[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.150' (ECDSA) to the list of known hosts. 2020/10/02 12:45:27 fuzzer started 2020/10/02 12:45:28 dialing manager at 10.128.0.105:46285 2020/10/02 12:45:28 syscalls: 3430 2020/10/02 12:45:28 code coverage: enabled 2020/10/02 12:45:28 comparison tracing: enabled 2020/10/02 12:45:28 extra coverage: enabled 2020/10/02 12:45:28 setuid sandbox: enabled 2020/10/02 12:45:28 namespace sandbox: enabled 2020/10/02 12:45:28 Android sandbox: /sys/fs/selinux/policy does not exist 2020/10/02 12:45:28 fault injection: enabled 2020/10/02 12:45:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/10/02 12:45:28 net packet injection: enabled 2020/10/02 12:45:28 net device setup: enabled 2020/10/02 12:45:28 concurrency sanitizer: enabled 2020/10/02 12:45:28 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/10/02 12:45:28 USB emulation: enabled 2020/10/02 12:45:28 hci packet injection: enabled 2020/10/02 12:45:28 wifi device emulation: enabled 2020/10/02 12:45:30 suppressing KCSAN reports in functions: 'do_nanosleep' 'blk_mq_rq_ctx_init' 'find_get_pages_range_tag' 'do_signal_stop' 'do_select' 'shmem_mknod' '__ext4_new_inode' '__xa_clear_mark' 'ext4_free_inode' 'futex_wait_queue_me' 'do_sys_poll' 'wbt_done' 'generic_file_buffered_read' 'complete_signal' 'expire_timers' 'snd_rawmidi_kernel_write1' 'blk_mq_sched_dispatch_requests' 'ext4_writepages' 'generic_write_end' 12:45:41 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x200, 0x24) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xd}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 12:45:41 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS(r0, 0x541b, 0x0) 12:45:41 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)={0xb, 0x6, 0x209e20, 0x2, 0x1}, 0x40) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r0}, 0x20) 12:45:41 executing program 3: r0 = socket(0x10, 0x80002, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5}, @IFLA_BR_MCAST_SNOOPING={0x5}]}}}]}, 0x44}}, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924924924923aa, 0x0) 12:45:41 executing program 4: openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x200200, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$RTC_EPOCH_SET(r0, 0x40044160, 0x3) 12:45:41 executing program 5: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, 0x0, 0x15) r2 = socket$xdp(0x2c, 0x3, 0x0) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) syzkaller login: [ 49.248781][ T8716] IPVS: ftp: loaded support on port[0] = 21 [ 49.299864][ T8716] chnl_net:caif_netlink_parms(): no params data found [ 49.330781][ T8716] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.338273][ T8716] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.346043][ T8716] device bridge_slave_0 entered promiscuous mode [ 49.353830][ T8716] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.361099][ T8716] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.368592][ T8716] device bridge_slave_1 entered promiscuous mode [ 49.383726][ T8716] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 49.425026][ T8716] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.445647][ T8716] team0: Port device team_slave_0 added [ 49.447938][ T8718] IPVS: ftp: loaded support on port[0] = 21 [ 49.454388][ T8716] team0: Port device team_slave_1 added [ 49.486358][ T8716] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 49.493458][ T8716] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.520647][ T8716] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 49.547722][ T8720] IPVS: ftp: loaded support on port[0] = 21 [ 49.554837][ T8716] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 49.562761][ T8716] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.589307][ T8716] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 49.614822][ T8716] device hsr_slave_0 entered promiscuous mode [ 49.621772][ T8716] device hsr_slave_1 entered promiscuous mode [ 49.708753][ T8718] chnl_net:caif_netlink_parms(): no params data found [ 49.770366][ T8722] IPVS: ftp: loaded support on port[0] = 21 [ 49.796661][ T8720] chnl_net:caif_netlink_parms(): no params data found [ 49.805442][ T8716] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 49.826391][ T8716] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 49.838576][ T8716] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 49.851482][ T8716] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 49.916650][ T8718] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.923722][ T8718] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.953092][ T8718] device bridge_slave_0 entered promiscuous mode [ 49.987703][ T8724] IPVS: ftp: loaded support on port[0] = 21 [ 50.005742][ T8718] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.012822][ T8718] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.023000][ T8726] IPVS: ftp: loaded support on port[0] = 21 [ 50.032271][ T8718] device bridge_slave_1 entered promiscuous mode [ 50.074863][ T8718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.087144][ T8718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.117834][ T8720] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.124938][ T8720] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.133126][ T8720] device bridge_slave_0 entered promiscuous mode [ 50.140898][ T8718] team0: Port device team_slave_0 added [ 50.149307][ T8718] team0: Port device team_slave_1 added [ 50.163146][ T8718] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 50.171256][ T8718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 50.198250][ T8718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 50.211609][ T8716] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.218743][ T8716] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.227223][ T8716] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.234289][ T8716] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.242626][ T8720] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.250578][ T8720] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.258585][ T8720] device bridge_slave_1 entered promiscuous mode [ 50.276585][ T8718] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 50.283707][ T8718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 50.309981][ T8718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 50.366340][ T8718] device hsr_slave_0 entered promiscuous mode [ 50.373326][ T8718] device hsr_slave_1 entered promiscuous mode [ 50.380675][ T8718] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 50.388574][ T8718] Cannot create hsr debugfs directory [ 50.402869][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.410837][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.422300][ T8720] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.433138][ T8720] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.461363][ T8722] chnl_net:caif_netlink_parms(): no params data found [ 50.480203][ T8724] chnl_net:caif_netlink_parms(): no params data found [ 50.512784][ T8720] team0: Port device team_slave_0 added [ 50.545164][ T8720] team0: Port device team_slave_1 added [ 50.563909][ T8720] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 50.571722][ T8720] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 50.598402][ T8720] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 50.610609][ T8720] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 50.618008][ T8720] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 50.645032][ T8720] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 50.666843][ T8726] chnl_net:caif_netlink_parms(): no params data found [ 50.679842][ T8722] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.686970][ T8722] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.694523][ T8722] device bridge_slave_0 entered promiscuous mode [ 50.704040][ T8722] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.711854][ T8722] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.719825][ T8722] device bridge_slave_1 entered promiscuous mode [ 50.761521][ T8722] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.779921][ T8718] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 50.794534][ T8720] device hsr_slave_0 entered promiscuous mode [ 50.805408][ T8720] device hsr_slave_1 entered promiscuous mode [ 50.811793][ T8720] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 50.820106][ T8720] Cannot create hsr debugfs directory [ 50.826901][ T8722] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.839513][ T8724] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.847049][ T8724] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.854653][ T8724] device bridge_slave_0 entered promiscuous mode [ 50.862383][ T8718] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 50.886098][ T8724] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.893222][ T8724] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.900989][ T8724] device bridge_slave_1 entered promiscuous mode [ 50.908224][ T8718] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 50.918583][ T8718] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 50.938160][ T8722] team0: Port device team_slave_0 added [ 50.948088][ T8722] team0: Port device team_slave_1 added [ 50.971137][ T8724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.981585][ T8726] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.990243][ T8726] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.998096][ T8726] device bridge_slave_0 entered