[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

syzkaller login: [   23.039308][ T8430] bash (8430) used greatest stack depth: 9920 bytes left
Warning: Permanently added '10.128.0.220' (ECDSA) to the list of known hosts.
2020/11/14 17:03:08 fuzzer started
2020/11/14 17:03:08 dialing manager at 10.128.0.105:39969
2020/11/14 17:03:08 syscalls: 3448
2020/11/14 17:03:08 code coverage: enabled
2020/11/14 17:03:08 comparison tracing: enabled
2020/11/14 17:03:08 extra coverage: enabled
2020/11/14 17:03:08 setuid sandbox: enabled
2020/11/14 17:03:08 namespace sandbox: enabled
2020/11/14 17:03:08 Android sandbox: /sys/fs/selinux/policy does not exist
2020/11/14 17:03:08 fault injection: enabled
2020/11/14 17:03:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/11/14 17:03:08 net packet injection: enabled
2020/11/14 17:03:08 net device setup: enabled
2020/11/14 17:03:08 concurrency sanitizer: enabled
2020/11/14 17:03:08 devlink PCI setup: PCI device 0000:00:10.0 is not available
2020/11/14 17:03:08 USB emulation: enabled
2020/11/14 17:03:08 hci packet injection: enabled
2020/11/14 17:03:08 wifi device emulation: enabled
2020/11/14 17:03:15 suppressing KCSAN reports in functions: 'snd_pcm_oss_change_params_locked' 'lru_add_drain_all' 'snd_rawmidi_poll' '__mark_inode_dirty' '__fsnotify_parent' 'shmem_symlink' 'dd_has_work' 'blk_mq_sched_dispatch_requests' 'futex_wait_queue_me' 'blk_mq_rq_ctx_init' 'ext4_setattr' 'snd_rawmidi_kernel_write1' 'complete_signal' 'xas_find_marked' 'wg_packet_decrypt_worker' 'wbt_done' '__mod_timer' '__delete_from_page_cache' 'ext4_mb_good_group' 'alloc_pid' 'blk_mq_request_bypass_insert' 'snd_seq_cell_alloc' 'shmem_mknod' 'caching_thread' '__io_cqring_fill_event' 'find_get_pages_range_tag' 'xas_clear_mark' 'generic_write_end' 'ext4_mark_iloc_dirty' 'kauditd_thread' 'pcpu_alloc' 'filemap_map_pages' 'audit_log_start' 'do_signal_stop' 'vfs_readlink' 'iptunnel_xmit' '__ext4_new_inode' 'ext4_free_inodes_count' 'expire_timers' 'do_nanosleep' 'blk_mq_dispatch_rq_list' 'ext4_free_inode' 'exit_mm' 'ext4_mb_regular_allocator' '__add_to_page_cache_locked' 'dput' 'kcm_rfree' 'tick_sched_timer' 'shmem_unlink' '__es_shrink' 'do_select' '__xa_clear_mark' 'n_tty_receive_buf_common' 'ext4_handle_inode_extension' 'do_sys_poll' '__filemap_fdatawrite_range' 'wbt_issue' 'ext4_writepages' '__find_get_block' 
17:04:40 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSKBLED(r0, 0x4b65, 0x0)

17:04:40 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000580)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x18, r1, 0x1, 0x0, 0x0, {0x17}, [@TIPC_NLA_NODE={0x4, 0x6, 0x0, 0x0}]}, 0x18}}, 0x0)

17:04:40 executing program 2:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r0, 0x4141, 0x0)

17:04:40 executing program 3:
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x141041, 0x0)
write$sequencer(r0, &(0x7f0000000100)=[@t={0x81, 0x2}, @v={0x93, 0x0, 0x90, 0x0, @generic}], 0x10)

17:04:41 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005e75000000000000bf54000000000000070400000400f9fead4301000000000004000000000000000500000000000000950000010000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f991401000100000000008ecf264e0f84f9f17d3c30e3c7bdd2d17f31175455f9f478af6d71d79a5e12814cb1d8a5d4201d15871637a0b9bdb7dd399703dec4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de5f63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d740489148f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1fbcb99e0e67a993716dbf580469f62ed794f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887b52d103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000b7861bbd0000000000000000c59050647802cf86f1b4c3005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000042000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b324be00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74438f87ba6038ea28b6bd0248a9a0b417bbdfb5351defc6e34a961f3593920437bf3cbbc04600c64acad9a04ffe62875177b51d3e2f0c6d7194c26789d2bec2d0846831455b8fcde5beaeca2c1335d8a49a92f9d2bef5f485c4b6f4cf710b7d4550e6f2d830dfcd9d47d50ea838bdf8901a719431a9d1ef918ec0ec79037cb61df16379e3bf2a1127c49407e8512e21080315e62559e8dd67dae85177d899d9e078f80585837f0e943b8820b19c75d243a78d8c2093c59cbc4c55f1578cff737502ea2d8dc5eee909928d0b9dc946dcb30692dc88db84834cc7726429cb20603b5338184f9828aa802e37d3c4f259d616307d8ab86ca094049c0ddc0bce22e6546500d2f871182620bcba2316f9e6df0c8647000000000000000000002cb3c8c59ec2ab781bed7874241dcc00443c5357060fc8085221b068f43a03183002a41fdd3893840247a780194de96bd71d35e0922953df0a7c0c12fb3445e4aae689af11ab6c656fe10b33625d074f2dc407828a5204f091278562cd46f5b436e88688fc2ce6b6752f728e8d8fb948e7f1751968dc32fcc0963192d49d466d665a568a9f23b0657ac48c"], &(0x7f0000000100)='GPL\x00'}, 0x48)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)

