[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.249' (ECDSA) to the list of known hosts. 2020/09/26 11:07:27 fuzzer started 2020/09/26 11:07:28 dialing manager at 10.128.0.105:43865 2020/09/26 11:07:28 syscalls: 3358 2020/09/26 11:07:28 code coverage: enabled 2020/09/26 11:07:28 comparison tracing: enabled 2020/09/26 11:07:28 extra coverage: enabled 2020/09/26 11:07:28 setuid sandbox: enabled 2020/09/26 11:07:28 namespace sandbox: enabled 2020/09/26 11:07:28 Android sandbox: /sys/fs/selinux/policy does not exist 2020/09/26 11:07:28 fault injection: enabled 2020/09/26 11:07:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/09/26 11:07:28 net packet injection: enabled 2020/09/26 11:07:28 net device setup: enabled 2020/09/26 11:07:28 concurrency sanitizer: enabled 2020/09/26 11:07:28 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/09/26 11:07:28 USB emulation: enabled 2020/09/26 11:07:28 hci packet injection: enabled 2020/09/26 11:07:28 wifi device emulation: enabled 2020/09/26 11:07:28 suppressing KCSAN reports in functions: 'exit_mm' 'wbt_done' 11:07:32 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x401, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585604, &(0x7f00000001c0)={0x1, 0x1}) 11:07:32 executing program 1: r0 = syz_io_uring_setup(0x87, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_WRITE_FIXED={0x5, 0x4, 0x0, @fd=r3}, 0x0) io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0) 11:07:32 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) mmap(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x0, 0x1b071, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000006000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0) 11:07:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010009b0600"/20, @ANYRES32=r3, @ANYBLOB="139b0000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mq={0x7, 0x1, 'mq\x00'}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x24, 0x2a, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0) 11:07:32 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$SNAPSHOT_ATOMIC_RESTORE(r0, 0x40049409) getpid() sigaltstack(&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000080)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvme-fabrics\x00', 0x121040, 0x0) openat$audio1(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio1\x00', 0x111000, 0x0) getpid() r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x20002, 0x0) write$vhost_msg_v2(r1, &(0x7f0000000040)={0x2, 0x0, {0x0, 0x0, 0x0}}, 0x20000088) 11:07:33 executing program 5: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) getresgid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)) syzkaller login: [ 37.955727][ T8715] IPVS: ftp: loaded support on port[0] = 21 [ 38.033940][ T8715] chnl_net:caif_netlink_parms(): no params data found [ 38.069414][ T8715] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.076452][ T8715] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.084269][ T8715] device bridge_slave_0 entered promiscuous mode [ 38.091944][ T8715] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.099000][ T8715] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.106293][ T8715] device bridge_slave_1 entered promiscuous mode [ 38.121928][ T8715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.156035][ T8715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.157417][ T8717] IPVS: ftp: loaded support on port[0] = 21 [ 38.172793][ T8715] team0: Port device team_slave_0 added [ 38.180507][ T8715] team0: Port device team_slave_1 added [ 38.196099][ T8715] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.203073][ T8715] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.229561][ T8715] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.242412][ T8715] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.260589][ T8715] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.295268][ T8715] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.322999][ T8715] device hsr_slave_0 entered promiscuous mode [ 38.329590][ T8715] device hsr_slave_1 entered promiscuous mode [ 38.346452][ T8719] IPVS: ftp: loaded support on port[0] = 21 [ 38.398705][ T8717] chnl_net:caif_netlink_parms(): no params data found [ 38.475673][ T8721] IPVS: ftp: loaded support on port[0] = 21 [ 38.482672][ T8719] chnl_net:caif_netlink_parms(): no params data found [ 38.525130][ T8717] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.533422][ T8717] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.541498][ T8717] device bridge_slave_0 entered promiscuous mode [ 38.564262][ T8717] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.578348][ T8723] ================================================================== [ 38.586422][ T8723] BUG: KCSAN: data-race in __hci_req_sync / hci_req_sync_complete [ 38.594189][ T8723] [ 38.596506][ T8723] write to 0xffff8880b7650a70 of 4 bytes by task 2339 on cpu 0: [ 38.604121][ T8723] hci_req_sync_complete+0x5c/0x110 [ 38.606416][ T8717] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.609300][ T8723] hci_event_packet+0xe6b9/0x10060 [ 38.609311][ T8723] hci_rx_work+0x344/0x4a0 [ 38.609323][ T8723] process_one_work+0x3e1/0x9a0 [ 38.609332][ T8723] worker_thread+0x665/0xbe0 [ 38.609413][ T8723] kthread+0x20d/0x230 [ 38.616914][ T8717] device bridge_slave_1 entered promiscuous mode [ 38.621491][ T8723] ret_from_fork+0x1f/0x30 [ 38.630858][ T8715] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.635265][ T8723] [ 38.659009][ T8723] read to 0xffff8880b7650a70 of 4 bytes by task 8723 on cpu 1: [ 38.666535][ T8723] __hci_req_sync+0xdc/0x420 [ 38.671108][ T8723] hci_req_sync+0x71/0x90 [ 38.675406][ T8723] hci_dev_cmd+0x244/0x590 [ 38.679791][ T8723] hci_sock_ioctl+0x2e4/0x630 [ 38.684448][ T8723] sock_do_ioctl+0x4d/0x210 [ 38.688918][ T8723] sock_ioctl+0x36b/0x5b0 [ 38.693215][ T8723] __se_sys_ioctl+0xcb/0x140 [ 38.697772][ T8723] __x64_sys_ioctl+0x3f/0x50 [ 38.702331][ T8723] do_syscall_64+0x39/0x80 [ 38.706716][ T8723] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 38.712585][ T8723] [ 38.714883][ T8723] Reported by Kernel Concurrency Sanitizer on: [ 38.721005][ T8723] CPU: 1 PID: 8723 Comm: syz-executor.4 Not tainted 5.9.0-rc6-syzkaller #0 [ 38.729564][ T8723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.739588][ T8723] ================================================================== [ 38.747614][ T8723] Kernel panic - not syncing: panic_on_warn set ... [ 38.754215][ T8723] CPU: 1 PID: 8723 Comm: syz-executor.4 Not tainted 5.9.0-rc6-syzkaller #0 [ 38.762767][ T8723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.772799][ T8723] Call Trace: [ 38.776065][ T8723] dump_stack+0x10f/0x19d [ 38.780366][ T8723] panic+0x207/0x64a [ 38.784233][ T8723] ? vprintk_emit+0x44a/0x4f0 [ 38.788881][ T8723] kcsan_report+0x684/0x690 [ 38.793355][ T8723] ? kcsan_setup_watchpoint+0x41e/0x4a0 [ 38.798878][ T8723] ? __hci_req_sync+0xdc/0x420 [ 38.803705][ T8723] ? hci_req_sync+0x71/0x90 [ 38.808176][ T8723] ? hci_dev_cmd+0x244/0x590 [ 38.812735][ T8723] ? hci_sock_ioctl+0x2e4/0x630 [ 38.817567][ T8723] ? sock_do_ioctl+0x4d/0x210 [ 38.822211][ T8723] ? sock_ioctl+0x36b/0x5b0 [ 38.826683][ T8723] ? __se_sys_ioctl+0xcb/0x140 [ 38.831421][ T8723] ? __x64_sys_ioctl+0x3f/0x50 [ 38.836152][ T8723] ? do_syscall_64+0x39/0x80 [ 38.840741][ T8723] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 38.846793][ T8723] kcsan_setup_watchpoint+0x41e/0x4a0 [ 38.852141][ T8723] ? hci_encrypt_req+0x70/0x70 [ 38.856880][ T8723] __hci_req_sync+0xdc/0x420 [ 38.861461][ T8723] ? __srcu_read_unlock+0x1f/0x40 [ 38.866459][ T8723] ? hci_encrypt_req+0x70/0x70 [ 38.871196][ T8723] hci_req_sync+0x71/0x90 [ 38.875539][ T8723] hci_dev_cmd+0x244/0x590 [ 38.879933][ T8723] hci_sock_ioctl+0x2e4/0x630 [ 38.884583][ T8723] sock_do_ioctl+0x4d/0x210 [ 38.889187][ T8723] ? name_to_dev_t+0x274/0x840 [ 38.893923][ T8723] ? sock_poll+0x1a0/0x1a0 [ 38.898312][ T8723] sock_ioctl+0x36b/0x5b0 [ 38.902632][ T8723] ? tomoyo_file_ioctl+0x1c/0x20 [ 38.907559][ T8723] ? sock_poll+0x1a0/0x1a0 [ 38.911945][ T8723] __se_sys_ioctl+0xcb/0x140 [ 38.916514][ T8723] __x64_sys_ioctl+0x3f/0x50 [ 38.921071][ T8723] do_syscall_64+0x39/0x80 [ 38.925471][ T8723] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 38.931327][ T8723] RIP: 0033:0x45dfe7 [ 38.935539][ T8723] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 38.955136][ T8723] RSP: 002b:00007ffee384dba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 38.963535][ T8723] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045dfe7 [ 38.971476][ T8723] RDX: 00007ffee384dbc0 RSI: 00000000400448dd RDI: 0000000000000003 [ 38.979416][ T8723] RBP: 00007ffee384dbc0 R08: 0000000000000000 R09: 00007f935d4ac700 [ 38.987356][ T8723] R10: 00007f935d4ac9d0 R11: 0000000000000246 R12: 000000000198b914 [ 38.995297][ T8723] R13: 00007ffee384dee8 R14: 0000000000000000 R15: 0000000000000000 [ 39.004527][ T8723] Kernel Offset: disabled [ 39.008938][ T8723] Rebooting in 86400 seconds..