[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.146' (ECDSA) to the list of known hosts. syzkaller login: [ 832.913403][ T8513] IPVS: ftp: loaded support on port[0] = 21 [ 832.990650][ T8522] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 832.998644][ T8522] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 833.036040][ T2997] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 833.071928][ T109] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 executing program executing program [ 833.081380][ T109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 833.092882][ T2997] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 985.130328][ T1649] INFO: task kworker/1:2:2997 blocked for more than 143 seconds. [ 985.138638][ T1649] Not tainted 5.10.0-rc4-syzkaller #0 [ 985.145309][ T1649] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 985.156069][ T1649] task:kworker/1:2 state:D stack:26536 pid: 2997 ppid: 2 flags:0x00004000 [ 985.166090][ T1649] Workqueue: ipv6_addrconf addrconf_dad_work [ 985.173138][ T1649] Call Trace: [ 985.176472][ T1649] __schedule+0x893/0x2130 [ 985.181884][ T1649] ? io_schedule_timeout+0x140/0x140 [ 985.187428][ T1649] ? _raw_spin_unlock_irq+0x1f/0x40 [ 985.193958][ T1649] ? lockdep_hardirqs_on+0x79/0x100 [ 985.199277][ T1649] schedule+0xcf/0x270 [ 985.205603][ T1649] schedule_preempt_disabled+0xf/0x20 [ 985.211786][ T1649] __mutex_lock+0x3e2/0x10e0 [ 985.216407][ T1649] ? addrconf_dad_work+0xa3/0x1280 [ 985.223016][ T1649] ? mutex_lock_io_nested+0xf60/0xf60 [ 985.228531][ T1649] ? debug_object_deactivate+0x264/0x300 [ 985.235462][ T1649] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 985.242367][ T1649] addrconf_dad_work+0xa3/0x1280 [ 985.247533][ T1649] ? addrconf_dad_completed+0xc60/0xc60 [ 985.254256][ T1649] process_one_work+0x933/0x15a0 [ 985.259219][ T1649] ? lock_release+0x710/0x710 [ 985.265034][ T1649] ? pwq_dec_nr_in_flight+0x320/0x320 [ 985.271145][ T1649] ? rwlock_bug.part.0+0x90/0x90 [ 985.276104][ T1649] ? _raw_spin_lock_irq+0x41/0x50 [ 985.282216][ T1649] worker_thread+0x64c/0x1120 [ 985.286930][ T1649] ? process_one_work+0x15a0/0x15a0 [ 985.293256][ T1649] kthread+0x3af/0x4a0 [ 985.297343][ T1649] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 985.304297][ T1649] ret_from_fork+0x1f/0x30 [ 985.308868][ T1649] INFO: task kworker/0:3:4905 blocked for more than 143 seconds. [ 985.317753][ T1649] Not tainted 5.10.0-rc4-syzkaller #0 [ 985.324796][ T1649] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 985.335384][ T1649] task:kworker/0:3 state:D stack:27088 pid: 4905 ppid: 2 flags:0x00004000 [ 985.345947][ T1649] Workqueue: events linkwatch_event [ 985.351954][ T1649] Call Trace: [ 985.355270][ T1649] __schedule+0x893/0x2130 [ 985.360838][ T1649] ? io_schedule_timeout+0x140/0x140 [ 985.366248][ T1649] ? mark_lock+0xf7/0x24c0 [ 985.371684][ T1649] ? _raw_spin_unlock_irq+0x25/0x40 [ 985.377135][ T1649] schedule+0xcf/0x270 [ 985.382631][ T1649] schedule_preempt_disabled+0xf/0x20 [ 985.388036][ T1649] __mutex_lock+0x3e2/0x10e0 [ 985.393771][ T1649] ? linkwatch_event+0xb/0x60 [ 985.398484][ T1649] ? mutex_lock_io_nested+0xf60/0xf60 [ 985.405145][ T1649] ? lock_release+0x710/0x710 [ 985.410568][ T1649] linkwatch_event+0xb/0x60 [ 985.415086][ T1649] process_one_work+0x933/0x15a0 [ 985.421136][ T1649] ? lock_release+0x710/0x710 [ 985.425837][ T1649] ? pwq_dec_nr_in_flight+0x320/0x320 [ 985.432281][ T1649] ? rwlock_bug.part.0+0x90/0x90 [ 985.437240][ T1649] ? _raw_spin_lock_irq+0x41/0x50 [ 985.443770][ T1649] worker_thread+0x64c/0x1120 [ 985.448482][ T1649] ? __kthread_parkme+0x13f/0x1e0 [ 985.454720][ T1649] ? process_one_work+0x15a0/0x15a0 [ 985.461682][ T1649] kthread+0x3af/0x4a0 [ 985.466034][ T1649] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 985.473011][ T1649] ret_from_fork+0x1f/0x30 [ 985.479762][ T1649] INFO: task kworker/0:1:8505 blocked for more than 143 seconds. [ 985.488447][ T1649] Not tainted 5.10.0-rc4-syzkaller #0 [ 985.495486][ T1649] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 985.504817][ T1649] task:kworker/0:1 state:D stack:29616 pid: 8505 ppid: 2 flags:0x00004000 [ 985.514987][ T1649] Workqueue: events disconnect_work [ 985.520925][ T1649] Call Trace: [ 985.524346][ T1649] __schedule+0x893/0x2130 [ 985.528771][ T1649] ? io_schedule_timeout+0x140/0x140 [ 985.535456][ T1649] ? _raw_spin_unlock_irq+0x1f/0x40 [ 985.541381][ T1649] ? lockdep_hardirqs_on+0x79/0x100 [ 985.546597][ T1649] schedule+0xcf/0x270 [ 985.552910][ T1649] schedule_preempt_disabled+0xf/0x20 [ 985.558443][ T1649] __mutex_lock+0x3e2/0x10e0 [ 985.564067][ T1649] ? disconnect_work+0x18/0x200 [ 985.569200][ T1649] ? mutex_lock_io_nested+0xf60/0xf60 [ 985.576522][ T1649] ? lock_downgrade+0x6d0/0x6d0 [ 985.582206][ T1649] disconnect_work+0x18/0x200 [ 985.586988][ T1649] process_one_work+0x933/0x15a0 [ 985.594189][ T1649] ? lock_release+0x710/0x710 [ 985.599059][ T1649] ? pwq_dec_nr_in_flight+0x320/0x320 [ 985.605610][ T1649] ? rwlock_bug.part.0+0x90/0x90 [ 985.611676][ T1649] ? _raw_spin_lock_irq+0x41/0x50 [ 985.616817][ T1649] worker_thread+0x64c/0x1120 [ 985.622797][ T1649] ? __kthread_parkme+0x13f/0x1e0 [ 985.628121][ T1649] ? process_one_work+0x15a0/0x15a0 [ 985.634799][ T1649] kthread+0x3af/0x4a0 [ 985.642069][ T1649] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 985.647986][ T1649] ret_from_fork+0x1f/0x30 [ 985.653560][ T1649] [ 985.653560][ T1649] Showing all locks held in the system: [ 985.662190][ T1649] 1 lock held by khungtaskd/1649: [ 985.667252][ T1649] #0: ffffffff8b337820 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 985.679221][ T1649] 3 locks held by kworker/1:2/2997: [ 985.685580][ T1649] #0: ffff888020fb1d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 985.697565][ T1649] #1: ffffc90001adfda8 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 985.710609][ T1649] #2: ffffffff8c928688 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xa3/0x1280 [ 985.722183][ T1649] 3 locks held by kworker/0:3/4905: [ 985.727495][ T1649] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 985.739088][ T1649] #1: ffffc9000113fda8 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 985.750381][ T1649] #2: ffffffff8c928688 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xb/0x60 [ 985.761292][ T1649] 1 lock held by in:imklog/8219: [ 985.766324][ T1649] #0: ffff8880255acff0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 [ 985.776799][ T1649] 3 locks held by kworker/0:1/8505: [ 985.782896][ T1649] #0: ffff888010064d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 985.794191][ T1649] #1: ffffc9000167fda8 (cfg80211_disconnect_work){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 985.805519][ T1649] #2: ffffffff8c928688 (rtnl_mutex){+.+.