[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.207' (ECDSA) to the list of known hosts. 2020/12/05 01:01:47 parsed 1 programs 2020/12/05 01:01:47 executed programs: 0 syzkaller login: [ 1585.112820] IPVS: ftp: loaded support on port[0] = 21 [ 1585.208491] chnl_net:caif_netlink_parms(): no params data found [ 1585.303463] bridge0: port 1(bridge_slave_0) entered blocking state [ 1585.310639] bridge0: port 1(bridge_slave_0) entered disabled state [ 1585.318920] device bridge_slave_0 entered promiscuous mode [ 1585.326553] bridge0: port 2(bridge_slave_1) entered blocking state [ 1585.333741] bridge0: port 2(bridge_slave_1) entered disabled state [ 1585.342213] device bridge_slave_1 entered promiscuous mode [ 1585.359622] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1585.369480] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1585.388273] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1585.396244] team0: Port device team_slave_0 added [ 1585.402915] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1585.413279] team0: Port device team_slave_1 added [ 1585.428686] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1585.436102] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1585.463573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1585.476972] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1585.483657] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1585.511047] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1585.522161] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1585.530453] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1585.550518] device hsr_slave_0 entered promiscuous mode [ 1585.557567] device hsr_slave_1 entered promiscuous mode [ 1585.566154] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1585.574055] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1585.638523] bridge0: port 2(bridge_slave_1) entered blocking state [ 1585.644993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1585.651793] bridge0: port 1(bridge_slave_0) entered blocking state [ 1585.658233] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1585.686627] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 1585.693757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1585.704805] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1585.713451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1585.735718] bridge0: port 1(bridge_slave_0) entered disabled state [ 1585.742800] bridge0: port 2(bridge_slave_1) entered disabled state [ 1585.753090] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1585.760443] 8021q: adding VLAN 0 to HW filter on device team0 [ 1585.768949] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1585.777122] bridge0: port 1(bridge_slave_0) entered blocking state [ 1585.783778] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1585.796845] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1585.804428] bridge0: port 2(bridge_slave_1) entered blocking state [ 1585.810837] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1585.822966] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1585.831005] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1585.840907] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1585.851820] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1585.862905] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1585.872586] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1585.879067] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1585.891391] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1585.898858] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1585.906490] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1585.916487] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1585.968337] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1585.977895] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1586.005449] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1586.012467] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1586.019725] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1586.029910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1586.037679] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1586.044470] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1586.054258] device veth0_vlan entered promiscuous mode [ 1586.063185] device veth1_vlan entered promiscuous mode [ 1586.069083] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1586.078465] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1586.089400] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1586.098217] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1586.106618] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1586.113740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1586.123784] device