[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ 22.953657][ T8485] bash (8485) used greatest stack depth: 9992 bytes left Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. 2020/07/02 06:08:40 fuzzer started 2020/07/02 06:08:40 dialing manager at 10.128.0.105:43021 2020/07/02 06:08:40 syscalls: 3106 2020/07/02 06:08:40 code coverage: enabled 2020/07/02 06:08:40 comparison tracing: enabled 2020/07/02 06:08:40 extra coverage: enabled 2020/07/02 06:08:40 setuid sandbox: enabled 2020/07/02 06:08:40 namespace sandbox: enabled 2020/07/02 06:08:40 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/02 06:08:40 fault injection: enabled 2020/07/02 06:08:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/02 06:08:40 net packet injection: enabled 2020/07/02 06:08:40 net device setup: enabled 2020/07/02 06:08:40 concurrency sanitizer: enabled 2020/07/02 06:08:40 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/02 06:08:40 USB emulation: enabled 2020/07/02 06:08:41 suppressing KCSAN reports in functions: 'alloc_pid' '__ext4_new_inode' '__xa_clear_mark' 'ext4_free_inode' 'find_get_pages_range_tag' 'futex_wait_queue_me' 'ext4_ext_handle_unwritten_extents' 06:08:46 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000190001000000000000000000ff010000000000000000000000000001e000000100000000000000000000000000000000000000000a000000000000005315341e713fcda45d5ad1597492382fa5c7d23dd9ec351fd72431c6151783210d9f9971ca22446c0aa9745b186680887ba334695a079bfb52e59635248256b69eb63c37feb4ebc0341458e81ee46c27a81b7e6da1dd307835e43930", @ANYRES32=0x0, @ANYBLOB="008ed965599c000000000000000000000000000000b65300000000000000000700ce4468b1af050000000000000000000000351f1569d494690bde964e060000fda700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007f00000000000000000000000000000000000000f90ec68772dde5c09ef763a63b8e73f97cd1a2f76dbb"], 0x3}}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x13, 0x10, 0x3}, 0x2c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x7, &(0x7f0000000680)=@framed={{}, [@map={0x18, 0x0, 0x1, 0x0, r0}, @map={0x18, 0x0, 0x0}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0x90, &(0x7f0000000200)=""/144, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r1, 0xc0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) syzkaller login: [ 37.045066][ T8647] IPVS: ftp: loaded support on port[0] = 21 [ 37.103792][ T8647] chnl_net:caif_netlink_parms(): no params data found 06:08:46 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$cgroup_subtree(r1, 0x0, 0xffffffb8) [ 37.153352][ T8647] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.160448][ T8647] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.173164][ T8647] device bridge_slave_0 entered promiscuous mode [ 37.180566][ T8647] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.189624][ T8647] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.197853][ T8647] device bridge_slave_1 entered promiscuous mode [ 37.214658][ T8647] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.225210][ T8647] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.243654][ T8647] team0: Port device team_slave_0 added [ 37.250330][ T8647] team0: Port device team_slave_1 added [ 37.266775][ T8647] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.274082][ T8647] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.300684][ T8647] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.320607][ T8647] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.327906][ T8647] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.354326][ T8647] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.370210][ T8801] IPVS: ftp: loaded support on port[0] = 21 06:08:46 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc028660f, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280), 0x12) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40305839, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 37.443783][ T8647] device hsr_slave_0 entered promiscuous mode [ 37.482478][ T8647] device hsr_slave_1 entered promiscuous mode 06:08:46 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) sendmsg$NFT_MSG_GETGEN(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, 