[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts. 2020/04/22 16:44:36 fuzzer started 2020/04/22 16:44:38 dialing manager at 10.128.0.105:45959 2020/04/22 16:44:38 syscalls: 2960 2020/04/22 16:44:38 code coverage: enabled 2020/04/22 16:44:38 comparison tracing: enabled 2020/04/22 16:44:38 extra coverage: enabled 2020/04/22 16:44:38 setuid sandbox: enabled 2020/04/22 16:44:38 namespace sandbox: enabled 2020/04/22 16:44:38 Android sandbox: /sys/fs/selinux/policy does not exist 2020/04/22 16:44:38 fault injection: enabled 2020/04/22 16:44:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/04/22 16:44:38 net packet injection: enabled 2020/04/22 16:44:38 net device setup: enabled 2020/04/22 16:44:38 concurrency sanitizer: enabled 2020/04/22 16:44:38 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/04/22 16:44:38 USB emulation: /dev/raw-gadget does not exist syzkaller login: [ 47.594233][ T6723] KCSAN: could not find function: 'poll_schedule_timeout' [ 50.373083][ T6723] KCSAN: could not find function: '_find_next_bit' 2020/04/22 16:44:44 adding functions to KCSAN blacklist: 'echo_char' 'do_nanosleep' 'io_sq_thread' 'do_exit' '__perf_event_overflow' 'ext4_mark_iloc_dirty' '__bpf_lru_node_move_in' '__mark_inode_dirty' 'mod_timer' 'blk_mq_sched_dispatch_requests' 'poll_schedule_timeout' 'ext4_writepages' 'run_timer_softirq' '__tty_hangup' '__writeback_single_inode' 'unix_release_sock' '__delete_from_page_cache' 'tick_nohz_next_event' 'do_signal_stop' 'tick_sched_do_timer' 'wbt_issue' 'ktime_get_seconds' 'ep_poll' 'dd_has_work' 'find_get_pages_range_tag' '__snd_rawmidi_transmit_ack' 'do_syslog' '__filemap_fdatawrite_range' 'generic_fillattr' 'pcpu_alloc' 'kauditd_thread' 'blk_mq_dispatch_rq_list' 'generic_write_end' '__ext4_new_inode' 'ext4_free_inodes_count' '_find_next_bit' 'page_counter_charge' 'copy_process' 'blk_mq_get_request' 'ktime_get_real_seconds' 'atime_needs_update' 'n_tty_receive_buf_common' 'audit_log_start' 'xas_clear_mark' 'get_cpu_idle_time_us' 'tick_nohz_idle_stop_tick' 'add_timer' 'filemap_map_pages' 'snd_seq_check_queue' '__add_to_page_cache_locked' 'lruvec_lru_size' 'wbt_done' 'ext4_set_iomap' 16:48:25 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) shmctl$SHM_UNLOCK(0x0, 0xc) [ 273.159692][ T6726] IPVS: ftp: loaded support on port[0] = 21 16:48:26 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r0, 0x0, 0x420000a7a, 0x0) write$binfmt_elf64(r3, &(0x7f0000000000)=ANY=[], 0xfffffd88) ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f0000000000)) fcntl$setstatus(r2, 0x407, 0x0) close(r1) [ 273.256768][ T6726] chnl_net:caif_netlink_parms(): no params data found [ 273.409425][ T6726] bridge0: port 1(bridge_slave_0) entered blocking state [ 273.423073][ T6726] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.440527][ T6726] device bridge_slave_0 entered promiscuous mode [ 273.455116][ T6850] IPVS: ftp: loaded support on port[0] = 21 [ 273.464515][ T6726] bridge0: port 2(bridge_slave_1) entered blocking state [ 273.471691][ T6726] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.482374][ T6726] device bridge_slave_1 entered promiscuous mode 16:48:26 executing program 2: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x8000}, 0x4) r3 = socket$inet_udp(0x2, 0x2, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) bind$inet(r3, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r3, 0x0, 0x30009, 0x0) fsetxattr$trusted_overlay_opaque(r4, 0x0, 0x0, 0x0, 0x0) [ 273.512736][ T6726] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 273.535584][ T6726] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 273.589149][ T6726] team0: Port device team_slave_0 added [ 273.604802][ T6726] team0: Port device team_slave_1 added [ 273.645403][ T6850] chnl_net:caif_netlink_parms(): no params data found [ 273.689354][ T6965] IPVS: ftp: loaded support on port[0] = 21 [ 273.695692][ T6726] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 273.702808][ T6726] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 273.731793][ T6726] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 273.746039][ T6726] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 273.753790][ T6726] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 273.780340][ T6726] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 16:48:26 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write(r0, &(0x7f0000000340)="2021eafb7019811cb5e9df8cee3371d8bbcdd6ce0d425cfb4f40ba1a0e0d4f893470b337c2e70a55957f17128c05042a6f7ef36ad77e34647c1a658fd6de3be3d0491cfe98d7a471113a04104320d4c0dfb9c9046c9a9f67c06eb7486aa7e47261d15c1b0b545e7d6d790ddec2ea885a562ff8fe39ec291104aef49ac1180c4ead537c0bb660752efcf9b3dfe97cf9402d396131678c36e9ec6ea7667dd86c43ccbdd35df52d945b19f4edc7015964889cc99d4c24232d815f9c3dc304a97884ea7d77eb35f137c0d382afc099242e6d66db5f2182d519eedb9ee5d8faa260442d566c635c2234c0a383e2499371754a09fe60667972aff68ee7dc07dae9171f50dfe6c54cd8648a5de6c3323e6d19596d8cde0b62f22273cc7e783a14c19b0765", 