[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. syzkaller login: [ 1004.673858] IPVS: ftp: loaded support on port[0] = 21 [ 1004.731119] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 1004.749266] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1004.761772] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program executing program [ 1004.784870] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1004.797212] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 1004.803807] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1004.811967] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1004.819683] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1288.125641] INFO: task kworker/0:2:4654 blocked for more than 140 seconds. [ 1288.133691] Not tainted 4.14.202-syzkaller #0 [ 1288.142706] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1288.151885] kworker/0:2 D27504 4654 2 0x80000000 [ 1288.158444] Workqueue: events disconnect_work [ 1288.163262] Call Trace: [ 1288.167122] __schedule+0x88b/0x1de0 [ 1288.171033] ? save_trace+0xd6/0x290 [ 1288.174764] ? io_schedule_timeout+0x140/0x140 [ 1288.182064] ? lock_downgrade+0x740/0x740 [ 1288.187469] schedule+0x8d/0x1b0 [ 1288.190956] schedule_preempt_disabled+0xf/0x20 [ 1288.196887] __mutex_lock+0x669/0x1310 [ 1288.200806] ? disconnect_work+0x14/0x1d0 [ 1288.205184] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1288.212287] ? retint_kernel+0x2d/0x2d [ 1288.217019] ? lock_acquire+0x1ec/0x3f0 [ 1288.221021] disconnect_work+0x14/0x1d0 [ 1288.226562] process_one_work+0x793/0x14a0 [ 1288.231037] ? work_busy+0x320/0x320 [ 1288.234896] ? worker_thread+0x158/0xff0 [ 1288.240593] ? _raw_spin_unlock_irq+0x24/0x80 [ 1288.247188] worker_thread+0x5cc/0xff0 [ 1288.251112] ? rescuer_thread+0xc80/0xc80 [ 1288.256542] kthread+0x30d/0x420 [ 1288.260202] ? kthread_create_on_node+0xd0/0xd0 [ 1288.265183] ret_from_fork+0x24/0x30 [ 1288.270840] INFO: task kworker/0:0:8057 blocked for more than 140 seconds. [ 1288.278910] Not tainted 4.14.202-syzkaller #0 [ 1288.283945] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1288.293065] kworker/0:0 D30760 8057 2 0x80000000 [ 1288.300031] Workqueue: ipv6_addrconf addrconf_dad_work [ 1288.305335] Call Trace: [ 1288.309085] __schedule+0x88b/0x1de0 [ 1288.313244] ? io_schedule_timeout+0x140/0x140 [ 1288.318888] ? lock_downgrade+0x740/0x740 [ 1288.323385] schedule+0x8d/0x1b0 [ 1288.328122] schedule_preempt_disabled+0xf/0x20 [ 1288.333051] __mutex_lock+0x669/0x1310 [ 1288.338936] ? addrconf_dad_work+0x89/0xef0 [ 1288.343485] ? debug_object_deactivate+0x1da/0x2e0 [ 1288.349550] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1288.355138] ? lock_acquire+0x170/0x3f0 [ 1288.360441] ? lock_downgrade+0x740/0x740 [ 1288.365226] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1288.371688] addrconf_dad_work+0x89/0xef0 [ 1288.376776] ? lock_acquire+0x170/0x3f0 [ 1288.380869] ? addrconf_dad_completed+0xa40/0xa40 [ 1288.386939] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1288.392643] process_one_work+0x793/0x14a0 [ 1288.398404] ? work_busy+0x320/0x320 [ 1288.402554] ? worker_thread+0x158/0xff0 [ 1288.407697] ? _raw_spin_unlock_irq+0x24/0x80 [ 1288.412478] worker_thread+0x5cc/0xff0 [ 1288.417478] ? rescuer_thread+0xc80/0xc80 [ 1288.421660] kthread+0x30d/0x420 [ 1288.425036] ? kthread_create_on_node+0xd0/0xd0 [ 1288.431285] ret_from_fork+0x24/0x30 [ 1288.435142] INFO: task kworker/0:3:8058 blocked for more than 140 seconds. [ 1288.443338] Not tainted 4.14.202-syzkaller #0 [ 1288.449312] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1288.458751] kworker/0:3 D30880 8058 2 0x80000000 [ 1288.464676] Workqueue: events linkwatch_event [ 1288.470375] Call Trace: [ 1288.472997] __schedule+0x88b/0x1de0 [ 1288.477993] ? io_schedule_timeout+0x140/0x140 [ 