[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts. 2021/02/10 08:05:27 parsed 1 programs 2021/02/10 08:05:27 executed programs: 0 syzkaller login: [ 1583.630867] IPVS: ftp: loaded support on port[0] = 21 [ 1583.720937] chnl_net:caif_netlink_parms(): no params data found [ 1583.801859] bridge0: port 1(bridge_slave_0) entered blocking state [ 1583.808529] bridge0: port 1(bridge_slave_0) entered disabled state [ 1583.816538] device bridge_slave_0 entered promiscuous mode [ 1583.824055] bridge0: port 2(bridge_slave_1) entered blocking state [ 1583.830548] bridge0: port 2(bridge_slave_1) entered disabled state [ 1583.837709] device bridge_slave_1 entered promiscuous mode [ 1583.854246] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1583.863035] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1583.881065] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1583.889482] team0: Port device team_slave_0 added [ 1583.895333] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1583.902694] team0: Port device team_slave_1 added [ 1583.917731] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1583.924057] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1583.949333] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1583.961643] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1583.967879] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1583.993447] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1584.004063] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1584.011618] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1584.029800] device hsr_slave_0 entered promiscuous mode [ 1584.035458] device hsr_slave_1 entered promiscuous mode [ 1584.041670] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1584.048589] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1584.107512] bridge0: port 2(bridge_slave_1) entered blocking state [ 1584.113942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1584.120888] bridge0: port 1(bridge_slave_0) entered blocking state [ 1584.127237] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1584.156589] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 1584.163635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1584.171648] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1584.179824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1584.199759] bridge0: port 1(bridge_slave_0) entered disabled state [ 1584.206859] bridge0: port 2(bridge_slave_1) entered disabled state [ 1584.216734] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1584.223016] 8021q: adding VLAN 0 to HW filter on device team0 [ 1584.231933] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1584.239583] bridge0: port 1(bridge_slave_0) entered blocking state [ 1584.246019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1584.255183] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1584.263202] bridge0: port 2(bridge_slave_1) entered blocking state [ 1584.269527] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1584.283328] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1584.291207] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1584.300550] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1584.313527] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1584.323540] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1584.334643] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1584.341424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1584.349042] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1584.356753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1584.368994] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1584.376536] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1584.383569] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1584.394632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1584.444046] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1584.454040] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1584.484353] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1584.492253] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1584.498648] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1584.507962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1584.515763] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1584.523046] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1584.533008] device veth0_vlan entered promiscuous mode [ 1584.542113] device veth1_vlan entered promiscuous mode [ 