[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.154' (ECDSA) to the list of known hosts. 2020/07/01 01:08:21 fuzzer started 2020/07/01 01:08:21 dialing manager at 10.128.0.105:42973 2020/07/01 01:08:23 syscalls: 3106 2020/07/01 01:08:23 code coverage: enabled 2020/07/01 01:08:23 comparison tracing: enabled 2020/07/01 01:08:23 extra coverage: enabled 2020/07/01 01:08:23 setuid sandbox: enabled 2020/07/01 01:08:23 namespace sandbox: enabled 2020/07/01 01:08:23 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/01 01:08:23 fault injection: enabled 2020/07/01 01:08:23 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/01 01:08:23 net packet injection: enabled 2020/07/01 01:08:23 net device setup: enabled 2020/07/01 01:08:23 concurrency sanitizer: enabled 2020/07/01 01:08:23 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/01 01:08:23 USB emulation: enabled 2020/07/01 01:08:24 suppressing KCSAN reports in functions: 'ext4_mb_good_group' '__mod_timer' 'audit_log_start' 'ext4_free_inodes_count' '__ext4_new_inode' 'blk_mq_dispatch_rq_list' 'generic_write_end' 'ext4_mb_find_by_goal' 'filemap_map_pages' '__xa_clear_mark' 'do_epoll_wait' 'page_counter_charge' 'find_get_pages_range_tag' 'blk_mq_rq_ctx_init' 'ext4_free_inode' 01:08:38 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x3a) getsockopt$inet6_int(r0, 0x29, 0xc9, 0x0, 0xfffffffffffffffd) syzkaller login: [ 47.718595][ T8655] IPVS: ftp: loaded support on port[0] = 21 01:08:38 executing program 1: r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000)={0xa0, 0x6}, 0xe5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 47.788097][ T8655] chnl_net:caif_netlink_parms(): no params data found [ 47.821502][ T8655] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.829897][ T8655] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.838426][ T8655] device bridge_slave_0 entered promiscuous mode [ 47.846984][ T8655] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.855385][ T8655] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.863149][ T8655] device bridge_slave_1 entered promiscuous mode [ 47.878725][ T8655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.891005][ T8655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.908337][ T8655] team0: Port device team_slave_0 added [ 47.915448][ T8655] team0: Port device team_slave_1 added [ 47.928795][ T8655] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.936310][ T8655] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.965826][ T8655] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.978492][ T8655] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.986312][ T8655] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.013324][ T8655] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.029776][ T8809] IPVS: ftp: loaded support on port[0] = 21 01:08:39 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x3c1, 0x3, 0x348, 0x0, 0x2f0, 0x200, 0x0, 0x5, 0x278, 0x308, 0x308, 0x278, 0x308, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00', [], [], 'veth1_to_bond\x00', 'ip6gre0\x00'}, 0x0, 0x128, 0x168, 0x0, {}, [@common=@unspec=@addrtype1={{0x28, 'addrtype\x00'}, {0x0, 0x40}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'syzkaller1\x00'}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@ipv4, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a8) [ 48.074616][ T8655] device hsr_slave_0 entered promiscuous mode [ 48.123581][ T8655] device hsr_slave_1 entered promiscuous mode [ 48.262193][ T8851] IPVS: ftp: loaded support on port[0] = 21 [ 48.293418][ T8809] chnl_net:caif_netlink_parms(): no params data found 01:08:39 executing program 3: r0 = io_uring_setup(0xa4, &(0x7f0000000080)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) io_uring_enter(r0, 0x20000000, 0x0, 0x0, 0x0, 0x0) [ 48.311045][ T8655] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 48.379891][ T8655] netdevsim netdevsim0 netdevsim1: renamed from eth1 01:08:39 executing program 4: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000080)='pkcs7_test\x00', 0x0, &(0x7f0000000200)="3081", 0x2, r0) [ 48.506204][ T8655] netdevsim netdevsim0 netdevsim2: renamed from eth2 01:08:39 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) clock_gettime(0x0, &(0x7f00000000c0)={0x0}) futex(&(0x7f0000000140)=0x2, 0x8b, 0x2, &(0x7f00000001c0)={r1}, 0x0, 0x0) [ 48.585388][ T8655] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 48.651247][ T8809] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.658875][ T8809] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.666753][ T8809] device bridge_slave_0 entered promiscuous mode [ 48.674472][ T8809] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.682099][ T8809] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.689570][ T8809] device bridge_slave_1 entered promiscuous mode [ 48.711911][ T8991] IPVS: ftp: loaded support on port[0] = 21 [ 48.733364][ T9009] IPVS: ftp: loaded support on port[0] = 21 [ 48.736632][ T8655] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.747514][ T8655] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.755734][ T8655] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.764308][ T8655] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.791146][ T9066] IPVS: ftp: loaded support on port[0] = 21 [ 48.805927][ T8809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.816214][ T5050] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.825176][ T5050] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.836782][ T8851] chnl_net:caif_netlink_parms(): no params data found [ 48.864373][ T8809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.901760][ T8809] team0: Port device team_slave_0 added [ 48.926950][ T8809] team0: Port device team_slave_1 added [ 48.944180][ T21] ================================================================== [ 48.954461][ T21] BUG: KCSAN: data-race in copy_process / copy_process [ 48.960266][ T8655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.961297][ T21] [ 48.970454][ T21] write to 0xffffffff8927a410 of 4 bytes by task 3227 on cpu 0: [ 48.974817][ T8655] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.983539][ T21] copy_process+0x2e84/0x3300 [ 48.983548][ T21] _do_fork+0xf1/0x660 [ 48.983557][ T21] kernel_thread+0x85/0xb0 [ 48.983618][ T21] call_usermodehelper_exec_work+0x4f/0x1b0 [ 49.010009][ T8655] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 49.013084][ T21] process_one_work+0x3e1/0x9a0 [ 49.013094][ T21] worker_thread+0x665/0xbe0 [ 49.013108][ T21] kthread+0x20d/0x230 [ 49.023685][ T8655] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 49.028704][ T21] ret_from_fork+0x1f/0x30 [ 49.044326][ T8655] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.050880][ T21] [ 49.066319][ T21] read to 0xffffffff8927a410 of 4 bytes by task 21 on cpu 1: [ 49.074035][ T21] copy_process+0xac4/0x3300 [ 49.074703][ T8655] device veth0_vlan entered promiscuous mode [ 49.078889][ T21] _do_fork+0xf1/0x660 [ 49.089285][ T21] kernel_thread+0x85/0xb0 [ 49.089900][ T8655] device veth1_vlan entered promiscuous mode [ 49.093863][ T21] call_usermodehelper_exec_work+0x4f/0x1b0 [ 49.093873][ T21] process_one_work+0x3e1/0x9a0 [ 49.093881][ T21] worker_thread+0x665/0xbe0 [ 49.093895][ T21] kthread+0x20d/0x230 [ 49.113117][ T8655] device veth0_macvtap entered promiscuous mode [ 49.116330][ T21] ret_from_fork+0x1f/0x30 [ 49.125437][ T8655] device veth1_macvtap entered promiscuous mode [ 49.128947][ T21] [ 49.143440][ T8655] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.143779][ T21] Reported by Kernel Concurrency Sanitizer on: [ 49.153687][ T8655] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.157193][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc3-syzkaller #0 [ 49.172809][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.182852][ T21] Workqueue: events_unbound call_usermodehelper_exec_work [ 49.190305][ T21] ================================================================== [ 49.202342][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 49.209104][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc3-syzkaller #0 [ 49.217856][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.228467][ T21] Workqueue: events_unbound call_usermodehelper_exec_work [ 49.235634][ T21] Call Trace: [ 49.240900][ T21] dump_stack+0x10f/0x19d [ 49.245829][ T21] panic+0x207/0x64a [ 49.249722][ T21] ? vprintk_emit+0x44a/0x4f0 [ 49.254573][ T21] kcsan_report+0x684/0x690 [ 49.259153][ T21] ? kcsan_setup_watchpoint+0x453/0x4d0 [ 49.264952][ T21] ? copy_process+0xac4/0x3300 [ 49.270185][ T21] ? _do_fork+0xf1/0x660 [ 49.274669][ T21] ? kernel_thread+0x85/0xb0 [ 49.283313][ T21] ? call_usermodehelper_exec_work+0x4f/0x1b0 [ 49.290236][ T21] ? process_one_work+0x3e1/0x9a0 [ 49.295278][ T21] ? worker_thread+0x665/0xbe0 [ 49.300015][ T21] ? kthread+0x20d/0x230 [ 49.304431][ T21] ? ret_from_fork+0x1f/0x30 [ 49.309021][ T21] ? debug_smp_processor_id+0x18/0x20 [ 49.314548][ T21] ? copy_creds+0x280/0x350 [ 49.319207][ T21] ? copy_creds+0x280/0x350 [ 49.323947][ T21] kcsan_setup_watchpoint+0x453/0x4d0 [ 49.330271][ T21] ? copy_creds+0x280/0x350 [ 49.335246][ T21] copy_process+0xac4/0x3300 [ 49.340355][ T21] ? check_preempt_wakeup+0x1cb/0x370 [ 49.345878][ T21] ? proc_cap_handler+0x280/0x280 [ 49.353312][ T21] _do_fork+0xf1/0x660 [ 49.357363][ T21] ? enqueue_entity+0x25a/0x480 [ 49.362465][ T21] ? proc_cap_handler+0x280/0x280 [ 49.367594][ T21] kernel_thread+0x85/0xb0 [ 49.372082][ T21] ? proc_cap_handler+0x280/0x280 [ 49.377184][ T21] call_usermodehelper_exec_work+0x4f/0x1b0 [ 49.383836][ T21] process_one_work+0x3e1/0x9a0 [ 49.390340][ T21] worker_thread+0x665/0xbe0 [ 49.395604][ T21] ? finish_task_switch+0x17b/0x270 [ 49.400971][ T21] ? process_one_work+0x9a0/0x9a0 [ 49.406081][ T21] kthread+0x20d/0x230 [ 49.410561][ T21] ? process_one_work+0x9a0/0x9a0 [ 49.415910][ T21] ? kthread_blkcg+0x80/0x80 [ 49.420481][ T21] ret_from_fork+0x1f/0x30 [ 49.426969][ T21] Kernel Offset: disabled [ 49.432855][ T21] Rebooting in 86400 seconds..