[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.228' (ECDSA) to the list of known hosts. syzkaller login: [ 947.112001][ T8495] IPVS: ftp: loaded support on port[0] = 21 [ 947.220183][ T8501] IPVS: ftp: loaded support on port[0] = 21 [ 947.246916][ T8499] IPVS: ftp: loaded support on port[0] = 21 [ 947.249232][ T8497] IPVS: ftp: loaded support on port[0] = 21 [ 947.256698][ T8500] IPVS: ftp: loaded support on port[0] = 21 [ 947.264602][ T8502] IPVS: ftp: loaded support on port[0] = 21 [ 947.432229][ T918] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 947.441140][ T918] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 947.537788][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 947.594238][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 947.606791][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 947.639669][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 947.684321][ T918] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 947.701261][ T918] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 947.728740][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 947.744291][ C1] hrtimer: interrupt took 41900 ns [ 947.753296][ T8694] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 947.778715][ T8694] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 947.804888][ T8606] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 947.815994][ T918] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 947.834673][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 947.849688][ T8606] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 947.857327][ T918] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 947.883749][ T8694] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 947.897783][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 947.913061][ T8694] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 947.926515][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 947.940331][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 949.161485][ T8706] Bluetooth: hci0: command 0x0409 tx timeout [ 949.300980][ T8475] Bluetooth: hci2: command 0x0409 tx timeout [ 950.689224][ T7] Bluetooth: hci1: command 0x0409 tx timeout [ 950.697543][ T7] Bluetooth: hci5: command 0x0409 tx timeout [ 950.705320][ T7] Bluetooth: hci3: command 0x0409 tx timeout [ 950.712084][ T7] Bluetooth: hci4: command 0x0409 tx timeout [ 951.118249][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 951.131796][ T8694] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 951.140099][ T8694] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 951.147650][ T918] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 951.152468][ T8606] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 951.156517][ T918] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 951.189474][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 951.199046][ T8802] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 951.208568][ T8606] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 951.220477][ T8757] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 951.255027][ T8802] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 951.435969][ T4791] Bluetooth: hci0: command 0x041b tx timeout [ 951.444352][ T4791] Bluetooth: hci2: command 0x041b tx timeout [ 951.541043][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 951.708608][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 952.772258][ T7] Bluetooth: hci3: command 0x041b tx timeout [ 952.803463][ T7] Bluetooth: hci5: command 0x041b tx timeout [ 953.850362][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 953.859048][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 953.867144][ T4791] Bluetooth: hci2: command 0x040f tx timeout [ 953.873363][ T4791] Bluetooth: hci0: command 0x040f tx timeout [ 954.154418][ T7] Bluetooth: hci1: command 0x041b tx timeout [ 954.532416][ T7] Bluetooth: hci4: command 0x041b tx timeout [ 956.442380][ T4791] Bluetooth: hci5: command 0x040f tx timeout [ 956.531261][ T7] Bluetooth: hci3: command 0x040f tx timeout [ 957.951763][ T7] Bluetooth: hci0: command 0x0419 tx timeout [ 959.744615][ T7] Bluetooth: hci2: command 0x0419 tx timeout [ 961.752030][ T8757] Bluetooth: hci1: command 0x040f tx timeout [ 966.222469][ T8757] Bluetooth: hci5: command 0x0419 tx timeout [ 986.878393][ T8757] Bluetooth: hci4: command 0x040f tx timeout [ 988.184257][ T8757] Bluetooth: hci3: command 0x0419 tx timeout [ 988.191702][ T8757] Bluetooth: hci1: command 0x0419 tx timeout [ 993.814766][ T8757] Bluetooth: hci4: command 0x0419 tx timeout [ 1085.654421][ T8757] Bluetooth: hci1: command 0x0406 tx timeout [ 1086.471190][ T8757] Bluetooth: hci4: command 0x0406 tx timeout [ 1096.011147][ T8757] Bluetooth: hci3: command 0x0406 tx timeout [ 1114.557570][ T8757] Bluetooth: hci0: command 0x0406 tx timeout [ 1115.176872][ T8757] Bluetooth: hci5: command 0x0406 tx timeout [ 1124.041176][ T8757] Bluetooth: hci2: command 0x0406 tx timeout [ 1155.581104][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 1155.588054][ C1] rcu: 1-....: (4461 ticks this GP) idle=a5a/1/0x4000000000000000 softirq=11087/11087 fqs=241 [ 1155.598852][ C1] (t=10501 jiffies g=8613 q=73) [ 1155.603780][ C1] rcu: rcu_preempt kthread starved for 3113 jiffies! g8613 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 1155.614868][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1155.624831][ C1] rcu: RCU grace-period kthread stack dump: [ 1155.630719][ C1] task:rcu_preempt state:R running task stack:29176 pid: 11 ppid: 2 flags:0x00004000 [ 1155.641485][ C1] Call Trace: [ 1155.644802][ C1] __schedule+0x893/0x2130 [ 1155.649214][ C1] ? io_schedule_timeout+0x140/0x140 [ 1155.654752][ C1] ? debug_object_destroy+0x210/0x210 [ 1155.660201][ C1] ? lock_downgrade+0x6d0/0x6d0 [ 1155.665040][ C1] schedule+0xcf/0x270 [ 1155.669186][ C1] schedule_timeout+0x148/0x250 [ 1155.674024][ C1] ? usleep_range+0x170/0x170 [ 1155.678691][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 1155.683904][ C1] ? __next_timer_interrupt+0x210/0x210 [ 1155.689704][ C1] ? prepare_to_swait_exclusive+0x2d0/0x2d0 [ 1155.695762][ C1] rcu_gp_kthread+0xb4c/0x1c90 [ 1155.700866][ C1] ? lock_downgrade+0x6d0/0x6d0 [ 1155.705882][ C1] ? rcu_core_si+0x10/0x10 [ 1155.710289][ C1] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 1155.716084][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 1155.721445][ C1] ? __kthread_parkme+0x13f/0x1e0 [ 1155.726459][ C1] ? rcu_core_si+0x10/0x10 [ 1155.730866][ C1] kthread+0x3b1/0x4a0 [ 1155.734923][ C1] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 1155.740827][ C1] ret_from_fork+0x1f/0x30 [ 1155.745243][ C1] NMI backtrace for cpu 1 [ 1155.749825][ C1] CPU: 1 PID: 8858 Comm: syz-executor864 Not tainted 5.10.0-rc7-syzkaller #0 [ 1155.758650][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1155.768693][ C1] Call Trace: [ 1155.771968][ C1] [ 1155.774815][ C1] dump_stack+0x107/0x163 [ 1155.779162][ C1] nmi_cpu_backtrace.cold+0x44/0xd7 [ 1155.784379][ C1] ? lapic_can_unplug_cpu+0x80/0x80 [ 1155.790022][ C1] nmi_trigger_cpumask_backtrace+0x1b3/0x230 [ 1155.796012][ C1] rcu_dump_cpu_stacks+0x1e3/0x21e [ 1155.801468][ C1] rcu_sched_clock_irq.cold+0x472/0xee8 [ 1155.807009][ C1] ? find_held_lock+0x2d/0x110 [ 1155.811766][ C1] ? rcutree_dead_cpu+0x40/0x40 [ 1155.816621][ C1] ? __raise_softirq_irqoff+0x93/0x1d0 [ 1155.822079][ C1] update_process_times+0x77/0xd0 [ 1155.827364][ C1] tick_sched_handle+0x9b/0x180 [ 1155.832203][ C1] tick_sched_timer+0x1d1/0x2a0 [ 1155.837063][ C1] ? can_stop_idle_tick+0x290/0x290 [ 1155.842542][ C1] __hrtimer_run_queues+0x1ce/0xea0 [ 1155.847747][ C1] ? hrtimer_sleeper_start_expires+0x80/0x80 [ 1155.853730][ C1] ? ktime_get_update_offsets_now+0x249/0x320 [ 1155.860066][ C1] hrtimer_interrupt+0x334/0x940 [ 1155.865011][ C1] __sysvec_apic_timer_interrupt+0x146/0x540 [ 1155.871155][ C1] sysvec_apic_timer_interrupt+0x48/0x100 [ 1155.876982][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1155.883045][ C1] RIP: 0010:rcu_read_lock_sched_held+0x0/0x70 [ 1155.889208][ C1] Code: 41 5c 49 c1 ec 09 49 83 f4 01 41 83 e4 01 44 89 e0 41 5c c3 45 31 e4 44 89 e0 41 5c c3 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 <41> 54 41 bc 01 00 00 00 e8 03 7b 89 07 85 c0 75 06 44 89 e0 41 5c [ 1155.909089][ C1] RSP: 0018:ffffc90000d90aa8 EFLAGS: 00000246 [ 1155.915235][ C1] RAX: 0000000000000001 RBX: 0000000000082a20 RCX: 0000000000000400 [ 1155.923294][ C1] RDX: 0000000000000200 RSI: ffff88802364e000 RDI: ffffffff86ecd587 [ 1155.931386][ C1] RBP: 0000000000082a20 R08: 0000000000082a20 R09: 00000000ffffffff [ 1155.939351][ C1] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000200 [ 1155.947508][ C1] R13: 00000000ffffffff R14: ffff888010041280 R15: ffff88802364e000 [ 1155.955680][ C1] ? skb_copy+0x137/0x2f0 [ 1155.960118][ C1] trace_kmalloc_node+0xc1/0xf0 [ 1155.966263][ C1] __kmalloc_node_track_caller+0x21a/0x3e0 [ 1155.973210][ C1] ? skb_copy+0x137/0x2f0 [ 1155.977640][ C1] __alloc_skb+0xae/0x550 [ 1155.981963][ C1] skb_copy+0x137/0x2f0 [ 1155.986115][ C1] mac80211_hwsim_tx_frame_no_nl.isra.0+0xb17/0x1330 [ 1155.992799][ C1] ? mac80211_hwsim_add_chanctx+0x220/0x220 [ 1155.998694][ C1] ? lock_downgrade+0x6d0/0x6d0 [ 1156.003554][ C1] ? mac80211_hwsim_monitor_rx+0x1c2/0x840 [ 1156.009366][ C1] mac80211_hwsim_tx_frame+0x14f/0x1e0 [ 1156.014823][ C1] mac80211_hwsim_beacon_tx+0x4ba/0x910 [ 1156.020368][ C1] __iterate_interfaces+0x1e5/0x520 [ 1156.025557][ C1] ? mac80211_hwsim_tx_frame+0x1e0/0x1e0 [ 1156.031432][ C1] ? mac80211_hwsim_tx_frame+0x1e0/0x1e0 [ 1156.037064][ C1] ieee80211_iterate_active_interfaces_atomic+0x8d/0x170 [ 1156.044079][ C1] ? mac80211_hwsim_addr_match+0x180/0x180 [ 1156.049874][ C1] mac80211_hwsim_beacon+0xd5/0x1a0 [ 1156.055068][ C1] ? mac80211_hwsim_addr_match+0x180/0x180 [ 1156.060890][ C1] __hrtimer_run_queues+0x693/0xea0 [ 1156.066301][ C1] ? hrtimer_sleeper_start_expires+0x80/0x80 [ 1156.072289][ C1] ? ktime_get_update_offsets_now+0x249/0x320 [ 1156.078394][ C1] hrtimer_run_softirq+0x17b/0x360 [ 1156.083607][ C1] __do_softirq+0x2a0/0x9f6 [ 1156.088121][ C1] asm_call_irq_on_stack+0xf/0x20 [ 1156.093165][ C1] [ 1156.096134][ C1] do_softirq_own_stack+0xaa/0xd0 [ 1156.101189][ C1] irq_exit_rcu+0x132/0x200 [ 1156.105701][ C1] sysvec_apic_timer_interrupt+0x4d/0x100 [ 1156.111627][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1156.117615][ C1] RIP: 0010:unwind_next_frame+0x99f/0x1f90 [ 1156.123600][ C1] Code: 40 0f 95 c7 41 84 fb 0f 85 17 13 00 00 83 e0 07 40 38 c6 40 0f 9e c7 40 84 f6 0f 95 c0 40 84 c7 0f 85 fe 12 00 00 49 0f bf 00 <48> 01 d0 48 89 44 24 60 e9 1c fd ff ff 48 b8 00 00 00 00 00 fc ff [ 1156.143323][ C1] RSP: 0018:ffffc9000267f418 EFLAGS: 00000246 [ 1156.149395][ C1] RAX: 0000000000000050 RBX: 1ffff920004cfe8b RCX: ffffffff8d6c9043 [ 1156.157380][ C1] RDX: ffffc9000267f9e8 RSI: 0000000000000000 RDI: 0000000000000001 [ 1156.165352][ C1] RBP: 0000000000000001 R08: ffffffff8d6c903e R09: ffffffff8d6c9042 [ 1156.173319][ C1] R10: 0000000000082081 R11: 0000000000000001 R12: ffffc9000267f538 [ 1156.181284][ C1] R13: ffffc9000267f525 R14: ffffc9000267f540 R15: ffffc9000267f4f0 [ 1156.189274][ C1] ? unwind_next_frame+0x342/0x1f90 [ 1156.194466][ C1] ? free_pgtables+0x230/0x2f0 [ 1156.199225][ C1] ? get_stack_info_noinstr+0x14/0x110 [ 