[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.22' (ECDSA) to the list of known hosts.
syzkaller login: [  307.627313][ T6830] IPVS: ftp: loaded support on port[0] = 21
[  307.731391][ T6830] chnl_net:caif_netlink_parms(): no params data found
[  307.794953][ T6830] bridge0: port 1(bridge_slave_0) entered blocking state
[  307.802676][ T6830] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.811460][ T6830] device bridge_slave_0 entered promiscuous mode
[  307.820990][ T6830] bridge0: port 2(bridge_slave_1) entered blocking state
[  307.828083][ T6830] bridge0: port 2(bridge_slave_1) entered disabled state
[  307.836558][ T6830] device bridge_slave_1 entered promiscuous mode
[  307.858288][ T6830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  307.871168][ T6830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  307.894677][ T6830] team0: Port device team_slave_0 added
[  307.902201][ T6830] team0: Port device team_slave_1 added
[  307.921308][ T6830] batman_adv: batadv0: Adding interface: batadv_slave_0
[  307.928249][ T6830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  307.955421][ T6830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  307.968349][ T6830] batman_adv: batadv0: Adding interface: batadv_slave_1
[  307.975927][ T6830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  308.002441][ T6830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  308.031244][ T6830] device hsr_slave_0 entered promiscuous mode
[  308.037919][ T6830] device hsr_slave_1 entered promiscuous mode
[  308.140544][ T6830] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  308.156861][ T6830] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  308.165728][ T6830] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  308.178674][ T6830] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  308.204831][ T6830] bridge0: port 2(bridge_slave_1) entered blocking state
[  308.211995][ T6830] bridge0: port 2(bridge_slave_1) entered forwarding state
[  308.219781][ T6830] bridge0: port 1(bridge_slave_0) entered blocking state
[  308.226924][ T6830] bridge0: port 1(bridge_slave_0) entered forwarding state
[  308.275000][ T6830] 8021q: adding VLAN 0 to HW filter on device bond0
[  308.288786][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  308.300461][ T2670] bridge0: port 1(bridge_slave_0) entered disabled state
[  308.308386][ T2670] bridge0: port 2(bridge_slave_1) entered disabled state
[  308.317252][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  308.330163][ T6830] 8021q: adding VLAN 0 to HW filter on device team0
[  308.342968][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  308.351838][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  308.358872][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  308.381494][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  308.390795][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  308.397826][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  308.406540][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  308.426938][ T6830] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  308.437402][ T6830] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  308.454942][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  308.463175][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  308.472433][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  308.483094][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  308.492401][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  308.510615][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  308.518029][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  308.532028][ T6830] 8021q: adding VLAN 0 to HW filter on device batadv0
[  308.551795][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  308.571838][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  308.581485][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  308.589099][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  308.601336][ T6830] device veth0_vlan entered promiscuous mode
[  308.613400][ T6830] device veth1_vlan entered promiscuous mode
[  308.636062][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  308.644956][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  308.653815][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  308.665387][ T6830] device veth0_macvtap entered promiscuous mode
[  308.675601][ T6830] device veth1_macvtap entered promiscuous mode
[  308.694037][ T6830] batman_adv: batadv0: Interface activated: batadv_slave_0
[  308.702000][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  308.712528][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  308.724315][ T6830] batman_adv: batadv0: Interface activated: batadv_slave_1
[  308.732353][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
executing program
[  308.741753][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  308.753202][ T6830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  308.762420][ T6830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  308.771441][ T6830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  308.782224][ T6830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  308.922247][    C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  318.072135][    T0] NOHZ: local_softirq_pending 08
[  338.551422][    T0] NOHZ: local_softirq_pending 08
[  359.031757][    T0] NOHZ: local_softirq_pending 08
[  399.993962][    T0] NOHZ: local_softirq_pending 08
[  420.474026][    T0] NOHZ: local_softirq_pending 08
[  452.475217][ T1150] INFO: task syz-executor025:6830 blocked for more than 143 seconds.
