[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.6' (ECDSA) to the list of known hosts. 2020/06/29 02:50:23 fuzzer started 2020/06/29 02:50:23 dialing manager at 10.128.0.105:34353 2020/06/29 02:50:23 syscalls: 3105 2020/06/29 02:50:23 code coverage: enabled 2020/06/29 02:50:23 comparison tracing: enabled 2020/06/29 02:50:23 extra coverage: enabled 2020/06/29 02:50:23 setuid sandbox: enabled 2020/06/29 02:50:23 namespace sandbox: enabled 2020/06/29 02:50:23 Android sandbox: /sys/fs/selinux/policy does not exist 2020/06/29 02:50:23 fault injection: enabled 2020/06/29 02:50:23 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/06/29 02:50:23 net packet injection: enabled 2020/06/29 02:50:23 net device setup: enabled 2020/06/29 02:50:23 concurrency sanitizer: enabled 2020/06/29 02:50:23 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/06/29 02:50:23 USB emulation: enabled 2020/06/29 02:50:24 suppressing KCSAN reports in functions: 'ext4_setattr' 'alloc_pid' 'do_syslog' 'do_epoll_wait' 'ext4_free_inode' 'ext4_mb_good_group' 'blk_mq_rq_ctx_init' 'blk_mq_dispatch_rq_list' '__ext4_new_inode' 'ext4_writepages' 'do_signal_stop' '__xa_clear_mark' 'io_sq_thread' 02:50:40 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet_sctp(0x2, 0x1, 0x84) r2 = dup2(r0, r1) pipe(&(0x7f0000000000)) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f00000000c0)={r4, @in6={{0xa, 0x0, 0x0, @local}}}, &(0x7f0000000040)=0x84) syzkaller login: [ 46.949649][ T8656] IPVS: ftp: loaded support on port[0] = 21 [ 47.005869][ T8656] chnl_net:caif_netlink_parms(): no params data found [ 47.037806][ T3295] ================================================================== [ 47.039075][ T8656] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.045906][ T3295] BUG: KCSAN: data-race in copy_process / copy_process [ 47.052980][ T8656] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.059732][ T3295] [ 47.059741][ T3295] write to 0xffffffff8927a410 of 4 bytes by task 7 on cpu 0: [ 47.059752][ T3295] copy_process+0x2e84/0x3300 [ 47.059762][ T3295] _do_fork+0xf1/0x660 [ 47.059777][ T3295] kernel_thread+0x85/0xb0 [ 47.068179][ T8656] device bridge_slave_0 entered promiscuous mode [ 47.069095][ T3295] call_usermodehelper_exec_work+0x4f/0x1b0 [ 47.078690][ T8656] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.081094][ T3295] process_one_work+0x3e1/0x9a0 [ 47.085175][ T8656] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.089517][ T3295] worker_thread+0x665/0xbe0 [ 47.089525][ T3295] kthread+0x20d/0x230 [ 47.089535][ T3295] ret_from_fork+0x1f/0x30 [ 47.089541][ T3295] [ 47.097461][ T8656] device bridge_slave_1 entered promiscuous mode [ 47.101723][ T3295] read to 0xffffffff8927a410 of 4 bytes by task 3295 on cpu 1: [ 47.101736][ T3295] copy_process+0xac4/0x3300 [ 47.101745][ T3295] _do_fork+0xf1/0x660 [ 47.101760][ T3295] kernel_thread+0x85/0xb0 [ 47.117905][ T8656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.120613][ T3295] call_usermodehelper_exec_work+0x4f/0x1b0 [ 47.126460][ T8656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.129239][ T3295] process_one_work+0x3e1/0x9a0 [ 47.129249][ T3295] worker_thread+0x665/0xbe0 [ 47.129262][ T3295] kthread+0x20d/0x230 [ 47.142258][ T8656] team0: Port device team_slave_0 added [ 47.149770][ T3295] ret_from_fork+0x1f/0x30 [ 47.149772][ T3295] [ 47.149774][ T3295] Reported by Kernel Concurrency Sanitizer on: [ 47.149789][ T3295] CPU: 1 PID: 3295 Comm: kworker/u4:4 Not tainted 5.8.0-rc3-syzkaller #0 [ 47.155535][ T8656] team0: Port device team_slave_1 added [ 47.158388][ T3295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.158403][ T3295] Workqueue: events_unbound call_usermodehelper_exec_work 02:50:40 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x100, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000440)="cb56b6cc0407008b65d8b4ac2ca35c66", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg$sock(r3, &(0x7f0000000f80)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000040)="018ee9f82e", 0xf}, {&(0x7f0000000140)="5531f5e79d1230ddde98e2f96ff18ba13900c35e67d75c5a6808890239fb4c7dde6a19", 