[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.185' (ECDSA) to the list of known hosts. 2021/07/09 22:50:12 fuzzer started 2021/07/09 22:50:12 connecting to host at 10.128.0.169:41695 2021/07/09 22:50:12 checking machine... 2021/07/09 22:50:12 checking revisions... 2021/07/09 22:50:12 testing simple program... syzkaller login: [ 64.505465][ T8438] chnl_net:caif_netlink_parms(): no params data found [ 64.539853][ T8438] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.547784][ T8438] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.556512][ T8438] device bridge_slave_0 entered promiscuous mode [ 64.565134][ T8438] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.573079][ T8438] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.580903][ T8438] device bridge_slave_1 entered promiscuous mode [ 64.597251][ T8438] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.607976][ T8438] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.626263][ T8438] team0: Port device team_slave_0 added [ 64.633901][ T8438] team0: Port device team_slave_1 added [ 64.648848][ T8438] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.655880][ T8438] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.683579][ T8438] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.695655][ T8438] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.702957][ T8438] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.730401][ T8438] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.751681][ T8438] device hsr_slave_0 entered promiscuous mode [ 64.758810][ T8438] device hsr_slave_1 entered promiscuous mode [ 64.822777][ T8438] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.831270][ T8438] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.841380][ T8438] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.850898][ T8438] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.868649][ T8438] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.876343][ T8438] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.884608][ T8438] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.891991][ T8438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.920457][ T8438] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.931417][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.940796][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.949072][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.957804][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 64.968646][ T8438] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.978110][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.986960][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.994261][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.004546][ T8657] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.012938][ T8657] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.020159][ T8657] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.042615][ T8657] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.051096][ T8657] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.060620][ T8657] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.069149][ T8657] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.078274][ T8657] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.087067][ T8438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 65.101360][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.109473][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 65.120664][ T8438] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.137649][ T8657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.154711][ T8438] device veth0_vlan entered promiscuous mode [ 65.163829][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.172731][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.181006][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.192175][ T8438] device veth1_vlan entered promiscuous mode [ 65.203174][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 65.211030][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 65.227144][ T8438] device veth0_macvtap entered promiscuous mode [ 65.234956][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.244100][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.257425][ T8438] device veth1_macvtap entered promiscuous mode [ 65.274994][ T8438] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.283183][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.295248][ T8438] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.304751][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 65.316022][ T8438] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.325420][ T8438] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.334557][ T8438] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.343452][ T8438] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.383938][ T164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.397116][ T164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.424028][ T8657] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 65.432833][ T164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.440761][ T164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.452858][ T8657] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2021/07/09 22:50:14 building call list... [ 65.767384][ T164] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 67.263511][ T8435] BUG: sleeping function called from invalid context at mm/page_alloc.c:5179 [ 67.272473][ T8435] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 8435, name: syz-fuzzer [ 67.281908][ T8435] INFO: lockdep is turned off. [ 67.286669][ T8435] irq event stamp: 0 [ 67.290807][ T8435] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 67.297917][ T8435] hardirqs last disabled at (0): [] copy_process+0x1e1b/0x74c0 [ 67.307033][ T8435] softirqs last enabled at (0): [] copy_process+0x1e5c/0x74c0 [ 67.316148][ T8435] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 67.323255][ T8435] CPU: 1 PID: 8435 Comm: syz-fuzzer Tainted: G W 5.13.0-syzkaller #0 [ 67.332612][ T8435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.342653][ T8435] Call Trace: [ 67.345917][ T8435] dump_stack_lvl+0xcd/0x134 [ 67.350608][ T8435] ___might_sleep.cold+0x1f1/0x237 [ 67.355896][ T8435] prepare_alloc_pages+0x3da/0x580 [ 67.361007][ T8435] ? exit_to_user_mode_prepare+0x27e/0x290 [ 67.366806][ T8435] __alloc_pages+0x12f/0x500 [ 67.371535][ T8435] ? __alloc_pages_slowpath.constprop.0+0x21b0/0x21b0 [ 67.378295][ T8435] ? __unwind_start+0x51b/0x800 [ 67.383137][ T8435] ? __kernel_text_address+0x9/0x30 [ 67.388540][ T8435] alloc_pages+0x18c/0x2a0 [ 67.392996][ T8435] stack_depot_save+0x39d/0x4e0 [ 67.397831][ T8435] save_stack+0x15e/0x1e0 [ 67.402150][ T8435] ? register_early_stack+0xb0/0xb0 [ 67.407339][ T8435] ? lock_release+0x720/0x720 [ 67.412016][ T8435] ? __alloc_pages_bulk+0x8b9/0x1870 [ 67.417293][ T8435] ? __vmalloc_node_range+0x39d/0x960 [ 67.422657][ T8435] ? __vmalloc+0x69/0x80 [ 67.427180][ T8435] ? snd_dma_alloc_pages+0x433/0x590 [ 67.432453][ T8435] ? do_alloc_pages+0x9b/0x160 [ 67.437199][ T8435] ? snd_pcm_lib_malloc_pages+0x3f6/0x880 [ 67.442910][ T8435] ? snd_pcm_hw_params+0x1408/0x1990 [ 67.448400][ T8435] ? snd_pcm_kernel_ioctl+0xd1/0x240 [ 67.453681][ T8435] ? snd_pcm_oss_change_params_locked+0x1958/0x3990 [ 67.460517][ T8435] ? snd_pcm_oss_make_ready+0xe7/0x1b0 [ 67.465959][ T8435] ? snd_pcm_oss_sync+0x1de/0x800 [ 67.471058][ T8435] ? snd_pcm_oss_release+0x276/0x300 [ 67.476391][ T8435] ? __fput+0x288/0x920 [ 67.480643][ T8435] ? task_work_run+0xdd/0x1a0 [ 67.485320][ T8435] ? exit_to_user_mode_prepare+0x27e/0x290 [ 67.491137][ T8435] ? syscall_exit_to_user_mode+0x19/0x60 [ 67.496855][ T8435] ? preempt_count_add+0x74/0x140 [ 67.502270][ T8435] __set_page_owner+0x50/0x290 [ 67.507136][ T8435] ? post_alloc_hook+0x145/0x1e0 [ 67.512188][ T8435] __alloc_pages_bulk+0x8b9/0x1870 [ 67.517314][ T8435] ? __alloc_pages+0x500/0x500 [ 67.522063][ T8435] ? rwlock_bug.part.0+0x90/0x90 [ 67.527004][ T8435] ? trace_kmalloc_node+0x32/0xf0 [ 67.532011][ T8435] ? trace_kmalloc_node+0x32/0xf0 [ 67.537015][ T8435] __vmalloc_node_range+0x39d/0x960 [ 67.542196][ T8435] ? vfree_atomic+0xe0/0xe0 [ 67.546783][ T8435] ? lock_release+0x720/0x720 [ 67.551705][ T8435] ? lock_release+0x522/0x720 [ 67.556386][ T8435] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 67.562616][ T8435] ? snd_dma_alloc_pages+0x433/0x590 [ 67.567975][ T8435] __vmalloc+0x69/0x80 [ 67.572031][ T8435] ? snd_dma_alloc_pages+0x433/0x590 [ 67.577571][ T8435] snd_dma_alloc_pages+0x433/0x590 [ 67.582712][ T8435] do_alloc_pages+0x9b/0x160 [ 67.587292][ T8435] snd_pcm_lib_malloc_pages+0x3f6/0x880 [ 67.592821][ T8435] ? snd_pcm_hw_params+0x828/0x1990 [ 67.598037][ T8435] snd_pcm_hw_params+0x1408/0x1990 [ 67.603221][ T8435] ? snd_pcm_playback_open+0x130/0x130 [ 67.608665][ T8435] ? snd_pcm_hw_param_near.constprop.0+0x6ca/0x8f0 [ 67.615160][ T8435] ? snd_pcm_oss_disconnect_minor+0x370/0x370 [ 67.621220][ T8435] snd_pcm_kernel_ioctl+0xd1/0x240 [ 67.626323][ T8435] snd_pcm_oss_change_params_locked+0x1958/0x3990 [ 67.632813][ T8435] ? snd_pcm_plugin_append+0x190/0x190 [ 67.638262][ T8435] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 67.644311][ T8435] ? snd_pcm_oss_make_ready+0xc7/0x1b0 [ 67.649753][ T8435] ? locks_remove_posix+0x33b/0x5e0 [ 67.654974][ T8435] ? kmem_cache_free+0x27b/0x5a0 [ 67.659892][ T8435] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 67.666112][ T8435] ? __fsnotify_parent+0x488/0x9d0 [ 67.671204][ T8435] snd_pcm_oss_make_ready+0xe7/0x1b0 [ 67.676581][ T8435] snd_pcm_oss_sync+0x1de/0x800 [ 67.681446][ T8435] ? lock_release+0x522/0x720 [ 67.686115][ T8435] ? task_work_run+0xbc/0x1a0 [ 67.690961][ T8435] snd_pcm_oss_release+0x276/0x300 [ 67.696154][ T8435] __fput+0x288/0x920 [ 67.700122][ T8435] ? snd_pcm_oss_sync+0x800/0x800 [ 67.705126][ T8435] task_work_run+0xdd/0x1a0 [ 67.709618][ T8435] exit_to_user_mode_prepare+0x27e/0x290 [ 67.715229][ T8435] syscall_exit_to_user_mode+0x19/0x60 [ 67.720762][ T8435] do_syscall_64+0x42/0xb0 [ 67.725171][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 67.731049][ T8435] RIP: 0033:0x4af19b [ 67.734922][ T8435] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 67.754515][ T8435] RSP: 002b:000000c0000db430 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 67.762903][ T8435] RAX: 0000000000000000 RBX: 000000c00001e800 RCX: 00000000004af19b [ 67.770850][ T8435] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 67.778798][ T8435] RBP: 000000c0000db470 R08: 0000000000000001 R09: 0000000000000000 [ 67.786746][ T8435] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000013e [ 67.794782][ T8435] R13: 000000000000013d R14: 0000000000000200 R15: 000000c00045a000 [ 67.926712][ T8435] can: request_module (can-proto-0) failed. [ 67.937875][ T8435] can: request_module (can-proto-0) failed. [ 67.948542][ T8435] can: request_module (can-proto-0) failed.