1288.482863] ? lock_downgrade+0x740/0x740 [ 1288.488235] schedule+0x8d/0x1b0 [ 1288.491645] schedule_preempt_disabled+0xf/0x20 [ 1288.497347] __mutex_lock+0x669/0x1310 [ 1288.501346] ? lock_downgrade+0x650/0x740 [ 1288.506560] ? linkwatch_event+0xa/0x50 [ 1288.510637] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1288.517524] ? process_one_work+0x6c4/0x14a0 [ 1288.522058] linkwatch_event+0xa/0x50 [ 1288.527871] process_one_work+0x793/0x14a0 [ 1288.532471] ? work_busy+0x320/0x320 [ 1288.537535] ? worker_thread+0x158/0xff0 [ 1288.542400] ? _raw_spin_unlock_irq+0x24/0x80 [ 1288.548514] worker_thread+0x5cc/0xff0 [ 1288.552436] ? rescuer_thread+0xc80/0xc80 [ 1288.557631] kthread+0x30d/0x420 [ 1288.561355] ? kthread_create_on_node+0xd0/0xd0 [ 1288.567434] ret_from_fork+0x24/0x30 [ 1288.571224] [ 1288.571224] Showing all locks held in the system: [ 1288.578853] 1 lock held by khungtaskd/1529: [ 1288.583533] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7c/0x21a [ 1288.592755] 3 locks held by kworker/0:2/4654: [ 1288.597488] #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 1288.607652] #1: (cfg80211_disconnect_work){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 1288.617661] #2: (rtnl_mutex){+.+.}, at: [] disconnect_work+0x14/0x1d0 [ 1288.627017] 3 locks held by kworker/0:0/8057: [ 1288.631695] #0: ("%s"("ipv6_addrconf")){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 1288.641427] #1: ((&(&ifa->dad_work)->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 1288.651556] #2: (rtnl_mutex){+.+.}, at: [] addrconf_dad_work+0x89/0xef0 [ 1288.660401] 3 locks held by kworker/0:3/8058: [ 1288.665171] #0: ("events"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 1288.674082] #1: ((linkwatch_work).work){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 1288.684137] #2: (rtnl_mutex){+.+.}, at: [] linkwatch_event+0xa/0x50 [ 1288.692439] [ 1288.694072] ============================================= [ 1288.694072] [ 1288.708186] NMI backtrace for cpu 0 [ 1288.712063] CPU: 0 PID: 1529 Comm: khungtaskd Not tainted 4.14.202-syzkaller #0 [ 1288.720300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1288.729754] Call Trace: [ 1288.732421] dump_stack+0x1b2/0x283 [ 1288.736099] nmi_cpu_backtrace.cold+0x57/0x93 [ 1288.740640] ? irq_force_complete_move.cold+0x89/0x89 [ 1288.746400] nmi_trigger_cpumask_backtrace+0x13a/0x17f [ 1288.752271] watchdog+0x5b9/0xb40 [ 1288.755738] ? hungtask_pm_notify+0x50/0x50 [ 1288.760078] kthread+0x30d/0x420 [ 1288.763452] ? kthread_create_on_node+0xd0/0xd0 [ 1288.768276] ret_from_fork+0x24/0x30 [ 1288.772138] Sending NMI from CPU 0 to CPUs 1: [ 1288.777931] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.057 msecs [ 1288.778686] NMI backtrace for cpu 1 [ 1288.778690] CPU: 1 PID: 8056 Comm: syz-executor757 Not tainted 4.14.202-syzkaller #0 [ 1288.778694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1288.778697] task: ffff88809482a500 task.stack: ffff8880953d0000 [ 1288.778700] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x50 [ 1288.778702] RSP: 0018:ffff8880953d7480 EFLAGS: 00000202 [ 1288.778708] RAX: ffff888095fedee0 RBX: ffff888095fed700 RCX: 1ffffffff1279ee0 [ 1288.778711] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffff888095fedee0 [ 1288.778714] RBP: ffff8880abd1df20 R08: 0000000000000000 R09: 0000000000040596 [ 1288.778718] R10: ffff88809482ae00 R11: ffff88809482a500 R12: 0000000000000000 [ 1288.778721] R13: dffffc0000000000 R14: ffff8880abd1df00 R15: 0000000000000000 [ 1288.778725] FS: 000000000267c880(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 1288.778727] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1288.778731] CR2: 000055b357c357a8 CR3: 00000000aaf14000 CR4: 00000000001406e0 [ 1288.778734] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1288.778737] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1288.778739] Call