0x23}, {&(0x7f0000000180)="e31520aa566f0e3686390a8b9a5e851d473b7f3f48f1cab37f45b3adf98590fe02c1bb355a5d7ba1193e0f1b8da27a3185d39bb2f03d2665a8220e0b301f45542d83e05d03a32b5d4d26b012d5763340bebd3fc37f86adfa618871ae0af56300de382edf1aa89e0d", 0x2dd}], 0x3, 0x0, 0x0, 0x1a0}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000480)="92", 0x20000481}], 0x1}}], 0x2, 0x24004880) bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x0, &(0x7f0000000000)=0x1, 0x4) [ 47.158408][ T3295] ================================================================== [ 47.158417][ T3295] Kernel panic - not syncing: panic_on_warn set ... [ 47.173452][ T8656] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.177669][ T3295] CPU: 1 PID: 3295 Comm: kworker/u4:4 Not tainted 5.8.0-rc3-syzkaller #0 [ 47.177674][ T3295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.177695][ T3295] Workqueue: events_unbound call_usermodehelper_exec_work [ 47.186867][ T8656] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.191572][ T3295] Call Trace: [ 47.191588][ T3295] dump_stack+0x10f/0x19d [ 47.191596][ T3295] panic+0x207/0x64a [ 47.191612][ T3295] ? vprintk_emit+0x44a/0x4f0 [ 47.197775][ T8656] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.200294][ T3295] kcsan_report+0x684/0x690 [ 47.207043][ T8656] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.210311][ T3295] ? kcsan_setup_watchpoint+0x453/0x4d0 [ 47.210321][ T3295] ? copy_process+0xac4/0x3300 [ 47.210335][ T3295] ? _do_fork+0xf1/0x660 [ 47.213729][ T8656] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.218764][ T3295] ? kernel_thread+0x85/0xb0 [ 47.218780][ T3295] ? call_usermodehelper_exec_work+0x4f/0x1b0 [ 47.218795][ T3295] ? process_one_work+0x3e1/0x9a0 [ 47.227613][ T8656] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.232734][ T3295] ? worker_thread+0x665/0xbe0 [ 47.433224][ T3295] ? kthread+0x20d/0x230 [ 47.437809][ T3295] ? ret_from_fork+0x1f/0x30 [ 47.442396][ T3295] ? debug_smp_processor_id+0x18/0x20 [ 47.447759][ T3295] ? copy_creds+0x280/0x350 [ 47.452251][ T3295] ? copy_creds+0x280/0x350 [ 47.456832][ T3295] kcsan_setup_watchpoint+0x453/0x4d0 [ 47.462210][ T3295] ? copy_creds+0x280/0x350 [ 47.466709][ T3295] copy_process+0xac4/0x3300 [ 47.471295][ T3295] ? select_idle_sibling+0x258/0x430 [ 47.476570][ T3295] ? __rcu_read_unlock+0x4b/0x260 [ 47.481595][ T3295] ? proc_cap_handler+0x280/0x280 [ 47.486612][ T3295] _do_fork+0xf1/0x660 [ 47.490676][ T3295] ? enqueue_entity+0x25a/0x480 [ 47.495519][ T3295] ? proc_cap_handler+0x280/0x280 [ 47.500533][ T3295] kernel_thread+0x85/0xb0 02:50:40 executing program 2: r0 = memfd_create(&(0x7f00000000c0), 0x0) ftruncate(r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) socket$nl_audit(0x10, 0x3, 0x9) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x0, 0x2012, r0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380)='/dev/nullb0\x00', 0x4000000044882, 0x0) io_setup(0x5, &(0x7f00000000c0)) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x8002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x82, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2000, 0x8000000000e, 0xd00, 0x7f, 0x2, 0xfffffffffffffff8, 0x0, 0x0, 0x8001, 0x4, 0x9e6d, 0x73d9, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x4, 0x6, 0xfff, 0x7, 0xfffffffffffffffe, 0x200, 0x0, 0x82000000, 0x6, @perf_bp={0x0, 0x8}, 0x18136a86e196ec84, 0x9, 0x5, 0x7, 0x0, 0x8880, 0xc1f}, 0x0, 0x11, r3, 0x2) io_setup(0x4, &(0x7f00000004c0)=0x0) io_submit(r4, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r2, &(0x7f0000000000)="98", 0x3e80000000}]) [ 47.504943][ T3295] ? proc_cap_handler+0x280/0x280 [ 47.509961][ T3295] call_usermodehelper_exec_work+0x4f/0x1b0 [ 47.515843][ T3295] process_one_work+0x3e1/0x9a0 [ 47.520689][ T3295] worker_thread+0x665/0xbe0 [ 47.525272][ T3295] ? finish_task_switch+0x8b/0x270 [ 47.530633][ T3295] ? process_one_work+0x9a0/0x9a0 [ 47.535641][ T3295] kthread+0x20d/0x230 [ 47.539703][ T3295] ? process_one_work+0x9a0/0x9a0 [ 47.544760][ T3295] ? kthread_blkcg+0x80/0x80 [ 47.549336][ T3295] ret_from_fork+0x1f/0x30 [ 47.555059][ T3295] Kernel Offset: disabled [ 47.559389][ T3295] Rebooting in 86400 seconds..