veth0_macvtap entered promiscuous mode [ 1586.130225] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1586.138579] device veth1_macvtap entered promiscuous mode [ 1586.147414] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1586.156558] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1586.166508] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1586.173355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1586.182526] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1586.190362] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1586.199594] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1586.206875] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1586.213408] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1586.221840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1587.156001] Bluetooth: hci0 command 0x0409 tx timeout [ 1589.225257] Bluetooth: hci0 command 0x041b tx timeout [ 1591.305008] Bluetooth: hci0 command 0x040f tx timeout [ 1593.385028] Bluetooth: hci0 command 0x0419 tx timeout [ 1710.025050] Bluetooth: hci0 command 0x0406 tx timeout [ 1861.545209] INFO: task syz-executor.0:8280 blocked for more than 140 seconds. [ 1861.552711] Not tainted 4.14.210-syzkaller #0 [ 1861.558531] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1861.567395] syz-executor.0 D28456 8280 8015 0x00000004 [ 1861.573835] Call Trace: [ 1861.576624] __schedule+0x88b/0x1de0 [ 1861.580361] ? io_schedule_timeout+0x140/0x140 [ 1861.585327] ? trace_hardirqs_on+0x10/0x10 [ 1861.590119] schedule+0x8d/0x1b0 [ 1861.593562] schedule_timeout+0x80a/0xe90 [ 1861.597885] ? _raw_spin_unlock_irq+0x24/0x80 [ 1861.602506] ? usleep_range+0x130/0x130 [ 1861.606607] ? wait_for_common+0x26a/0x430 [ 1861.611684] ? lock_acquire+0x170/0x3f0 [ 1861.615747] ? lock_downgrade+0x740/0x740 [ 1861.619916] ? _raw_spin_unlock_irq+0x24/0x80 [ 1861.625267] wait_for_common+0x272/0x430 [ 1861.630198] ? out_of_line_wait_on_atomic_t+0x1a0/0x1a0 [ 1861.635730] ? preempt_schedule_common+0x45/0xc0 [ 1861.640536] ? wake_up_q+0xd0/0xd0 [ 1861.644103] flush_work+0x3fe/0x770 [ 1861.647828] ? worker_thread+0xff0/0xff0 [ 1861.651927] ? flush_workqueue_prep_pwqs+0x470/0x470 [ 1861.657159] ? __cancel_work_timer+0x2c1/0x460 [ 1861.661774] __cancel_work_timer+0x321/0x460 [ 1861.666330] ? work_on_cpu_safe+0x70/0x70 [ 1861.670627] ? lock_acquire+0x170/0x3f0 [ 1861.674586] ? lock_downgrade+0x740/0x740 [ 1861.678788] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1861.684129] p9_fd_close+0x299/0x420 [ 1861.687935] p9_client_create+0x736/0x12c0 [ 1861.692169] ? p9_client_flush+0x4c0/0x4c0 [ 1861.697246] ? __lockdep_init_map+0x100/0x560 [ 1861.701825] ? __raw_spin_lock_init+0x28/0x100 [ 1861.706598] v9fs_session_init+0x1c5/0x1540 [ 1861.710982] ? pcpu_alloc+0xbe0/0xf50 [ 1861.714812] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1861.719734] ? v9fs_show_options+0x6b0/0x6b0 [ 1861.724144] ? v9fs_mount+0x54/0x860 [ 1861.728263] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1861.733747] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1861.738954] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1861.743832] v9fs_mount+0x73/0x860 [ 1861.747503] ? alloc_pages_current+0x15d/0x260 [ 1861.752152] ? __lockdep_init_map+0x100/0x560 [ 1861.756771] mount_fs+0x92/0x2a0 [ 1861.760192] vfs_kern_mount.part.0+0x5b/0x470 [ 1861.764701] do_mount+0xe53/0x2a00 [ 1861.768707] ? retint_kernel+0x2d/0x2d [ 1861.772860] ? copy_mount_string+0x40/0x40 [ 1861.777286] ? copy_mount_options+0x18b/0x2f0 [ 1861.781793] ? copy_mount_options+0x1fa/0x2f0 [ 1861.786428] ? copy_mnt_ns+0xa30/0xa30 [ 1861.790311] SyS_mount+0xa8/0x120 [ 1861.793761] ? copy_mnt_ns+0xa30/0xa30 [ 1861.797768] do_syscall_64+0x1d5/0x640 [ 1861.801659] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1861.806930] RIP: 0033:0x45deb9 [ 1861.810163] RSP: 002b:00007fd9d361cc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1861.819954] RAX: ffffffffffffffda RBX: 0000000000021840 RCX: 000000000045deb9 [ 1861.827683] RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000000000000 [ 1861.835021] RBP: 000000000119c168 R08: 0000000020000580 R09: 0000000000000000 [ 1861.842649] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119c124 [ 1861.851998] R13: 00007ffcecdf95df R14: 00007fd9d361d9c0 R15: 000000000119c124 [ 1861.860321] [ 1861.860321] Showing all locks held in the system: [ 1861.866952] 1 lock held by khungtaskd/1531: [ 1861.871387] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a [ 1861.880530] 2 locks held by kworker/0:2/3519: [ 1861.885102] #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 1861.893689] #1: ((&m->wq)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 1861.902231] [ 1861.903851] ============================================= [ 