[ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.9' (ECDSA) to the list of known hosts. 2021/01/15 14:26:01 parsed 1 programs 2021/01/15 14:26:01 executed programs: 0 syzkaller login: [ 1586.317650] IPVS: ftp: loaded support on port[0] = 21 [ 1586.427543] chnl_net:caif_netlink_parms(): no params data found [ 1586.559921] bridge0: port 1(bridge_slave_0) entered blocking state [ 1586.568599] bridge0: port 1(bridge_slave_0) entered disabled state [ 1586.577150] device bridge_slave_0 entered promiscuous mode [ 1586.586265] bridge0: port 2(bridge_slave_1) entered blocking state [ 1586.592758] bridge0: port 2(bridge_slave_1) entered disabled state [ 1586.601369] device bridge_slave_1 entered promiscuous mode [ 1586.619503] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1586.630191] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1586.651955] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1586.660626] team0: Port device team_slave_0 added [ 1586.667518] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1586.676289] team0: Port device team_slave_1 added [ 1586.693399] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1586.700195] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1586.729007] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1586.742760] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1586.751590] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1586.781622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1586.793362] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1586.801384] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1586.825491] device hsr_slave_0 entered promiscuous mode [ 1586.832199] device hsr_slave_1 entered promiscuous mode [ 1586.840548] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1586.849658] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1586.927667] bridge0: port 2(bridge_slave_1) entered blocking state [ 1586.934530] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1586.941568] bridge0: port 1(bridge_slave_0) entered blocking state [ 1586.948508] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1586.985597] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 1586.994218] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1587.004845] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1587.016881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1587.028071] bridge0: port 1(bridge_slave_0) entered disabled state [ 1587.038262] bridge0: port 2(bridge_slave_1) entered disabled state [ 1587.046758] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1587.059806] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1587.066603] 8021q: adding VLAN 0 to HW filter on device team0 [ 1587.078519] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1587.087106] bridge0: port 1(bridge_slave_0) entered blocking state [ 1587.093907] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1587.104490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1587.114134] bridge0: port 2(bridge_slave_1) entered blocking state [ 1587.120929] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1587.140077] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1587.149175] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1587.161547] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1587.174688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1587.187757] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1587.200724] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1587.208393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1587.216245] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1587.232011] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1587.240798] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1587.249230] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1587.261454] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1587.277615] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1587.289503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1587.329996] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1587.339393] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1587.348445] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1587.358782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1587.367224] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1587.375634] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1587.386901] device veth0_vlan