[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.255' (ECDSA) to the list of known hosts.
syzkaller login: [  309.930564][ T6868] IPVS: ftp: loaded support on port[0] = 21
[  310.023963][ T6868] chnl_net:caif_netlink_parms(): no params data found
[  310.078676][ T6868] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.086464][ T6868] bridge0: port 1(bridge_slave_0) entered disabled state
[  310.094978][ T6868] device bridge_slave_0 entered promiscuous mode
[  310.104180][ T6868] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.111450][ T6868] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.122260][ T6868] device bridge_slave_1 entered promiscuous mode
[  310.143420][ T6868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  310.154523][ T6868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  310.178633][ T6868] team0: Port device team_slave_0 added
[  310.186126][ T6868] team0: Port device team_slave_1 added
[  310.204667][ T6868] batman_adv: batadv0: Adding interface: batadv_slave_0
[  310.212298][ T6868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  310.238404][ T6868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  310.251863][ T6868] batman_adv: batadv0: Adding interface: batadv_slave_1
[  310.259100][ T6868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  310.285361][ T6868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  310.313460][ T6868] device hsr_slave_0 entered promiscuous mode
[  310.320432][ T6868] device hsr_slave_1 entered promiscuous mode
[  310.426466][ T6868] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  310.436589][ T6868] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  310.447696][ T6868] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  310.459438][ T6868] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  310.484284][ T6868] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.491534][ T6868] bridge0: port 2(bridge_slave_1) entered forwarding state
[  310.499635][ T6868] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.506741][ T6868] bridge0: port 1(bridge_slave_0) entered forwarding state
[  310.556642][ T6868] 8021q: adding VLAN 0 to HW filter on device bond0
[  310.571626][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  310.582560][   T23] bridge0: port 1(bridge_slave_0) entered disabled state
[  310.591595][   T23] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.600256][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  310.613488][ T6868] 8021q: adding VLAN 0 to HW filter on device team0
[  310.625122][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  310.635217][ T3103] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.642336][ T3103] bridge0: port 1(bridge_slave_0) entered forwarding state
[  310.660370][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  310.668914][   T23] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.676142][   T23] bridge0: port 2(bridge_slave_1) entered forwarding state
[  310.699913][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  310.709620][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  310.718483][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  310.730698][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  310.739932][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  310.751829][ T6868] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  310.772332][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  310.780600][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  310.795274][ T6868] 8021q: adding VLAN 0 to HW filter on device batadv0
[  310.815620][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  310.835617][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  310.844517][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  310.853111][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  310.865596][ T6868] device veth0_vlan entered promiscuous mode
[  310.878234][ T6868] device veth1_vlan entered promiscuous mode
[  310.901224][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  310.910813][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  310.919820][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  310.931506][ T6868] device veth0_macvtap entered promiscuous mode
[  310.944308][ T6868] device veth1_macvtap entered promiscuous mode
[  310.962704][ T6868] batman_adv: batadv0: Interface activated: batadv_slave_0
[  310.971216][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  310.982848][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  310.995282][ T6868] batman_adv: batadv0: Interface activated: batadv_slave_1