1584.548036] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1584.557455] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1584.568687] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1584.578428] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1584.586283] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1584.594206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1584.604010] device veth0_macvtap entered promiscuous mode [ 1584.610331] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1584.618759] device veth1_macvtap entered promiscuous mode [ 1584.627349] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1584.636539] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1584.646492] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1584.653524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1584.662073] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1584.673314] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1584.680043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1584.721541] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1584.792026] usb usb7: usbfs: process 8237 (syz-executor.0) did not claim interface 0 before use [ 1585.661804] Bluetooth: hci0 command 0x0409 tx timeout [ 1587.741026] Bluetooth: hci0 command 0x041b tx timeout [ 1589.820515] Bluetooth: hci0 command 0x040f tx timeout [ 1591.900578] Bluetooth: hci0 command 0x0419 tx timeout [ 1710.060325] Bluetooth: hci0 command 0x0406 tx timeout [ 1861.580317] INFO: task syz-executor.0:8237 blocked for more than 140 seconds. [ 1861.587764] Not tainted 4.14.218-syzkaller #0 [ 1861.592863] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1861.601185] syz-executor.0 D27848 8237 7990 0x00000004 [ 1861.606828] Call Trace: [ 1861.609400] __schedule+0x88b/0x1de0 [ 1861.613173] ? io_schedule_timeout+0x140/0x140 [ 1861.617757] ? trace_hardirqs_on+0x10/0x10 [ 1861.622054] schedule+0x8d/0x1b0 [ 1861.625418] schedule_timeout+0x80a/0xe90 [ 1861.629557] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1861.634651] ? usleep_range+0x130/0x130 [ 1861.638640] ? wait_for_common+0x26a/0x430 [ 1861.642942] ? lock_acquire+0x170/0x3f0 [ 1861.646911] ? lock_downgrade+0x740/0x740 [ 1861.651103] ? _raw_spin_unlock_irq+0x24/0x80 [ 1861.655771] wait_for_common+0x272/0x430 [ 1861.660064] ? out_of_line_wait_on_atomic_t+0x1a0/0x1a0 [ 1861.665531] ? wake_up_q+0xd0/0xd0 [ 1861.669147] usb_start_wait_urb+0x125/0x440 [ 1861.673765] ? usb_api_blocking_completion+0xa0/0xa0 [ 1861.678892] ? __kmalloc+0x3a4/0x400 [ 1861.682685] ? usb_alloc_urb+0x1f/0x130 [ 1861.686796] ? memset+0x20/0x40 [ 1861.690744] usb_bulk_msg+0x1f6/0x500 [ 1861.694593] proc_bulk+0x331/0x6d0 [ 1861.698121] ? proc_control+0x670/0x670 [ 1861.702209] ? futex_lock_pi_atomic+0x2e0/0x2e0 [ 1861.706887] ? up_read+0x17/0x30 [ 1861.710374] ? drop_futex_key_refs+0x2e/0xa0 [ 1861.714809] usbdev_do_ioctl+0x5b0/0x2b70 [ 1861.719086] ? proc_bulk+0x6d0/0x6d0 [ 1861.722997] ? __lock_acquire+0x5fc/0x3f20 [ 1861.727420] ? kvm_fastop_exception+0x3f8e/0x5582 [ 1861.732338] ? strncpy_from_user+0x210/0x2c0 [ 1861.736806] ? trace_hardirqs_on+0x10/0x10 [ 1861.741134] ? futex_exit_release+0x220/0x220 [ 1861.745645] ? setxattr+0x1c0/0x300 [ 1861.749284] ? vfs_setxattr+0x230/0x230 [ 1861.753365] ? usbdev_compat_ioctl+0x30/0x30 [ 1861.757782] usbdev_ioctl+0x21/0x30 [ 1861.761479] do_vfs_ioctl+0x75a/0xff0 [ 1861.765304] ? ioctl_preallocate+0x1a0/0x1a0 [ 1861.769702] ? lock_downgrade+0x740/0x740 [ 1861.774071] ? __fget+0x225/0x360 [ 1861.777546] ? do_vfs_ioctl+0xff0/0xff0 [ 1861.781586] ? security_file_ioctl+0x83/0xb0 [ 1861.786023] SyS_ioctl+0x7f/0xb0 [ 1861.789384] ? do_vfs_ioctl+0xff0/0xff0 [ 1861.793584] do_syscall_64+0x1d5/0x640 [ 1861.797485] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1861.802755] RIP: 0033:0x465b09 [ 1861.805993] RSP: 002b:00007f4d358eb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1861.814830] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465b09 [ 1861.822513] RDX: 0000000020000340 RSI: 00000000c0185502 RDI: 0000000000000004 [ 1861.829824] RBP: 00000000004b069f R08: 0000000000000000 R09: 0000000000000000 [ 1861.837192] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 1861.844594] R13: 00007ffd9a94779f R14: 00007f4d358eb300 R15: 0000000000022000 [ 1861.851996] [ 1861.851996] Showing all locks held in the system: [ 1861.858473] 1 lock held by khungtaskd/1531: [ 1861.862993] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a [ 1861.872176] 1 lock held by in:imklog/7681: [ 1861.876404] #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0x1fb/0x2b0 [ 1861.884922] [ 1861.886544] ============================================= [ 1861.886544] [ 1861.893629] NMI backtrace for cpu 1 [ 1861.897259] CPU: 1 PID: 1531 Comm: khungtaskd Not tainted 4.14.218-syzkaller #0 [ 1861.904685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1861.914020] Call