promiscuous mode [ 51.008303][ T8726] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.015400][ T8726] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.015494][ T8334] ================================================================== [ 51.023027][ T8726] device bridge_slave_1 entered promiscuous mode [ 51.030533][ T8334] BUG: KCSAN: data-race in do_syslog / log_store [ 51.030536][ T8334] [ 51.030547][ T8334] write to 0xffffffff89513200 of 8 bytes by task 8726 on cpu 1: [ 51.030607][ T8334] log_store+0x7a2/0x7d0 [ 51.057505][ T8334] vprintk_store+0x5ba/0x700 [ 51.062109][ T8334] vprintk_emit+0x114/0x4f0 [ 51.066686][ T8334] vprintk_default+0x24/0x30 [ 51.071260][ T8334] vprintk_func+0x13d/0x140 [ 51.075772][ T8334] printk+0x62/0x82 [ 51.079835][ T8334] br_set_state+0x159/0x290 [ 51.084373][ T8334] br_add_if+0x5cc/0xff0 [ 51.088623][ T8334] br_add_slave+0x28/0x30 [ 51.092956][ T8334] do_setlink+0x86d/0x2220 [ 51.097355][ T8334] rtnl_newlink+0xe62/0x1340 [ 51.101935][ T8334] rtnetlink_rcv_msg+0x71b/0x7b0 [ 51.110618][ T8334] netlink_rcv_skb+0x13e/0x240 [ 51.115366][ T8334] rtnetlink_rcv+0x18/0x20 [ 51.119787][ T8334] netlink_unicast+0x5e2/0x6b0 [ 51.124534][ T8334] netlink_sendmsg+0x6d8/0x7a0 [ 51.129291][ T8334] __sys_sendto+0x2ae/0x380 [ 51.133796][ T8334] __x64_sys_sendto+0x74/0x90 [ 51.138545][ T8334] do_syscall_64+0x39/0x80 [ 51.142945][ T8334] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 51.148813][ T8334] [ 51.151142][ T8334] read to 0xffffffff89513200 of 8 bytes by task 8334 on cpu 0: [ 51.158673][ T8334] do_syslog+0x344/0x1480 [ 51.163074][ T8334] kmsg_read+0x7a/0xa0 [ 51.167140][ T8334] proc_reg_read+0xde/0x1a0 [ 51.171625][ T8334] vfs_read+0x16d/0x5e0 [ 51.175766][ T8334] ksys_read+0xce/0x180 [ 51.180030][ T8334] __x64_sys_read+0x3e/0x50 [ 51.184537][ T8334] do_syscall_64+0x39/0x80 [ 51.189080][ T8334] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 51.195042][ T8334] [ 51.197460][ T8334] Reported by Kernel Concurrency Sanitizer on: [ 51.203624][ T8334] CPU: 0 PID: 8334 Comm: in:imklog Not tainted 5.9.0-rc7-syzkaller #0 [ 51.211753][ T8334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.221848][ T8334] ================================================================== [ 51.229997][ T8334] Kernel panic - not syncing: panic_on_warn set ... [ 51.236574][ T8334] CPU: 0 PID: 8334 Comm: in:imklog Not tainted 5.9.0-rc7-syzkaller #0 [ 51.244720][ T8334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.254762][ T8334] Call Trace: [ 51.258061][ T8334] dump_stack+0x10f/0x19d [ 51.262372][ T8334] panic+0x207/0x64a [ 51.266259][ T8334] ? vprintk_emit+0x44a/0x4f0 [ 51.271023][ T8334] kcsan_report+0x684/0x690 [ 51.275513][ T8334] ? kcsan_setup_watchpoint+0x41e/0x4a0 [ 51.281312][ T8334] ? do_syslog+0x344/0x1480 [ 51.285823][ T8334] ? kmsg_read+0x7a/0xa0 [ 51.290540][ T8334] ? proc_reg_read+0xde/0x1a0 [ 51.295307][ T8334] ? vfs_read+0x16d/0x5e0 [ 51.299647][ T8334] ? ksys_read+0xce/0x180 [ 51.303979][ T8334] ? __x64_sys_read+0x3e/0x50 [ 51.308670][ T8334] ? do_syscall_64+0x39/0x80 [ 51.313274][ T8334] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 51.319336][ T8334] ? try_to_wake_up+0x2d0/0x4a0 [ 51.324178][ T8334] kcsan_setup_watchpoint+0x41e/0x4a0 [ 51.329540][ T8334] do_syslog+0x344/0x1480 [ 51.333924][ T8334] ? init_wait_entry+0x30/0x30 [ 51.338702][ T8334] kmsg_read+0x7a/0xa0 [ 51.342849][ T8334] ? kmsg_open+0x20/0x20 [ 51.347327][ T8334] proc_reg_read+0xde/0x1a0 [ 51.351871][ T8334] ? vfs_read+0x15d/0x5e0 [ 51.356301][ T8334] ? proc_reg_llseek+0x180/0x180 [ 51.361250][ T8334] vfs_read+0x16d/0x5e0 [ 51.365411][ T8334] ? __rcu_read_unlock+0x4b/0x260 [ 51.370451][ T8334] ? __fget_light+0x219/0x260 [ 51.375130][ T8334] ksys_read+0xce/0x180 [ 51.379267][ T8334] __x64_sys_read+0x3e/0x50 [ 51.383760][ T8334] do_syscall_64+0x39/0x80 [ 51.388166][ T8334] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 51.394038][ T8334] RIP: 0033:0x7f2f775ac22d [ 51.398439][ T8334] Code: c1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 4e fc ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 97 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 51.418245][ T8334] RSP: 002b:00007f2f74f48580 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 51.426638][ T8334] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2f775ac22d [ 51.434787][ T8334] RDX: 0000000000001fa0 RSI: 00007f2f74f48da0 RDI: 0000000000000004 [ 51.442952][ T8334] RBP: 0000558ab43839d0 R08: 0000000000000000 R09: 0000000000000000 [ 51.450906][ T8334] R10: 2ce33e6c02ce33e7 R11: 0000000000000293 R12: 00007f2f74f48da0 [ 51.458870][ T8334] R13: 0000000000001fa0 R14: 0000000000001f9f R15: 00007f2f74f48e3a [ 51.467943][ T8334] Kernel Offset: disabled [ 51.472392][ T8334] Rebooting in 86400 seconds..