[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.86' (ECDSA) to the list of known hosts. 2020/12/18 11:09:46 parsed 1 programs 2020/12/18 11:09:46 executed programs: 0 syzkaller login: [ 1585.297264] IPVS: ftp: loaded support on port[0] = 21 [ 1585.395891] chnl_net:caif_netlink_parms(): no params data found [ 1585.457414] bridge0: port 1(bridge_slave_0) entered blocking state [ 1585.464162] bridge0: port 1(bridge_slave_0) entered disabled state [ 1585.471116] device bridge_slave_0 entered promiscuous mode [ 1585.478932] bridge0: port 2(bridge_slave_1) entered blocking state [ 1585.485694] bridge0: port 2(bridge_slave_1) entered disabled state [ 1585.492550] device bridge_slave_1 entered promiscuous mode [ 1585.508816] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1585.517515] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1585.534451] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1585.541539] team0: Port device team_slave_0 added [ 1585.547313] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1585.554658] team0: Port device team_slave_1 added [ 1585.569013] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1585.575300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1585.600502] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1585.611699] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1585.617982] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1585.643445] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1585.654290] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1585.661519] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1585.679843] device hsr_slave_0 entered promiscuous mode [ 1585.685476] device hsr_slave_1 entered promiscuous mode [ 1585.691320] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1585.698570] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1585.757151] bridge0: port 2(bridge_slave_1) entered blocking state [ 1585.763644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1585.770497] bridge0: port 1(bridge_slave_0) entered blocking state [ 1585.776895] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1585.802953] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 1585.809668] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1585.817957] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1585.827373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1585.845637] bridge0: port 1(bridge_slave_0) entered disabled state [ 1585.852779] bridge0: port 2(bridge_slave_1) entered disabled state [ 1585.862944] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1585.869917] 8021q: adding VLAN 0 to HW filter on device team0 [ 1585.878181] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1585.885945] bridge0: port 1(bridge_slave_0) entered blocking state [ 1585.892309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1585.901138] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1585.909044] bridge0: port 2(bridge_slave_1) entered blocking state [ 1585.915418] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1585.934376] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1585.941960] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1585.950039] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1585.958150] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1585.966509] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1585.972581] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1585.979747] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1585.992387] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1585.999729] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1586.006584] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1586.017722] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1586.064277] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1586.073362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1586.096915] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1586.105288] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1586.111686] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1586.120974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1586.128560] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1586.135650] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1586.145167] device veth0_vlan entered promiscuous mode [ 1586.153158] device veth1_vlan entered promiscuous mode [ 1586.159366] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1586.167622] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1586.178439] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1586.187679] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1586.195058] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1586.202095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1586.211134] device veth0_macvtap entered promiscuous mode [ 1586.217544] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1586.225456] device veth1_macvtap entered promiscuous mode [ 1586.233177] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1586.242096] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1586.251397] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1586.258861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1586.267288] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1586.276415] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1586.283980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1586.383870] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1587.354589] Bluetooth: hci0 command 0x0409 tx timeout [ 1589.423672] Bluetooth: hci0 command 0x041b tx timeout 2020/12/18 11:09:52 executed programs: 4 [ 1591.503503] Bluetooth: hci0 command 0x040f tx timeout [ 1593.583219] Bluetooth: hci0 command 0x0419 tx timeout 2020/12/18 11:09:57 executed programs: 10 [ 1709.895374] Bluetooth: hci0 command 0x0406 tx timeout [ 1861.406084] INFO: task syz-executor.0:8323 blocked for more than 140 seconds. [ 1861.413417] Not tainted 4.14.212-syzkaller #0 [ 1861.419518] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1861.427570] syz-executor.0 D28456 8323 7994 0x00000004 [ 1861.433192] Call Trace: [ 1861.436573] __schedule+0x88b/0x1de0 [ 1861.440303] ? io_schedule_timeout+0x140/0x140 [ 1861.444862] ? trace_hardirqs_on+0x10/0x10 [ 1861.449130] schedule+0x8d/0x1b0 [ 1861.452521] schedule_timeout+0x80a/0xe90 [ 1861.456733] ? _raw_spin_unlock_irq+0x24/0x80 [ 1861.461221] ? usleep_range+0x130/0x130 [ 1861.465170] ? wait_for_common+0x26a/0x430 [ 1861.469426] ? lock_acquire+0x170/0x3f0 [ 1861.473403] ? lock_downgrade+0x740/0x740 [ 1861.477672] ? _raw_spin_unlock_irq+0x24/0x80 [ 1861.482157] wait_for_common+0x272/0x430 [ 1861.486258] ? out_of_line_wait_on_atomic_t+0x1a0/0x1a0 [ 1861.491605] ? preempt_schedule_common+0x45/0xc0 [ 1861.496415] ? wake_up_q+0xd0/0xd0 [ 1861.499946] flush_work+0x3fe/0x770 [ 1861.503550] ? worker_thread+0xff0/0xff0 [ 1861.507645] ? flush_workqueue_prep_pwqs+0x470/0x470 [ 1861.512739] ? __cancel_work_timer+0x2c1/0x460 [ 1861.517380] __cancel_work_timer+0x321/0x460 [ 1861.521773] ? work_on_cpu_safe+0x70/0x70 [ 1861.526436] ? lock_acquire+0x170/0x3f0 [ 1861.530393] ? lock_downgrade+0x740/0x740 [ 1861.534518] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1861.539741] p9_fd_close+0x299/0x420 [ 1861.543445] p9_client_create+0x736/0x12c0 [ 1861.547726] ? p9_client_flush+0x4c0/0x4c0 [ 1861.551948] ? __lockdep_init_map+0x100/0x560 [ 1861.556500] ? __raw_spin_lock_init+0x28/0x100 [ 1861.561074] v9fs_session_init+0x1c5/0x1540 [ 1861.565459] ? pcpu_alloc+0xbe0/0xf50 [ 1861.569247] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1861.574066] ? v9fs_show_options+0x6b0/0x6b0 [ 1861.578532] ? v9fs_mount+0x54/0x860 [ 1861.582239] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1861.587719] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1861.592730] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1861.597671] v9fs_mount+0x73/0x860 [ 1861.601203] ? alloc_pages_current+0x15d/0x260 [ 1861.605805] ? __lockdep_init_map+0x100/0x560 [ 1861.610334] mount_fs+0x92/0x2a0 [ 1861.613680] vfs_kern_mount.part.0+0x5b/0x470 [ 1861.618246] do_mount+0xe53/0x2a00 [ 1861.621777] ? retint_kernel+0x2d/0x2d [ 1861.625685] ? copy_mount_string+0x40/0x40 [ 1861.629909] ? copy_mount_options+0x18f/0x2f0 [ 1861.634381] ? copy_mount_options+0x1fa/0x2f0 [ 1861.638939] ? copy_mnt_ns+0xa30/0xa30 [ 1861.642817] SyS_mount+0xa8/0x120 [ 1861.646308] ? copy_mnt_ns+0xa30/0xa30 [ 1861.650203] do_syscall_64+0x1d5/0x640 [ 1861.654085] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1861.659946] RIP: 0033:0x45e149 [ 1861.663134] RSP: 002b:00007f515e401c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1861.671010] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e149 [ 1861.678331] RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000000000000 [ 1861.685629] RBP: 000000000119c1c8 R08: 0000000020000580 R09: 0000000000000000 [ 1861.692884] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119c184 [ 1861.700190] R13: 00007ffd247d323f R14: 00007f515e4029c0 R15: 000000000119c184 [ 1861.707558] [ 1861.707558] Showing all locks held in the system: [ 1861.713971] 1 lock held by khungtaskd/1531: [ 1861.718491] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a [ 1861.727599] 2 locks held by kworker/1:0/7972: [ 1861.732079] #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 1861.740527] #1: ((&m->wq)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 1861.748993] [ 1861.750601] ============================================= [ 1861.750601] [ 1861.757778] NMI backtrace for cpu 0 [ 1861.761487] CPU: 0 PID: 1531 Comm: khungtaskd Not tainted 4.14.212-syzkaller #0 [ 1861.768906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1861.778233] Call Trace: [ 1861.780795] dump_stack+0x1b2/0x283 [ 1861.784399] nmi_cpu_backtrace.cold+0x57/0x93 [ 1861.788868] ? irq_force_complete_move.cold+0x89/0x89 [ 1861.794033] nmi_trigger_cpumask_backtrace+0x13a/0x17f [ 1861.799300] watchdog+0x5b9/0xb40 [ 1861.802731] ? hungtask_pm_notify+0x50/0x50 [ 1861.807030] kthread+0x30d/0x420 [ 1861.810370] ? kthread_create_on_node+0xd0/0xd0 [ 1861.815015] ret_from_fork+0x24/0x30 [ 1861.818840] Sending NMI from CPU 0 to CPUs 1: [ 1861.823371] NMI backtrace for cpu 1 skipped: idling at pc 0xffffffff8720909e [ 1861.824824] Kernel panic - not syncing: hung_task: blocked tasks [ 1861.836705] CPU: 0 PID: 1531 Comm: khungtaskd Not tainted 4.14.212-syzkaller #0 [ 1861.844135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1861.853499] Call Trace: [ 1861.856069] dump_stack+0x1b2/0x283 [ 1861.859673] panic+0x1f9/0x42d [ 1861.862842] ? add_taint.cold+0x16/0x16 [ 1861.866799] watchdog+0x5ca/0xb40 [ 1861.870243] ? hungtask_pm_notify+0x50/0x50 [ 1861.874563] kthread+0x30d/0x420 [ 1861.877905] ? kthread_create_on_node+0xd0/0xd0 [ 1861.882565] ret_from_fork+0x24/0x30 [ 1861.887123] Kernel Offset: disabled [ 1861.890770] Rebooting in 86400 seconds..