17:04:41 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x88, 0x88, 0x4, [@struct={0x0, 0x7, 0x0, 0x4, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}]}, @var, @func, @union]}, {0x0, [0x0, 0x0]}}, 0x0, 0xa4}, 0x20)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000193c0)=""/102389, 0x18ff5}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x40)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  123.361510][ T8479] IPVS: ftp: loaded support on port[0] = 21
[  123.427308][ T8479] chnl_net:caif_netlink_parms(): no params data found
[  123.463945][ T8479] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.471252][ T8479] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.478598][ T8479] device bridge_slave_0 entered promiscuous mode
[  123.486824][ T8479] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.494614][ T8479] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.507638][ T8479] device bridge_slave_1 entered promiscuous mode
[  123.541844][ T8479] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  123.552538][ T8479] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  123.552635][ T8481] IPVS: ftp: loaded support on port[0] = 21
[  123.569617][ T8479] team0: Port device team_slave_0 added
[  123.576415][ T8479] team0: Port device team_slave_1 added
[  123.591569][ T8479] batman_adv: batadv0: Adding interface: batadv_slave_0
[  123.598528][ T8479] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.624582][ T8479] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  123.646910][ T8479] batman_adv: batadv0: Adding interface: batadv_slave_1
[  123.655351][ T8479] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.700209][ T8479] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  123.722938][ T8483] IPVS: ftp: loaded support on port[0] = 21
[  123.745667][ T8479] device hsr_slave_0 entered promiscuous mode
[  123.752116][ T8479] device hsr_slave_1 entered promiscuous mode
[  123.801104][ T8481] chnl_net:caif_netlink_parms(): no params data found
[  123.880012][ T8485] IPVS: ftp: loaded support on port[0] = 21
[  123.932036][ T8481] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.942485][ T8481] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.950761][ T8481] device bridge_slave_0 entered promiscuous mode
[  123.965562][ T8479] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  123.974163][ T8479] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  123.987237][ T8483] chnl_net:caif_netlink_parms(): no params data found
[  123.996823][ T8481] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.004024][ T8481] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.011555][ T8481] device bridge_slave_1 entered promiscuous mode
[  124.020385][ T8479] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  124.043777][ T8481] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  124.089514][ T8479] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  124.115559][ T8481] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  124.132038][ T8485] chnl_net:caif_netlink_parms(): no params data found
[  124.151854][ T8487] IPVS: ftp: loaded support on port[0] = 21
[  124.162121][ T8481] team0: Port device team_slave_0 added
[  124.172510][ T8483] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.182121][ T8483] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.190086][ T8483] device bridge_slave_0 entered promiscuous mode
[  124.200179][ T8481] team0: Port device team_slave_1 added
[  124.214850][ T8479] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.221883][ T8479] bridge0: port 2(bridge_slave_1) entered forwarding state
[  124.229192][ T8479] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.236204][ T8479] bridge0: port 1(bridge_slave_0) entered forwarding state
[  124.249634][ T8489] ==================================================================
[  124.257711][ T8489] BUG: KCSAN: data-race in __hci_req_sync / hci_req_sync_complete
[  124.265489][ T8489] 
[  124.267797][ T8489] write to 0xffff8880216f4a70 of 4 bytes by task 2037 on cpu 0:
[  124.275405][ T8489]  hci_req_sync_complete+0x5c/0x110
[  124.280602][ T8489]  hci_event_packet+0x3ab1/0xfed0
[  124.285611][ T8489]  hci_rx_work+0x324/0x480
[  124.290015][ T8489]  process_one_work+0x3e1/0x950
[  124.291764][ T8485] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.294858][ T8489]  worker_thread+0x635/0xb90
[  124.301890][ T8485] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.306442][ T8489]  kthread+0x1fa/0x220
[  124.316211][ T8485] device bridge_slave_0 entered promiscuous mode
[  124.317477][ T8489]  ret_from_fork+0x1f/0x30