[  452.483519][ T1150]       Not tainted 5.9.0-rc2-syzkaller #0
[  452.489435][ T1150] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  452.498183][ T1150] task:syz-executor025 state:D stack:24144 pid: 6830 ppid:  6829 flags:0x20020000
[  452.507501][ T1150] Call Trace:
[  452.510832][ T1150]  __schedule+0x8e5/0x21e0
[  452.515335][ T1150]  ? io_schedule_timeout+0x140/0x140
[  452.520632][ T1150]  schedule+0xd0/0x2a0
[  452.524717][ T1150]  schedule_timeout+0x1d8/0x250
[  452.529612][ T1150]  ? usleep_range+0x170/0x170
[  452.534297][ T1150]  ? mark_held_locks+0x9f/0xe0
[  452.539127][ T1150]  ? _raw_spin_unlock_irq+0x1f/0x80
[  452.544344][ T1150]  ? lockdep_hardirqs_on_prepare+0x354/0x530
[  452.550379][ T1150]  ? trace_hardirqs_on+0x5f/0x220
[  452.555528][ T1150]  wait_for_completion+0x163/0x260
[  452.560637][ T1150]  ? wait_for_completion_interruptible+0x2e0/0x2e0
[  452.567181][ T1150]  ? _raw_spin_unlock_irq+0x1f/0x80
[  452.572394][ T1150]  ? lockdep_hardirqs_on_prepare+0x354/0x530
[  452.579116][ T1150]  __flush_work+0x51f/0xab0
[  452.583668][ T1150]  ? queue_work_node+0x370/0x370
[  452.590179][ T1150]  ? debug_object_init_on_stack+0x20/0x20
[  452.596440][ T1150]  ? flush_workqueue_prep_pwqs+0x4f0/0x4f0
[  452.602279][ T1150]  ? mark_held_locks+0x9f/0xe0
[  452.607701][ T1150]  ? __cancel_work_timer+0x516/0x700
[  452.612989][ T1150]  ? lockdep_hardirqs_on_prepare+0x354/0x530
[  452.619634][ T1150]  __cancel_work_timer+0x5de/0x700
[  452.624763][ T1150]  ? try_to_grab_pending.part.0+0x7d0/0x7d0
[  452.631332][ T1150]  ? lock_acquire+0x1f1/0xad0
[  452.636520][ T1150]  ? __sock_release+0x86/0x280
[  452.641290][ T1150]  ? lock_release+0x8e0/0x8e0
[  452.646752][ T1150]  tls_sk_proto_close+0x4a7/0xaf0
[  452.651787][ T1150]  ? wait_on_pending_writer+0x3f0/0x3f0
[  452.658068][ T1150]  ? ip_mc_drop_socket+0x16/0x260
[  452.663097][ T1150]  inet_release+0x12e/0x280
[  452.668337][ T1150]  inet6_release+0x4c/0x70
[  452.672746][ T1150]  __sock_release+0xcd/0x280
[  452.678005][ T1150]  sock_close+0x18/0x20
[  452.682151][ T1150]  __fput+0x285/0x920
[  452.686831][ T1150]  ? __sock_release+0x280/0x280
[  452.691678][ T1150]  task_work_run+0xdd/0x190
[  452.697327][ T1150]  exit_to_user_mode_prepare+0x195/0x1c0
[  452.703018][ T1150]  syscall_exit_to_user_mode+0x59/0x2b0
[  452.709240][ T1150]  __do_fast_syscall_32+0x63/0x80
[  452.714267][ T1150]  do_fast_syscall_32+0x2f/0x70
[  452.719788][ T1150]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  452.726584][ T1150] RIP: 0023:0xf7f3c549
[  452.730633][ T1150] Code: Bad RIP value.
