[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts. syzkaller login: [ 299.065875][ T6856] IPVS: ftp: loaded support on port[0] = 21 [ 299.152108][ T6856] chnl_net:caif_netlink_parms(): no params data found [ 299.202559][ T6856] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.210903][ T6856] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.219459][ T6856] device bridge_slave_0 entered promiscuous mode [ 299.227785][ T6856] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.235301][ T6856] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.243113][ T6856] device bridge_slave_1 entered promiscuous mode [ 299.262387][ T6856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 299.273467][ T6856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 299.296533][ T6856] team0: Port device team_slave_0 added [ 299.304536][ T6856] team0: Port device team_slave_1 added [ 299.320881][ T6856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 299.328046][ T6856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.354115][ T6856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 299.366319][ T6856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 299.373354][ T6856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.399268][ T6856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 299.424080][ T6856] device hsr_slave_0 entered promiscuous mode [ 299.430825][ T6856] device hsr_slave_1 entered promiscuous mode [ 299.520950][ T6856] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 299.531281][ T6856] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 299.541309][ T6856] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 299.551817][ T6856] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 299.574873][ T6856] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.582001][ T6856] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.589771][ T6856] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.596993][ T6856] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.639858][ T6856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 299.652567][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 299.663657][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.671546][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.680758][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 299.694158][ T6856] 8021q: adding VLAN 0 to HW filter on device team0 [ 299.705699][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 299.714853][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.721944][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.734118][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 299.742725][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.749771][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.767371][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 299.776646][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 299.788144][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 299.804634][ T6856] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 299.815960][ T6856] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 299.827862][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 299.836674][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 299.845372][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 299.862908][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 299.870256][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 299.883796][ T6856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 299.903189][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 299.923374][ T6856] device veth0_vlan entered promiscuous mode [ 299.930790][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 299.939861][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 299.948826][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 299.961870][ T6856] device veth1_vlan entered promiscuous mode [ 299.981439][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 299.989799][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 299.998304][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 300.008519][ T6856] device veth0_macvtap entered promiscuous mode [ 300.019226][ T6856] device veth1_macvtap entered promiscuous mode [ 300.036047][ T6856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 300.045225][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 300.055848][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 300.068032][ T6856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 300.075887][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 300.087107][ T6856] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.096282][ T6856] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 300.105445][ T6856] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.114460][ T6856] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.235448][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 452.551987][ T1144] INFO: task syz-executor978:6856 blocked for more than 143 seconds. [ 452.560410][ T1144] Not tainted 5.9.0-rc1-syzkaller #0 [ 452.567002][ T1144] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 452.575730][ T1144] task:syz-executor978 state:D stack:23912 pid: 6856 ppid: 6855 flags:0x00000000 [ 452.585062][ T1144] Call Trace: [ 452.588482][ T1144] __schedule+0x8e5/0x21e0 [ 452.592956][ T1144] ? io_schedule_timeout+0x140/0x140 [ 452.598251][ T1144] schedule+0xd0/0x2a0 [ 452.602373][ T1144] schedule_timeout+0x1d8/0x250 [ 452.607275][ T1144] ? usleep_range+0x170/0x170 [ 452.612059][ T1144] ? mark_held_locks+0x9f/0xe0 [ 452.616817][ T1144] ? _raw_spin_unlock_irq+0x1f/0x80 [ 452.622296][ T1144] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 452.628379][ T1144] ? trace_hardirqs_on+0x5f/0x220 [ 452.633472][ T1144] wait_for_completion+0x163/0x260 [ 452.638580][ T1144] ? wait_for_completion_interruptible+0x2e0/0x2e0 [ 452.645127][ T1144] ? _raw_spin_unlock_irq+0x1f/0x80 [ 452.650319][ T1144] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 452.656438][ T1144] __flush_work+0x51f/0xab0 [ 452.660937][ T1144] ? queue_work_node+0x370/0x370 [ 452.666005][ T1144] ? debug_object_init_on_stack+0x20/0x20 [ 452.672631][ T1144] ? flush_workqueue_prep_pwqs+0x4f0/0x4f0 [ 452.678441][ T1144] ? mark_held_locks+0x9f/0xe0 [ 452.683260][ T1144] ? __cancel_work_timer+0x516/0x700 [ 452.688667][ T1144] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 452.694698][ T1144] __cancel_work_timer+0x5de/0x700 [ 452.699810][ T1144] ? try_to_grab_pending.part.0+0x7d0/0x7d0 [ 452.705742][ T1144] ? lock_acquire+0x1f1/0xad0 [ 452.710465][ T1144] ? __sock_release+0x86/0x280 [ 452.715282][ T1144] ? lock_release+0x8e0/0x8e0 [ 452.720033][ T1144] tls_sk_proto_close+0x4a7/0xaf0 [ 452.725130][ T1144] ? wait_on_pending_writer+0x3f0/0x3f0 [ 452.730707][ T1144] ? ip_mc_drop_socket+0x16/0x260 [ 452.735800][ T1144] inet_release+0x12e/0x280 [ 452.740343][ T1144] inet6_release+0x4c/0x70 [ 452.744803][ T1144] __sock_release+0xcd/0x280 [ 452.749389][ T1144] sock_close+0x18/0x20 [ 452.753625][ T1144] __fput+0x285/0x920 [ 452.757605][ T1144] ? __sock_release+0x280/0x280 [ 452.762514][ T1144] task_work_run+0xdd/0x190 [ 452.767067][ T1144] exit_to_user_mode_prepare+0x195/0x1c0 [ 452.772759][ T1144] syscall_exit_to_user_mode+0x59/0x2b0 [ 452.778300][ T1144] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 452.784907][ T1144] RIP: 0033:0x403960 [ 452.788781][ T1144] Code: Bad RIP value. [ 452.792869][ T1144] RSP: 002b:00007ffe462ba838 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 452.801273][ T1144] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000403960 [ 452.809290][ T1144] RDX: 00000000000000d8 RSI: 00000000200005c0 RDI: 0000000000000004 [ 452.817309][ T1144] RBP: 00007ffe462ba840 R08: 0000000000000000 R09: 00000000000000d8 [ 452.825366][ T1144] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe462ba850 [ 452.833537][ T1144] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 452.841513][ T1144] [ 452.841513][ T1144] Showing all locks held in the system: [ 452.849288][ T1144] 3 locks held by kworker/0:1/12: [ 452.854369][ T1144] #0: ffff8880aa063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 452.864750][ T1144] #1: ffffc90000d2fda8 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 452.877845][ T1144] #2: ffff8880a8b038d8 (&ctx->tx_lock){+.+.}-{3:3}, at: tx_work_handler+0x127/0x190 [ 452.887366][ T1144] 1 lock held by khungtaskd/1144: [ 452.892992][ T1144] #0: ffffffff89bd6900 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 452.902910][ T1144] 1 lock held by syz-executor978/6856: [ 452.908354][ T1144] #0: ffff8880858e0c90 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280 [ 452.918905][ T1144] [ 452.921227][ T1144] ============================================= [ 452.921227][ T1144] [ 452.929770][ T1144] NMI backtrace for cpu 1 [ 452.934149][ T1144] CPU: 1 PID: 1144 Comm: khungtaskd Not tainted 5.9.0-rc1-syzkaller #0 [ 452.942405][ T1144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 452.952443][ T1144] Call Trace: [ 452.955761][ T1144] dump_stack+0x18f/0x20d [ 452.960083][ T1144] nmi_cpu_backtrace.cold+0x70/0xb1 [ 452.965310][ T1144] ? lapic_can_unplug_cpu.cold+0x38/0x38 [ 452.970933][ T1144] nmi_trigger_cpumask_backtrace+0x1b3/0x223 [ 452.976906][ T1144] watchdog+0xd7d/0x1000 [ 452.981124][ T1144] ? reset_hung_task_detector+0x30/0x30 [ 452.986687][ T1144] kthread+0x3b5/0x4a0 [ 452.990729][ T1144] ? __kthread_bind_mask+0xc0/0xc0 [ 452.995813][ T1144] ? __kthread_bind_mask+0xc0/0xc0 [ 453.000939][ T1144] ret_from_fork+0x1f/0x30 [ 453.005459][ T1144] Sending NMI from CPU 1 to CPUs 0: [ 453.010730][ C0] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0xe/0x10 [ 453.012511][ T1144] Kernel panic - not syncing: hung_task: blocked tasks [ 453.026091][ T1144] CPU: 1 PID: 1144 Comm: khungtaskd Not tainted 5.9.0-rc1-syzkaller #0 [ 453.034300][ T1144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 453.044327][ T1144] Call Trace: [ 453.047595][ T1144] dump_stack+0x18f/0x20d [ 453.051968][ T1144] panic+0x2e3/0x75c [ 453.055838][ T1144] ? __warn_printk+0xf3/0xf3 [ 453.060403][ T1144] ? lapic_can_unplug_cpu.cold+0x38/0x38 [ 453.066034][ T1144] ? preempt_schedule_thunk+0x16/0x18 [ 453.071377][ T1144] ? watchdog.cold+0x5/0x16b [ 453.075945][ T1144] ? watchdog+0xa82/0x1000 [ 453.080336][ T1144] watchdog.cold+0x16/0x16b [ 453.084817][ T1144] ? reset_hung_task_detector+0x30/0x30 [ 453.090351][ T1144] kthread+0x3b5/0x4a0 [ 453.094395][ T1144] ? __kthread_bind_mask+0xc0/0xc0 [ 453.099475][ T1144] ? __kthread_bind_mask+0xc0/0xc0 [ 453.104590][ T1144] ret_from_fork+0x1f/0x30 [ 453.110457][ T1144] Kernel Offset: disabled [ 453.114773][ T1144] Rebooting in 86400 seconds..