[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.255' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  829.819176][   T27] audit: type=1400 audit(1599515587.443:8): avc:  denied  { execmem } for  pid=6842 comm="syz-executor791" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[  829.828648][ T6844] netlink: 4 bytes leftover after parsing attributes in process `syz-executor791'.
[  829.873088][ T6846] netlink: 4 bytes leftover after parsing attributes in process `syz-executor791'.
[  984.864963][ T1168] INFO: task syz-executor791:6844 blocked for more than 143 seconds.
[  984.873149][ T1168]       Not tainted 5.9.0-rc4-syzkaller #0
[  984.882282][ T1168] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  984.891817][ T1168] task:syz-executor791 state:D stack:25032 pid: 6844 ppid:  6842 flags:0x00004004
[  984.901877][ T1168] Call Trace:
[  984.906199][ T1168]  __schedule+0xea9/0x2230
[  984.910635][ T1168]  ? io_schedule_timeout+0x140/0x140
[  984.918271][ T1168]  schedule+0xd0/0x2a0
[  984.922399][ T1168]  schedule_preempt_disabled+0xf/0x20
[  984.929066][ T1168]  __mutex_lock+0x3e2/0x10e0
[  984.933710][ T1168]  ? tcf_ife_init+0x11a4/0x16f0
[  984.939896][ T1168]  ? mutex_lock_io_nested+0xf60/0xf60
[  984.946169][ T1168]  ? lock_downgrade+0x830/0x830
[  984.951051][ T1168]  tcf_ife_init+0x11a4/0x16f0
[  984.956971][ T1168]  ? tcf_ife_dump+0xb90/0xb90
[  984.961659][ T1168]  ? find_held_lock+0x2d/0x110
[  984.967765][ T1168]  ? lock_downgrade+0x830/0x830
[  984.972731][ T1168]  tcf_action_init_1+0x6a5/0xac0
[  984.978939][ T1168]  ? tcf_action_dump_old+0x80/0x80
[  984.984094][ T1168]  tcf_action_init+0x249/0x380
[  984.990160][ T1168]  ? tcf_action_init_1+0xac0/0xac0
[  984.996135][ T1168]  ? avc_has_perm_noaudit+0x1ee/0x390
[  985.001542][ T1168]  tcf_action_add+0xd9/0x360
[  985.008553][ T1168]  ? tca_action_gd+0xda0/0xda0
[  985.013358][ T1168]  ? bpf_lsm_capable+0x5/0x10
[  985.019309][ T1168]  ? __nla_parse+0x3d/0x4a
[  985.023757][ T1168]  tc_ctl_action+0x33a/0x439
[  985.029692][ T1168]  ? tcf_action_add+0x360/0x360
[  985.034629][ T1168]  ? lock_is_held_type+0xbb/0xf0
[  985.040830][ T1168]  ? tcf_action_add+0x360/0x360
[  985.046609][ T1168]  rtnetlink_rcv_msg+0x44e/0xad0
[  985.051562][ T1168]  ? rtnetlink_put_metrics+0x510/0x510
[  985.058302][ T1168]  ? lock_acquire+0x1f3/0xae0
[  985.063022][ T1168]  ? netlink_deliver_tap+0x146/0xb70
[  985.069619][ T1168]  netlink_rcv_skb+0x15a/0x430
[  985.074395][ T1168]  ? rtnetlink_put_metrics+0x510/0x510
[  985.081150][ T1168]  ? netlink_ack+0xa10/0xa10
[  985.086625][ T1168]  netlink_unicast+0x533/0x7d0
[  985.091405][ T1168]  ? netlink_attachskb+0x810/0x810
[  985.097781][ T1168]  netlink_sendmsg+0x856/0xd90
[  985.102560][ T1168]  ? netlink_unicast+0x7d0/0x7d0
[  985.108820][ T1168]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  985.114112][ T1168]  ? netlink_unicast+0x7d0/0x7d0
[  985.121505][ T1168]  sock_sendmsg+0xcf/0x120
[  985.126746][ T1168]  ____sys_sendmsg+0x6e8/0x810
[  985.131519][ T1168]  ? kernel_sendmsg+0x50/0x50
[  985.138803][ T1168]  ? do_recvmmsg+0x6d0/0x6d0
[  985.143439][ T1168]  ? lockdep_hardirqs_on_prepare+0x530/0x530
[  985.150763][ T1168]  ? lock_is_held_type+0xbb/0xf0