[  452.734679][ T1150] RSP: 002b:00000000ff971bec EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[  452.744115][ T1150] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000200005c0
[  452.752694][ T1150] RDX: 0000000000000005 RSI: 00000000080c49e4 RDI: 00000000200000ec
[  452.761135][ T1150] RBP: 00000000ff971ca8 R08: 0000000000000000 R09: 0000000000000000
[  452.769604][ T1150] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  452.778099][ T1150] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  452.787369][ T1150] 
[  452.787369][ T1150] Showing all locks held in the system:
[  452.795591][ T1150] 1 lock held by khungtaskd/1150:
[  452.800595][ T1150]  #0: ffffffff89bd6900 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260
[  452.811570][ T1150] 3 locks held by kworker/0:2/2670:
[  452.817251][ T1150]  #0: ffff8880aa063d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x82b/0x1670
[  452.828029][ T1150]  #1: ffffc90008dcfda8 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: process_one_work+0x85f/0x1670
[  452.841568][ T1150]  #2: ffff8880929b84d8 (&ctx->tx_lock){+.+.}-{3:3}, at: tx_work_handler+0x127/0x190
[  452.851540][ T1150] 1 lock held by in:imklog/6523:
[  452.856912][ T1150]  #0: ffff8880a81f4e30 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100
[  452.866502][ T1150] 1 lock held by syz-executor025/6830:
[  452.871967][ T1150]  #0: ffff8880872cd750 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: __sock_release+0x86/0x280
[  452.883167][ T1150] 
[  452.886713][ T1150] =============================================
[  452.886713][ T1150] 
[  452.895710][ T1150] NMI backtrace for cpu 0
[  452.900024][ T1150] CPU: 0 PID: 1150 Comm: khungtaskd Not tainted 5.9.0-rc2-syzkaller #0
[  452.908273][ T1150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  452.918334][ T1150] Call Trace:
[  452.921630][ T1150]  dump_stack+0x18f/0x20d
[  452.925967][ T1150]  nmi_cpu_backtrace.cold+0x70/0xb1
[  452.931163][ T1150]  ? lapic_can_unplug_cpu.cold+0x38/0x38
[  452.936776][ T1150]  nmi_trigger_cpumask_backtrace+0x1b3/0x223
[  452.942771][ T1150]  watchdog+0xd7d/0x1000
[  452.946997][ T1150]  ? reset_hung_task_detector+0x30/0x30
[  452.952521][ T1150]  kthread+0x3b5/0x4a0
[  452.956567][ T1150]  ? __kthread_bind_mask+0xc0/0xc0
[  452.961653][ T1150]  ? __kthread_bind_mask+0xc0/0xc0
[  452.966754][ T1150]  ret_from_fork+0x1f/0x30
[  452.971308][ T1150] Sending NMI from CPU 0 to CPUs 1:
[  452.977191][    C1] NMI backtrace for cpu 1
[  452.977198][    C1] CPU: 1 PID: 3899 Comm: systemd-journal Not tainted 5.9.0-rc2-syzkaller #0
[  452.977205][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  452.977209][    C1] RIP: 0010:unwind_next_frame+0xd16/0x1f90
[  452.977221][    C1] Code: c6 47 35 00 48 89 ce 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 48 c1 ee 03 0f b6 14 02 0f b6 04 06 4c 89 ce 83 e6 07 40 38 f2 <40> 0f 9e c6 84 d2 0f 95 c2 40 84 d6 0f 85 bd 0b 00 00 83 e1 07 38
[  452.977225][    C1] RSP: 0018:ffffc90001657870 EFLAGS: 00000297
[  452.977234][    C1] RAX: 0000000000000000 RBX: 1ffff920002caf16 RCX: ffffffff8b1b3e8f
[  452.977239][    C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffc900016579f0
[  452.977244][    C1] RBP: 0000000000000001 R08: ffffffff8b1b3e8a R09: ffffffff8b1b3e8e
[  452.977250][    C1] R10: 000000000007201e R11: 0000000000000001 R12: ffffc90001657a30
[  452.977255][    C1] R13: ffffc900016579cd R14: ffffc900016579e8 R15: ffffc90001657998
[  452.977261][    C1] FS:  00007f9b631768c0(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[  452.977265][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  452.977271][    C1] CR2: 00007f9b6051e010 CR3: 00000000a8d41000 CR4: 00000000001506e0
