[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts. syzkaller login: [ 915.969016] IPVS: ftp: loaded support on port[0] = 21 [ 916.024254] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 916.032053] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 916.043895] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 916.058533] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 916.064998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 executing program executing program [ 916.072878] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 916.081335] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 916.090400] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1144.674202] INFO: task kworker/0:3:6032 blocked for more than 140 seconds. [ 1144.681319] Not tainted 4.14.202-syzkaller #0 [ 1144.688295] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.696777] kworker/0:3 D29112 6032 2 0x80000000 [ 1144.702499] Workqueue: ipv6_addrconf addrconf_dad_work [ 1144.708710] Call Trace: [ 1144.711336] __schedule+0x88b/0x1de0 [ 1144.715874] ? io_schedule_timeout+0x140/0x140 [ 1144.720520] ? lock_downgrade+0x740/0x740 [ 1144.725437] schedule+0x8d/0x1b0 [ 1144.728800] schedule_preempt_disabled+0xf/0x20 [ 1144.733451] __mutex_lock+0x669/0x1310 [ 1144.738415] ? addrconf_dad_work+0x89/0xef0 [ 1144.742775] ? debug_object_deactivate+0x1da/0x2e0 [ 1144.748449] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1144.753895] ? lock_acquire+0x170/0x3f0 [ 1144.758725] ? lock_downgrade+0x740/0x740 [ 1144.762877] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1144.768714] addrconf_dad_work+0x89/0xef0 [ 1144.772860] ? lock_acquire+0x170/0x3f0 [ 1144.777596] ? addrconf_dad_completed+0xa40/0xa40 [ 1144.782481] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1144.788696] process_one_work+0x793/0x14a0 [ 1144.792933] ? work_busy+0x320/0x320 [ 1144.797396] ? worker_thread+0x158/0xff0 [ 1144.801453] ? _raw_spin_unlock_irq+0x24/0x80 [ 1144.806705] worker_thread+0x5cc/0xff0 [ 1144.810592] ? rescuer_thread+0xc80/0xc80 [ 1144.816053] kthread+0x30d/0x420 [ 1144.819415] ? kthread_create_on_node+0xd0/0xd0 [ 1144.824808] ret_from_fork+0x24/0x30 [ 1144.828567] INFO: task kworker/0:0:7991 blocked for more than 140 seconds. [ 1144.836346] Not tainted 4.14.202-syzkaller #0 [ 1144.841351] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.850077] kworker/0:0 D27536 7991 2 0x80000000 [ 1144.856551] Workqueue: events disconnect_work [ 1144.861039] Call Trace: [ 1144.863617] __schedule+0x88b/0x1de0 [ 1144.869139] ? save_trace+0xd6/0x290 [ 1144.872859] ? io_schedule_timeout+0x140/0x140 [ 1144.878186] ? lock_downgrade+0x740/0x740 [ 1144.882332] schedule+0x8d/0x1b0 [ 1144.886448] schedule_preempt_disabled+0xf/0x20 [ 1144.891109] __mutex_lock+0x669/0x1310 [ 1144.895714] ? trace_hardirqs_on_caller+0x560/0x580 [ 1144.900727] ? disconnect_work+0x14/0x1d0 [ 1144.905621] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1144.911065] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1144.917090] ? process_one_work+0x6c4/0x14a0 [ 1144.921491] ? lock_acquire+0x170/0x3f0 [ 1144.926231] disconnect_work+0x14/0x1d0 [ 1144.930209] process_one_work+0x793/0x14a0 [ 1144.935198] ? work_busy+0x320/0x320 [ 1144.938904] ? worker_thread+0x158/0xff0 [ 1144.942953] ? _raw_spin_unlock_irq+0x24/0x80 [ 1144.949076] worker_thread+0x5cc/0xff0 [ 1144.952964] ? rescuer_thread+0xc80/0xc80 [ 1144.957866] kthread+0x30d/0x420 [ 1144.961224] ? kthread_create_on_node+0xd0/0xd0 [ 1144.966653] ret_from_fork+0x24/0x30 [ 1144.970406] INFO: task kworker/0:2:8043 blocked for more than 140 seconds. [ 1144.978172] Not tainted 4.14.202-syzkaller #0 [ 1144.983174] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1144.991877] kworker/0:2 D30600 8043 2 0x80000000 [ 1144.998673] Workqueue: events linkwatch_event [ 1145.003165] Call