Warning: Permanently added '10.128.1.2' (ECDSA) to the list of known hosts. 2020/06/30 15:51:42 fuzzer started 2020/06/30 15:51:42 dialing manager at 10.128.0.105:35239 2020/06/30 15:51:43 syscalls: 3106 2020/06/30 15:51:43 code coverage: enabled 2020/06/30 15:51:43 comparison tracing: enabled 2020/06/30 15:51:43 extra coverage: enabled 2020/06/30 15:51:43 setuid sandbox: enabled 2020/06/30 15:51:43 namespace sandbox: enabled 2020/06/30 15:51:43 Android sandbox: /sys/fs/selinux/policy does not exist 2020/06/30 15:51:43 fault injection: enabled 2020/06/30 15:51:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/06/30 15:51:43 net packet injection: enabled 2020/06/30 15:51:43 net device setup: enabled 2020/06/30 15:51:43 concurrency sanitizer: enabled 2020/06/30 15:51:43 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/06/30 15:51:43 USB emulation: enabled 2020/06/30 15:51:44 suppressing KCSAN reports in functions: 'io_sq_thread' 'alloc_pid' 'blk_mq_rq_ctx_init' 'blk_mq_sched_dispatch_requests' '__ext4_new_inode' 'do_epoll_wait' 'exit_mm' 'expire_timers' '__send_signal' '__xa_clear_mark' 'do_nanosleep' 'generic_write_end' 'ext4_free_inode' '__delete_from_page_cache' 'blk_mq_dispatch_rq_list' 'complete_signal' '__add_to_page_cache_locked' 15:51:56 executing program 0: sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000000000000000000080000000000a20000000000a01000000000000000000000000000900010073797a300000000070000000120a0100000c34010400008000000000040004800900020073797a3000000000080003"], 0xb8}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x8}, 0x0) syzkaller login: [ 42.571549][ T8673] IPVS: ftp: loaded support on port[0] = 21 [ 42.623784][ T8673] chnl_net:caif_netlink_parms(): no params data found [ 42.653645][ T8673] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.661697][ T8673] bridge0: port 1(bridge_slave_0) entered disabled state 15:51:56 executing program 1: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000440)='./file0\x00') symlink(&(0x7f00000001c0)='.\x00', &(0x7f0000000200)='./file0\x00') lchown(&(0x7f0000000140)='./file0/../file0/file0\x00', 0xee01, 0x0) unlink(&(0x7f0000000040)='./file0/../file0/file0\x00') [ 42.669248][ T8673] device bridge_slave_0 entered promiscuous mode [ 42.677062][ T8673] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.684125][ T8673] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.691637][ T8673] device bridge_slave_1 entered promiscuous mode [ 42.706762][ T8673] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.717988][ T8673] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.735626][ T8673] team0: Port device team_slave_0 added [ 42.742380][ T8673] team0: Port device team_slave_1 added [ 42.755881][ T8673] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 42.762979][ T8673] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.789410][ T8673] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 42.801293][ T8673] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 42.808604][ T8673] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.834500][ T8673] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 15:51:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key(&(0x7f0000000100)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='ns\x00') ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x10000, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 42.916760][ T8673] device hsr_slave_0 entered promiscuous mode [ 42.946754][ T8673] device hsr_slave_1 entered promiscuous mode [ 43.008950][ T8827] IPVS: ftp: loaded support on port[0] = 21 [ 43.070536][ T8859] IPVS: ftp: loaded support on port[0] = 21 15:51:56 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x112, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000002c0), 0x4}, 0x1010, 0x40000, 0x0, 0x2, 0x0, 0xfbfffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) sched_setattr(0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0x1, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000140)={0x2, 0x1, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f00000002c0)}}], 0x1, 