[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.55' (ECDSA) to the list of known hosts. 2020/10/29 07:01:55 fuzzer started 2020/10/29 07:01:55 dialing manager at 10.128.0.105:34703 2020/10/29 07:01:55 syscalls: 3452 2020/10/29 07:01:55 code coverage: enabled 2020/10/29 07:01:55 comparison tracing: enabled 2020/10/29 07:01:55 extra coverage: enabled 2020/10/29 07:01:55 setuid sandbox: enabled 2020/10/29 07:01:55 namespace sandbox: enabled 2020/10/29 07:01:55 Android sandbox: /sys/fs/selinux/policy does not exist 2020/10/29 07:01:55 fault injection: enabled 2020/10/29 07:01:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/10/29 07:01:55 net packet injection: enabled 2020/10/29 07:01:55 net device setup: enabled 2020/10/29 07:01:55 concurrency sanitizer: enabled 2020/10/29 07:01:55 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/10/29 07:01:55 USB emulation: enabled 2020/10/29 07:01:55 hci packet injection: enabled 2020/10/29 07:01:55 wifi device emulation: enabled 2020/10/29 07:01:56 suppressing KCSAN reports in functions: '__ext4_new_inode' 'blk_mq_dispatch_rq_list' 'generic_write_end' 'blk_mq_sched_dispatch_requests' 'do_select' '__xa_clear_mark' 07:02:01 executing program 0: pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_elf32(r1, &(0x7f00000000c0)=ANY=[], 0x14) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r4 = getpid() sendmsg$unix(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="8e", 0x1}], 0x1, &(0x7f0000000340)=[@cred={{0x1c, 0x1, 0x2, {r4, 0xee01}}}], 0x20}, 0x0) splice(r0, 0x0, r2, 0x0, 0x800000000010004, 0x0) 07:02:01 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) select(0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0xea60}) 07:02:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000380)={0x1, 0x0, [{0x80000008, 0x0, 0x0, 0x1ff}]}) 07:02:01 executing program 3: r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r0, &(0x7f0000000080)="06", 0x1) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80001000004, 0x11, r0, 0x0) r1 = socket(0x40000000015, 0x805, 0x0) getsockopt(r1, 0x114, 0x271a, 0x0, &(0x7f00000001c0)) 07:02:02 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x7c}, {0x6, 0x0, 0x0, 0x7fffffff}]}) socket(0x2, 0x2, 0x0) epoll_create1(0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) read$midi(0xffffffffffffffff, &(0x7f0000000200)=""/91, 0x5b) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0x3}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x4}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) unshare(0x200) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000740)={0x5, 0x70, 0x1, 0x9, 0xff, 0x9, 0x0, 0xfffffffffffffff0, 0x100, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7fffffff, 0x2, @perf_bp={&(0x7f0000000140), 0x2}, 0x100, 0x100000000, 0x7ff, 0x0, 0x8, 0x7fffffff, 0x3f}) openat$full(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/full\x00', 0x10000, 0x0) unshare(0x8000400) r1 = mq_open(&(0x7f0000000000)='m$\x00', 0x6e93ebbbcc0884ee, 0xb0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x3, 0x3c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000280)) mq_getsetattr(r1, 0x0, &(0x7f00000001c0)) 07:02:02 executing program 5: set_mempolicy(0x1, &(0x7f0000000240)=0xfffffffffffffff7, 0x729) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000000)={0x0, 0xe, 0xfa00, {0x0, &(0x7f0000000080)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @empty}, r1}}, 0x48) syzkaller login: [ 35.784093][ T8467] ================================================================== [ 35.792196][ T8467] BUG: KCSAN: data-race in __hci_req_sync / hci_req_sync_complete [ 35.799975][ T8467] [ 35.802290][ T8467] write to 0xffff88810b82ca70 of 4 bytes by task 2034 on cpu 1: [ 35.809906][ T8467] hci_req_sync_complete+0x5c/0x110 [ 35.815087][ T8467] hci_event_packet+0x3ab1/0xfed0 [ 35.820098][ T8467] hci_rx_work+0x324/0x480 [ 35.824513][ T8467] process_one_work+0x3e1/0x950 [ 35.829354][ T8467] worker_thread+0x635/0xb90 [ 35.833923][ T8467] kthread+0x1fa/0x220 [ 35.837981][ T8467] ret_from_fork+0x1f/0x30 [ 35.842401][ T8467] [ 35.844717][ T8467] read to 0xffff88810b82ca70 of 4 bytes by task 8467 on cpu 0: [ 35.852244][ T8467] __hci_req_sync+0x159/0x420 [ 35.856912][ T8467] hci_req_sync+0x71/0x90 [ 35.861229][ T8467] hci_dev_cmd+0x244/0x590 [ 35.865779][ T8467] hci_sock_ioctl+0x2e3/0x630 [ 35.870593][ T8467] sock_do_ioctl+0x4d/0x210 [ 35.875069][ T8467] sock_ioctl+0x36e/0x5b0 [ 35.879387][ T8467] __se_sys_ioctl+0xcb/0x140 [ 35.883952][ T8467] __x64_sys_ioctl+0x3f/0x50 [ 35.888529][ T8467] do_syscall_64+0x39/0x80 [ 35.892920][ T8467] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 35.898799][ T8467] [ 35.901120][ T8467] Reported by Kernel Concurrency Sanitizer on: [ 35.907294][ T8467] CPU: 0 PID: 8467 Comm: syz-executor.0 Not tainted 5.10.0-rc1-syzkaller #0 [ 35.916052][ T8467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.926269][ T8467] ================================================================== [ 35.934331][ T8467] Kernel panic - not syncing: panic_on_warn set ... [ 35.940896][ T8467] CPU: 0 PID: 8467 Comm: syz-executor.0 Not tainted 5.10.0-rc1-syzkaller #0 [ 35.949540][ T8467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.959569][ T8467] Call Trace: [ 35.962953][ T8467] dump_stack+0x116/0x15d [ 35.967264][ T8467] panic+0x1e7/0x5fa [ 35.971148][ T8467] ? vprintk_emit+0x2f2/0x370 [ 35.975806][ T8467] kcsan_report+0x67b/0x680 [ 35.980291][ T8467] ? kcsan_setup_watchpoint+0x46a/0x4d0 [ 35.985812][ T8467] ? __hci_req_sync+0x159/0x420 [ 35.990647][ T8467] ? hci_req_sync+0x71/0x90 [ 35.995126][ T8467] ? hci_dev_cmd+0x244/0x590 [ 35.999803][ T8467] ? hci_sock_ioctl+0x2e3/0x630 [ 36.004635][ T8467] ? sock_do_ioctl+0x4d/0x210 [ 36.009291][ T8467] ? sock_ioctl+0x36e/0x5b0 [ 36.013772][ T8467] ? __se_sys_ioctl+0xcb/0x140 [ 36.018511][ T8467] ? __x64_sys_ioctl+0x3f/0x50 [ 36.023267][ T8467] ? do_syscall_64+0x39/0x80 [ 36.027838][ T8467] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 36.033972][ T8467] ? __queue_work+0x7ca/0xa90 [ 36.038625][ T8467] kcsan_setup_watchpoint+0x46a/0x4d0 [ 36.043973][ T8467] __hci_req_sync+0x159/0x420 [ 36.048640][ T8467] ? init_wait_entry+0x30/0x30 [ 36.053378][ T8467] ? hci_encrypt_req+0x70/0x70 [ 36.058133][ T8467] hci_req_sync+0x71/0x90 [ 36.062438][ T8467] hci_dev_cmd+0x244/0x590 [ 36.066847][ T8467] hci_sock_ioctl+0x2e3/0x630 [ 36.071500][ T8467] sock_do_ioctl+0x4d/0x210 [ 36.075997][ T8467] ? __rcu_read_unlock+0x51/0x220 [ 36.081099][ T8467] ? sock_poll+0x1a0/0x1a0 [ 36.085492][ T8467] sock_ioctl+0x36e/0x5b0 [ 36.089800][ T8467] ? tomoyo_file_ioctl+0x1c/0x20 [ 36.094714][ T8467] ? sock_poll+0x1a0/0x1a0 [ 36.099120][ T8467] __se_sys_ioctl+0xcb/0x140 [ 36.103688][ T8467] __x64_sys_ioctl+0x3f/0x50 [ 36.108253][ T8467] do_syscall_64+0x39/0x80 [ 36.112664][ T8467] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 36.118532][ T8467] RIP: 0033:0x45dd27 [ 36.122405][ T8467] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 36.141985][ T8467] RSP: 002b:00007fff3d4ea958 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 36.150371][ T8467] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045dd27 [ 36.158318][ T8467] RDX: 00007fff3d4ea970 RSI: 00000000400448dd RDI: 0000000000000003 [ 36.166271][ T8467] RBP: 00007fff3d4ea970 R08: 0000000000000000 R09: 00007f7d64092700 [ 36.174221][ T8467] R10: 00007f7d640929d0 R11: 0000000000000246 R12: 0000000001f65914 [ 36.182184][ T8467] R13: 00007fff3d4eac98 R14: 0000000000000000 R15: 0000000000000000 [ 36.190785][ T8467] Kernel Offset: disabled [ 36.195110][ T8467] Rebooting in 86400 seconds..