Warning: Permanently added '10.128.0.206' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 505.273995][ T27] audit: type=1400 audit(1602016892.634:8): avc: denied { execmem } for pid=6896 comm="syz-executor725" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 505.290107][ T6897] IPVS: ftp: loaded support on port[0] = 21 executing program [ 505.342862][ T6918] netlink: 388 bytes leftover after parsing attributes in process `syz-executor725'. [ 505.363211][ T6919] netlink: 388 bytes leftover after parsing attributes in process `syz-executor725'. [ 660.127789][ T1176] INFO: task kworker/0:1:12 blocked for more than 143 seconds. [ 660.135635][ T1176] Not tainted 5.9.0-rc8-syzkaller #0 [ 660.147284][ T1176] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 660.159154][ T1176] task:kworker/0:1 state:D stack:28312 pid: 12 ppid: 2 flags:0x00004000 [ 660.169519][ T1176] Workqueue: ipv6_addrconf addrconf_verify_work [ 660.175769][ T1176] Call Trace: [ 660.180330][ T1176] __schedule+0xec9/0x2280 [ 660.184778][ T1176] ? io_schedule_timeout+0x140/0x140 [ 660.191363][ T1176] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 660.197448][ T1176] ? _raw_spin_unlock_irq+0x1f/0x80 [ 660.204035][ T1176] ? lockdep_hardirqs_on+0x53/0x100 [ 660.209991][ T1176] schedule+0xd0/0x2a0 [ 660.214076][ T1176] schedule_preempt_disabled+0xf/0x20 [ 660.220714][ T1176] __mutex_lock+0x3e2/0x10e0 [ 660.225326][ T1176] ? addrconf_verify_work+0xa/0x20 [ 660.231697][ T1176] ? mutex_lock_io_nested+0xf60/0xf60 [ 660.237096][ T1176] ? lock_release+0x8f0/0x8f0 [ 660.243061][ T1176] ? lock_downgrade+0x830/0x830 [ 660.248857][ T1176] ? _raw_spin_unlock_irq+0x1f/0x80 [ 660.254191][ T1176] ? lock_is_held_type+0xbb/0xf0 [ 660.260487][ T1176] addrconf_verify_work+0xa/0x20 [ 660.265446][ T1176] process_one_work+0x94c/0x1670 [ 660.272822][ T1176] ? lock_release+0x8f0/0x8f0 [ 660.277524][ T1176] ? pwq_dec_nr_in_flight+0x320/0x320 [ 660.284287][ T1176] ? rwlock_bug.part.0+0x90/0x90 [ 660.290004][ T1176] ? lockdep_hardirqs_off+0x96/0xd0 [ 660.295226][ T1176] worker_thread+0x64c/0x1120 [ 660.301344][ T1176] ? __kthread_parkme+0x13f/0x1e0 [ 660.306412][ T1176] ? process_one_work+0x1670/0x1670 [ 660.312918][ T1176] kthread+0x3b5/0x4a0 [ 660.317021][ T1176] ? __kthread_bind_mask+0xc0/0xc0 [ 660.323436][ T1176] ret_from_fork+0x1f/0x30 [ 660.328843][ T1176] [ 660.328843][ T1176] Showing all locks held in the system: [ 660.336570][ T1176] 3 locks held by kworker/0:1/12: [ 660.342944][ T1176] #0: ffff888099587538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670 [ 660.355602][ T1176] #1: ffffc90000d2fda8 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670 [ 660.366653][ T1176] #2: ffffffff8b14f0c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 [ 660.376872][ T1176] 1 lock held by khungtaskd/1176: [ 