[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ 22.562953][ T8531] bash (8531) used greatest stack depth: 10312 bytes left Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.18' (ECDSA) to the list of known hosts. 2020/06/30 08:54:42 fuzzer started 2020/06/30 08:54:42 dialing manager at 10.128.0.105:38095 2020/06/30 08:54:42 syscalls: 3106 2020/06/30 08:54:42 code coverage: enabled 2020/06/30 08:54:42 comparison tracing: enabled 2020/06/30 08:54:42 extra coverage: enabled 2020/06/30 08:54:42 setuid sandbox: enabled 2020/06/30 08:54:42 namespace sandbox: enabled 2020/06/30 08:54:42 Android sandbox: /sys/fs/selinux/policy does not exist 2020/06/30 08:54:42 fault injection: enabled 2020/06/30 08:54:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/06/30 08:54:42 net packet injection: enabled 2020/06/30 08:54:42 net device setup: enabled 2020/06/30 08:54:42 concurrency sanitizer: enabled 2020/06/30 08:54:42 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/06/30 08:54:42 USB emulation: enabled 2020/06/30 08:54:42 suppressing KCSAN reports in functions: 'blk_mq_dispatch_rq_list' 08:54:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@ipv4_newroute={0x28, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x2}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x6}, @RTA_ENCAP={0x4}]}, 0x28}}, 0x0) syzkaller login: [ 32.232687][ T8667] IPVS: ftp: loaded support on port[0] = 21 [ 32.288574][ T8667] chnl_net:caif_netlink_parms(): no params data found [ 32.320591][ T8667] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.327898][ T8667] bridge0: port 1(bridge_slave_0) entered disabled state 08:54:44 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000dc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2e0, 0x0, 0x0, 0x0, 0x128, 0x128, 0x210, 0x210, 0x210, 0x210, 0x210, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x48], 0x0, 0x100, 0x128, 0x0, {}, [@common=@inet=@ecn={{0x28, 'ecn\x00'}, {0x10}}, @common=@inet=@tcp={{0x30, 'tcp\x00'}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x381) [ 32.335930][ T8667] device bridge_slave_0 entered promiscuous mode [ 32.344051][ T8667] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.353649][ T8667] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.361661][ T8667] device bridge_slave_1 entered promiscuous mode [ 32.377085][ T8667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 32.388304][ T8667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 32.405648][ T8667] team0: Port device team_slave_0 added [ 32.412364][ T8667] team0: Port device team_slave_1 added [ 32.425799][ T8667] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 32.433094][ T8667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.459612][ T8667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 32.471507][ T8667] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 32.486298][ T8667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.512900][ T8667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 32.531615][ T8821] IPVS: ftp: loaded support on port[0] = 21 08:54:44 executing program 2: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e23, @private=0xa010101}}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[{0x18, 0x110, 0x1, "ec"}], 0x18}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000001f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "ec"}], 0x18}}], 0x1, 0x0) [ 32.569317][ T8667] device hsr_slave_0 entered promiscuous mode [ 32.617672][ T8667] device hsr_slave_1 entered promiscuous mode [ 32.720084][ T8833] IPVS: ftp: loaded support