[  985.156501][ T1168]  ? find_held_lock+0x2d/0x110
[  985.161284][ T1168]  ___sys_sendmsg+0xf3/0x170
[  985.167205][ T1168]  ? sendmsg_copy_msghdr+0x160/0x160
[  985.172515][ T1168]  ? __fget_files+0x272/0x400
[  985.178776][ T1168]  ? lock_downgrade+0x830/0x830
[  985.183640][ T1168]  ? do_huge_pmd_anonymous_page+0x8f2/0x2200
[  985.191066][ T1168]  ? __fget_files+0x294/0x400
[  985.196597][ T1168]  ? __fget_light+0xea/0x280
[  985.201205][ T1168]  __sys_sendmsg+0xe5/0x1b0
[  985.207122][ T1168]  ? __sys_sendmsg_sock+0xb0/0xb0
[  985.212172][ T1168]  ? check_preemption_disabled+0x50/0x130
[  985.219255][ T1168]  ? syscall_enter_from_user_mode+0x1d/0x60
[  985.226043][ T1168]  do_syscall_64+0x2d/0x70
[  985.230470][ T1168]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  985.237643][ T1168] RIP: 0033:0x4471d9
[  985.241535][ T1168] Code: Bad RIP value.
[  985.246945][ T1168] RSP: 002b:00007f796a6d1db8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  985.256234][ T1168] RAX: ffffffffffffffda RBX: 00000000006dcc28 RCX: 00000000004471d9
[  985.264225][ T1168] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  985.274766][ T1168] RBP: 00000000006dcc20 R08: 0000000000000000 R09: 0000000000000000
[  985.282744][ T1168] R10: 0000000000000006 R11: 0000000000000246 R12: 00000000006dcc2c
[  985.292051][ T1168] R13: 00007ffcf477b02f R14: 00007f796a6d29c0 R15: 20c49ba5e353f7cf
[  985.300903][ T1168] 
[  985.300903][ T1168] Showing all locks held in the system:
[  985.309520][ T1168] 1 lock held by khungtaskd/1168:
[  985.314555][ T1168]  #0: ffffffff89bd6a40 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260
[  985.327224][ T1168] 3 locks held by kworker/0:2/2626:
[  985.332419][ T1168]  #0: ffff888214917138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670
[  985.344646][ T1168]  #1: ffffc90006897da8 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670
[  985.356888][ T1168]  #2: ffffffff8a7ea708 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20
[  985.367160][ T1168] 1 lock held by in:imklog/6733:
[  985.372094][ T1168]  #0: ffff8880a2072670 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100
[  985.382447][ T1168] 1 lock held by syz-executor791/6844:
[  985.388696][ T1168]  #0: ffffffff8a7ea708 (rtnl_mutex){+.+.}-{3:3}, at: tcf_ife_init+0x11a4/0x16f0
[  985.399829][ T1168] 1 lock held by syz-executor791/6846:
[  985.406318][ T1168] 
[  985.408645][ T1168] =============================================
[  985.408645][ T1168] 
[  985.418360][ T1168] NMI backtrace for cpu 0
[  985.422709][ T1168] CPU: 0 PID: 1168 Comm: khungtaskd Not tainted 5.9.0-rc4-syzkaller #0
[  985.430935][ T1168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  985.440978][ T1168] Call Trace:
[  985.444272][ T1168]  dump_stack+0x198/0x1fd
[  985.448625][ T1168]  nmi_cpu_backtrace.cold+0x70/0xb1
[  985.453840][ T1168]  ? lapic_can_unplug_cpu.cold+0x38/0x38
[  985.459480][ T1168]  nmi_trigger_cpumask_backtrace+0x1b3/0x223
[  985.465459][ T1168]  watchdog+0xd7d/0x1000
[  985.469708][ T1168]  ? reset_hung_task_detector+0x30/0x30
[  985.475250][ T1168]  kthread+0x3b5/0x4a0
[  985.479317][ T1168]  ? __kthread_bind_mask+0xc0/0xc0
[  985.484424][ T1168]  ret_from_fork+0x1f/0x30
