[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 486.027499][ T8453] IPVS: ftp: loaded support on port[0] = 21 [ 721.448094][ T1645] INFO: task kworker/u4:4:157 blocked for more than 143 seconds. [ 721.456035][ T1645] Not tainted 5.10.0-syzkaller #0 [ 721.463656][ T1645] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 721.473316][ T1645] task:kworker/u4:4 state:D stack:23544 pid: 157 ppid: 2 flags:0x00004000 [ 721.483563][ T1645] Workqueue: tc_filter_workqueue tcindex_partial_destroy_work [ 721.491934][ T1645] Call Trace: [ 721.495299][ T1645] __schedule+0x951/0x2290 [ 721.502325][ T1645] ? io_schedule_timeout+0x140/0x140 [ 721.507662][ T1645] schedule+0xcf/0x270 [ 721.513618][ T1645] schedule_preempt_disabled+0xf/0x20 [ 721.519825][ T1645] __mutex_lock+0x9e9/0x1240 [ 721.524447][ T1645] ? tcindex_partial_destroy_work+0x13/0x50 [ 721.531778][ T1645] ? mutex_lock_io_nested+0x1090/0x1090 [ 721.537530][ T1645] ? lock_release+0x710/0x710 [ 721.543927][ T1645] tcindex_partial_destroy_work+0x13/0x50 [ 721.550751][ T1645] process_one_work+0x868/0x15c0 [ 721.555737][ T1645] ? lock_release+0x710/0x710 [ 721.561741][ T1645] ? pwq_dec_nr_in_flight+0x320/0x320 [ 721.567153][ T1645] ? rwlock_bug.part.0+0x90/0x90 [ 721.573552][ T1645] ? _raw_spin_lock_irq+0x41/0x50 [ 721.579435][ T1645] worker_thread+0x64c/0x1120 [ 721.584167][ T1645] ? process_one_work+0x15c0/0x15c0 [ 721.590729][ T1645] kthread+0x3b1/0x4a0 [ 721.594825][ T1645] ? __kthread_bind_mask+0xc0/0xc0 [ 721.601296][ T1645] ret_from_fork+0x1f/0x30 [ 721.605932][ T1645] INFO: task kworker/0:1:8445 blocked for more than 143 seconds. [ 721.615044][ T1645] Not tainted 5.10.0-syzkaller #0 [ 721.622554][ T1645] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 721.633383][ T1645] task:kworker/0:1 state:D stack:29768 pid: 8445 ppid: 2 flags:0x00004000 [ 721.643622][ T1645] Workqueue: ipv6_addrconf addrconf_verify_work [ 721.650727][ T1645] Call Trace: [ 721.654044][ T1645] __schedule+0x951/0x2290 [ 721.659741][ T1645] ? io_schedule_timeout+0x140/0x140 [ 721.665061][ T1645] ? _raw_spin_unlock_irq+0x1f/0x40 [ 721.671675][ T1645] ? lockdep_hardirqs_on+0x79/0x100 [ 721.676907][ T1645] schedule+0xcf/0x270 [ 721.682253][ T1645] schedule_preempt_disabled+0xf/0x20 [ 721.687649][ T1645] __mutex_lock+0x9e9/0x1240 [ 721.693599][ T1645] ? addrconf_verify_work+0xa/0x20 [ 721.699564][ T1645] ? mutex_lock_io_nested+0x1090/0x1090 [ 721.705147][ T1645] ? lock_release+0x710/0x710 [ 721.711200][ T1645] ? lock_downgrade+0x6d0/0x6d0 [ 721.716115][ T1645] addrconf_verify_work+0xa/0x20 [ 721.722552][ T1645] process_one_work+0x868/0x15c0 [ 721.727526][ T1645] ? lock_release+0x710/0x710 [ 721.733978][ T1645] ? pwq_dec_nr_in_flight+0x320/0x320 [ 721.740128][ T1645] ? rwlock_bug.part.0+0x90/0x90 [ 721.745094][ T1645] ? _raw_spin_lock_irq+0x41/0x50 [ 721.751636][ T1645] worker_thread+0x64c/0x1120 [ 721.756378][ T1645] ? __kthread_parkme+0x13f/0x1e0 [ 721.763972][ T1645] ? process_one_work+0x15c0/0x15c0 [ 721.770026][ T1645] kthread+0x3b1/0x4a0 [ 721.774128][ T1645] ? __kthread_bind_mask+0xc0/0xc0 [ 721.780652][ T1645] ret_from_fork+0x1f/0x30 [ 721.785159][ T1645] [ 721.785159][ T1645] Showing all locks held in the system: [ 721.794582][ T1645] 3 locks held by kworker/u4:4/157: [ 721.800616][ T1645] #0: ffff888016414138 ((wq_completion)tc_filter_workqueue){+.+.}-{0:0}, at: process_one_work+0x750/0x15c0 [ 721.813071][ T1645] #1: ffffc9000128fda8 ((work_completion)(&(rwork)->work)){+.+.}-{0:0}, at: process_one_work+0x783/0x15c0 [ 721.825361][ T1645] #2: ffffffff8d9019c8 (rtnl_mutex){+.+.}-{3:3}, at: tcindex_partial_destroy_work+0x13/0x50 [ 721.836464][ T1645] 1 lock held by khungtaskd/1645: [ 721.842441][ T1645] #0: ffffffff8ba40120 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x28c [ 721.853310][ T1645] 1 lock held by in:imklog/8157: [ 721.859109][ T1645] #0: ffff888012ab0370 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 [ 721.869241][ T1645] 3 locks held by kworker/0:1/8445: [ 721.874542][ T1645] #0: ffff8881472d0138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x750/0x15c0 [ 721.886851][ T1645] #1: ffffc900013dfda8 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x783/0x15c0 [ 721.899566][ T1645] #2: ffffffff8d9019c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 [ 721.909889][ T1645] 2 locks held by syz-executor798/8475: [ 721.915508][ T1645] [ 721.917851][ T1645] ============================================= [ 721.917851][ T1645] [ 721.928935][ T1645] NMI backtrace for cpu 1 [ 721.933319][ T1645] CPU: 1 PID: 1645 Comm: khungtaskd Not tainted 5.10.0-syzkaller #0 [ 721.941301][ T1645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 721.951462][ T1645] Call Trace: [ 721.954864][ T1645] dump_stack+0x107/0x163 [ 721.959217][ T1645] nmi_cpu_backtrace.cold+0x5c/0x7b [ 721.964494][ T1645] ? nmi_cpu_backtrace_handler+0x10/0x10 [ 721.970238][ T1645] nmi_trigger_cpumask_backtrace+0x1b3/0x230 [ 721.976308][ T1645] watchdog+0xe36/0x11f0 [ 721.980577][ T1645] ? reset_hung_task_detector+0x30/0x30 [ 721.986148][ T1645] kthread+0x3b1/0x4a0 [ 721.990234][ T1645] ? __kthread_bind_mask+0xc0/0xc0 [ 721.995475][ T1645] ret_from_fork+0x1f/0x30 [ 722.000181][ T1645] Sending NMI from CPU 1 to CPUs 0: [ 722.006893][ C0] NMI backtrace for cpu 0 [ 722.006901][ C0] CPU: 0 PID: 8475 Comm: syz-executor798 Not tainted 5.10.0-syzkaller #0 [ 722.006908][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 722.006913][ C0] RIP: 0010:radix_tree_lookup+0x17/0x20 [ 722.006925][ C0] Code: 5b 5d 41 5c c3 49 89 c4 eb c8 e8 54 16 39 05 0f 1f 40 00 41 54 49 89 f4 55 48 89 fd e8 82 14 8a fd 4c 89 e6 48 89 ef 5d 41 5c <31> c9 31 d2 e9 40 fc ff ff 41 57 49 bf 00 00 00 00 00 fc ff df 41 [ 722.006930][ C0] RSP: 