Trace: [ 1861.916609] dump_stack+0x1b2/0x281 [ 1861.920218] nmi_cpu_backtrace.cold+0x57/0x93 [ 1861.924693] ? irq_force_complete_move+0x350/0x350 [ 1861.929616] nmi_trigger_cpumask_backtrace+0x13a/0x180 [ 1861.935140] watchdog+0x5b9/0xb40 [ 1861.938660] ? hungtask_pm_notify+0x50/0x50 [ 1861.942966] kthread+0x30d/0x420 [ 1861.946322] ? kthread_create_on_node+0xd0/0xd0 [ 1861.950986] ret_from_fork+0x24/0x30 [ 1861.954840] Sending NMI from CPU 1 to CPUs 0: [ 1861.959887] NMI backtrace for cpu 0 [ 1861.959891] CPU: 0 PID: 4623 Comm: systemd-journal Not tainted 4.14.218-syzkaller #0 [ 1861.959894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1861.959897] task: ffff8880a12a2100 task.stack: ffff8880a12a8000 [ 1861.959899] RIP: 0010:preempt_count_add+0xaf/0x170 [ 1861.959902] RSP: 0018:ffff8880a12afa00 EFLAGS: 00000297 [ 1861.959906] RAX: 0000000000000000 RBX: ffffffff81236042 RCX: 0000000000000000 [ 1861.959910] RDX: 0000000000000000 RSI: ffff8880a12af9c8 RDI: ffffffff81236042 [ 1861.959913] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001 [ 1861.959916] R10: ffff8880a12afe30 R11: 0000000000000001 R12: ffff8880a12afb60 [ 1861.959919] R13: ffff8880a12afb10 R14: ffff88823f8bb200 R15: ffff8880a12afad8 [ 1861.959922] FS: 00007f64bdcff8c0(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 1861.959924] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1861.959927] CR2: 00007f64bb0d8028 CR3: 00000000a104b000 CR4: 00000000001406f0 [ 1861.959931] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1861.959934] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1861.959935] Call Trace: [ 1861.959937] unwind_next_frame+0xc2/0x17d0 [ 1861.959939] ? getname_flags+0xc8/0x550 [ 1861.959941] ? deref_stack_reg+0x1a0/0x1a0 [ 1861.959944] ? is_bpf_text_address+0xb8/0x150 [ 1861.959946] ? kernel_text_address+0xbd/0xf0 [ 1861.959949] ? user_path_at_empty+0x2a/0x50 [ 1861.959951] __save_stack_trace+0x90/0x160 [ 1861.959953] ? user_path_at_empty+0x2a/0x50 [ 1861.959955] kasan_kmalloc+0xeb/0x160 [ 1861.959958] ? kasan_kmalloc+0xeb/0x160 [ 1861.959961] ? kmem_cache_alloc+0x124/0x3c0 [ 1861.959963] ? getname_flags+0xc8/0x550 [ 1861.959965] ? user_path_at_empty+0x2a/0x50 [ 1861.959968] ? SyS_faccessat+0x21b/0x680 [ 1861.959970] ? do_syscall_64+0x1d5/0x640 [ 1861.959973] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1861.959976] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1861.959978] ? trace_hardirqs_on+0x10/0x10 [ 1861.959981] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1861.959984] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1861.959987] ? cache_alloc_refill+0x2fa/0x350 [ 1861.959989] ? lock_downgrade+0x740/0x740 [ 1861.959992] ? do_raw_spin_unlock+0x164/0x220 [ 1861.959994] ? _raw_spin_unlock+0x29/0x40 [ 1861.959997] ? cache_alloc_refill+0x2fa/0x350 [ 1861.959999] ? kmem_cache_alloc+0x2c8/0x3c0 [ 1861.960002] kmem_cache_alloc+0x124/0x3c0 [ 1861.960004] getname_flags+0xc8/0x550 [ 1861.960007] user_path_at_empty+0x2a/0x50 [ 1861.960009] SyS_faccessat+0x21b/0x680 [ 1861.960011] ? SyS_fallocate+0x80/0x80 [ 1861.960014] ? do_syscall_64+0x4c/0x640 [ 1861.960016] ? SyS_faccessat+0x680/0x680 [ 1861.960019] do_syscall_64+0x1d5/0x640 [ 1861.960021] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1861.960024] RIP: 0033:0x7f64bcfbb9c7 [ 1861.960026] RSP: 002b:00007fff0418f758 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 [ 1861.960033] RAX: ffffffffffffffda RBX: 00007fff04192780 RCX: 00007f64bcfbb9c7 [ 1861.960036] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055eb1d6e19a3 [ 1861.960039] RBP: 00007fff0418f8a0 R08: 000055eb1d6d73e5 R09: 0000000000000018 [ 1861.960043] R10: 0000000000000069 R11: 0000000000000246 R12: 0000000000000000 [ 1861.960046] R13: 0000000000000000 R14: 000055eb1ec9e8a0 R15: 00007fff0418fd90 [ 1861.960048] Code: 7e 0f b6 c0 3d f4 00 00 00 7f 60 65 8b 05 8a d3 c8 7e 25 ff ff ff 7f 39 c5 74 03 5b 5d c3 48 8b 5c 24 10 48 89 df e8 51 da 08 00 <85> c0 75 31 65 48 8b 2c 25 80 df 01 00 48 8d bd 38 12 00 00 48 [ 1861.960939] Kernel panic - not syncing: hung_task: blocked tasks [ 1862.297720] CPU: 1 PID: 1531 Comm: khungtaskd Not tainted 4.14.218-syzkaller #0 [ 1862.305156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1862.314500] Call Trace: [ 1862.317075] dump_stack+0x1b2/0x281 [ 1862.320686] panic+0x1f9/0x42d [ 1862.323872] ? add_taint.cold+0x16/0x16 [ 1862.327860] watchdog+0x5ca/0xb40 [ 1862.331368] ? hungtask_pm_notify+0x50/0x50 [ 1862.335690] kthread+0x30d/0x420 [ 1862.339051] ? kthread_create_on_node+0xd0/0xd0 [ 1862.343717] ret_from_fork+0x24/0x30 [ 1862.348021] Kernel Offset: disabled [ 1862.351639] Rebooting in 86400 seconds..