[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.32' (ECDSA) to the list of known hosts. 2020/04/25 09:37:13 parsed 1 programs 2020/04/25 09:37:16 executed programs: 0 syzkaller login: [ 1026.808715][ T26] audit: type=1400 audit(1587807436.098:8): avc: denied { execmem } for pid=7052 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 1026.844401][ T7053] IPVS: ftp: loaded support on port[0] = 21 [ 1026.948910][ T7053] chnl_net:caif_netlink_parms(): no params data found [ 1027.001528][ T7053] bridge0: port 1(bridge_slave_0) entered blocking state [ 1027.009123][ T7053] bridge0: port 1(bridge_slave_0) entered disabled state [ 1027.016892][ T7053] device bridge_slave_0 entered promiscuous mode [ 1027.026977][ T7053] bridge0: port 2(bridge_slave_1) entered blocking state [ 1027.035531][ T7053] bridge0: port 2(bridge_slave_1) entered disabled state [ 1027.043651][ T7053] device bridge_slave_1 entered promiscuous mode [ 1027.064956][ T7053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1027.075935][ T7053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1027.099500][ T7053] team0: Port device team_slave_0 added [ 1027.107646][ T7053] team0: Port device team_slave_1 added [ 1027.124703][ T7053] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1027.131761][ T7053] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1027.158569][ T7053] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1027.171854][ T7053] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1027.178881][ T7053] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1027.204932][ T7053] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1027.270265][ T7053] device hsr_slave_0 entered promiscuous mode [ 1027.317555][ T7053] device hsr_slave_1 entered promiscuous mode [ 1027.452813][ T7053] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1027.490177][ T7053] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1027.569584][ T7053] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1027.620037][ T7053] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1027.713807][ T7053] bridge0: port 2(bridge_slave_1) entered blocking state [ 1027.721009][ T7053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1027.728888][ T7053] bridge0: port 1(bridge_slave_0) entered blocking state [ 1027.735947][ T7053] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1027.785520][ T7053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1027.800776][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1027.812088][ T2716] bridge0: port 1(bridge_slave_0) entered disabled state [ 1027.821315][ T2716] bridge0: port 2(bridge_slave_1) entered disabled state [ 1027.829639][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1027.844174][ T7053] 8021q: adding VLAN 0 to HW filter on device team0 [ 1027.855944][ T7016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1027.865904][ T7016] bridge0: port 1(bridge_slave_0) entered blocking state [ 1027.873123][ T7016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1027.899809][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1027.908711][ T2716] bridge0: port 2(bridge_slave_1) entered blocking state [ 1027.915738][ T2716] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1027.924717][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1027.933693][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1027.943642][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1027.958478][ T7016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1027.967693][ T7016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1027.976594][ T7016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1027.986273][ T7016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1027.999551][ T7053] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1028.020053][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1028.028034][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1028.042664][ T7053] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1028.066251][ T7016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1028.075028][ T7016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1028.095227][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1028.104701][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1028.115553][ T7053] device veth0_vlan entered promiscuous mode [ 1028.123932][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1028.132731][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1028.145369][ T7053] device veth1_vlan entered promiscuous mode [ 1028.168020][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1028.176122][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1028.186218][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1028.194905][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1028.208295][ T7053] device veth0_macvtap entered promiscuous mode [ 1028.219440][ T7053] device veth1_macvtap entered promiscuous mode [ 1028.237818][ T7053] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1028.245175][ T7016] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1028.254765][ T7016] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1028.262994][ T7016] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1028.271842][ T7016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1028.284579][ T7053] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1028.292239][ T7016] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1028.301154][ T7016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2020/04/25 09:37:21 executed programs: 54 2020/04/25 09:37:26 executed programs: 153 2020/04/25 09:37:31 executed programs: 234 2020/04/25 09:37:36 executed programs: 320 2020/04/25 09:37:41 executed programs: 416 2020/04/25 09:37:46 executed programs: 504 2020/04/25 09:37:51 executed programs: 595 2020/04/25 09:37:56 executed programs: 687 2020/04/25 09:38:01 executed programs: 776 2020/04/25 09:38:06 executed programs: 867 2020/04/25 09:38:11 executed programs: 959 2020/04/25 09:38:16 executed programs: 1051 2020/04/25 09:38:21 executed programs: 1139 2020/04/25 09:38:26 executed programs: 1238 2020/04/25 09:38:31 executed programs: 1337 2020/04/25 09:38:36 executed programs: 1427 2020/04/25 09:38:41 executed programs: 1513 2020/04/25 09:38:46 executed programs: 1619 2020/04/25 09:38:51 executed programs: 1714 2020/04/25 09:38:56 executed programs: 1808 2020/04/25 09:39:01 executed programs: 1903 2020/04/25 09:39:06 executed programs: 1996 2020/04/25 09:39:11 executed programs: 2098 2020/04/25 09:39:16 executed programs: 2188 2020/04/25 09:39:21 executed programs: 2283 2020/04/25 09:39:26 executed programs: 2376 2020/04/25 09:39:31 executed programs: 2461 2020/04/25 09:39:36 executed programs: 2548 2020/04/25 09:39:41 executed programs: 2637 2020/04/25 09:39:46 executed programs: 2722 2020/04/25 09:39:51 executed programs: 2817 2020/04/25 09:39:56 executed programs: 2902 2020/04/25 09:40:01 executed programs: 2995 2020/04/25 09:40:07 executed programs: 3076 2020/04/25 09:40:12 executed programs: 3168 2020/04/25 09:40:17 executed programs: 3261 2020/04/25 09:40:22 executed programs: 3349 2020/04/25 09:40:27 executed programs: 3439 2020/04/25 09:40:32 executed programs: 3530 2020/04/25 09:40:37 executed programs: 3619 2020/04/25 09:40:42 executed programs: 3705 2020/04/25 09:40:47 executed programs: 3801 2020/04/25 09:40:52 executed programs: 3891 2020/04/25 09:40:57 executed programs: 3980 2020/04/25 09:41:02 executed programs: 4075 2020/04/25 09:41:07 executed programs: 4165 [ 1262.735032][ T0] NOHZ: local_softirq_pending 08 2020/04/25 09:41:12 executed programs: 4260 2020/04/25 09:41:17 executed programs: 4348 2020/04/25 09:41:22 executed programs: 4436 2020/04/25 09:41:27 executed programs: 4527 2020/04/25 09:41:32 executed programs: 4608 2020/04/25 09:41:37 executed programs: 4698 2020/04/25 09:41:42 executed programs: 4790 [ 1324.169725][ T0] NOHZ: local_softirq_pending 08 [ 1344.648200][ T0] NOHZ: local_softirq_pending 08 [ 1498.236148][ T1125] INFO: task kworker/1:5:2724 blocked for more than 143 seconds. [ 1498.244104][ T1125] Not tainted 5.7.0-rc2-syzkaller #0 [ 1498.254432][ T1125] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1498.263864][ T1125] kworker/1:5 D27416 2724 2 0x80004000 [ 1498.271834][ T1125] Workqueue: events linkwatch_event [ 1498.277792][ T1125] Call Trace: [ 1498.281186][ T1125] ? __schedule+0x937/0x1ff0 [ 1498.285785][ T1125] ? lock_downgrade+0x840/0x840 [ 1498.292759][ T1125] ? __sched_text_start+0x8/0x8 [ 1498.298247][ T1125] ? lockdep_hardirqs_on+0x463/0x620 [ 1498.303533][ T1125] schedule+0xd0/0x2a0 [ 1498.309320][ T1125] schedule_preempt_disabled+0xf/0x20 [ 1498.314681][ T1125] __mutex_lock+0x7ab/0x13c0 [ 1498.320265][ T1125] ? linkwatch_event+0xb/0x60 [ 1498.324936][ T1125] ? mutex_trylock+0x2c0/0x2c0 [ 1498.331446][ T1125] ? process_one_work+0x878/0x16a0 [ 1498.337270][ T1125] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1498.342808][ T1125] ? linkwatch_event+0xb/0x60 [ 1498.349236][ T1125] linkwatch_event+0xb/0x60 [ 1498.353732][ T1125] process_one_work+0x965/0x16a0 [ 1498.359578][ T1125] ? lock_release+0x800/0x800 [ 1498.364259][ T1125] ? pwq_dec_nr_in_flight+0x310/0x310 [ 1498.372096][ T1125] ? rwlock_bug.part.0+0x90/0x90 [ 1498.377692][ T1125] ? kthread_data+0x4f/0xc0 [ 1498.382199][ T1125] worker_thread+0x96/0xe20 [ 1498.388403][ T1125] ? process_one_work+0x16a0/0x16a0 [ 1498.393590][ T1125] kthread+0x388/0x470 [ 1498.399260][ T1125] ? _raw_spin_unlock_irq+0x4b/0x80 [ 1498.404449][ T1125] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 1498.411853][ T1125] ret_from_fork+0x24/0x30 [ 1498.416967][ T1125] INFO: task syz-executor.0:7053 blocked for more than 143 seconds. [ 1498.424938][ T1125] Not tainted 5.7.0-rc2-syzkaller #0 [ 1498.432634][ T1125] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1498.441923][ T1125] syz-executor.0 D23512 7053 1 0x80004006 [ 1498.450007][ T1125] Call Trace: [ 1498.453293][ T1125] ? __schedule+0x937/0x1ff0 [ 1498.458779][ T1125] ? __sched_text_start+0x8/0x8 [ 1498.463622][ T1125] ? mark_held_locks+0xe0/0xe0 [ 1498.470069][ T1125] schedule+0xd0/0x2a0 [ 1498.474139][ T1125] schedule_timeout+0x55b/0x850 [ 1498.479932][ T1125] ? mark_lock+0x12b/0xf10 [ 1498.484340][ T1125] ? find_held_lock+0x2d/0x110 [ 1498.490885][ T1125] ? usleep_range+0x160/0x160 [ 1498.495553][ T1125] ? wait_for_completion+0x162/0x270 [ 1498.501878][ T1125] ? print_usage_bug+0x240/0x240 [ 1498.508240][ T1125] ? print_usage_bug+0x240/0x240 [ 1498.513170][ T1125] ? lock_downgrade+0x840/0x840 [ 1498.518884][ T1125] ? mark_held_locks+0x9f/0xe0 [ 1498.523638][ T1125] ? _raw_spin_unlock_irq+0x1f/0x80 [ 1498.530489][ T1125] wait_for_completion+0x16a/0x270 [ 1498.535591][ T1125] ? rcu_preempt_deferred_qs_irqrestore+0x672/0xb60 [ 1498.543113][ T1125] ? wait_for_completion_interruptible+0x2e0/0x2e0 [ 1498.551175][ T1125] ? __rcu_read_unlock+0x26c/0x700 [ 1498.557054][ T1125] __flush_work+0x4fd/0xa80 [ 1498.561560][ T1125] ? queue_delayed_work_on+0x210/0x210 [ 1498.568792][ T1125] ? mark_lock+0x12b/0xf10 [ 1498.573205][ T1125] ? init_pwq+0x350/0x350 [ 1498.580156][ T1125] ? mark_held_locks+0x9f/0xe0 [ 1498.584916][ T1125] ? rcu_read_lock_any_held+0xcd/0xf0 [ 1498.592138][ T1125] ? queue_work_on+0xe6/0x200 [ 1498.597546][ T1125] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 1498.603474][ T1125] rollback_registered_many+0x562/0xe70 [ 1498.610889][ T1125] ? netif_set_real_num_tx_queues+0x700/0x700 [ 1498.617632][ T1125] ? print_usage_bug+0x240/0x240 [ 1498.622561][ T1125] ? __queue_work+0x588/0x1280 [ 1498.629108][ T1125] rollback_registered+0xf2/0x1c0 [ 1498.634127][ T1125] ? rollback_registered_many+0xe70/0xe70 [ 1498.640880][ T1125] ? linkwatch_schedule_work+0x181/0x1c0 [ 1498.647956][ T1125] unregister_netdevice_queue+0x1d7/0x2b0 [ 1498.653777][ T1125] __tun_detach+0xe42/0x1110 [ 1498.659362][ T1125] ? __tun_detach+0x1110/0x1110 [ 1498.664205][ T1125] tun_chr_close+0xd9/0x180 [ 1498.670545][ T1125] __fput+0x33e/0x880 [ 1498.674526][ T1125] task_work_run+0xf4/0x1b0 [ 1498.680041][ T1125] do_exit+0xb34/0x2dd0 [ 1498.684194][ T1125] ? find_held_lock+0x2d/0x110 [ 1498.690688][ T1125] ? mm_update_next_owner+0x7a0/0x7a0 [ 1498.696697][ T1125] ? lock_downgrade+0x840/0x840 [ 1498.701550][ T1125] do_group_exit+0x125/0x340 [ 1498.707919][ T1125] get_signal+0x47b/0x24e0 [ 1498.712373][ T1125] do_signal+0x81/0x2240 [ 1498.717638][ T1125] ? __do_sys_wait4+0xbd/0x160 [ 1498.722395][ T1125] ? get_sigframe.isra.0+0x730/0x730 [ 1498.729576][ T1125] ? blkcg_maybe_throttle_current+0x59e/0xf50 [ 1498.735638][ T1125] ? call_rcu+0x360/0x7e0 [ 1498.740956][ T1125] ? __blkcg_punt_bio_submit+0x1d0/0x1d0 [ 1498.748064][ T1125] ? unlock_page_memcg+0x30/0x30 [ 1498.753022][ T1125] ? ___might_sleep+0x15a/0x2b0 [ 1498.759144][ T1125] ? task_work_run+0x160/0x1b0 [ 1498.763931][ T1125] exit_to_usermode_loop+0x26c/0x360 [ 1498.771002][ T1125] do_syscall_64+0x6b1/0x7d0 [ 1498.775591][ T1125] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 1498.782521][ T1125] RIP: 0033:0x4166ca [ 1498.787863][ T1125] Code: Bad RIP value. [ 1498.791919][ T1125] RSP: 002b:00007ffd4022d478 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 1498.801944][ T1125] RAX: fffffffffffffe00 RBX: 0000000001d60940 RCX: 00000000004166ca [ 1498.811486][ T1125] RDX: 0000000040000000 RSI: 00007ffd4022d4b0 RDI: ffffffffffffffff [ 1498.820330][ T1125] RBP: 0000000000002996 R08: 0000000000000001 R09: 0000000000000001 [ 1498.829875][ T1125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1498.838506][ T1125] R13: 00007ffd4022d4b0 R14: 0000000001d6099b R15: 00007ffd4022d4c0 [ 1498.848468][ T1125] [ 1498.848468][ T1125] Showing all locks held in the system: [ 1498.857332][ T1125] 1 lock held by khungtaskd/1125: [ 1498.862358][ T1125] #0: ffffffff899beb00 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 1498.874041][ T1125] 3 locks held by kworker/1:5/2724: [ 1498.880634][ T1125] #0: ffff8880aa026d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x844/0x16a0 [ 1498.892462][ T1125] #1: ffffc90008367dc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x878/0x16a0 [ 1498.903426][ T1125] #2: ffffffff8a582268 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xb/0x60 [ 1498.914295][ T1125] 1 lock held by in:imklog/6717: [ 1498.919895][ T1125] #0: ffff888098d271b0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 [ 1498.930543][ T1125] 2 locks held by syz-executor.0/7053: [ 1498.936624][ T1125] #0: ffffffff8a582268 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3a/0x180 [ 1498.945584][ T1125] #1: ffffffff89979ad0 (cpu_hotplug_lock){++++}-{0:0}, at: rollback_registered_many+0x45b/0xe70 [ 1498.958027][ T1125] 3 locks held by kworker/1:6/14336: [ 1498.963309][ T1125] #0: ffff88809ace8d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x844/0x16a0 [ 1498.975358][ T1125] #1: ffffc90004637dc0 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x878/0x16a0 [ 1498.987173][ T1125] #2: ffffffff8a582268 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 [ 1498.997357][ T1125] [ 1498.999763][ T1125] ============================================= [ 1498.999763][ T1125] [ 1499.009895][ T1125] NMI backtrace for cpu 1 [ 1499.014240][ T1125] CPU: 1 PID: 1125 Comm: khungtaskd Not tainted 5.7.0-rc2-syzkaller #0 [ 1499.022451][ T1125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1499.032488][ T1125] Call Trace: [ 1499.035896][ T1125] dump_stack+0x188/0x20d [ 1499.040216][ T1125] nmi_cpu_backtrace.cold+0x70/0xb1 [ 1499.045424][ T1125] ? lapic_can_unplug_cpu.cold+0x3b/0x3b [ 1499.051039][ T1125] nmi_trigger_cpumask_backtrace+0x231/0x27e [ 1499.057176][ T1125] watchdog+0xa8c/0x1010 [ 1499.061416][ T1125] ? reset_hung_task_detector+0x30/0x30 [ 1499.066954][ T1125] kthread+0x388/0x470 [ 1499.071009][ T1125] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 1499.076714][ T1125] ret_from_fork+0x24/0x30 [ 1499.081260][ T1125] Sending NMI from CPU 1 to CPUs 0: [ 1499.086956][ C0] NMI