[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ 20.655094][ C1] random: crng init done [ 20.659538][ C1] random: 7 urandom warning(s) missed due to ratelimiting Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.7' (ECDSA) to the list of known hosts. 2020/06/28 21:37:57 fuzzer started 2020/06/28 21:37:57 dialing manager at 10.128.0.105:40387 2020/06/28 21:37:59 syscalls: 3105 2020/06/28 21:37:59 code coverage: enabled 2020/06/28 21:37:59 comparison tracing: enabled 2020/06/28 21:37:59 extra coverage: enabled 2020/06/28 21:37:59 setuid sandbox: enabled 2020/06/28 21:37:59 namespace sandbox: enabled 2020/06/28 21:37:59 Android sandbox: /sys/fs/selinux/policy does not exist 2020/06/28 21:37:59 fault injection: enabled 2020/06/28 21:37:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/06/28 21:37:59 net packet injection: enabled 2020/06/28 21:37:59 net device setup: enabled 2020/06/28 21:37:59 concurrency sanitizer: enabled 2020/06/28 21:37:59 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/06/28 21:37:59 USB emulation: enabled 21:38:00 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x84000180, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x488, 0x98, 0x98, 0x208, 0x0, 0x318, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00', 0x0, {0x1, 0x6}}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0x98, 0xd8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@ipv4={[], [], @broadcast}}}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xe8, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @common=@osf={{0x50, 'osf\x00'}, {'syz0\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e8) syzkaller login: [ 32.171130][ T8643] IPVS: ftp: loaded support on port[0] = 21 [ 32.212787][ T3299] ================================================================== [ 32.220897][ T3299] BUG: KCSAN: data-race in copy_process / copy_process [ 32.228678][ T3299] [ 32.231002][ T3299] write to 0xffffffff89279410 of 4 bytes by task 7 on cpu 1: [ 32.238367][ T3299] copy_process+0x2e84/0x3300 [ 32.243051][ T3299] _do_fork+0xf1/0x660 [ 32.247105][ T3299] kernel_thread+0x85/0xb0 [ 32.251508][ T3299] call_usermodehelper_exec_work+0x4f/0x1b0 [ 32.257409][ T3299] process_one_work+0x3e1/0x9a0 [ 32.262240][ T3299] worker_thread+0x665/0xbe0 [ 32.266818][ T3299] kthread+0x20d/0x230 [ 32.270876][ T3299] ret_from_fork+0x1f/0x30 [ 32.275267][ T3299] [ 32.277584][ T3299] read to 0xffffffff89279410 of 4 bytes by task 3299 on cpu 0: [ 32.280848][ T8643] chnl_net:caif_netlink_parms(): no params data found [ 32.285109][ T3299] copy_process+0xac4/0x3300 [ 32.285123][ T3299] _do_fork+0xf1/0x660 [ 32.300492][ T3299] kernel_thread+0x85/0xb0 [ 32.304895][ T3299] call_usermodehelper_exec_work+0x4f/0x1b0 21:38:01 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="20000000000000008400000008004000fe80000080000000000000000000006c"], 0x20}, 0x0) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 32.310778][ T3299] process_one_work+0x3e1/0x9a0 [ 32.315615][ T3299] worker_thread+0x665/0xbe0 [ 32.320187][ T3299] kthread+0x20d/0x230 [ 32.324237][ T3299] ret_from_fork+0x1f/0x30 [ 32.328631][ T3299] [ 32.330943][ T3299] Reported by Kernel Concurrency Sanitizer on: [ 32.337085][ T3299] CPU: 0 PID: 3299 Comm: kworker/u4:4 Not tainted 5.8.0-rc2-syzkaller #0 [ 32.345475][ T3299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.355529][ T3299] Workqueue: events_unbound call_usermodehelper_exec_work [ 32.362621][ T3299] ================================================================== [ 32.370666][ T3299] Kernel panic - not syncing: panic_on_warn set ... [ 32.377240][ T3299] CPU: 0 PID: 3299 Comm: kworker/u4:4 Not tainted 5.8.0-rc2-syzkaller #0 [ 32.385633][ T3299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.395684][ T3299] Workqueue: events_unbound call_usermodehelper_exec_work [ 32.403379][ T3299] Call Trace: [ 32.406658][ T3299] dump_stack+0x10f/0x19d [ 32.410971][ T3299] panic+0x207/0x64a [ 32.414852][ T3299] ? vprintk_emit+0x44a/0x4f0 [ 32.419515][ T3299] kcsan_report+0x684/0x690 [ 32.424007][ T3299] ? kcsan_setup_watchpoint+0x453/0x4d0 [ 32.429540][ T3299] ? copy_process+0xac4/0x3300 [ 32.434288][ T3299] ? _do_fork+0xf1/0x660 [ 32.438514][ T3299] ? kernel_thread+0x85/0xb0 [ 32.443086][ T3299] ? call_usermodehelper_exec_work+0x4f/0x1b0 [ 32.449138][ T3299] ? process_one_work+0x3e1/0x9a0 [ 32.454586][ T3299] ? worker_thread+0x665/0xbe0 21:38:01 executing program 2: r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)={0x2, 0x4, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x40) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="740000001000031c000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100766c616e000000003400028006000100000000000c0002000e0000000a0000001c0003800c0001000300000000000080"], 0x74}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x7, 0x7, &(0x7f0000000000)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @map={0x18, 0x0, 0x2, 0x0, r0}, @exit]}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r1, 0xc0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) [ 32.459332][ T3299] ? kthread+0x20d/0x230 [ 32.464552][ T3299] ? ret_from_fork+0x1f/0x30 [ 32.469137][ T3299] ? debug_smp_processor_id+0x18/0x20 [ 32.474514][ T3299] ? copy_creds+0x280/0x350 [ 32.479002][ T3299] ? copy_creds+0x280/0x350 [ 32.483492][ T3299] kcsan_setup_watchpoint+0x453/0x4d0 [ 32.488846][ T3299] ? copy_creds+0x280/0x350 [ 32.493339][ T3299] copy_process+0xac4/0x3300 [ 32.497934][ T3299] ? select_idle_sibling+0x258/0x430 [ 32.503208][ T3299] ? __rcu_read_unlock+0x4b/0x260 [ 32.508222][ T3299] ? proc_cap_handler+0x280/0x280 [ 32.513234][ T3299] _do_fork+0xf1/0x660 [ 32.517293][ T3299] ? enqueue_entity+0x25a/0x480 [ 32.522129][ T3299] ? proc_cap_handler+0x280/0x280 [ 32.527147][ T3299] kernel_thread+0x85/0xb0 [ 32.531557][ T3299] ? proc_cap_handler+0x280/0x280 [ 32.536571][ T3299] call_usermodehelper_exec_work+0x4f/0x1b0 [ 32.542450][ T3299] process_one_work+0x3e1/0x9a0 [ 32.547286][ T3299] worker_thread+0x665/0xbe0 [ 32.551870][ T3299] ? finish_task_switch+0x8b/0x270 [ 32.556967][ T3299] ? process_one_work+0x9a0/0x9a0 [ 32.561975][ T3299] kthread+0x20d/0x230 [ 32.566045][ T3299] ? process_one_work+0x9a0/0x9a0 [ 32.571057][ T3299] ? kthread_blkcg+0x80/0x80 [ 32.575633][ T3299] ret_from_fork+0x1f/0x30 [ 32.581259][ T3299] Kernel Offset: disabled [ 32.585569][ T3299] Rebooting in 86400 seconds..