[  311.004186][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  311.016908][ T6868] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[  311.025941][ T6868] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  311.034731][ T6868] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  311.043501][ T6868] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  311.176784][    C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  472.978073][ T1172] INFO: task syz-executor988:6868 blocked for more than 143 seconds.
[  472.986965][ T1172]       Not tainted 5.9.0-rc2-next-20200828-syzkaller #0
[  472.996085][ T1172] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  473.004922][ T1172] task:syz-executor988 state:D stack:23912 pid: 6868 ppid:  6867 flags:0x00004000
[  473.014287][ T1172] Call Trace:
[  473.017686][ T1172]  __schedule+0x8e5/0x21e0
[  473.023154][ T1172]  ? io_schedule_timeout+0x140/0x140
[  473.028679][ T1172]  ? lockdep_hardirqs_on_prepare+0x530/0x530
[  473.034684][ T1172]  ? mark_held_locks+0x9f/0xe0
[  473.040266][ T1172]  schedule+0xd0/0x2a0
[  473.044529][ T1172]  schedule_timeout+0x1d8/0x250
[  473.049463][ T1172]  ? usleep_range+0x170/0x170
[  473.054182][ T1172]  ? mark_held_locks+0x9f/0xe0
[  473.059099][ T1172]  ? _raw_spin_unlock_irq+0x1f/0x80
[  473.064319][ T1172]  ? lockdep_hardirqs_on_prepare+0x354/0x530
[  473.070402][ T1172]  ? trace_hardirqs_on+0x5f/0x220
[  473.075468][ T1172]  wait_for_completion+0x163/0x260
[  473.080670][ T1172]  ? wait_for_completion_interruptible+0x2e0/0x2e0
[  473.087332][ T1172]  ? lockdep_hardirqs_off+0x89/0xc0
[  473.093986][ T1172]  __flush_work+0x51f/0xab0
[  473.098710][ T1172]  ? queue_work_node+0x370/0x370
[  473.104327][ T1172]  ? debug_object_init_on_stack+0x20/0x20
[  473.115297][ T1172]  ? flush_workqueue_prep_pwqs+0x4f0/0x4f0
[  473.121249][ T1172]  ? mark_held_locks+0x9f/0xe0
[  473.126045][ T1172]  ? __cancel_work_timer+0x516/0x700
[  473.131446][ T1172]  ? lockdep_hardirqs_on_prepare+0x354/0x530
[  473.137486][ T1172]  __cancel_work_timer+0x5de/0x700
[  473.143017][ T1172]  ? try_to_grab_pending.part.0+0x7d0/0x7d0
[  473.149064][ T1172]  ? lock_acquire+0x1f1/0xad0
[  473.154119][ T1172]  ? __sock_release+0x86/0x280
[  473.158987][ T1172]  ? lock_release+0x8e0/0x8e0
[  473.164352][ T1172]  tls_sk_proto_close+0x4a7/0xaf0
[  473.169453][ T1172]  ? wait_on_pending_writer+0x3f0/0x3f0
[  473.175113][ T1172]  ? ip_mc_drop_socket+0x16/0x260
[  473.180278][ T1172]  inet_release+0x12e/0x280
[  473.184900][ T1172]  inet6_release+0x4c/0x70
[  473.189395][ T1172]  __sock_release+0xcd/0x280
[  473.194024][ T1172]  sock_close+0x18/0x20
[  473.198345][ T1172]  __fput+0x285/0x920
[  473.202361][ T1172]  ? __sock_release+0x280/0x280
[  473.207206][ T1172]  task_work_run+0xdd/0x190
[  473.211870][ T1172]  exit_to_user_mode_prepare+0x195/0x1c0
[  473.217557][ T1172]  syscall_exit_to_user_mode+0x59/0x2b0
[  473.223998][ T1172]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  473.230406][ T1172] RIP: 0033:0x403950
[  473.234307][ T1172] Code: Bad RIP value.
[  473.238417][ T1172] RSP: 002b:00007ffd58af5878 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  473.246874][ T1172] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000403950
[  473.255563][ T1172] RDX: 00000000000000d8 RSI: 00000000200005c0 RDI: 0000000000000004
[  473.263660][ T1172] RBP: 00007ffd58af5880 R08: 0000000000000000 R09: 00000000000000d8
[  473.271736][ T1172] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd58af5890
[  473.279906][ T1172] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  473.288267][ T1172] 
[  473.288267][ T1172] Showing all locks held in the system:
[  473.297067][ T1172] 1 lock held by khungtaskd/1172:
[  473.302575][ T1172]  #0: ffffffff89c67640 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260
[  473.312573][ T1172] 3 locks held by kworker/0:3/3103:
[  473.317784][ T1172]  #0: ffff8880aa063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670
[  473.330231][ T1172]  #1: ffffc900096efda8 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670
[  473.343756][ T1172]  #2: ffff8880a83c54d8 (&ctx->tx_lock){+.+.}-{3:3}, at: tx_work_handler+0x127/0x190
[  473.354611][ T1172] 2 locks held by in:imklog/6715:
[  473.359745][ T1172]  #0: ffff8880a2116870 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100
[  473.369454][ T1172]  #1: ffffffff89d17c80 (fs_reclaim){+.+.}-{0:0}, at: is_bpf_text_address+0x0/0x160
[  473.379302][ T1172] 1 lock held by syz-executor988/6868:
[  473.385651][ T1172]  #0: ffff888085d02750 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[  473.396549][ T1172] 
[  473.398940][ T1172] =============================================