1861.903851] [ 1861.911103] NMI backtrace for cpu 0 [ 1861.914812] CPU: 0 PID: 1531 Comm: khungtaskd Not tainted 4.14.210-syzkaller #0 [ 1861.922243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1861.931581] Call Trace: [ 1861.934220] dump_stack+0x1b2/0x283 [ 1861.937969] nmi_cpu_backtrace.cold+0x57/0x93 [ 1861.942520] ? irq_force_complete_move.cold+0x89/0x89 [ 1861.947821] nmi_trigger_cpumask_backtrace+0x13a/0x17f [ 1861.953174] watchdog+0x5b9/0xb40 [ 1861.956628] ? hungtask_pm_notify+0x50/0x50 [ 1861.960938] kthread+0x30d/0x420 [ 1861.964289] ? kthread_create_on_node+0xd0/0xd0 [ 1861.968943] ret_from_fork+0x24/0x30 [ 1861.972807] Sending NMI from CPU 0 to CPUs 1: [ 1861.977985] NMI backtrace for cpu 1 [ 1861.977989] CPU: 1 PID: 4606 Comm: systemd-journal Not tainted 4.14.210-syzkaller #0 [ 1861.977994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1861.977997] task: ffff8880a21e63c0 task.stack: ffff8880a21e8000 [ 1861.978000] RIP: 0010:trace_hardirqs_off_caller+0xe8/0x2b0 [ 1861.978003] RSP: 0018:ffff8880a21ef908 EFLAGS: 00000046 [ 1861.978008] RAX: 1ffffffff11e1250 RBX: ffff8880a21e63c0 RCX: 0000000000000000 [ 1861.978012] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffff8880a21e6c44 [ 1861.978015] RBP: ffffffff87208556 R08: ffffea0002ab02c0 R09: 0000000000000001 [ 1861.978019] R10: ffffea0002ab0320 R11: 0000000000000000 R12: ffff8880a21e63c0 [ 1861.978022] R13: fffffbfff1802618 R14: ffff8880aac0a000 R15: 0000000000002000 [ 1861.978026] FS: 00007f282e69d8c0(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 1861.978029] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1861.978033] CR2: 00007f282ba7c008 CR3: 00000000a2273000 CR4: 00000000001406e0 [ 1861.978036] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1861.978040] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1861.978042] Call Trace: [ 1861.978045] _raw_spin_lock_irqsave+0x66/0xc0 [ 1861.978047] debug_check_no_obj_freed+0x135/0x674 [ 1861.978050] ? debug_object_activate+0x490/0x490 [ 1861.978053] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1861.978056] __free_pages_ok+0x215/0xeb0 [ 1861.978058] ? lock_acquire+0x170/0x3f0 [ 1861.978060] ? lock_downgrade+0x740/0x740 [ 1861.978063] slabs_destroy+0x90/0xd0 [ 1861.978065] ___cache_free+0x213/0x2c0 [ 1861.978068] qlist_free_all+0x79/0x140 [ 1861.978070] quarantine_reduce+0x185/0x200 [ 1861.978073] kasan_kmalloc+0xa2/0x160 [ 1861.978075] ? __lock_acquire+0x5fc/0x3f20 [ 1861.978078] ? trace_hardirqs_on+0x10/0x10 [ 1861.978080] ? putname+0xcd/0x110 [ 1861.978083] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1861.978085] ? seccomp_run_filters+0x151/0x540 [ 1861.978088] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1861.978091] ? trace_hardirqs_on+0x10/0x10 [ 1861.978093] ? cache_alloc_refill+0x2fa/0x350 [ 1861.978096] ? lock_downgrade+0x740/0x740 [ 1861.978098] ? do_raw_spin_unlock+0x164/0x220 [ 1861.978101] ? _raw_spin_unlock+0x29/0x40 [ 1861.978103] ? cache_alloc_refill+0x2fa/0x350 [ 1861.978106] ? kmem_cache_alloc+0x2c8/0x3c0 [ 1861.978108] kmem_cache_alloc+0x111/0x3c0 [ 1861.978111] getname_flags+0xc8/0x550 [ 1861.978113] do_sys_open+0x1ce/0x410 [ 1861.978115] ? filp_open+0x60/0x60 [ 1861.978118] ? do_syscall_64+0x4c/0x640 [ 1861.978120] ? do_sys_open+0x410/0x410 [ 1861.978123] do_syscall_64+0x1d5/0x640 [ 1861.978126] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1861.978128] RIP: 0033:0x7f282dc2d840 [ 1861.978131] RSP: 002b:00007ffc093b3658 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1861.978137] RAX: ffffffffffffffda RBX: 00007ffc093b3960 RCX: 00007f282dc2d840 [ 1861.978140] RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 00005593924152e0 [ 1861.978144] RBP: 000000000000000d R08: 000000000000c0ff R09: 00000000ffffffff [ 1861.978147] R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff [ 1861.978151] R13: 0000559392411040 R14: 00007ffc093b3920 R15: 0000559392417be0 [ 1861.978152] Code: 84 d2 0f 85 76 01 00 00 8b 0d e5 32 a9 0a 85 c9 75 3d 48 c7 c0 80 92 f0 88 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 <0f> 85 92 01 00 00 48 83 3d fa 77 ae 07 00 0f 84 78 01 00 00 9c [ 1861.978929] Kernel panic - not syncing: hung_task: blocked tasks [ 1862.308137] CPU: 0 PID: 1531 Comm: khungtaskd Not tainted 4.14.210-syzkaller #0 [ 1862.315584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1862.324957] Call Trace: [ 1862.327547] dump_stack+0x1b2/0x283 [ 1862.331251] panic+0x1f9/0x42d [ 1862.334430] ? add_taint.cold+0x16/0x16 [ 1862.338402] watchdog+0x5ca/0xb40 [ 1862.341850] ? hungtask_pm_notify+0x50/0x50 [ 1862.346155] kthread+0x30d/0x420 [ 1862.349506] ? kthread_create_on_node+0xd0/0xd0 [ 1862.354177] ret_from_fork+0x24/0x30 [ 1862.358590] Kernel Offset: disabled [ 1862.362212] Rebooting in 86400 seconds..