0018:ffffc9000130ed48 EFLAGS: 00000293 [ 722.006941][ C0] RAX: 0000000000000000 RBX: 000000000000ffff RCX: ffffffff87540ad9 [ 722.006947][ C0] RDX: ffff88801ca95340 RSI: 000000000000ffff RDI: ffff888014835890 [ 722.006961][ C0] RBP: ffffc9000130ee00 R08: 0000000000000000 R09: ffff888014835807 [ 722.006967][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: ffffc9000130ef88 [ 722.006974][ C0] R13: 0000000000000001 R14: ffff888014835800 R15: ffff888014835890 [ 722.006980][ C0] FS: 0000000000950880(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 722.006985][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 722.006991][ C0] CR2: 0000000020000280 CR3: 0000000026bae000 CR4: 00000000001506f0 [ 722.006997][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 722.007003][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 722.007007][ C0] Call Trace: [ 722.007012][ C0] tcf_idr_check_alloc+0xb0/0x3b0 [ 722.007016][ C0] tcf_police_init+0x1fd/0x13c0 [ 722.007021][ C0] ? tcf_police_search+0x40/0x40 [ 722.007025][ C0] ? find_held_lock+0x2d/0x110 [ 722.007030][ C0] ? tc_lookup_action_n+0xcd/0xf0 [ 722.007035][ C0] ? create_prof_cpu_mask+0x20/0x20 [ 722.007039][ C0] tcf_action_init_1+0x1b6/0x9d0 [ 722.007044][ C0] ? netlink_rcv_skb+0x153/0x420 [ 722.007048][ C0] ? tcf_action_dump_old+0x80/0x80 [ 722.007053][ C0] ? ____sys_sendmsg+0x6e8/0x810 [ 722.007057][ C0] ? ___sys_sendmsg+0xf3/0x170 [ 722.007061][ C0] ? __sys_sendmsg+0xe5/0x1b0 [ 722.007066][ C0] ? do_syscall_64+0x2d/0x70 [ 722.007071][ C0] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 722.007075][ C0] ? find_held_lock+0x2d/0x110 [ 722.007080][ C0] tcf_exts_validate+0x138/0x420 [ 722.007085][ C0] ? tcf_exts_destroy+0xc0/0xc0 [ 722.007089][ C0] ? kasan_unpoison_shadow+0x33/0x40 [ 722.007094][ C0] tcindex_set_parms+0x19c/0x23f0 [ 722.007099][ C0] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 722.007104][ C0] ? tcindex_alloc_perfect_hash+0x450/0x450 [ 722.007109][ C0] ? __nla_validate_parse+0x253/0x2510 [ 722.007114][ C0] ? nla_get_range_signed+0x520/0x520 [ 722.007118][ C0] ? find_held_lock+0x2d/0x110 [ 722.007123][ C0] tcindex_change+0x232/0x340 [ 722.007127][ C0] ? tcindex_set_parms+0x23f0/0x23f0 [ 722.007132][ C0] ? tcindex_lookup+0x98/0x410 [ 722.007136][ C0] tc_new_tfilter+0x135a/0x2050 [ 722.007141][ C0] ? tcindex_set_parms+0x23f0/0x23f0 [ 722.007146][ C0] ? tc_del_tfilter+0x1530/0x1530 [ 722.007151][ C0] ? print_irqtrace_events+0x270/0x270 [ 722.007155][ C0] ? kernel_text_address+0xbd/0xf0 [ 722.007160][ C0] ? tc_del_tfilter+0x1530/0x1530 [ 722.007164][ C0] rtnetlink_rcv_msg+0x8b1/0xb40 [ 722.007169][ C0] ? rtnl_fdb_dump+0xa00/0xa00 [ 722.007173][ C0] netlink_rcv_skb+0x153/0x420 [ 722.007178][ C0] ? rtnl_fdb_dump+0xa00/0xa00 [ 722.007182][ C0] ? netlink_ack+0xab0/0xab0 [ 722.007187][ C0] ? netlink_deliver_tap+0x2c4/0xc00 [ 722.007191][ C0] netlink_unicast+0x533/0x7d0 [ 722.007196][ C0] ? netlink_attachskb+0x870/0x870 [ 722.007200][ C0] ? __phys_addr_symbol+0x2c/0x80 [ 722.007205][ C0] ? __check_object_size+0x171/0x3f0 [ 722.007209][ C0] netlink_sendmsg+0x907/0xe10 [ 722.007214][ C0] ? netlink_unicast+0x7d0/0x7d0 [ 722.007219][ C0] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 722.007223][ C0] ? netlink_unicast+0x7d0/0x7d0 [ 722.007227][ C0] sock_sendmsg+0xd3/0x130 [ 722.007232][ C0] ____sys_sendmsg+0x6e8/0x810 [ 722.007236][ C0] ? kernel_sendmsg+0x50/0x50 [ 722.007241][ C0] ? do_recvmmsg+0x6c0/0x6c0 [ 722.007245][ C0] ? rcu_read_lock_sched_held+0x3a/0x70 [ 722.007250][ C0] ? kfree+0x305/0x400 [ 722.007254][ C0] ___sys_sendmsg+0xf3/0x170 [ 722.007259][ C0] ? sendmsg_copy_msghdr+0x160/0x160 [ 722.007263][ C0] ? lock_downgrade+0x6d0/0x6d0 [ 722.007267][ C0] ? _copy_to_user+0xdc/0x150 [ 722.007272][ C0] ? move_addr_to_user+0xad/0x1f0 [ 722.007276][ C0] ? __fget_light+0x215/0x280 [ 722.007281][ C0] __sys_sendmsg+0xe5/0x1b0 [ 722.007285][ C0] ? __sys_sendmsg_sock+0xb0/0xb0 [ 722.007290][ C0] ? syscall_enter_from_user_mode+0x1d/0x50 [ 722.007294][ C0] do_syscall_64+0x2d/0x70 [ 722.007299][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 722.007303][ C0] RIP: 0033:0x4439b9 [ 722.007315][ C0] Code: e8 5c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 722.007320][ C0] RSP: 002b:00007ffe42d82458 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 722.007331][ C0] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004439b9 [ 722.007337][ C0] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 722.007343][ C0] RBP: 00007ffe42d82460 R08: 0000000100000000 R09: 0000000100000000 [ 722.007349][ C0] R10: 0000000100000000 R11: 0000000000000246 R12: 0000000000076ab9 [ 722.007354][ C0] R13: 0000000000404890 R14: 0000000000000000 R15: 0000000000000000 [ 722.007361][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.426 msecs [ 722.018176][ T1645] Kernel panic - not syncing: hung_task: blocked tasks [ 722.554453][ T1645] CPU: 1 PID: 1645 Comm: khungtaskd Not tainted 5.10.0-syzkaller #0 [ 722.562438][ T1645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 722.572510][ T1645] Call Trace: [ 722.575834][ T1645] dump_stack+0x107/0x163 [ 722.580220][ T1645] panic+0x393/0x7d3 [ 722.584130][ T1645] ? __warn_printk+0xf3/0xf3 [ 722.588735][ T1645] ? nmi_cpu_backtrace_handler+0x10/0x10 [ 722.594378][ T1645] ? preempt_schedule_thunk+0x16/0x18 [ 722.599795][ T1645] ? watchdog.cold+0xd2/0xfc [ 722.604501][ T1645] ? watchdog+0xb67/0x11f0 [ 722.608937][ T1645] watchdog.cold+0xe3/0xfc [ 722.613402][ T1645] ? reset_hung_task_detector+0x30/0x30 [ 722.618962][ T1645] kthread+0x3b1/0x4a0 [ 722.623050][ T1645] ? __kthread_bind_mask+0xc0/0xc0 [ 722.628174][ T1645] ret_from_fork+0x1f/0x30 [ 722.633412][ T1645] Kernel Offset: disabled [ 722.637864][ T1645] Rebooting in 86400 seconds..