1156.204699][ C1] ? deref_stack_reg+0x150/0x150 [ 1156.209632][ C1] ? __unwind_start+0x51b/0x800 [ 1156.214590][ C1] ? create_prof_cpu_mask+0x20/0x20 [ 1156.220070][ C1] arch_stack_walk+0x7d/0xe0 [ 1156.224659][ C1] ? free_pgtables+0x230/0x2f0 [ 1156.229413][ C1] ? kmem_cache_free+0x82/0x350 [ 1156.234249][ C1] stack_trace_save+0x8c/0xc0 [ 1156.238918][ C1] ? stack_trace_consume_entry+0x160/0x160 [ 1156.244716][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1156.250014][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 1156.255231][ C1] kasan_save_stack+0x1b/0x40 [ 1156.259896][ C1] ? kasan_save_stack+0x1b/0x40 [ 1156.264736][ C1] ? kasan_set_track+0x1c/0x30 [ 1156.269575][ C1] ? kasan_set_free_info+0x1b/0x30 [ 1156.274832][ C1] ? __kasan_slab_free+0x102/0x140 [ 1156.279932][ C1] ? slab_free_freelist_hook+0x5d/0x150 [ 1156.285468][ C1] ? kmem_cache_free+0x82/0x350 [ 1156.290309][ C1] ? ___pte_free_tlb+0x19/0x100 [ 1156.295152][ C1] ? free_pgd_range+0x498/0xc00 [ 1156.299994][ C1] ? free_pgtables+0x230/0x2f0 [ 1156.304873][ C1] ? __schedule+0x89b/0x2130 [ 1156.309544][ C1] ? io_schedule_timeout+0x140/0x140 [ 1156.314815][ C1] ? asm_sysvec_irq_work+0x12/0x20 [ 1156.319916][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 1156.325279][ C1] ? preempt_schedule_thunk+0x16/0x18 [ 1156.330646][ C1] ? preempt_schedule_common+0x59/0xc0 [ 1156.336093][ C1] ? preempt_schedule_thunk+0x16/0x18 [ 1156.341460][ C1] ? _raw_spin_unlock_irqrestore+0x49/0x50 [ 1156.347254][ C1] ? debug_check_no_obj_freed+0x20c/0x420 [ 1156.352964][ C1] kasan_set_track+0x1c/0x30 [ 1156.357543][ C1] kasan_set_free_info+0x1b/0x30 [ 1156.362471][ C1] __kasan_slab_free+0x102/0x140 [ 1156.367575][ C1] slab_free_freelist_hook+0x5d/0x150 [ 1156.372941][ C1] ? ___pte_free_tlb+0x19/0x100 [ 1156.377780][ C1] kmem_cache_free+0x82/0x350 [ 1156.382451][ C1] ___pte_free_tlb+0x19/0x100 [ 1156.387121][ C1] free_pgd_range+0x498/0xc00 [ 1156.391792][ C1] ? unlink_file_vma+0x2/0x1c0 [ 1156.396548][ C1] free_pgtables+0x230/0x2f0 [ 1156.401128][ C1] exit_mmap+0x2c0/0x530 [ 1156.405361][ C1] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 1156.411341][ C1] ? __khugepaged_exit+0x2d9/0x3f0 [ 1156.416443][ C1] __mmput+0x122/0x470 [ 1156.420678][ C1] mmput+0x53/0x60 [ 1156.424479][ C1] do_exit+0xa72/0x29b0 [ 1156.428805][ C1] ? find_held_lock+0x2d/0x110 [ 1156.433579][ C1] ? mm_update_next_owner+0x7a0/0x7a0 [ 1156.438967][ C1] ? get_signal+0x34f/0x1f10 [ 1156.443552][ C1] ? lock_downgrade+0x6d0/0x6d0 [ 1156.448405][ C1] do_group_exit+0x125/0x310 [ 1156.452992][ C1] get_signal+0x42a/0x1f10 [ 1156.457585][ C1] arch_do_signal+0x82/0x2390 [ 1156.462255][ C1] ? ring_buffer_wakeup+0x194/0x2b0 [ 1156.467466][ C1] ? lock_downgrade+0x6d0/0x6d0 [ 1156.472307][ C1] ? lapic_next_event+0x4d/0x80 [ 1156.477350][ C1] ? copy_siginfo_to_user32+0xa0/0xa0 [ 1156.482713][ C1] ? __do_sys_futex+0x2a2/0x470 [ 1156.487555][ C1] ? kvm_sched_clock_read+0x14/0x40 [ 1156.492744][ C1] ? do_futex+0x1a60/0x1a60 [ 1156.497421][ C1] exit_to_user_mode_prepare+0x100/0x1a0 [ 1156.503048][ C1] syscall_exit_to_user_mode+0x38/0x260 [ 1156.508674][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1156.514553][ C1] RIP: 0033:0x4488e9 [ 1156.518432][ C1] Code: Unable to access opcode bytes at RIP 0x4488bf. [ 1156.525259][ C1] RSP: 002b:00007f8a0a2f3cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1156.534033][ C1] RAX: fffffffffffffe00 RBX: 00000000006ddc58 RCX: 00000000004488e9 [ 1156.542253][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006ddc58 [ 1156.550299][ C1] RBP: 00000000006ddc50 R08: 0000000000000000 R09: 0000000000000000 [ 1156.558367][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc5c [ 1156.566414][ C1] R13: 00007ffcdde4c72f R14: 00007f8a0a2f49c0 R15: 00000000006ddc5c