}-{3:3}, at: disconnect_work+0x18/0x200 [ 985.815563][ T1649] 3 locks held by syz-executor020/8557: [ 985.821944][ T1649] 3 locks held by kworker/0:2/8558: [ 985.827145][ T1649] #0: ffff888020fb1d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 [ 985.839275][ T1649] #1: ffffc9000169fda8 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 [ 985.851388][ T1649] #2: ffffffff8c928688 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 [ 985.861515][ T1649] [ 985.863852][ T1649] ============================================= [ 985.863852][ T1649] [ 985.873895][ T1649] NMI backtrace for cpu 0 [ 985.878257][ T1649] CPU: 0 PID: 1649 Comm: khungtaskd Not tainted 5.10.0-rc4-syzkaller #0 [ 985.886577][ T1649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 985.896628][ T1649] Call Trace: [ 985.899956][ T1649] dump_stack+0x107/0x163 [ 985.904288][ T1649] nmi_cpu_backtrace.cold+0x44/0xd7 [ 985.909545][ T1649] ? lapic_can_unplug_cpu+0x80/0x80 [ 985.914792][ T1649] nmi_trigger_cpumask_backtrace+0x1b3/0x230 [ 985.920798][ T1649] watchdog+0xd43/0xfa0 [ 985.924958][ T1649] ? reset_hung_task_detector+0x30/0x30 [ 985.931900][ T1649] kthread+0x3af/0x4a0 [ 985.935970][ T1649] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 985.941950][ T1649] ret_from_fork+0x1f/0x30 [ 985.946622][ T1649] Sending NMI from CPU 0 to CPUs 1: [ 985.952991][ C1] NMI backtrace for cpu 1 [ 985.952999][ C1] CPU: 1 PID: 8557 Comm: syz-executor020 Not tainted 5.10.0-rc4-syzkaller #0 [ 985.953006][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 985.953011][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 [ 985.953024][ C1] Code: fc ff ff 48 c7 c7 40 d4 38 8b 48 89 54 24 08 48 89 34 24 e8 72 91 5e 02 48 8b 54 24 08 48 8b 34 24 e9 a1 fd ff ff 0f 1f 40 00 <65> 48 8b 14 25 00 f0 01 00 65 8b 05 d0 bf 91 7e a9 00 01 ff 00 48 [ 985.953028][ C1] RSP: 0018:ffffc900016df2d8 EFLAGS: 00000246 [ 985.953038][ C1] RAX: 0000000000000000 RBX: ffff888018900c00 RCX: ffffffff8852a99e [ 985.953044][ C1] RDX: 0000000000000000 RSI: ffff8880215f4ec0 RDI: 0000000000000001 [ 985.953050][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff8880188ca96f [ 985.953055][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 985.953061][ C1] R13: ffff88801102f720 R14: dffffc0000000000 R15: 0000000000000000 [ 985.953068][ C1] FS: 0000000001e99880(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 [ 985.953072][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 985.953078][ C1] CR2: 00007f364af9b000 CR3: 00000000128aa000 CR4: 00000000001506e0 [ 985.953084][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 985.953090][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 985.953093][ C1] Call Trace: [ 985.953097][ C1] ieee80211_chanctx_radar_detect+0x25d/0x3a0 [ 985.953102][ C1] ieee80211_check_combinations+0x3b9/0x880 [ 985.953106][ C1] ? ieee80211_recalc_dtim+0x230/0x230 [ 985.953111][ C1] ieee80211_check_concurrent_iface+0x45b/0x670 [ 985.953115][ C1] ieee80211_if_change_type+0x288/0x620 [ 985.953119][ C1] ieee80211_change_iface+0x26/0x210 [ 985.953123][ C1] cfg80211_change_iface+0x2eb/0xef0 [ 985.953127][ C1] nl80211_set_interface+0x65c/0x8d0 [ 985.953131][ C1] ? nl80211_notify_iface+0x180/0x180 [ 985.953135][ C1] ? nl80211_pre_doit+0xa2/0x630 [ 985.953139][ C1] genl_family_rcv_msg_doit+0x228/0x320 [ 985.953145][ C1] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 985.953149][ C1] ? ns_capable+0xde/0x100 [ 985.953152][ C1] genl_rcv_msg+0x328/0x580 [ 985.953156][ C1] ? genl_get_cmd+0x480/0x480 [ 985.953160][ C1] ? nl80211_notify_iface+0x180/0x180 [ 985.953164][ C1] ? lock_release+0x710/0x710 [ 985.953167][ C1] netlink_rcv_skb+0x153/0x420 [ 985.953171][ C1] ? genl_get_cmd+0x480/0x480 [ 985.953175][ C1] ? netlink_ack+0xaa0/0xaa0 [ 985.953178][ C1] genl_rcv+0x24/0x40 [ 985.953182][ C1] netlink_unicast+0x533/0x7d0 [ 985.953186][ C1] ? netlink_attachskb+0x810/0x810 [ 985.953190][ C1] ? __phys_addr_symbol+0x2c/0x70 [ 985.953194][ C1] ? __check_object_size+0x171/0x3f0 [ 985.953198][ C1] netlink_sendmsg+0x856/0xd90 [ 985.953202][ C1] ? netlink_unicast+0x7d0/0x7d0 [ 985.953206][ C1] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 985.953210][ C1] ? netlink_unicast+0x7d0/0x7d0 [ 985.953214][ C1] sock_sendmsg+0xcf/0x120 [ 985.953217][ C1] ____sys_sendmsg+0x6e8/0x810 [ 985.953221][ C1] ? kernel_sendmsg+0x50/0x50 [ 985.953225][ C1] ? do_recvmmsg+0x6c0/0x6c0 [ 985.953229][ C1] ? fs_reclaim_release+0x90/0xd0 [ 985.953233][ C1] ___sys_sendmsg+0xf3/0x170 [ 985.953237][ C1] ? sendmsg_copy_msghdr+0x160/0x160 [ 985.953241][ C1] ? lockdep_init_map_waits+0x26a/0x720 [ 985.953246][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 985.953250][ C1] ? percpu_counter_add_batch+0xbd/0x180 [ 985.953254][ C1] ? find_held_lock+0x2d/0x110 [ 985.953258][ C1] ? __fd_install+0x1b4/0x600 [ 985.953262][ C1] ? lock_downgrade+0x6d0/0x6d0 [ 985.953266][ C1] ? __fget_light+0x215/0x280 [ 985.953269][ C1] __sys_sendmsg+0xe5/0x1b0 [ 985.953273][ C1] ? __sys_sendmsg_sock+0xb0/0xb0 [ 985.953278][ C1] ? syscall_enter_from_user_mode+0x1d/0x50 [ 985.953281][ C1] do_syscall_64+0x2d/0x70 [ 985.953286][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 985.953289][ C1] RIP: 0033:0x4421a9 [ 985.953301][ C1] Code: e8 ac 00 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 985.953306][ C1] RSP: 002b:00007ffc8f6e1578 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 985.953316][ C1] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004421a9 [ 985.953322][ C1] RDX: 0000000004000004 RSI: 00000000200000c0 RDI: 0000000000000004 [ 985.953327][ C1] RBP: 0000000000000000 R08: 0000002100000000 R09: 0000002100000000 [ 985.953333][ C1] R10: 0000002100000000 R11: 0000000000000246 R12: 00000000000cb69e [ 985.953339][ C1] R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 [ 985.953345][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.050 msecs [ 985.969776][ T1649] Kernel panic - not syncing: hung_task: blocked tasks [ 986.432355][ T1649] CPU: 0 PID: 1649 Comm: khungtaskd Not tainted 5.10.0-rc4-syzkaller #0 [ 986.440670][ T1649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 986.450720][ T1649] Call Trace: [ 986.454014][ T1649] dump_stack+0x107/0x163 [ 986.458383][ T1649] panic+0x306/0x73d [ 986.462277][ T1649] ? __warn_printk+0xf3/0xf3 [ 986.466867][ T1649] ? lapic_can_unplug_cpu+0x80/0x80 [ 986.472063][ T1649] ? preempt_schedule_thunk+0x16/0x18 [ 986.477474][ T1649] ? watchdog.cold+0x5/0x158 [ 986.482062][ T1649] ? watchdog+0xa80/0xfa0 [ 986.486393][ T1649] watchdog.cold+0x16/0x158 [ 986.490903][ T1649] ? reset_hung_task_detector+0x30/0x30 [ 986.496642][ T1649] kthread+0x3af/0x4a0 [ 986.500708][ T1649] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 986.506688][ T1649] ret_from_fork+0x1f/0x30 [ 986.512048][ T1649] Kernel Offset: disabled [ 986.516485][ T1649] Rebooting in 86400 seconds..