0x121) [ 273.875033][ T6726] device hsr_slave_0 entered promiscuous mode [ 273.903111][ T6726] device hsr_slave_1 entered promiscuous mode [ 274.005415][ T6850] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.012561][ T6850] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.020575][ T6850] device bridge_slave_0 entered promiscuous mode [ 274.056344][ T6850] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.063508][ T6850] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.071192][ T6850] device bridge_slave_1 entered promiscuous mode [ 274.090582][ T7032] IPVS: ftp: loaded support on port[0] = 21 [ 274.160333][ T6850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 274.200746][ T6965] chnl_net:caif_netlink_parms(): no params data found [ 274.211461][ T6850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 16:48:27 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket(0x11, 0x4, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) symlink(0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) dup3(r2, r3, 0x0) dup2(r1, r4) [ 274.287462][ T6726] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 274.365868][ T6726] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 274.426180][ T6850] team0: Port device team_slave_0 added [ 274.441321][ T6726] netdevsim netdevsim0 netdevsim2: renamed from eth2 16:48:27 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x4000000028, 0x0, 0x0, 0xfffff018}, {0x80000006}]}, 0x10) [ 274.476923][ T6726] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 274.547822][ T6850] team0: Port device team_slave_1 added [ 274.567840][ T7032] chnl_net:caif_netlink_parms(): no params data found [ 274.590322][ T6850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 274.599351][ T6850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 274.632878][ T6850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 274.655504][ T7246] IPVS: ftp: loaded support on port[0] = 21 [ 274.661865][ T6850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 274.670187][ T6850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 274.696516][ T6850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 274.714723][ T6965] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.721801][ T6965] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.730012][ T6965] device bridge_slave_0 entered promiscuous mode [ 274.738545][ T6965] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.742151][ T7299] IPVS: ftp: loaded support on port[0] = 21 [ 274.746228][ T6965] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.759528][ T6965] device bridge_slave_1 entered promiscuous mode [ 274.875098][ T6850] device hsr_slave_0 entered promiscuous mode [ 274.923095][ T6850] device hsr_slave_1 entered promiscuous mode [ 274.992832][ T6850] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 275.000428][ T6850] Cannot create hsr debugfs directory [ 275.030807][ T6965] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 275.064427][ T7032] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.071545][ T7032] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.079494][ T7032] device bridge_slave_0 entered promiscuous mode [ 275.088009][ T7032] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.095483][ T7032] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.103503][ T7032] device bridge_slave_1 entered promiscuous mode [ 275.113637][ T6965] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 275.185737][ T6965] team0: Port device team_slave_0 added [ 275.192833][ T7032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 275.226291][ T6965] team0: Port device team_slave_1 added [ 275.231983][ T6850] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 275.255337][ T6850] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 275.313028][ T7032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 275.340037][ T6965] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 275.347208][ T6965] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.373624][ T6965] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 275.389817][ T6850] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 275.429597][ T6850] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 275.485514][ T7032] team0: Port device team_slave_0 added [ 275.498535][ T6965] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 275.505658][ T6965] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.532889][ T6965] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 275.550187][ T7246] chnl_net:caif_netlink_parms(): no params data found [ 275.560743][ T7032] team0: Port device team_slave_1 added [ 275.570082][ T6726] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.598568][ T7299] chnl_net:caif_netlink_parms(): no params data found [ 275.627768][ T7032] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 275.635821][ T7032] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.664623][ T7032] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 275.677670][ T7032] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 275.686325][ T7032] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.714121][ T7032] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 275.740062][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 275.751232][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 275.762002][ T6726] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.775870][ T7664] ================================================================== [ 275.783991][ T7664] BUG: KCSAN: data-race in vm_area_dup / vma_interval_tree_insert [ 275.791789][ T7664] [ 275.794100][ T7664] write to 0xffff8881262a9060 of 8 bytes by task 7663 on cpu 1: [ 275.801737][ T7664] vma_interval_tree_insert+0x15d/0x220 [ 275.807262][ T7664] __vma_link_file+0xca/0xf0 [ 275.811830][ T7664] __vma_adjust+0x1ab/0x1190 [ 275.816419][ T7664] __split_vma+0x1fe/0x340 [ 275.820812][ T7664] split_vma+0x69/0x90 [ 275.824872][ T7664] mprotect_fixup+0x45d/0x530 [ 275.829542][ T7664] do_mprotect_pkey+0x3da/0x640 [ 275.834372][ T7664] __x64_sys_mprotect+0x4d/0x60 [ 275.839204][ T7664] do_syscall_64+0xc7/0x3b0 [ 275.843706][ T7664] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 275.849583][ T7664] [ 275.851889][ T7664] read to 0xffff8881262a9000 of 200 bytes by task 7664 on cpu 0: [ 275.859600][ T7664] vm_area_dup+0x71/0x110 [ 275.863935][ T7664] __split_vma+0x83/0x340 [ 275.868264][ T7664] __do_munmap+0xabb/0xb20 [ 275.872668][ T7664] mmap_region+0x16b/0xdd0 [ 275.877187][ T7664] do_mmap+0x717/0xc20 [ 275.881282][ T7664] vm_mmap_pgoff+0x12f/0x190 [ 275.885853][ T7664] ksys_mmap_pgoff+0x2db/0x420 [ 275.890598][ T7664] do_syscall_64+0xc7/0x3b0 [ 275.895106][ T7664] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 275.900967][ T7664] [ 275.903270][ T7664] Reported by Kernel Concurrency Sanitizer on: [ 275.909421][ T7664] CPU: 0 PID: 7664 Comm: modprobe Not tainted 5.7.0-rc1-syzkaller #0 [ 275.917456][ T7664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 275.927489][ T7664] ================================================================== [ 275.935540][ T7664] Kernel panic - not syncing: panic_on_warn set ... [ 275.942204][ T7664] CPU: 0 PID: 7664 Comm: modprobe Not tainted 5.7.0-rc1-syzkaller #0 [ 275.950273][ T7664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 275.960327][ T7664] Call Trace: [ 275.963621][ T7664] dump_stack+0x11d/0x187 [ 275.967931][ T7664] panic+0x210/0x640 [ 275.971830][ T7664] ? vprintk_func+0x89/0x13a [ 275.976485][ T7664] kcsan_report.cold+0xc/0x1a [ 275.981179][ T7664] kcsan_setup_watchpoint+0x3fb/0x440 [ 275.986666][ T7664] vm_area_dup+0x71/0x110 [ 275.990981][ T7664] __split_vma+0x83/0x340 [ 275.995376][ T7664] __do_munmap+0xabb/0xb20 [ 276.000048][ T7664] ? may_expand_vm+0xdb/0x350 [ 276.004865][ T7664] mmap_region+0x16b/0xdd0 [ 276.009380][ T7664] ? get_unmapped_area+0x1ff/0x2a0 [ 276.014481][ T7664] do_mmap+0x717/0xc20 [ 276.018557][ T7664] ? security_mmap_file+0x178/0x190 [ 276.023760][ T7664] vm_mmap_pgoff+0x12f/0x190 [ 276.028336][ T7664] ksys_mmap_pgoff+0x2db/0x420 [ 276.033194][ T7664] ? debug_smp_processor_id+0x3f/0x129 [ 276.038956][ T7664] do_syscall_64+0xc7/0x3b0 [ 276.043452][ T7664] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 276.049345][ T7664] RIP: 0033:0x7f1cd861d30a [ 276.053747][ T7664] Code: 89 f5 41 54 49 89 fc 55 53 74 35 49 63 e8 48 63 da 4d 89 f9 49 89 e8 4d 63 d6 48 89 da 4c 89 ee 4c 89 e7 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 4e 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 00 [ 276.073337][ T7664] RSP: 002b:00007ffcfbf43c18 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 276.081743][ T7664] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1cd861d30a [ 276.089867][ T7664] RDX: 0000000000000003 RSI: 0000000000006000 RDI: 00007f1cd85fa000 [ 276.097895][ T7664] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000195000 [ 276.106343][ T7664] R10: 0000000000000812 R11: 0000000000000206 R12: 00007f1cd85fa000 [ 276.114421][ T7664] R13: 0000000000006000 R14: 0000000000000812 R15: 0000000000195000 [ 276.124012][ T7664] Kernel Offset: disabled [ 276.128355][ T7664] Rebooting in 86400 seconds..