[  985.489013][ T1168] Sending NMI from CPU 0 to CPUs 1:
[  985.495186][    C1] NMI backtrace for cpu 1
[  985.495194][    C1] CPU: 1 PID: 6846 Comm: syz-executor791 Not tainted 5.9.0-rc4-syzkaller #0
[  985.495201][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  985.495205][    C1] RIP: 0010:lock_release+0x4b8/0x8f0
[  985.495217][    C1] Code: d2 5b 08 00 0f 84 ac 01 00 00 48 8b 3c 24 57 9d 0f 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 01 c5 48 c7 45 00 00 00 00 00 <c7> 45 08 00 00 00 00 48 8b 84 24 88 00 00 00 65 48 2b 04 25 28 00
[  985.495222][    C1] RSP: 0018:ffffc900013c6ce8 EFLAGS: 00000286
[  985.495232][    C1] RAX: dffffc0000000000 RBX: 0000000000000002 RCX: 0000000000000000
[  985.495238][    C1] RDX: dffffc0000000000 RSI: ffff88809a063668 RDI: 0000000000000282
[  985.495244][    C1] RBP: fffff52000278d9f R08: 0000000000000001 R09: ffff8880a19e4be0
[  985.495251][    C1] R10: fffffbfff1564d71 R11: 0000000000000001 R12: ffff8880a19e4300
[  985.495257][    C1] R13: 0000000000000001 R14: ffffffff865b709e R15: ffff8880a19e4300
[  985.495263][    C1] FS:  00007f796a6b1700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[  985.495269][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  985.495275][    C1] CR2: 00007f92e6066ab4 CR3: 00000000a15a2000 CR4: 00000000001506e0
[  985.495281][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  985.495286][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  985.495290][    C1] Call Trace:
[  985.495295][    C1]  ? lock_downgrade+0x830/0x830
[  985.495300][    C1]  ? tcf_idr_check_alloc+0x78/0x3b0
[  985.495304][    C1]  ? mark_held_locks+0x9f/0xe0
[  985.495309][    C1]  ? mutex_lock_io_nested+0xf60/0xf60
[  985.495314][    C1]  ? check_preemption_disabled+0x50/0x130
[  985.495318][    C1]  __mutex_unlock_slowpath+0x81/0x610
[  985.495323][    C1]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[  985.495328][    C1]  ? wait_for_completion+0x260/0x260
[  985.495332][    C1]  tcf_idr_check_alloc+0x29e/0x3b0
[  985.495337][    C1]  tcf_ife_init+0x3b1/0x16f0
[  985.495341][    C1]  ? tcf_ife_dump+0xb90/0xb90
[  985.495346][    C1]  ? find_held_lock+0x2d/0x110
[  985.495350][    C1]  ? tc_lookup_action_n+0xcd/0xf0
[  985.495354][    C1]  ? lock_downgrade+0x830/0x830
[  985.495359][    C1]  tcf_action_init_1+0x6a5/0xac0
[  985.495363][    C1]  ? tcf_action_dump_old+0x80/0x80
[  985.495368][    C1]  tcf_action_init+0x249/0x380
[  985.495372][    C1]  ? tcf_action_init_1+0xac0/0xac0
[  985.495377][    C1]  ? avc_has_perm_noaudit+0x1ee/0x390
[  985.495381][    C1]  tcf_action_add+0xd9/0x360
[  985.495386][    C1]  ? tca_action_gd+0xda0/0xda0
[  985.495390][    C1]  ? bpf_lsm_capable+0x5/0x10
[  985.495394][    C1]  ? __nla_parse+0x3d/0x4a
[  985.495399][    C1]  tc_ctl_action+0x33a/0x439
[  985.495403][    C1]  ? tcf_action_add+0x360/0x360
[  985.495407][    C1]  ? lock_is_held_type+0xbb/0xf0
[  985.495412][    C1]  ? tcf_action_add+0x360/0x360
[  985.495416][    C1]  rtnetlink_rcv_msg+0x44e/0xad0
[  985.495421][    C1]  ? rtnetlink_put_metrics+0x510/0x510
[  985.495425][    C1]  ? lock_acquire+0x1f3/0xae0
[  985.495430][    C1]  ? netlink_deliver_tap+0x146/0xb70
[  985.495434][    C1]  netlink_rcv_skb+0x15a/0x430
