[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.29' (ECDSA) to the list of known hosts. 2020/06/15 08:06:43 fuzzer started 2020/06/15 08:06:43 dialing manager at 10.128.0.105:32959 2020/06/15 08:06:44 syscalls: 3085 2020/06/15 08:06:44 code coverage: enabled 2020/06/15 08:06:44 comparison tracing: enabled 2020/06/15 08:06:44 extra coverage: enabled 2020/06/15 08:06:44 setuid sandbox: enabled 2020/06/15 08:06:44 namespace sandbox: enabled 2020/06/15 08:06:44 Android sandbox: /sys/fs/selinux/policy does not exist 2020/06/15 08:06:44 fault injection: enabled 2020/06/15 08:06:44 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/06/15 08:06:44 net packet injection: enabled 2020/06/15 08:06:44 net device setup: enabled 2020/06/15 08:06:44 concurrency sanitizer: enabled 2020/06/15 08:06:44 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/06/15 08:06:44 USB emulation: enabled 08:06:47 executing program 0: add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000100), 0x9}, 0x10000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @ipv4={[], [], @loopback}, @ipv4={[], [], @loopback}, 0x0, 0x0, 0x4}) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0xffffd000) syzkaller login: [ 55.239947][ T8919] IPVS: ftp: loaded support on port[0] = 21 [ 55.313976][ T8919] chnl_net:caif_netlink_parms(): no params data found 08:06:47 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000013c0)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) syz_open_procfs(0x0, 0x0) recvmmsg(r1, &(0x7f00000058c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}}, {{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000005940)=""/102400, 0x19000}], 0x1}}], 0x2, 0x0, 0x0) [ 55.356543][ T8919] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.363667][ T8919] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.372081][ T8919] device bridge_slave_0 entered promiscuous mode [ 55.380978][ T8919] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.388347][ T8919] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.396723][ T8919] device bridge_slave_1 entered promiscuous mode [ 55.414968][ T8919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.427078][ T8919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.448319][ T8919] team0: Port device team_slave_0 added [ 55.456501][ T8919] team0: Port device team_slave_1 added [ 55.473919][ T8919] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.481396][ T8919] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.508472][ T8919] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.521363][ T8919] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.529081][ T8919] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.555868][ T8919] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 08:06:47 executing program 2: prctl$PR_GET_SECCOMP(0x15) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x40000000909, 0x1) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000036c0), 0x12) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000b80)=ANY=[@ANYBLOB="50000000100001040000000000000e00001d0000", @ANYRES32=0x0, @ANYBLOB="2b03000000000000200012800b00010067656e65766500001000028006000500000000000400060008000500", @ANYRES32=0x0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB], 0x50}}, 0x0) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0xc800, 0x0) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f00000000c0)) ioctl$TIOCSSOFTCAR(r4, 0x541a, &(0x7f0000000040)=0x6) [ 55.627301][ T8919] device hsr_slave_0 entered promiscuous mode [ 55.665464][ T8919] device hsr_slave_1 entered promiscuous mode [ 55.754805][ T9081] IPVS: ftp: loaded support on port[0] = 21 [ 55.884146][ T8919] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.927754][ T8919] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.975708][ T8919] netdevsim netdevsim0 netdevsim2: renamed from eth2 08:06:48 executing program 3: ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40305829, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={&(0x7f0000000240)}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f00000013c0)={0x0, &(0x7f0000000100)}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x1ff) r2 = socket$kcm(0x2, 0x2, 0x0) sendmsg$inet(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)=ANY=[], 0x18, 0x5}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x0) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, 0x0, 0x20000000) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000200)={0x2, &(0x7f0000000000)=[{0x9c, 0x0, 0x0, 0x700}, {0x6}]}) socket(0x1d, 0x0, 0x80000000) close(r1) [ 56.017659][ T8919] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.039612][ T9081] chnl_net:caif_netlink_parms(): no params data found [ 56.054070][ T9191] IPVS: ftp: loaded support on port[0] = 21 [ 56.119433][ T8919] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.126687][ T8919] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.133947][ T8919] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.141030][ T8919] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.211395][ T9260] IPVS: ftp: loaded support on port[0] = 21 [ 56.221524][ T9081] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.235085][ T9081] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.243744][ T9081] device bridge_slave_0 entered promiscuous mode [ 56.317961][ T9081] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.325527][ T9081] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.333248][ T9081] device bridge_slave_1 entered promiscuous mode [ 56.378633][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.396141][ T5] bridge0: port 2(bridge_slave_1) entered disabled state 08:06:48 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='loginuid\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r0, 