[  124.325751][ T8485] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.328158][ T8489] 
[  124.335682][ T8485] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.337464][ T8489] read to 0xffff8880216f4a70 of 4 bytes by task 8489 on cpu 1:
[  124.345345][ T8485] device bridge_slave_1 entered promiscuous mode
[  124.351969][ T8489]  __hci_req_sync+0x159/0x420
[  124.351979][ T8489]  hci_req_sync+0x71/0x90
[  124.351988][ T8489]  hci_dev_cmd+0x244/0x590
[  124.351998][ T8489]  hci_sock_ioctl+0x2e3/0x630
[  124.352008][ T8489]  sock_do_ioctl+0x4d/0x210
[  124.352025][ T8489]  sock_ioctl+0x36e/0x5b0
[  124.369269][ T8485] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  124.371692][ T8489]  __se_sys_ioctl+0xcb/0x140
[  124.377926][ T8485] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  124.380809][ T8489]  __x64_sys_ioctl+0x3f/0x50
[  124.380821][ T8489]  do_syscall_64+0x39/0x80
[  124.380832][ T8489]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  124.380834][ T8489] 
[  124.380837][ T8489] Reported by Kernel Concurrency Sanitizer on:
[  124.380850][ T8489] CPU: 1 PID: 8489 Comm: syz-executor.5 Not tainted 5.10.0-rc3-syzkaller #0
[  124.380864][ T8489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  124.397846][ T8485] team0: Port device team_slave_0 added
[  124.398729][ T8489] ==================================================================
[  124.409851][ T8485] team0: Port device team_slave_1 added
[  124.412330][ T8489] Kernel panic - not syncing: panic_on_warn set ...
[  124.434673][ T8485] batman_adv: batadv0: Adding interface: batadv_slave_0
[  124.439665][ T8489] CPU: 1 PID: 8489 Comm: syz-executor.5 Not tainted 5.10.0-rc3-syzkaller #0
[  124.439672][ T8489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  124.439676][ T8489] Call Trace:
[  124.439693][ T8489]  dump_stack+0x116/0x15d
[  124.439713][ T8489]  panic+0x1e7/0x5fa
[  124.451180][ T8485] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  124.455283][ T8489]  ? vprintk_emit+0x2f2/0x370
[  124.465291][ T8485] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  124.468878][ T8489]  kcsan_report+0x67b/0x680
[  124.468893][ T8489]  ? kcsan_setup_watchpoint+0x46a/0x4d0
[  124.468904][ T8489]  ? __hci_req_sync+0x159/0x420
[  124.468922][ T8489]  ? hci_req_sync+0x71/0x90
[  124.478594][ T8485] batman_adv: batadv0: Adding interface: batadv_slave_1
[  124.482398][ T8489]  ? hci_dev_cmd+0x244/0x590
[  124.482410][ T8489]  ? hci_sock_ioctl+0x2e3/0x630
[  124.482420][ T8489]  ? sock_do_ioctl+0x4d/0x210
[  124.482429][ T8489]  ? sock_ioctl+0x36e/0x5b0
[  124.482441][ T8489]  ? __se_sys_ioctl+0xcb/0x140
[  124.482462][ T8489]  ? __x64_sys_ioctl+0x3f/0x50
[  124.494239][ T8485] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  124.502887][ T8489]  ? do_syscall_64+0x39/0x80
[  124.502900][ T8489]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  124.502923][ T8489]  ? __queue_work+0x7ca/0xa90
[  124.507716][ T8485] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  124.510511][ T8489]  kcsan_setup_watchpoint+0x46a/0x4d0
[  124.510525][ T8489]  __hci_req_sync+0x159/0x420
[  124.510536][ T8489]  ? init_wait_entry+0x30/0x30
[  124.510546][ T8489]  ? hci_encrypt_req+0x70/0x70
[  124.510555][ T8489]  hci_req_sync+0x71/0x90
[  124.510565][ T8489]  hci_dev_cmd+0x244/0x590
[  124.510576][ T8489]  hci_sock_ioctl+0x2e3/0x630
[  124.510589][ T8489]  sock_do_ioctl+0x4d/0x210
[  124.510601][ T8489]  ? emulate_vsyscall+0x5a4/0xd60
[  124.510618][ T8489]  ? __rcu_read_unlock+0x51/0x220
[  124.708346][ T8489]  ? sock_poll+0x1a0/0x1a0
[  124.712743][ T8489]  sock_ioctl+0x36e/0x5b0
[  124.717049][ T8489]  ? tomoyo_file_ioctl+0x1c/0x20
[  124.721974][ T8489]  ? sock_poll+0x1a0/0x1a0
[  124.726361][ T8489]  __se_sys_ioctl+0xcb/0x140
[  124.730922][ T8489]  __x64_sys_ioctl+0x3f/0x50
[  124.735491][ T8489]  do_syscall_64+0x39/0x80
[  124.739881][ T8489]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  124.745742][ T8489] RIP: 0033:0x45dd27
[  124.749608][ T8489] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  124.769182][ T8489] RSP: 002b:00007fff21e792c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  124.777563][ T8489] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045dd27
[  124.785504][ T8489] RDX: 00007fff21e792e0 RSI: 00000000400448dd RDI: 0000000000000003
[  124.793459][ T8489] RBP: 00007fff21e792e0 R08: 0000000000000000 R09: 00007f5d4a213700
[  124.801400][ T8489] R10: 00007f5d4a2139d0 R11: 0000000000000246 R12: 00000000030ce914
[  124.809357][ T8489] R13: 00007fff21e79608 R14: 0000000000000000 R15: 0000000000000000
[  124.817724][ T8489] Kernel Offset: disabled
[  124.822032][ T8489] Rebooting in 86400 seconds..