Trace: [ 1145.006515] __schedule+0x88b/0x1de0 [ 1145.010229] ? io_schedule_timeout+0x140/0x140 [ 1145.015534] ? lock_downgrade+0x740/0x740 [ 1145.019686] schedule+0x8d/0x1b0 [ 1145.023037] schedule_preempt_disabled+0xf/0x20 [ 1145.028804] __mutex_lock+0x669/0x1310 [ 1145.032702] ? lock_downgrade+0x650/0x740 [ 1145.038337] ? linkwatch_event+0xa/0x50 [ 1145.042309] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1145.048465] ? process_one_work+0x6c4/0x14a0 [ 1145.052879] linkwatch_event+0xa/0x50 [ 1145.057401] process_one_work+0x793/0x14a0 [ 1145.061635] ? work_busy+0x320/0x320 [ 1145.066122] ? worker_thread+0x158/0xff0 [ 1145.070176] ? _raw_spin_unlock_irq+0x24/0x80 [ 1145.075966] worker_thread+0x5cc/0xff0 [ 1145.079918] ? rescuer_thread+0xc80/0xc80 [ 1145.084925] kthread+0x30d/0x420 [ 1145.088305] ? kthread_create_on_node+0xd0/0xd0 [ 1145.092972] ret_from_fork+0x24/0x30 [ 1145.097903] [ 1145.097903] Showing all locks held in the system: [ 1145.104799] 1 lock held by khungtaskd/1531: [ 1145.109193] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a [ 1145.118306] 3 locks held by kworker/0:3/6032: [ 1145.122784] #0: ("%s"("ipv6_addrconf")){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 1145.132367] #1: ((&(&ifa->dad_work)->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 1145.142283] #2: (rtnl_mutex){+.+.}, at: [] addrconf_dad_work+0x89/0xef0 [ 1145.150817] 3 locks held by kworker/0:0/7991: [ 1145.155335] #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 1145.163954] #1: (cfg80211_disconnect_work){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 1145.173787] #2: (rtnl_mutex){+.+.}, at: [] disconnect_work+0x14/0x1d0 [ 1145.182144] 3 locks held by kworker/0:2/8043: [ 1145.186638] #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 1145.195086] #1: ((linkwatch_work).work){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 1145.204647] #2: (rtnl_mutex){+.+.}, at: [] linkwatch_event+0xa/0x50 [ 1145.212793] [ 1145.214456] ============================================= [ 1145.214456] [ 1145.222139] NMI backtrace for cpu 0 [ 1145.226133] CPU: 0 PID: 1531 Comm: khungtaskd Not tainted 4.14.202-syzkaller #0 [ 1145.233574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1145.242912] Call Trace: [ 1145.245588] dump_stack+0x1b2/0x283 [ 1145.249236] nmi_cpu_backtrace.cold+0x57/0x93 [ 1145.253749] ? irq_force_complete_move.cold+0x89/0x89 [ 1145.258925] nmi_trigger_cpumask_backtrace+0x13a/0x17f [ 1145.264332] watchdog+0x5b9/0xb40 [ 1145.267775] ? hungtask_pm_notify+0x50/0x50 [ 1145.272086] kthread+0x30d/0x420 [ 1145.275436] ? kthread_create_on_node+0xd0/0xd0 [ 1145.280106] ret_from_fork+0x24/0x30 [ 1145.283911] Sending NMI from CPU 0 to CPUs 1: [ 1145.289352] NMI backtrace for cpu 1 [ 1145.289355] CPU: 1 PID: 8042 Comm: syz-executor030 Not tainted 4.14.202-syzkaller #0 [ 1145.289359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1145.289361] task: ffff8880b4e002c0 task.stack: ffff8880951b0000 [ 1145.289364] RIP: 0010:__sanitizer_cov_trace_pc+0x23/0x50 [ 1145.289366] RSP: 0018:ffff8880951b7480 EFLAGS: 00000246 [ 1145.289370] RAX: ffff8880b4e002c0 RBX: ffff888095769580 RCX: 1ffffffff1279ee0 [ 1145.289373] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffff888095769d60 [ 1145.289376] RBP: ffff8880aa3f9820 R08: 0000000000000000 R09: 0000000000040596 [ 1145.289379] R10: ffff8880b4e00bc0 R11: ffff8880b4e002c0 R12: 0000000000000000 [ 1145.289381] R13: dffffc0000000000 R14: ffff8880aa3f9800 R15: 0000000000000000 [ 1145.289384] FS: 000000000194a880(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 1145.289387] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1145.289390] CR2: 00007f0b73e1a000 CR3: 000000009635a000 CR4: 00000000001406e0 [ 1145.289392] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1145.289395] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1145.289397] Call