660.383845][ T1176] #0: ffffffff8a067f40 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 660.394673][ T1176] 1 lock held by in:imklog/6576: [ 660.401467][ T1176] #0: ffff8880a395a8f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 [ 660.411374][ T1176] 1 lock held by syz-executor725/6919: [ 660.416870][ T1176] [ 660.420391][ T1176] ============================================= [ 660.420391][ T1176] [ 660.429591][ T1176] NMI backtrace for cpu 0 [ 660.433931][ T1176] CPU: 0 PID: 1176 Comm: khungtaskd Not tainted 5.9.0-rc8-syzkaller #0 [ 660.442155][ T1176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 660.452201][ T1176] Call Trace: [ 660.455668][ T1176] dump_stack+0x198/0x1fd [ 660.460008][ T1176] nmi_cpu_backtrace.cold+0x70/0xb1 [ 660.465212][ T1176] ? lapic_can_unplug_cpu.cold+0x38/0x38 [ 660.470844][ T1176] nmi_trigger_cpumask_backtrace+0x1b3/0x223 [ 660.476823][ T1176] watchdog+0xd7d/0x1000 [ 660.481242][ T1176] ? reset_hung_task_detector+0x30/0x30 [ 660.486786][ T1176] kthread+0x3b5/0x4a0 [ 660.490876][ T1176] ? __kthread_bind_mask+0xc0/0xc0 [ 660.495986][ T1176] ret_from_fork+0x1f/0x30 [ 660.500598][ T1176] Sending NMI from CPU 0 to CPUs 1: [ 660.506742][ C1] NMI backtrace for cpu 1 [ 660.506748][ C1] CPU: 1 PID: 6919 Comm: syz-executor725 Not tainted 5.9.0-rc8-syzkaller #0 [ 660.506754][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 660.506758][ C1] RIP: 0010:check_memory_region+0x48/0x180 [ 660.506768][ C1] Code: b8 ff ff ff ff ff 7f ff ff 48 39 c7 0f 86 05 01 00 00 49 83 e9 01 48 89 fd 48 b8 00 00 00 00 00 fc ff df 4d 89 ca 48 c1 ed 03 <49> c1 ea 03 48 01 c5 49 01 c2 48 89 e8 49 8d 5a 01 48 89 da 48 29 [ 660.506772][ C1] RSP: 0018:ffffc90005586a30 EFLAGS: 00000802 [ 660.506778][ C1] RAX: dffffc0000000000 RBX: 0000000000000626 RCX: ffffffff815bb12a [ 660.506789][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8d0c2aa0 [ 660.506794][ C1] RBP: 1ffffffff1a18554 R08: 0000000000000000 R09: ffffffff8d0c2aa7 [ 660.506798][ C1] R10: ffffffff8d0c2aa7 R11: 0000000000000000 R12: ffff88808e884e90 [ 660.506802][ C1] R13: 0000000000000000 R14: 3b91fe380d896fee R15: 0000000000000000 [ 660.506806][ C1] FS: 0000000001aff880(0000) GS:ffff8880ae500000(0000) knlGS:0000000000000000 [ 660.506810][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 660.506814][ C1] CR2: 00000000006cd080 CR3: 00000000920a0000 CR4: 00000000001506e0 [ 660.506818][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 660.506822][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 660.506824][ C1] Call Trace: [ 660.506827][ C1] __lock_acquire+0x164a/0x5780 [ 660.506830][ C1] ? lockdep_hardirqs_on+0x53/0x100 [ 660.506833][ C1] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 660.506836][ C1] lock_acquire+0x1f3/0xaf0 [ 660.506839][ C1] ? tcf_idr_check_alloc+0x78/0x3b0 [ 660.506842][ C1] ? lock_release+0x8f0/0x8f0 [ 660.506845][ C1] ? finish_task_switch+0x1e5/0x790 [ 660.506847][ C1] ? __switch_to+0x425/0xfe0 [ 660.506850][ C1] ? lock_is_held_type+0xbb/0xf0 [ 660.506853][ C1] ? lock_is_held_type+0xbb/0xf0 [ 660.506856][ C1] __mutex_lock+0x134/0x10e0 [ 660.506859][ C1] ? tcf_idr_check_alloc+0x78/0x3b0 [ 660.506862][ C1] ? tcf_idr_check_alloc+0x78/0x3b0 [ 660.506865][ C1] ? mutex_lock_io_nested+0xf60/0xf60 [ 660.506868][ C1] ? __mutex_unlock_slowpath+0xe2/0x610 [ 660.506870][ C1] ? wait_for_completion+0x260/0x260 [ 660.506873][ C1] tcf_idr_check_alloc+0x78/0x3b0 [ 660.506876][ C1] tcf_police_init+0x347/0x13a0 [ 660.506879][ C1] ? tcf_police_cleanup+0x60/0x60 [ 660.506882][ C1] ? find_held_lock+0x2d/0x110 [ 660.506885][ C1] ? tc_lookup_action_n+0xcd/0xf0 [ 660.506887][ C1] tcf_action_init_1+0x1a3/0x990 [ 660.506890][ C1] ? tcf_action_dump_old+0x80/0x80 [ 660.506893][ C1] ? lock_acquire+0x1f3/0xaf0 [ 660.506896][ C1] ? lock_is_held_type+0xbb/0xf0 [ 660.506899][ C1] ? find_held_lock+0x2d/0x110 [ 660.506901][ C1] ? fs_reclaim_release+0x90/0xd0 [ 660.506904][ C1] ? mark_lock+0x82/0x1660 [ 660.506907][ C1] tcf_exts_validate+0x138/0x420 [ 660.506910][ C1] ? tcf_exts_destroy+0xc0/0xc0 [ 660.506913][ C1] ? kmem_cache_alloc_trace+0x18e/0x300 [ 660.506915][ C1] ? __nla_parse+0x3d/0x4a [ 660.506918][ C1] route4_change+0x6d8/0x2380 [ 660.506921][ C1] ? route4_delete+0xb70/0xb70 [ 660.506924][ C1] ? lock_is_held_type+0xbb/0xf0 [ 660.506926][ C1] tc_new_tfilter+0x1398/0x2130 [ 660.506929][ C1] ? route4_delete+0xb70/0xb70 [ 660.506932][ C1] ? tc_del_tfilter+0x15c0/0x15c0 [ 660.506935][ C1] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 660.506938][ C1] ? check_nnp_nosuid.isra.0+0x2a0/0x2a0 [ 660.506941][ C1] ? lock_is_held_type+0xbb/0xf0 [ 660.506944][ C1] ? security_capable+0x8f/0xc0 [ 660.506947][ C1] ? lock_is_held_type+0xbb/0xf0 [ 660.506950][ C1] ? tc_del_tfilter+0x15c0/0x15c0 [ 660.506952][ C1] rtnetlink_rcv_msg+0x80f/0xad0 [ 660.506955][ C1] ? rtnetlink_put_metrics+0x510/0x510 [ 660.506958][ C1] ? lock_acquire+0x1f3/0xaf0 [ 660.506961][ C1] ? netlink_deliver_tap+0x146/0xb70 [ 660.506964][ C1] netlink_rcv_skb+0x15a/0x430 [ 660.506967][ C1] ? rtnetlink_put_metrics+0x510/0x510 [ 660.506970][ C1] ? netlink_ack+0xa10/0xa10 [ 660.506972][ C1] netlink_unicast+0x533/0x7d0 [ 660.506975][ C1] ? netlink_attachskb+0x810/0x810 [ 660.506978][ C1] netlink_sendmsg+0x856/0xd90 [ 660.506981][ C1] ? netlink_unicast+0x7d0/0x7d0 [ 660.506984][ C1] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 660.506987][ C1] ? netlink_unicast+0x7d0/0x7d0 [ 660.506990][ C1] sock_sendmsg+0xcf/0x120 [ 660.506992][ C1] ____sys_sendmsg+0x331/0x810 [ 660.506995][ C1] ? kernel_sendmsg+0x50/0x50 [ 660.506998][ C1] ? do_recvmmsg+0x6d0/0x6d0 [ 660.507000][ C1] ? sock_alloc_file+0x4f/0x190 [ 660.507003][ C1] ? __lock_acquire+0x164a/0x5780 [ 660.507006][ C1] ___sys_sendmsg+0xf3/0x170 [ 660.507009][ C1] ? sendmsg_copy_msghdr+0x160/0x160 [ 660.507012][ C1] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 660.507015][ C1] ? fs_reclaim_release+0x90/0xd0 [ 660.507018][ C1] ? lock_is_held_type+0xbb/0xf0 [ 660.507021][ C1] ? find_held_lock+0x2d/0x110 [ 660.507023][ C1] ? __might_fault+0x11f/0x1d0 [ 660.507026][ C1] ? lock_downgrade+0x830/0x830 [ 660.507029][ C1] ? lock_is_held_type+0xbb/0xf0 [ 660.507032][ C1] __sys_sendmmsg+0x195/0x480 [ 660.507034][ C1] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 660.507037][ C1] ? find_held_lock+0x2d/0x110 [ 660.507040][ C1] ? __fd_install+0x1b4/0x600 [ 660.507043][ C1] ? alloc_file_pseudo+0x1/0x250 [ 660.507045][ C1] ? lock_is_held_type+0xbb/0xf0 [ 660.507048][ C1] ? __fd_install+0x1e6/0x600 [ 660.507051][ C1] ? __sys_socket+0x16d/0x200 [ 660.507053][ C1] ? lock_is_held_type+0xbb/0xf0 [ 660.507057][ C1] ? syscall_enter_from_user_mode+0x1d/0x60 [ 660.507060][ C1] __x64_sys_sendmmsg+0x99/0x100 [ 660.507063][ C1] ? syscall_enter_from_user_mode+0x1d/0x60 [ 660.507065][ C1] do_syscall_64+0x2d/0x70 [ 660.507069][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 660.507071][ C1] RIP: 0033:0x441599 [ 660.507081][ C1] Code: e8 5c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 660.507084][ C1] RSP: 002b:00007ffc1a4673c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 660.507091][ C1] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441599 [ 660.507095][ C1] RDX: 04924924924926d3 RSI: 0000000020000200 RDI: 0000000000000004 [ 660.507099][ C1] RBP: 00007ffc1a4673d0 R08: 0000000100000000 R09: 0000000100000000 [ 660.507103][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000007b61f [ 660.507108][ C1] R13: 0000000000402470 R14: 0000000000000000 R15: 0000000000000000 [ 660.517651][ T1176] Kernel panic - not syncing: hung_task: blocked tasks [ 661.158048][ T1176] CPU: 0 PID: 1176 Comm: khungtaskd Not tainted 5.9.0-rc8-syzkaller #0 [ 661.166359][ T1176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 661.176402][ T1176] Call Trace: [ 661.179698][ T1176] dump_stack+0x198/0x1fd [ 661.184029][ T1176] panic+0x382/0x7fb [ 661.188010][ T1176] ? __warn_printk+0xf3/0xf3 [ 661.192600][ T1176] ? lapic_can_unplug_cpu.cold+0x38/0x38 [ 661.198240][ T1176] ? preempt_schedule_thunk+0x16/0x18 [ 661.203630][ T1176] ? watchdog.cold+0x5/0x16b [ 661.208218][ T1176] ? watchdog+0xa82/0x1000 [ 661.212633][ T1176] watchdog.cold+0x16/0x16b [ 661.217137][ T1176] ? reset_hung_task_detector+0x30/0x30 [ 661.222683][ T1176] kthread+0x3b5/0x4a0 [ 661.226754][ T1176] ? __kthread_bind_mask+0xc0/0xc0 [ 661.231883][ T1176] ret_from_fork+0x1f/0x30 [ 661.237945][ T1176] Kernel Offset: disabled [ 661.242299][ T1176] Rebooting in 86400 seconds..