on port[0] = 21 [ 32.770122][ T385] ================================================================== [ 32.778580][ T385] BUG: KCSAN: data-race in copy_process / release_task [ 32.785393][ T385] [ 32.788044][ T385] write to 0xffffffff8927a410 of 4 bytes by task 8956 on cpu 1: [ 32.796246][ T385] release_task+0x6c8/0xb90 [ 32.800807][ T385] do_exit+0x1140/0x16e0 [ 32.805032][ T385] call_usermodehelper_exec_async+0x2da/0x2e0 [ 32.811072][ T385] ret_from_fork+0x1f/0x30 [ 32.815467][ T385] [ 32.817769][ T385] read to 0xffffffff8927a410 of 4 bytes by task 385 on cpu 0: [ 32.825196][ T385] copy_process+0xac4/0x3300 [ 32.829775][ T385] _do_fork+0xf1/0x660 [ 32.833855][ T385] kernel_thread+0x85/0xb0 [ 32.838244][ T385] call_usermodehelper_exec_work+0x4f/0x1b0 [ 32.844107][ T385] process_one_work+0x3e1/0x9a0 [ 32.849035][ T385] worker_thread+0x665/0xbe0 [ 32.853689][ T385] kthread+0x20d/0x230 [ 32.857729][ T385] ret_from_fork+0x1f/0x30 [ 32.862110][ T385] [ 32.864425][ T385] Reported by Kernel Concurrency Sanitizer on: [ 32.870657][ T385] CPU: 0 PID: 385 Comm: kworker/u4:3 Not tainted 5.8.0-rc3-syzkaller #0 [ 32.878966][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.889014][ T385] Workqueue: events_unbound call_usermodehelper_exec_work [ 32.896089][ T385] ================================================================== [ 32.904120][ T385] Kernel panic - not syncing: panic_on_warn set ... [ 32.910676][ T385] CPU: 0 PID: 385 Comm: kworker/u4:3 Not tainted 5.8.0-rc3-syzkaller #0 [ 32.919106][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.929455][ T385] Workqueue: events_unbound call_usermodehelper_exec_work [ 32.936534][ T385] Call Trace: [ 32.939914][ T385] dump_stack+0x10f/0x19d [ 32.944223][ T385] panic+0x207/0x64a [ 32.948229][ T385] ? vprintk_emit+0x44a/0x4f0 [ 32.955041][ T385] kcsan_report+0x684/0x690 [ 32.959541][ T385] ? kcsan_setup_watchpoint+0x453/0x4d0 [ 32.965059][ T385] ? copy_process+0xac4/0x3300 [ 32.970490][ T385] ? _do_fork+0xf1/0x660 [ 32.974831][ T385] ? kernel_thread+0x85/0xb0 [ 32.979403][ T385] ? call_usermodehelper_exec_work+0x4f/0x1b0 [ 32.985439][ T385] ? process_one_work+0x3e1/0x9a0 [ 32.990451][ T385] ? worker_thread+0x665/0xbe0 [ 32.995209][ T385] ? kthread+0x20d/0x230 [ 32.999421][ T385] ? ret_from_fork+0x1f/0x30 [ 33.004077][ T385] ? debug_smp_processor_id+0x18/0x20 [ 33.009441][ T385] ? copy_creds+0x280/0x350 [ 33.014004][ T385] ? copy_creds+0x280/0x350 [ 33.018497][ T385] kcsan_setup_watchpoint+0x453/0x4d0 [ 33.023842][ T385] ? copy_creds+0x280/0x350 [ 33.028337][ T385] copy_process+0xac4/0x3300 [ 33.032926][ T385] ? check_preempt_wakeup+0x1cb/0x370 [ 33.038271][ T385] ? proc_cap_handler+0x280/0x280 [ 33.043353][ T385] _do_fork+0xf1/0x660 [ 33.047393][ T385] ? check_preemption_disabled+0x51/0x140 [ 33.053976][ T385] ? check_preemption_disabled+0x51/0x140 [ 33.059699][ T385] ? proc_cap_handler+0x280/0x280 [ 33.064807][ T385] kernel_thread+0x85/0xb0 [ 33.069216][ T385] ? proc_cap_handler+0x280/0x280 [ 33.074243][ T385] call_usermodehelper_exec_work+0x4f/0x1b0 [ 33.080127][ T385] ? __list_del_entry_valid+0x54/0xc0 [ 33.085498][ T385] process_one_work+0x3e1/0x9a0 [ 33.090343][ T385] worker_thread+0x665/0xbe0 [ 33.095010][ T385] ? finish_task_switch+0x8b/0x270 [ 33.100119][ T385] ? process_one_work+0x9a0/0x9a0 [ 33.105131][ T385] kthread+0x20d/0x230 [ 33.109188][ T385] ? process_one_work+0x9a0/0x9a0 [ 33.114200][ T385] ? kthread_blkcg+0x80/0x80 [ 33.118780][ T385] ret_from_fork+0x1f/0x30 [ 33.124735][ T385] Kernel Offset: disabled [ 33.129064][ T385] Rebooting in 86400 seconds..