Trace: [ 1145.289399] ieee80211_chanctx_radar_detect+0x1b6/0x350 [ 1145.289401] ieee80211_check_combinations+0x31d/0x6e0 [ 1145.289403] ? ieee80211_recalc_dtim+0x200/0x200 [ 1145.289405] ? cfg80211_stop_ap+0x5f/0x70 [ 1145.289408] ieee80211_check_concurrent_iface+0x3a6/0x530 [ 1145.289410] ? cfg80211_change_iface+0x7c7/0x13d0 [ 1145.289412] ieee80211_if_change_type+0x212/0x470 [ 1145.289414] ieee80211_change_iface+0x26/0x1e0 [ 1145.289416] cfg80211_change_iface+0x246/0x13d0 [ 1145.289418] nl80211_set_interface+0x588/0x760 [ 1145.289420] ? nl80211_nan_del_func+0x830/0x830 [ 1145.289422] ? nl80211_dump_interface+0x640/0x640 [ 1145.289424] ? nl80211_pre_doit+0x79/0x510 [ 1145.289426] genl_family_rcv_msg+0x572/0xb20 [ 1145.289428] ? genl_rcv+0x40/0x40 [ 1145.289430] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1145.289432] ? trace_hardirqs_on+0x10/0x10 [ 1145.289433] ? sock_sendmsg+0xb5/0x100 [ 1145.289435] genl_rcv_msg+0xaf/0x140 [ 1145.289437] netlink_rcv_skb+0x125/0x390 [ 1145.289438] ? genl_family_rcv_msg+0xb20/0xb20 [ 1145.289440] ? netlink_ack+0x9a0/0x9a0 [ 1145.289441] ? lock_acquire+0x170/0x3f0 [ 1145.289443] genl_rcv+0x24/0x40 [ 1145.289444] netlink_unicast+0x437/0x610 [ 1145.289446] ? netlink_sendskb+0xd0/0xd0 [ 1145.289448] ? __check_object_size+0x179/0x22c [ 1145.289449] netlink_sendmsg+0x62e/0xb80 [ 1145.289451] ? nlmsg_notify+0x170/0x170 [ 1145.289453] ? kernel_recvmsg+0x210/0x210 [ 1145.289454] ? security_socket_sendmsg+0x83/0xb0 [ 1145.289456] ? nlmsg_notify+0x170/0x170 [ 1145.289458] sock_sendmsg+0xb5/0x100 [ 1145.289459] ___sys_sendmsg+0x6c8/0x800 [ 1145.289461] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1145.289462] ? dev_ioctl+0xe7/0xbe0 [ 1145.289464] ? dev_ifsioc+0x7d0/0x7d0 [ 1145.289466] ? __dentry_kill+0x3f7/0x550 [ 1145.289467] ? trace_hardirqs_on+0x10/0x10 [ 1145.289469] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1145.289471] ? kmem_cache_free+0x23a/0x2b0 [ 1145.289472] ? sock_ioctl+0x16c/0x4c0 [ 1145.289474] ? sock_release+0x1e0/0x1e0 [ 1145.289476] ? __fdget+0x167/0x1f0 [ 1145.289477] ? sockfd_lookup_light+0xb2/0x160 [ 1145.289479] __sys_sendmsg+0xa3/0x120 [ 1145.289480] ? SyS_shutdown+0x160/0x160 [ 1145.289482] ? security_file_ioctl+0x83/0xb0 [ 1145.289484] SyS_sendmsg+0x27/0x40 [ 1145.289485] ? __sys_sendmsg+0x120/0x120 [ 1145.289487] do_syscall_64+0x1d5/0x640 [ 1145.289489] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1145.289490] RIP: 0033:0x4423f9 [ 1145.289492] RSP: 002b:00007ffef90b5778 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1145.289496] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004423f9 [ 1145.289499] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000004 [ 1145.289501] RBP: 000000306e616c77 R08: 0000001300000000 R09: 0000001300000000 [ 1145.289503] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000dfaed [ 1145.289506] R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 [ 1145.289507] Code: 00 00 e9 c6 ed ff ff 90 65 48 8b 04 25 80 df 01 00 48 85 c0 74 1a 65 8b 15 5b a2 aa 7e 81 e2 00 01 1f 00 75 0b 8b 90 58 13 00 00 <83> fa 01 74 01 c3 48 8b 34 24 48 8b 88 60 13 00 00 8b 80 5c 13 [ 1145.289601] Kernel panic - not syncing: hung_task: blocked tasks [ 1145.696003] CPU: 0 PID: 1531 Comm: khungtaskd Not tainted 4.14.202-syzkaller #0 [ 1145.703467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1145.712805] Call Trace: [ 1145.715385] dump_stack+0x1b2/0x283 [ 1145.719072] panic+0x1f9/0x42d [ 1145.722252] ? add_taint.cold+0x16/0x16 [ 1145.726219] watchdog+0x5ca/0xb40 [ 1145.729665] ? hungtask_pm_notify+0x50/0x50 [ 1145.733974] kthread+0x30d/0x420 [ 1145.737330] ? kthread_create_on_node+0xd0/0xd0 [ 1145.741991] ret_from_fork+0x24/0x30 [ 1145.745875] Kernel Offset: disabled [ 1145.749488] Rebooting in 86400 seconds..