[  473.398940][ T1172] 
[  473.407364][ T1172] NMI backtrace for cpu 0
[  473.411748][ T1172] CPU: 0 PID: 1172 Comm: khungtaskd Not tainted 5.9.0-rc2-next-20200828-syzkaller #0
[  473.421215][ T1172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  473.431267][ T1172] Call Trace:
[  473.434607][ T1172]  dump_stack+0x18f/0x20d
[  473.438949][ T1172]  nmi_cpu_backtrace.cold+0x44/0xd7
[  473.444176][ T1172]  ? lapic_can_unplug_cpu.cold+0x38/0x38
[  473.449822][ T1172]  nmi_trigger_cpumask_backtrace+0x1b3/0x223
[  473.455864][ T1172]  watchdog+0xd89/0xf30
[  473.460039][ T1172]  ? trace_sched_process_hang+0x2e0/0x2e0
[  473.465759][ T1172]  kthread+0x3b5/0x4a0
[  473.469814][ T1172]  ? __kthread_bind_mask+0xc0/0xc0
[  473.474919][ T1172]  ? __kthread_bind_mask+0xc0/0xc0
[  473.480084][ T1172]  ret_from_fork+0x1f/0x30
[  473.484635][ T1172] Sending NMI from CPU 0 to CPUs 1:
[  473.490370][    C1] NMI backtrace for cpu 1
[  473.490378][    C1] CPU: 1 PID: 3903 Comm: systemd-journal Not tainted 5.9.0-rc2-next-20200828-syzkaller #0
[  473.490386][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  473.490390][    C1] RIP: 0010:cache_grow_end+0x98/0x170
[  473.490403][    C1] Code: 10 4d 89 6c 24 68 4c 89 7d 08 4c 89 75 10 4d 89 2e 49 83 44 24 78 01 8b 43 24 4c 89 e7 2b 45 30 49 01 84 24 80 00 00 00 5b 5d <41> 5c 41 5d 41 5e 41 5f e9 1b 05 46 06 4c 89 ef e8 03 7d ec 01 84
[  473.490407][    C1] RSP: 0018:ffffc90001fdfd48 EFLAGS: 00000046
[  473.490418][    C1] RAX: 0000000000000000 RBX: 0000000000000cc0 RCX: ffffffff815b58a0
[  473.490424][    C1] RDX: ffffea0002366008 RSI: ffff8880aa240150 RDI: ffff8880aa240100
[  473.490430][    C1] RBP: ffffea0002695b80 R08: 0000000000000001 R09: 0000000000000003
[  473.490436][    C1] R10: fffff520003fbf99 R11: 0000000000000000 R12: ffff8880aa240100
[  473.490442][    C1] R13: ffffea0002695b88 R14: ffffea0002366008 R15: ffff8880aa240150
[  473.490449][    C1] FS:  00007f17316d18c0(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[  473.490454][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  473.490460][    C1] CR2: 00007f172ea79028 CR3: 0000000092aba000 CR4: 00000000001506e0
[  473.490466][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  473.490472][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  473.490475][    C1] Call Trace:
[  473.490479][    C1]  cache_alloc_refill+0x2fd/0x340
[  473.490490][    C1]  ? lockdep_hardirqs_off+0x89/0xc0
[  473.490494][    C1]  kmem_cache_alloc+0x380/0x3a0
[  473.490499][    C1]  ? seccomp_notify_ioctl+0xd90/0xd90
[  473.490503][    C1]  getname_flags.part.0+0x50/0x4f0
[  473.490507][    C1]  getname_flags+0x9a/0xe0
[  473.490511][    C1]  do_mkdirat+0x8d/0x2d0
[  473.490516][    C1]  ? user_path_create+0xf0/0xf0
[  473.490520][    C1]  ? __secure_computing+0x104/0x360
[  473.490524][    C1]  do_syscall_64+0x2d/0x70
[  473.490529][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  473.490533][    C1] RIP: 0033:0x7f173098d687
[  473.490545][    C1] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48
[  473.490550][    C1] RSP: 002b:00007ffd66ffa6a8 EFLAGS: 00000293 ORIG_RAX: 0000000000000053
[  473.490560][    C1] RAX: ffffffffffffffda RBX: 00007ffd66ffd710 RCX: 00007f173098d687
[  473.490566][    C1] RDX: 0000000000000000 RSI: 00000000000001ed RDI: 00005634256988a0
[  473.490572][    C1] RBP: 00007ffd66ffa6e0 R08: 0000563424d8f3e5 R09: 0000000000000018
[  473.490578][    C1] R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000
[  473.490584][    C1] R13: 0000000000000001 R14: 00005634256988a0 R15: 00007ffd66ffad20
[  473.491797][ T1172] Kernel panic - not syncing: hung_task: blocked tasks
[  473.764903][ T1172] CPU: 0 PID: 1172 Comm: khungtaskd Not tainted 5.9.0-rc2-next-20200828-syzkaller #0
[  473.774342][ T1172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  473.784407][ T1172] Call Trace:
[  473.787696][ T1172]  dump_stack+0x18f/0x20d
[  473.792060][ T1172]  panic+0x2e3/0x75c
[  473.795957][ T1172]  ? __warn_printk+0xf3/0xf3
[  473.800559][ T1172]  ? lapic_can_unplug_cpu.cold+0x38/0x38
[  473.806202][ T1172]  ? preempt_schedule_thunk+0x16/0x18
[  473.811564][ T1172]  ? watchdog.cold+0x22d/0x24b
[  473.816311][ T1172]  ? watchdog+0xc59/0xf30
[  473.820629][ T1172]  watchdog.cold+0x23e/0x24b
[  473.825206][ T1172]  ? trace_sched_process_hang+0x2e0/0x2e0
[  473.830917][ T1172]  kthread+0x3b5/0x4a0
[  473.834991][ T1172]  ? __kthread_bind_mask+0xc0/0xc0
[  473.840093][ T1172]  ? __kthread_bind_mask+0xc0/0xc0
[  473.845208][ T1172]  ret_from_fork+0x1f/0x30
[  473.851058][ T1172] Kernel Offset: disabled
[  473.855475][ T1172] Rebooting in 86400 seconds..