0x44080) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) close(r1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000280)=[@mss, @timestamp, @window, @sack_perm], 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r2) r3 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) connect$inet6(r3, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f000081e000)=ANY=[@ANYRES32=0x0, @ANYBLOB="0208d500de00"], 0x2de) r4 = open(0x0, 0xe4180, 0xb5) socket$alg(0x26, 0x5, 0x0) r5 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/cgroup\x00') ioctl$NS_GET_USERNS(r5, 0xb701, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x4, 0x8010, r5, 0x0) write$P9_RWALK(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8) r6 = accept$unix(r4, 0x0, &(0x7f0000000240)) ioctl$FICLONE(r1, 0x40049409, r6) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0xf0ffffff, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 43.123056][ T8673] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 43.147325][ T8673] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 43.167956][ T8673] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 43.226673][ T8827] chnl_net:caif_netlink_parms(): no params data found [ 43.238157][ T8673] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 43.284656][ T8673] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.291714][ T8673] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.299008][ T8673] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.306034][ T8673] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.324347][ T9007] IPVS: ftp: loaded support on port[0] = 21 [ 43.342840][ T2] ================================================================== [ 43.351024][ T2] BUG: KCSAN: data-race in copy_process / release_task [ 43.357844][ T2] [ 43.360157][ T2] write to 0xffffffff8927a410 of 4 bytes by task 9018 on cpu 0: [ 43.367767][ T2] release_task+0x6c8/0xb90 [ 43.372359][ T2] do_exit+0x1140/0x16e0 [ 43.376586][ T2] call_usermodehelper_exec_async+0x2da/0x2e0 [ 43.382635][ T2] ret_from_fork+0x1f/0x30 [ 43.387029][ T2] [ 43.389345][ T2] read to 0xffffffff8927a410 of 4 bytes by task 2 on cpu 1: [ 43.396611][ T2] copy_process+0xac4/0x3300 [ 43.401185][ T2] _do_fork+0xf1/0x660 [ 43.405235][ T2] kernel_thread+0x85/0xb0 [ 43.409645][ T2] kthreadd+0x317/0x3d0 [ 43.413780][ T2] ret_from_fork+0x1f/0x30 [ 43.418172][ T2] [ 43.420588][ T2] Reported by Kernel Concurrency Sanitizer on: [ 43.426723][ T2] CPU: 1 PID: 2 Comm: kthreadd Not tainted 5.8.0-rc3-syzkaller #0 [ 43.434497][ T2] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.444534][ T2] ================================================================== [ 43.452576][ T2] Kernel panic - not syncing: panic_on_warn set ... [ 43.459142][ T2] CPU: 1 PID: 2 Comm: kthreadd Not tainted 5.8.0-rc3-syzkaller #0 [ 43.466922][ T2] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.476955][ T2] Call Trace: [ 43.480231][ T2] dump_stack+0x10f/0x19d [ 43.484546][ T2] panic+0x207/0x64a [ 43.488427][ T2] ? vprintk_emit+0x44a/0x4f0 [ 43.493175][ T2] kcsan_report+0x684/0x690 [ 43.497666][ T2] ? kcsan_setup_watchpoint+0x453/0x4d0 [ 43.503193][ T2] ? copy_process+0xac4/0x3300 [ 43.507947][ T2] ? _do_fork+0xf1/0x660 [ 43.512172][ T2] ? kernel_thread+0x85/0xb0 [ 43.516743][ T2] ? kthreadd+0x317/0x3d0 [ 43.521052][ T2] ? ret_from_fork+0x1f/0x30 [ 43.525633][ T2] ? debug_smp_processor_id+0x18/0x20 [ 43.530985][ T2] ? copy_creds+0x280/0x350 [ 43.535471][ T2] ? copy_creds+0x280/0x350 [ 43.539957][ T2] kcsan_setup_watchpoint+0x453/0x4d0 [ 43.545318][ T2] ? copy_creds+0x280/0x350 [ 43.549805][ T2] copy_process+0xac4/0x3300 [ 43.554383][ T2] ? kthread_blkcg+0x80/0x80 [ 43.558964][ T2] _do_fork+0xf1/0x660 [ 43.563028][ T2] ? psi_group_change+0x1bd/0x280 [ 43.568038][ T2] ? kthread_blkcg+0x80/0x80 [ 43.572610][ T2] kernel_thread+0x85/0xb0 [ 43.577007][ T2] ? kthread_blkcg+0x80/0x80 [ 43.581578][ T2] kthreadd+0x317/0x3d0 [ 43.585712][ T2] ? kthread_stop+0x310/0x310 [ 43.590375][ T2] ret_from_fork+0x1f/0x30 [ 43.595928][ T2] Kernel Offset: disabled [ 43.600231][ T2] Rebooting in 86400 seconds..