0x0, 0x400000006, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) write$binfmt_elf64(r4, 0x0, 0x1) [ 56.420774][ T9191] chnl_net:caif_netlink_parms(): no params data found [ 56.438938][ T9081] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.450967][ T9081] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.484459][ T8919] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.514401][ T9081] team0: Port device team_slave_0 added [ 56.530101][ T9081] team0: Port device team_slave_1 added [ 56.546242][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.553975][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.575754][ T8919] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.597547][ T4150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.608851][ T4150] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.617625][ T4150] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.624654][ T4150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.636586][ T9081] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.644072][ T9081] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.673701][ T9081] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.685192][ T9191] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.692222][ T9191] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.701705][ T9191] device bridge_slave_0 entered promiscuous mode [ 56.718942][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.728304][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.737186][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.744313][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state 08:06:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000080)={0x7e, 0x0, [0x800000003a, 0x0, 0x488], [0xc1]}) [ 56.753021][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.762645][ T9081] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.770201][ T9081] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.796620][ T9081] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.809765][ T9191] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.824102][ T9191] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.832805][ T9191] device bridge_slave_1 entered promiscuous mode [ 56.853857][ T9191] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.880511][ T9191] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.889973][ T3352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.914336][ T8915] ================================================================== [ 56.922540][ T8915] BUG: KCSAN: data-race in ep_poll / ep_poll_callback [ 56.929297][ T8915] [ 56.931624][ T8915] write to 0xffff888125479290 of 8 bytes by task 8906 on cpu 1: [ 56.939250][ T8915] ep_poll_callback+0x5f2/0x6c0 [ 56.944103][ T8915] __wake_up_common+0x76/0x180 [ 56.948860][ T8915] __wake_up_common_lock+0x77/0xb0 [ 56.954309][ T8915] pipe_write+0xaa0/0xd40 [ 56.958788][ T8915] new_sync_write+0x303/0x400 [ 56.963467][ T8915] __vfs_write+0x9e/0xb0 [ 56.967715][ T8915] vfs_write+0x189/0x380 [ 56.972037][ T8915] ksys_write+0x16a/0x1a0 [ 56.976361][ T8915] __x64_sys_write+0x49/0x60 [ 56.980958][ T8915] do_syscall_64+0xc7/0x3b0 [ 56.985560][ T8915] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.991436][ T8915] [ 56.993758][ T8915] read to 0xffff888125479290 of 8 bytes by task 8915 on cpu 0: [ 57.001297][ T8915] ep_poll+0x8f/0x910 [ 57.005446][ T8915] do_epoll_wait+0x15a/0x180 [ 57.010028][ T8915] __x64_sys_epoll_pwait+0xc6/0x170 [ 57.015213][ T8915] do_syscall_64+0xc7/0x3b0 [ 57.019718][ T8915] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.025596][ T8915] [ 57.027910][ T8915] Reported by Kernel Concurrency Sanitizer on: [ 57.034046][ T8915] CPU: 0 PID: 8915 Comm: syz-fuzzer Not tainted 5.7.0-rc1-syzkaller #0 [ 57.042261][ T8915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.052295][ T8915] ================================================================== [ 57.060684][ T8915] Kernel panic - not syncing: panic_on_warn set ... [ 57.067268][ T8915] CPU: 0 PID: 8915 Comm: syz-fuzzer Not tainted 5.7.0-rc1-syzkaller #0 [ 57.075491][ T8915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.085637][ T8915] Call Trace: [ 57.088924][ T8915] dump_stack+0x11d/0x187 [ 57.093260][ T8915] panic+0x210/0x640 [ 57.097333][ T8915] ? vprintk_func+0x89/0x13a [ 57.101925][ T8915] kcsan_report.cold+0xc/0x1a [ 57.106606][ T8915] kcsan_setup_watchpoint+0x3fb/0x440 [ 57.111973][ T8915] ep_poll+0x8f/0x910 [ 57.115949][ T8915] ? __fget_files+0xa2/0x1c0 [ 57.120531][ T8915] ? __fget_light+0xc0/0x1a0 [ 57.125108][ T8915] do_epoll_wait+0x15a/0x180 [ 57.129683][ T8915] __x64_sys_epoll_pwait+0xc6/0x170 [ 57.134889][ T8915] do_syscall_64+0xc7/0x3b0 [ 57.139813][ T8915] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.145684][ T8915] RIP: 0033:0x469240 [ 57.149574][ T8915] Code: 0f 05 89 44 24 20 c3 cc cc cc 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 44 8b 54 24 1c 49 c7 c0 00 00 00 00 b8 19 01 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc cc cc cc cc cc cc cc 8b 7c 24 08 48 c7 [ 57.169172][ T8915] RSP: 002b:000000c0001477f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000119 [ 57.177588][ T8915] RAX: ffffffffffffffda RBX: 000000000000e724 RCX: 0000000000469240 [ 57.185546][ T8915] RDX: 0000000000000080 RSI: 000000c000147840 RDI: 0000000000000003 [ 57.193766][ T8915] RBP: 000000c000147e40 R08: 0000000000000000 R09: 0000000000000000 [ 57.201808][ T8915] R10: 000000000000e724 R11: 0000000000000246 R12: 0000000000000003 [ 57.209780][ T8915] R13: 000000c0003e6180 R14: 000080c0089d8000 R15: 000080c0089f7fff [ 57.219013][ T8915] Kernel Offset: disabled [ 57.223369][ T8915] Rebooting in 86400 seconds..