entered promiscuous mode [ 1587.397465] device veth1_vlan entered promiscuous mode [ 1587.405412] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1587.415535] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1587.432350] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1587.444941] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 1587.454802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1587.465313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1587.479054] device veth0_macvtap entered promiscuous mode [ 1587.486469] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1587.497113] device veth1_macvtap entered promiscuous mode [ 1587.506129] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 1587.521469] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1587.542121] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1587.555779] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 1587.567479] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1587.578561] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1587.587347] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1587.595964] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1587.604845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1587.617130] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1587.627017] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1587.635677] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1587.645328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1587.775292] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 1587.782541] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1587.791896] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1587.812310] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1587.821972] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 1587.830136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1587.839342] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1587.846790] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1588.364148] Bluetooth: hci0: command 0x0409 tx timeout [ 1590.433060] Bluetooth: hci0: command 0x041b tx timeout 2021/01/15 14:26:06 executed programs: 3 [ 1592.512855] Bluetooth: hci0: command 0x040f tx timeout [ 1594.592514] Bluetooth: hci0: command 0x0419 tx timeout 2021/01/15 14:26:12 executed programs: 9 2021/01/15 14:26:17 executed programs: 15 2021/01/15 14:26:22 executed programs: 21 2021/01/15 14:26:28 executed programs: 27 2021/01/15 14:26:33 executed programs: 33 2021/01/15 14:26:38 executed programs: 39 [ 1713.075197] Bluetooth: hci0: command 0x0406 tx timeout [ 1782.661037] INFO: task syz-executor.0:8698 blocked for more than 140 seconds. [ 1782.669924] Not tainted 4.19.167-syzkaller #0 [ 1782.676716] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1782.687993] syz-executor.0 D28416 8698 8143 0x00000004 [ 1782.696827] Call Trace: [ 1782.699914] __schedule+0x887/0x2040 [ 1782.705537] ? io_schedule_timeout+0x140/0x140 [ 1782.712292] ? mark_held_locks+0xf0/0xf0 [ 1782.716890] schedule+0x8d/0x1b0 [ 1782.724820] schedule_timeout+0x92d/0xfe0 [ 1782.730209] ? lock_acquire+0x170/0x3c0 [ 1782.735830] ? finish_task_switch+0x118/0x760 [ 1782.741901] ? usleep_range+0x170/0x170 [ 1782.746869] ? wait_for_common+0x294/0x470 [ 1782.752233] ? lock_downgrade+0x720/0x720 [ 1782.757632] ? lock_acquire+0x170/0x3c0 [ 1782.763326] ? wait_for_common+0x9e/0x470 [ 1782.768274] ? _raw_spin_unlock_irq+0x24/0x80 [ 1782.773576] wait_for_common+0x29c/0x470 [ 1782.778747] ? __flush_work+0x37e/0x8b0 [ 1782.783711] ? bit_wait_io_timeout+0x100/0x100 [ 1782.789455] ? ___preempt_schedule+0x16/0x18 [ 1782.795825] ? wake_up_q+0xe0/0xe0 [ 1782.799741] ? ___preempt_schedule+0x16/0x18 [ 1782.805168] __flush_work+0x4bb/0x8b0 [ 1782.809314] ? alloc_unbound_pwq+0xc10/0xc10 [ 1782.815262] ? flush_workqueue_prep_pwqs+0x570/0x570 [ 1782.822104] ? _raw_spin_unlock_irq+0x5a/0x80 [ 1782.828164] ? __flush_work+0x4cf/0x8b0 [ 1782.835799] ? trace_hardirqs_off+0x64/0x200 [ 1782.842154] ? __cancel_work_timer+0x3ba/0x590 [ 1782.848601] __cancel_work_timer+0x412/0x590 [ 1782.854990] ? try_to_grab_pending+0x6f0/0x6f0 [ 1782.859992] ? lock_downgrade+0x720/0x720 [ 1782.865391] ? lock_acquire+0x170/0x3c0 [ 1782.871407] ? p9_fd_close+0x172/0x520 [ 1782.875565] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1782.881779] p9_fd_close+0x305/0x520 [ 1782.886332] p9_client_create+0x901/0x12e0 [ 1782.892598] ? setup_fault_attr+0x200/0x200 [ 1782.897402] ? p9_client_flush+0x490/0x490 [ 1782.902416] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1782.907747] ? __lockdep_init_map+0x100/0x5a0 [ 1782.913080] ? __raw_spin_lock_init+0x28/0x100 [ 1782.919110] v9fs_session_init+0x1dd/0x1770 [ 1782.924577] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1782.930628] ? v9fs_show_options+0x760/0x760 [ 1782.936071] ? setup_fault_attr+0x200/0x200 [ 1782.941953] ? lock_acquire+0x170/0x3c0 [ 1782.949030] ? check_preemption_disabled+0x41/0x280 [ 1782.960253] ? v9fs_mount+0x54/0x910 [ 1782.969182] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1782.977869] ? kmem_cache_alloc_trace+0x323/0x380 [ 1782.988347] v9fs_mount+0x73/0x910 [ 1782.994435] ? alloc_pages_current+0x19b/0x2a0 [ 1783.000177] ? __lockdep_init_map+0x100/0x5a0 [ 1783.005777] mount_fs+0xa3/0x30c [ 1783.010052] vfs_kern_mount.part.0+0x68/0x470 [ 1783.015012] do_mount+0x113c/0x2f10 [ 1783.019415] ? do_raw_spin_unlock+0x171/0x230 [ 1783.025822] ? check_preemption_disabled+0x41/0x280 [ 1783.032282] ? copy_mount_string+0x40/0x40 [ 1783.037178] ? copy_mount_options+0x59/0x380 [ 1783.042716] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1783.049535] ? kmem_cache_alloc_trace+0x323/0x380 [ 1783.056343] ? copy_mount_options+0x26f/0x380 [ 1783.062337] ksys_mount+0xcf/0x130 [ 1783.066266] __x64_sys_mount+0xba/0x150 [ 1783.071151] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 1783.075872] do_syscall_64+0xf9/0x620 [ 1783.080251] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1783.085983] RIP: 0033:0x45e219 [ 1783.090409] Code: Bad RIP value. [ 1783.094518] RSP: 002b:00007fc5530f9c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1783.102884] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e219 [ 1783.111614] RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000000000000 [ 1783.119391] RBP: 000000000119c1c8 R08: 0000000020000580 R09: 0000000000000000 [ 1783.127034] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119c184 [ 1783.134925] R13: 00007ffe1a09175f R14: 00007fc5530fa9c0 R15: 000000000119c184 [ 1783.144441] [ 1783.144441] Showing all locks held in the system: [ 1783.151662] 2 locks held by kworker/0:1/14: [ 1783.156164] #0: 000000006ac752c8 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 [ 1783.167153] #1: 000000002f43361c ((work_completion)(&m->wq)){+.+.}, at: process_one_work+0x79c/0x1570 [ 1783.178054] 1 lock held by khungtaskd/1565: [ 1783.184240] #0: 00000000fd3784cf (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 [ 1783.195719] 1 lock held by systemd-journal/4688: [ 1783.201643] 1 lock held by in:imklog/7793: [ 1783.206619] #0: 00000000ef1a689f (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 [ 1783.214939] [ 1783.216578] ============================================= [ 1783.216578] [ 1783.224655] NMI backtrace for cpu 0 [ 1783.228373] CPU: 0 PID: 1565 Comm: khungtaskd Not tainted 4.19.167-syzkaller #0 [ 1783.237249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1783.247422] Call Trace: [ 1783.250205] dump_stack+0x1fc/0x2fe [ 1783.254013] nmi_cpu_backtrace.cold+0x63/0xa2 [ 1783.259154] ? lapic_can_unplug_cpu.cold+0x39/0x39 [ 1783.265571] nmi_trigger_cpumask_backtrace+0x1a6/0x1eb [ 1783.271641] watchdog+0x991/0xe60 [ 1783.275637] ? reset_hung_task_detector+0x30/0x30 [ 1783.280913] kthread+0x33f/0x460 [ 1783.284515] ? kthread_park+0x180/0x180 [ 1783.288969] ret_from_fork+0x24/0x30 [ 1783.293153] Sending NMI from CPU 0 to CPUs 1: [ 1783.297903] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0xe/0x10 [ 1783.298839] Kernel panic - not syncing: hung_task: blocked tasks [ 1783.314390] CPU: 0 PID: 1565 Comm: khungtaskd Not tainted 4.19.167-syzkaller #0 [ 1783.322293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1783.333901] Call Trace: [ 1783.337709] dump_stack+0x1fc/0x2fe [ 1783.342254] panic+0x26a/0x50e [ 1783.346116] ? __warn_printk+0xf3/0xf3 [ 1783.350370] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1783.356382] ? cpumask_next+0x3c/0x40 [ 1783.360785] ? printk_safe_flush+0xd6/0x120 [ 1783.365240] ? watchdog+0x991/0xe60 [ 1783.369047] ? nmi_trigger_cpumask_backtrace+0x15e/0x1eb [ 1783.375409] watchdog+0x9a2/0xe60 [ 1783.379146] ? reset_hung_task_detector+0x30/0x30 [ 1783.384358] kthread+0x33f/0x460 [ 1783.388189] ? kthread_park+0x180/0x180 [ 1783.392672] ret_from_fork+0x24/0x30 [ 1783.398568] Kernel Offset: disabled [ 1783.402602] Rebooting in 86400 seconds..