backtrace for cpu 0 [ 1499.086962][ C0] CPU: 0 PID: 28894 Comm: syz-executor.0 Not tainted 5.7.0-rc2-syzkaller #0 [ 1499.086968][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1499.086971][ C0] RIP: 0010:io_ring_ctx_wait_and_kill+0x98/0x5e0 [ 1499.086981][ C0] Code: 01 00 00 4d 89 f4 48 b8 00 00 00 00 00 fc ff df 4c 89 ed 49 c1 ec 03 48 c1 ed 03 49 01 c4 48 01 c5 eb 1c e8 6a f2 9d ff f3 90 <41> 80 3c 24 00 0f 85 b0 04 00 00 48 83 bb 10 01 00 00 00 74 21 e8 [ 1499.086985][ C0] RSP: 0018:ffffc90004e17a48 EFLAGS: 00000293 [ 1499.086992][ C0] RAX: ffff888091758480 RBX: ffff888094860000 RCX: 1ffff920009c2f36 [ 1499.086996][ C0] RDX: 0000000000000000 RSI: ffffffff81d53c26 RDI: ffff888094860300 [ 1499.087001][ C0] RBP: ffffed101290c02c R08: 0000000000000001 R09: ffffed101290c061 [ 1499.087005][ C0] R10: ffff888094860307 R11: ffffed101290c060 R12: ffffed101290c022 [ 1499.087009][ C0] R13: ffff888094860160 R14: ffff888094860110 R15: ffffffff81d54170 [ 1499.087014][ C0] FS: 00007fac6c1a8700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 1499.087018][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1499.087023][ C0] CR2: 0000560ad6a654a7 CR3: 0000000009879000 CR4: 00000000001406f0 [ 1499.087027][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1499.087032][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1499.087034][ C0] Call Trace: [ 1499.087038][ C0] ? io_ring_ctx_wait_and_kill+0x5e0/0x5e0 [ 1499.087041][ C0] io_uring_release+0x3e/0x50 [ 1499.087044][ C0] __fput+0x33e/0x880 [ 1499.087047][ C0] task_work_run+0xf4/0x1b0 [ 1499.087050][ C0] do_exit+0xb34/0x2dd0 [ 1499.087052][ C0] ? find_held_lock+0x2d/0x110 [ 1499.087056][ C0] ? mm_update_next_owner+0x7a0/0x7a0 [ 1499.087059][ C0] ? lock_downgrade+0x840/0x840 [ 1499.087062][ C0] do_group_exit+0x125/0x340 [ 1499.087065][ C0] get_signal+0x47b/0x24e0 [ 1499.087068][ C0] do_signal+0x81/0x2240 [ 1499.087071][ C0] ? _copy_to_user+0x126/0x160 [ 1499.087074][ C0] ? io_uring_setup+0x11a6/0x2270 [ 1499.087077][ C0] ? get_sigframe.isra.0+0x730/0x730 [ 1499.087080][ C0] ? io_uring_release+0x50/0x50 [ 1499.087083][ C0] ? put_timespec64+0xcb/0x120 [ 1499.087086][ C0] ? io_timeout_cancel+0x320/0x320 [ 1499.087090][ C0] ? ns_to_kernel_old_timeval+0x100/0x100 [ 1499.087093][ C0] exit_to_usermode_loop+0x26c/0x360 [ 1499.087096][ C0] do_syscall_64+0x6b1/0x7d0 [ 1499.087100][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 1499.087102][ C0] RIP: 0033:0x45c829 [ 1499.087105][ C0] Code: Bad RIP value. [ 1499.087109][ C0] RSP: 002b:00007fac6c1a7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1499.087117][ C0] RAX: 0000000000000003 RBX: 00000000004e0bc0 RCX: 000000000045c829 [ 1499.087121][ C0] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 00000000000000f1 [ 1499.087126][ C0] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1499.087130][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1499.087135][ C0] R13: 0000000000000204 R14: 00000000004c425f R15: 00007fac6c1a86d4 [ 1499.112073][ T1125] Kernel panic - not syncing: hung_task: blocked tasks [ 1499.390319][ T1125] CPU: 1 PID: 1125 Comm: khungtaskd Not tainted 5.7.0-rc2-syzkaller #0 [ 1499.398534][ T1125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1499.408565][ T1125] Call Trace: [ 1499.411844][ T1125] dump_stack+0x188/0x20d [ 1499.416216][ T1125] panic+0x2e3/0x75c [ 1499.420106][ T1125] ? add_taint.cold+0x16/0x16 [ 1499.424780][ T1125] ? lapic_can_unplug_cpu.cold+0x3b/0x3b [ 1499.430402][ T1125] ? preempt_schedule_thunk+0x16/0x18 [ 1499.435859][ T1125] ? watchdog+0xa8c/0x1010 [ 1499.440258][ T1125] ? nmi_trigger_cpumask_backtrace+0x214/0x27e [ 1499.446391][ T1125] watchdog+0xa9d/0x1010 [ 1499.450618][ T1125] ? reset_hung_task_detector+0x30/0x30 [ 1499.456144][ T1125] kthread+0x388/0x470 [ 1499.460203][ T1125] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 1499.465913][ T1125] ret_from_fork+0x24/0x30 [ 1499.471859][ T1125] Kernel Offset: disabled [ 1499.476202][ T1125] Rebooting in 86400 seconds..