[  452.977276][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  452.977281][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  452.977284][    C1] Call Trace:
[  452.977288][    C1]  ? arch_stack_walk+0x5e/0xf0
[  452.977292][    C1]  ? deref_stack_reg+0x150/0x150
[  452.977296][    C1]  ? lock_downgrade+0x830/0x830
[  452.977299][    C1]  __unwind_start+0x517/0x800
[  452.977303][    C1]  ? profile_setup.cold+0xc1/0xc1
[  452.977307][    C1]  arch_stack_walk+0x5e/0xf0
[  452.977311][    C1]  ? stack_trace_save+0x8c/0xc0
[  452.977314][    C1]  stack_trace_save+0x8c/0xc0
[  452.977319][    C1]  ? stack_trace_consume_entry+0x160/0x160
[  452.977322][    C1]  kasan_save_stack+0x1b/0x40
[  452.977327][    C1]  ? lockdep_hardirqs_on_prepare+0x530/0x530
[  452.977330][    C1]  ? lockdep_hardirqs_off+0x89/0xc0
[  452.977334][    C1]  ? __zone_watermark_ok+0x3f0/0x3f0
[  452.977338][    C1]  ? lock_acquire+0x1f1/0xad0
[  452.977342][    C1]  ? cache_grow_end+0x46/0x170
[  452.977346][    C1]  ? find_held_lock+0x2d/0x110
[  452.977349][    C1]  ? cache_alloc_refill+0x2fd/0x340
[  452.977353][    C1]  ? lock_downgrade+0x830/0x830
[  452.977357][    C1]  ? do_raw_spin_unlock+0x171/0x230
[  452.977361][    C1]  ? kasan_unpoison_shadow+0x33/0x40
[  452.977365][    C1]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[  452.977369][    C1]  kmem_cache_alloc+0x138/0x3a0
[  452.977373][    C1]  getname_flags.part.0+0x50/0x4f0
[  452.977377][    C1]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  452.977380][    C1]  getname+0x8e/0xd0
[  452.977384][    C1]  do_sys_openat2+0xf5/0x420
[  452.977388][    C1]  ? seccomp_notify_ioctl+0xd90/0xd90
[  452.977392][    C1]  ? strncpy_from_user+0x2bf/0x3e0
[  452.977396][    C1]  ? build_open_flags+0x650/0x650
[  452.977400][    C1]  ? getname_flags.part.0+0x1dd/0x4f0
[  452.977403][    C1]  __x64_sys_open+0x119/0x1c0
[  452.977407][    C1]  ? do_sys_open+0x140/0x140
[  452.977411][    C1]  ? __secure_computing+0x104/0x360
[  452.977415][    C1]  do_syscall_64+0x2d/0x70
[  452.977419][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  452.977422][    C1] RIP: 0033:0x7f9b62706840
[  452.977434][    C1] Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
[  452.977438][    C1] RSP: 002b:00007ffca1e42cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  452.977447][    C1] RAX: ffffffffffffffda RBX: 00007ffca1e42fd0 RCX: 00007f9b62706840
[  452.977453][    C1] RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 0000559081df1690
[  452.977458][    C1] RBP: 000000000000000d R08: 00007f9b626f0bb8 R09: 00000000ffffffff
[  452.977463][    C1] R10: 0000000000000020 R11: 0000000000000246 R12: 00000000ffffffff
[  452.977468][    C1] R13: 0000559081ded040 R14: 00007ffca1e42f90 R15: 0000559081dfa3b0
[  452.978327][ T1150] Kernel panic - not syncing: hung_task: blocked tasks
[  453.368007][ T1150] CPU: 0 PID: 1150 Comm: khungtaskd Not tainted 5.9.0-rc2-syzkaller #0
[  453.376237][ T1150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  453.386265][ T1150] Call Trace:
[  453.389537][ T1150]  dump_stack+0x18f/0x20d
[  453.393846][ T1150]  panic+0x2e3/0x75c
[  453.397744][ T1150]  ? __warn_printk+0xf3/0xf3
[  453.402312][ T1150]  ? lapic_can_unplug_cpu.cold+0x38/0x38
[  453.407935][ T1150]  ? preempt_schedule_thunk+0x16/0x18
[  453.413282][ T1150]  ? watchdog.cold+0x5/0x16b
[  453.417846][ T1150]  ? watchdog+0xa82/0x1000
[  453.422239][ T1150]  watchdog.cold+0x16/0x16b
[  453.426723][ T1150]  ? reset_hung_task_detector+0x30/0x30
[  453.432263][ T1150]  kthread+0x3b5/0x4a0
[  453.436309][ T1150]  ? __kthread_bind_mask+0xc0/0xc0
[  453.441418][ T1150]  ? __kthread_bind_mask+0xc0/0xc0
[  453.446508][ T1150]  ret_from_fork+0x1f/0x30
[  453.452265][ T1150] Kernel Offset: disabled
[  453.456586][ T1150] Rebooting in 86400 seconds..