[  985.495439][    C1]  ? rtnetlink_put_metrics+0x510/0x510
[  985.495444][    C1]  ? netlink_ack+0xa10/0xa10
[  985.495448][    C1]  netlink_unicast+0x533/0x7d0
[  985.495452][    C1]  ? netlink_attachskb+0x810/0x810
[  985.495456][    C1]  netlink_sendmsg+0x856/0xd90
[  985.495460][    C1]  ? netlink_unicast+0x7d0/0x7d0
[  985.495465][    C1]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  985.495468][    C1]  ? netlink_unicast+0x7d0/0x7d0
[  985.495471][    C1]  sock_sendmsg+0xcf/0x120
[  985.495474][    C1]  ____sys_sendmsg+0x6e8/0x810
[  985.495476][    C1]  ? kernel_sendmsg+0x50/0x50
[  985.495479][    C1]  ? do_recvmmsg+0x6d0/0x6d0
[  985.495482][    C1]  ? lockdep_hardirqs_on_prepare+0x530/0x530
[  985.495485][    C1]  ? __lock_acquire+0xb5e/0x5570
[  985.495487][    C1]  ___sys_sendmsg+0xf3/0x170
[  985.495490][    C1]  ? sendmsg_copy_msghdr+0x160/0x160
[  985.495493][    C1]  ? __fget_files+0x272/0x400
[  985.495495][    C1]  ? lock_downgrade+0x830/0x830
[  985.495498][    C1]  ? percpu_counter_add_batch+0x126/0x180
[  985.495501][    C1]  ? __fget_files+0x294/0x400
[  985.495504][    C1]  ? __fget_light+0xea/0x280
[  985.495506][    C1]  __sys_sendmsg+0xe5/0x1b0
[  985.495509][    C1]  ? __sys_sendmsg_sock+0xb0/0xb0
[  985.495512][    C1]  ? __x64_sys_futex+0x382/0x4e0
[  985.495515][    C1]  ? check_preemption_disabled+0x50/0x130
[  985.495518][    C1]  ? syscall_enter_from_user_mode+0x1d/0x60
[  985.495520][    C1]  do_syscall_64+0x2d/0x70
[  985.495523][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  985.495526][    C1] RIP: 0033:0x4471d9
[  985.495533][    C1] Code: e8 ec b9 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  985.495536][    C1] RSP: 002b:00007f796a6b0db8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  985.495543][    C1] RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 00000000004471d9
[  985.495547][    C1] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004
[  985.495550][    C1] RBP: 00000000006dcc30 R08: 0000000000000003 R09: 0000000000000000
[  985.495554][    C1] R10: 0000000000000003 R11: 0000000000000246 R12: 00000000006dcc3c
[  985.495558][    C1] R13: 00007ffcf477b02f R14: 00007f796a6b19c0 R15: 20c49ba5e353f7cf
[  985.514753][ T1168] Kernel panic - not syncing: hung_task: blocked tasks
[  986.008956][ T1168] CPU: 0 PID: 1168 Comm: khungtaskd Not tainted 5.9.0-rc4-syzkaller #0
[  986.017622][ T1168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  986.027694][ T1168] Call Trace:
[  986.030986][ T1168]  dump_stack+0x198/0x1fd
[  986.035333][ T1168]  panic+0x347/0x7c0
[  986.039228][ T1168]  ? __warn_printk+0xf3/0xf3
[  986.043821][ T1168]  ? lapic_can_unplug_cpu.cold+0x38/0x38
[  986.049450][ T1168]  ? preempt_schedule_thunk+0x16/0x18
[  986.054832][ T1168]  ? watchdog.cold+0x5/0x16b
[  986.059419][ T1168]  ? watchdog+0xa82/0x1000
[  986.063837][ T1168]  watchdog.cold+0x16/0x16b
[  986.068341][ T1168]  ? reset_hung_task_detector+0x30/0x30
[  986.073884][ T1168]  kthread+0x3b5/0x4a0
[  986.077949][ T1168]  ? __kthread_bind_mask+0xc0/0xc0
[  986.083055][ T1168]  ret_from_fork+0x1f/0x30
[  986.088684][ T1168] Kernel Offset: disabled
[  986.093016][ T1168] Rebooting in 86400 seconds..