0x0}, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = dup2(r0, r2) ioctl$TCFLSH(r3, 0x89f0, 0x20000000) [ 37.651865][ T8815] IPVS: ftp: loaded support on port[0] = 21 [ 37.752814][ T8801] chnl_net:caif_netlink_parms(): no params data found [ 37.797701][ T8647] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 37.841285][ T8815] chnl_net:caif_netlink_parms(): no params data found [ 37.848242][ T21] ================================================================== [ 37.856338][ T21] BUG: KCSAN: data-race in copy_process / copy_process [ 37.863164][ T21] [ 37.865478][ T21] write to 0xffffffff8927a410 of 4 bytes by task 25 on cpu 1: [ 37.867512][ T8968] IPVS: ftp: loaded support on port[0] = 21 [ 37.872919][ T21] copy_process+0x2e84/0x3300 [ 37.872930][ T21] _do_fork+0xf1/0x660 [ 37.872941][ T21] kernel_thread+0x85/0xb0 [ 37.872959][ T21] call_usermodehelper_exec_work+0x4f/0x1b0 [ 37.879740][ T8647] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 37.883479][ T21] process_one_work+0x3e1/0x9a0 [ 37.883490][ T21] worker_thread+0x665/0xbe0 [ 37.883499][ T21] kthread+0x20d/0x230 [ 37.883516][ T21] ret_from_fork+0x1f/0x30 [ 37.922205][ T21] [ 37.924505][ T21] read to 0xffffffff8927a410 of 4 bytes by task 21 on cpu 0: [ 37.931864][ T21] copy_process+0xac4/0x3300 [ 37.936422][ T21] _do_fork+0xf1/0x660 [ 37.940495][ T21] kernel_thread+0x85/0xb0 [ 37.944881][ T21] call_usermodehelper_exec_work+0x4f/0x1b0 [ 37.950741][ T21] process_one_work+0x3e1/0x9a0 [ 37.955560][ T21] worker_thread+0x665/0xbe0 [ 37.960115][ T21] kthread+0x20d/0x230 [ 37.964173][ T21] ret_from_fork+0x1f/0x30 [ 37.968562][ T21] [ 37.970871][ T21] Reported by Kernel Concurrency Sanitizer on: [ 37.977009][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc3-syzkaller #0 [ 37.985226][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.995270][ T21] Workqueue: events_unbound call_usermodehelper_exec_work [ 38.002359][ T21] ================================================================== [ 38.010402][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 38.016976][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc3-syzkaller #0 [ 38.025226][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.035273][ T21] Workqueue: events_unbound call_usermodehelper_exec_work [ 38.042364][ T21] Call Trace: [ 38.045642][ T21] dump_stack+0x10f/0x19d [ 38.049956][ T21] panic+0x207/0x64a [ 38.053857][ T21] ? vprintk_emit+0x44a/0x4f0 [ 38.058531][ T21] kcsan_report+0x684/0x690 [ 38.063022][ T21] ? kcsan_setup_watchpoint+0x453/0x4d0 [ 38.068567][ T21] ? copy_process+0xac4/0x3300 [ 38.073316][ T21] ? _do_fork+0xf1/0x660 [ 38.077546][ T21] ? kernel_thread+0x85/0xb0 [ 38.082124][ T21] ? call_usermodehelper_exec_work+0x4f/0x1b0 06:08:47 executing program 4: r0 = socket$kcm(0xa, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) bind(r0, &(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @local}, 0x80) getsockname(r0, 0x0, &(0x7f0000000100)) [ 38.088200][ T21] ? process_one_work+0x3e1/0x9a0 [ 38.093210][ T21] ? worker_thread+0x665/0xbe0 [ 38.097958][ T21] ? kthread+0x20d/0x230 [ 38.102190][ T21] ? ret_from_fork+0x1f/0x30 [ 38.106777][ T21] ? debug_smp_processor_id+0x18/0x20 [ 38.112160][ T21] ? copy_creds+0x280/0x350 [ 38.116651][ T21] ? copy_creds+0x280/0x350 [ 38.121142][ T21] kcsan_setup_watchpoint+0x453/0x4d0 [ 38.126610][ T21] ? copy_creds+0x280/0x350 [ 38.131103][ T21] copy_process+0xac4/0x3300 [ 38.135688][ T21] ? select_idle_sibling+0x258/0x430 [ 38.140963][ T21] ? __rcu_read_unlock+0x4b/0x260 [ 38.145978][ T21] ? proc_cap_handler+0x280/0x280 [ 38.150986][ T21] _do_fork+0xf1/0x660 [ 38.155040][ T21] ? enqueue_entity+0x25a/0x480 [ 38.159878][ T21] ? proc_cap_handler+0x280/0x280 [ 38.164893][ T21] kernel_thread+0x85/0xb0 [ 38.169297][ T21] ? proc_cap_handler+0x280/0x280 [ 38.174312][ T21] call_usermodehelper_exec_work+0x4f/0x1b0 [ 38.180190][ T21] process_one_work+0x3e1/0x9a0 [ 38.185031][ T21] worker_thread+0x665/0xbe0 [ 38.189613][ T21] ? process_one_work+0x9a0/0x9a0 [ 38.194623][ T21] kthread+0x20d/0x230 [ 38.198679][ T21] ? process_one_work+0x9a0/0x9a0 [ 38.203696][ T21] ? kthread_blkcg+0x80/0x80 [ 38.208276][ T21] ret_from_fork+0x1f/0x30 [ 38.213650][ T21] Kernel Offset: disabled [ 38.217971][ T21] Rebooting in 86400 seconds..