtrace+0x1b3/0x230 [ 722.233210][ T1645] watchdog+0xd43/0xfa0 [ 722.237426][ T1645] ? reset_hung_task_detector+0x30/0x30 [ 722.242989][ T1645] kthread+0x3b1/0x4a0 [ 722.247068][ T1645] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 722.252984][ T1645] ret_from_fork+0x1f/0x30 [ 722.257587][ T1645] Sending NMI from CPU 1 to CPUs 0: [ 722.264199][ C0] NMI backtrace for cpu 0 [ 722.264209][ C0] CPU: 0 PID: 8477 Comm: syz-executor797 Not tainted 5.11.0-rc7-syzkaller #0 [ 722.264219][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 722.264227][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x13/0x60 [ 722.264238][ C0] Code: ff ff ff 4c 01 ca 49 89 13 e9 00 fd ff ff 66 0f 1f 84 00 00 00 00 00 65 8b 05 e9 18 8f 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 <65> 48 8b 14 25 00 f0 01 00 a9 00 01 ff 00 74 0e 85 c9 74 35 8b 82 [ 722.264254][ C0] RSP: 0018:ffffc90001b96b90 EFLAGS: 00000246 [ 722.264266][ C0] RAX: 0000000080000000 RBX: ffff888024f4a090 RCX: 0000000000000000 [ 722.264275][ C0] RDX: 0000000000000000 RSI: ffffffff83da1121 RDI: ffff888024f4a090 [ 722.264283][ C0] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffff888024f4a007 [ 722.264291][ C0] R10: ffffffff8717d3d9 R11: 0000000000000001 R12: ffffc90001b96e38 [ 722.264300][ C0] R13: 0000000000000001 R14: 0000000000001000 R15: ffff888024f4a090 [ 722.264309][ C0] FS: 0000000000875300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 722.264317][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 722.264325][ C0] CR2: 0000000020000280 CR3: 000000002412b000 CR4: 00000000001506f0 [ 722.264334][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 722.264343][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 722.264349][ C0] Call Trace: [ 722.264355][ C0] __radix_tree_lookup+0x31/0x2a0 [ 722.264361][ C0] tcf_idr_check_alloc+0xb0/0x3b0 [ 722.264366][ C0] tcf_police_init+0x34f/0x1460 [ 722.264371][ C0] ? tcf_police_cleanup+0x60/0x60 [ 722.264377][ C0] ? find_held_lock+0x2d/0x110 [ 722.264383][ C0] ? tc_lookup_action_n+0xcd/0xf0 [ 722.264388][ C0] tcf_action_init_1+0x1a3/0x990 [ 722.264394][ C0] ? tcf_action_dump_old+0x80/0x80 [ 722.264400][ C0] ? lock_chain_count+0x20/0x20 [ 722.264406][ C0] ? find_held_lock+0x2d/0x110 [ 722.264411][ C0] tcf_exts_validate+0x138/0x420 [ 722.264417][ C0] ? tcf_exts_destroy+0xc0/0xc0 [ 722.264423][ C0] ? rcu_read_lock_sched_held+0x3a/0x70 [ 722.264429][ C0] ? trace_kmalloc+0xbe/0xf0 [ 722.264434][ C0] ? kmem_cache_alloc_trace+0x1f9/0x400 [ 722.264440][ C0] tcindex_set_parms+0x182/0x2320 [ 722.264446][ C0] ? tcindex_filter_result_init+0x200/0x200 [ 722.264452][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 722.264458][ C0] ? __nla_validate_parse+0x2d3/0x2ae0 [ 722.264464][ C0] ? nla_get_range_signed+0x520/0x520 [ 722.264470][ C0] ? find_held_lock+0x2d/0x110 [ 722.264476][ C0] ? tcindex_change+0x1b7/0x320 [ 722.264481][ C0] tcindex_change+0x212/0x320 [ 722.264487][ C0] ? tcindex_set_parms+0x2320/0x2320 [ 722.264492][ C0] ? tcindex_lookup+0x390/0x390 [ 722.264498][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 722.264505][ C0] ? __sanitizer_cov_trace_cmp2+0x22/0x80 [ 722.264511][ C0] tc_new_tfilter+0x1394/0x2120 [ 722.264516][ C0] ? tcindex_set_parms+0x2320/0x2320 [ 722.264522][ C0] ? tc_del_tfilter+0x15b0/0x15b0 [ 722.264528][ C0] ? tc_del_tfilter+0x15b0/0x15b0 [ 722.264533][ C0] rtnetlink_rcv_msg+0x80e/0xad0 [ 722.264539][ C0] ? rtnetlink_put_metrics+0x510/0x510 [ 722.264545][ C0] netlink_rcv_skb+0x153/0x420 [ 722.264550][ C0] ? rtnetlink_put_metrics+0x510/0x510 [ 722.264556][ C0] ? netlink_ack+0xaa0/0xaa0 [ 722.264561][ C0] ? netlink_deliver_tap+0x227/0xb70 [ 722.264567][ C0] netlink_unicast+0x533/0x7d0 [ 722.264572][ C0] ? netlink_attachskb+0x870/0x870 [ 722.264578][ C0] ? _copy_from_iter_full+0x275/0x850 [ 722.264584][ C0] netlink_sendmsg+0x856/0xd90 [ 722.264589][ C0] ? netlink_unicast+0x7d0/0x7d0 [ 722.264595][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 722.264602][ C0] ? netlink_unicast+0x7d0/0x7d0 [ 722.264607][ C0] sock_sendmsg+0xcf/0x120 [ 722.264613][ C0] ____sys_sendmsg+0x331/0x810 [ 722.264618][ C0] ? kernel_sendmsg+0x50/0x50 [ 722.264623][ C0] ? do_recvmmsg+0x6c0/0x6c0 [ 722.264628][ C0] ? __lock_acquire+0x16c2/0x54f0 [ 722.264634][ C0] ___sys_sendmsg+0xf3/0x170 [ 722.264639][ C0] ? sendmsg_copy_msghdr+0x160/0x160 [ 722.264645][ C0] ? find_held_lock+0x2d/0x110 [ 722.264650][ C0] ? __might_fault+0xd3/0x180 [ 722.264655][ C0] ? lock_downgrade+0x6d0/0x6d0 [ 722.264661][ C0] __sys_sendmmsg+0x195/0x470 [ 722.264666][ C0] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 722.264672][ C0] ? find_held_lock+0x2d/0x110 [ 722.264677][ C0] ? alloc_file_pseudo+0x1/0x250 [ 722.264683][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 722.264689][ C0] ? fd_install+0x215/0x640 [ 722.264694][ C0] ? __sys_socket+0x16d/0x200 [ 722.264699][ C0] __x64_sys_sendmmsg+0x99/0x100 [ 722.264705][ C0] ? syscall_enter_from_user_mode+0x1d/0x50 [ 722.264711][ C0] do_syscall_64+0x2d/0x70 [ 722.264716][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 722.264722][ C0] RIP: 0033:0x440399 [ 722.264732][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 722.264748][ C0] RSP: 002b:00007ffca1d5fea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 722.264761][ C0] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000440399 [ 722.264769][ C0] RDX: 04924924924924b3 RSI: 0000000020000200 RDI: 0000000000000004 [ 722.264778][ C0] RBP: 0000000000000000 R08: 00000000004ab000 R09: 00000000004ab000 [ 722.264786][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffca1d5fee0 [ 722.264794][ C0] R13: 00007ffca1d5fed0 R14: 00007ffca1d5fec0 R15: 0000000000400488 [ 722.264803][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.299 msecs [ 722.281660][ T1645] Kernel panic - not syncing: hung_task: blocked tasks [ 722.819243][ T1645] CPU: 1 PID: 1645 Comm: khungtaskd Not tainted 5.11.0-rc7-syzkaller #0 [ 722.827583][ T1645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 722.837642][ T1645] Call Trace: [ 722.840931][ T1645] dump_stack+0x107/0x163 [ 722.845302][ T1645] panic+0x306/0x73d [ 722.849212][ T1645] ? __warn_printk+0xf3/0xf3 [ 722.853819][ T1645] ? lapic_can_unplug_cpu+0x80/0x80 [ 722.859029][ T1645] ? preempt_schedule_thunk+0x16/0x18 [ 722.864417][ T1645] ? nmi_trigger_cpumask_backtrace+0x196/0x230 [ 722.870623][ T1645] ? watchdog.cold+0x5/0x158 [ 722.875270][ T1645] watchdog.cold+0x16/0x158 [ 722.879810][ T1645] ? reset_hung_task_detector+0x30/0x30 [ 722.885378][ T1645] kthread+0x3b1/0x4a0 [ 722.889462][ T1645] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 722.895373][ T1645] ret_from_fork+0x1f/0x30 [ 722.900804][ T1645] Kernel Offset: disabled [ 722.905408][ T1645] Rebooting in 86400 seconds..