Trace: [ 1288.778741] ieee80211_chanctx_radar_detect+0x1b6/0x350 [ 1288.778744] ieee80211_check_combinations+0x31d/0x6e0 [ 1288.778746] ? ieee80211_recalc_dtim+0x200/0x200 [ 1288.778748] ? cfg80211_stop_ap+0x5f/0x70 [ 1288.778751] ieee80211_check_concurrent_iface+0x3a6/0x530 [ 1288.778753] ? cfg80211_change_iface+0x7c7/0x13d0 [ 1288.778756] ieee80211_if_change_type+0x212/0x470 [ 1288.778758] ieee80211_change_iface+0x26/0x1e0 [ 1288.778761] cfg80211_change_iface+0x246/0x13d0 [ 1288.778763] nl80211_set_interface+0x588/0x760 [ 1288.778765] ? nl80211_nan_del_func+0x830/0x830 [ 1288.778768] ? nl80211_dump_interface+0x640/0x640 [ 1288.778770] ? nl80211_pre_doit+0x79/0x510 [ 1288.778772] genl_family_rcv_msg+0x572/0xb20 [ 1288.778774] ? genl_rcv+0x40/0x40 [ 1288.778777] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1288.778779] ? trace_hardirqs_on+0x10/0x10 [ 1288.778782] ? sock_sendmsg+0xb5/0x100 [ 1288.778784] genl_rcv_msg+0xaf/0x140 [ 1288.778786] netlink_rcv_skb+0x125/0x390 [ 1288.778789] ? genl_family_rcv_msg+0xb20/0xb20 [ 1288.778791] ? netlink_ack+0x9a0/0x9a0 [ 1288.778798] ? lock_acquire+0x170/0x3f0 [ 1288.778800] genl_rcv+0x24/0x40 [ 1288.778802] netlink_unicast+0x437/0x610 [ 1288.778805] ? netlink_sendskb+0xd0/0xd0 [ 1288.778807] ? __check_object_size+0x179/0x22c [ 1288.778809] netlink_sendmsg+0x62e/0xb80 [ 1288.778811] ? nlmsg_notify+0x170/0x170 [ 1288.778814] ? kernel_recvmsg+0x210/0x210 [ 1288.778816] ? security_socket_sendmsg+0x83/0xb0 [ 1288.778818] ? nlmsg_notify+0x170/0x170 [ 1288.778820] sock_sendmsg+0xb5/0x100 [ 1288.778822] ___sys_sendmsg+0x6c8/0x800 [ 1288.778825] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1288.778827] ? dev_ioctl+0xe7/0xbe0 [ 1288.778829] ? dev_ifsioc+0x7d0/0x7d0 [ 1288.778831] ? __dentry_kill+0x3f7/0x550 [ 1288.778834] ? trace_hardirqs_on+0x10/0x10 [ 1288.778836] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1288.778838] ? kmem_cache_free+0x23a/0x2b0 [ 1288.778840] ? sock_ioctl+0x16c/0x4c0 [ 1288.778843] ? sock_release+0x1e0/0x1e0 [ 1288.778845] ? __fdget+0x167/0x1f0 [ 1288.778847] ? sockfd_lookup_light+0xb2/0x160 [ 1288.778849] __sys_sendmsg+0xa3/0x120 [ 1288.778851] ? SyS_shutdown+0x160/0x160 [ 1288.778854] ? security_file_ioctl+0x83/0xb0 [ 1288.778856] SyS_sendmsg+0x27/0x40 [ 1288.778858] ? __sys_sendmsg+0x120/0x120 [ 1288.778860] do_syscall_64+0x1d5/0x640 [ 1288.778863] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1288.778865] RIP: 0033:0x442209 [ 1288.778867] RSP: 002b:00007ffdf31effb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1288.778873] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442209 [ 1288.778876] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 1288.778880] RBP: 000000306e616c77 R08: 0000001300000000 R09: 0000001300000000 [ 1288.778883] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000f553f [ 1288.778886] R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 [ 1288.778888] Code: 00 48 c7 c7 20 66 8d 87 4c 89 3d bc 7c 94 0a 41 bd f4 ff ff ff e8 b2 8c ee ff 48 c7 05 a6 7c 94 0a 00 00 00 00 e9 c6 ed ff ff 90 <65> 48 8b 04 25 80 df 01 00 48 85 c0 74 1a 65 8b 15 5b a2 aa 7e [ 1288.813309] Kernel panic - not syncing: hung_task: blocked tasks [ 1289.218282] CPU: 0 PID: 1529 Comm: khungtaskd Not tainted 4.14.202-syzkaller #0 [ 1289.226019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1289.235611] Call Trace: [ 1289.238223] dump_stack+0x1b2/0x283 [ 1289.241934] panic+0x1f9/0x42d [ 1289.245315] ? add_taint.cold+0x16/0x16 [ 1289.249671] watchdog+0x5ca/0xb40 [ 1289.253313] ? hungtask_pm_notify+0x50/0x50 [ 1289.257647] kthread+0x30d/0x420 [ 1289.261020] ? kthread_create_on_node+0xd0/0xd0 [ 1289.265711] ret_from_fork+0x24/0x30 [ 1289.270415] Kernel Offset: disabled [ 1289.275165] Rebooting in 86400 seconds..