[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.13' (ECDSA) to the list of known hosts. 2020/07/01 01:52:27 fuzzer started 2020/07/01 01:52:27 dialing manager at 10.128.0.105:39473 2020/07/01 01:52:28 syscalls: 3106 2020/07/01 01:52:28 code coverage: enabled 2020/07/01 01:52:28 comparison tracing: enabled 2020/07/01 01:52:28 extra coverage: enabled 2020/07/01 01:52:28 setuid sandbox: enabled 2020/07/01 01:52:28 namespace sandbox: enabled 2020/07/01 01:52:28 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/01 01:52:28 fault injection: enabled 2020/07/01 01:52:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/01 01:52:28 net packet injection: enabled 2020/07/01 01:52:28 net device setup: enabled 2020/07/01 01:52:28 concurrency sanitizer: enabled 2020/07/01 01:52:28 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/01 01:52:28 USB emulation: enabled 2020/07/01 01:52:29 suppressing KCSAN reports in functions: 'blk_mq_dispatch_rq_list' 'alloc_pid' 'blk_mq_rq_ctx_init' 'ext4_free_inode' '__xa_clear_mark' 'expire_timers' 'complete_signal' 'blk_mq_sched_dispatch_requests' 'exit_mm' '__mnt_want_write_file' 'generic_file_buffered_read' 'do_epoll_wait' 'filemap_map_pages' '__ext4_new_inode' 01:52:43 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={'syz_tun\x00', 0x1}) syz_emit_ethernet(0x36, &(0x7f0000000280)={@broadcast, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @broadcast}, @timestamp={0x11, 0x11}}}}}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000080)={'syz_tun\x00'}) syzkaller login: [ 46.975517][ T8677] IPVS: ftp: loaded support on port[0] = 21 [ 47.024145][ T8677] chnl_net:caif_netlink_parms(): no params data found 01:52:43 executing program 1: r0 = gettid() r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) prctl$PR_SET_PTRACER(0x59616d61, r0) write$binfmt_script(r1, &(0x7f0000001540)=ANY=[@ANYBLOB="2321202e2f66696c653020f014d336b04b030400000000000092290a7e4555a763c15ceda085e276ed3ae7a290ab0e74467713328b5e4577124d1a2e21da4d3d0d4ce3fc765cd1ce2356a8f87e56f0bf8893cc7149595314f0771b65d33e129933dd93f99f03cd6b3e5903e1ddb592a67f706eb14c1d3d1a204fe2e9c50d7920f69e068d2c7faba4084e7a3b0c6c699890e19745ba9a37cfdd7ff58b659bbf65d6a2b2e441a0e0c44a3d9abe"], 0x189) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_nlink(0x0, 0x0, 0x0, 0x0, 0x0) close(r1) setxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='security.capability\x00', &(0x7f0000000340)=@v2={0x2000000, [{0x0, 0xffffffc1}]}, 0x14, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) [ 47.065974][ T8677] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.073517][ T8677] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.081151][ T8677] device bridge_slave_0 entered promiscuous mode [ 47.089139][ T8677] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.096270][ T8677] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.103904][ T8677] device bridge_slave_1 entered promiscuous mode [ 47.122525][ T8677] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.149005][ T8677] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.179361][ T8677] team0: Port device team_slave_0 added [ 47.197657][ T8677] team0: Port device team_slave_1 added [ 47.222215][ T8677] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.236987][ T8677] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.264122][ T8677] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.276009][ T8677] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.277900][ T8825] IPVS: ftp: loaded support on port[0] = 21 [ 47.283434][ T8677] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.314995][ T8677] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 01:52:43 executing program 2: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='mqueue\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./file0/bus\x00', 0x0) mq_notify(r0, &(0x7f0000000340)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r0) [ 47.389307][ T8677] device hsr_slave_0 entered promiscuous mode [ 47.447604][ T8677] device hsr_slave_1 entered promiscuous mode [ 47.502842][ T8855] IPVS: ftp: loaded support on port[0] = 21 01:52:43 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv6_getaddr={0x18, 0x16, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0xff}}, 0x18}}, 0x0) [ 47.567550][ T25] ================================================================== [ 47.575657][ T25] BUG: KCSAN: data-race in copy_process / release_task [ 47.582485][ T25] [ 47.584803][ T25] write to 0xffffffff8927a410 of 4 bytes by task 8970 on cpu 1: [ 47.592420][ T25] release_task+0x6c8/0xb90 [ 47.596911][ T25] do_exit+0x1140/0x16e0 [ 47.601167][ T25] call_usermodehelper_exec_async+0x2da/0x2e0 [ 47.607223][ T25] ret_from_fork+0x1f/0x30 [ 47.611614][ T25] [ 47.614017][ T25] read to 0xffffffff8927a410 of 4 bytes by task 25 on cpu 0: [ 47.621384][ T25] copy_process+0xac4/0x3300 [ 47.625960][ T25] _do_fork+0xf1/0x660 [ 47.630045][ T25] kernel_thread+0x85/0xb0 [ 47.634445][ T25] call_usermodehelper_exec_work+0x4f/0x1b0 [ 47.640326][ T25] process_one_work+0x3e1/0x9a0 [ 47.645164][ T25] worker_thread+0x665/0xbe0 [ 47.649737][ T25] kthread+0x20d/0x230 [ 47.653838][ T25] ret_from_fork+0x1f/0x30 [ 47.658234][ T25] [ 47.660544][ T25] Reported by Kernel Concurrency Sanitizer on: [ 47.666691][ T25] CPU: 0 PID: 25 Comm: kworker/u4:2 Not tainted 5.8.0-rc3-syzkaller #0 [ 47.674911][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.685001][ T25] Workqueue: events_unbound call_usermodehelper_exec_work [ 47.692094][ T25] ================================================================== [ 47.700150][ T25] Kernel panic - not syncing: panic_on_warn set ... [ 47.706723][ T25] CPU: 0 PID: 25 Comm: kworker/u4:2 Not tainted 5.8.0-rc3-syzkaller #0 [ 47.715198][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.725251][ T25] Workqueue: events_unbound call_usermodehelper_exec_work [ 47.732344][ T25] Call Trace: [ 47.735632][ T25] dump_stack+0x10f/0x19d [ 47.740063][ T25] panic+0x207/0x64a [ 47.740068][ T8984] IPVS: ftp: loaded support on port[0] = 21 [ 47.749822][ T25] ? vprintk_emit+0x44a/0x4f0 [ 47.754484][ T25] kcsan_report+0x684/0x690 [ 47.758976][ T25] ? kcsan_setup_watchpoint+0x453/0x4d0 [ 47.764510][ T25] ? copy_process+0xac4/0x3300 [ 47.769265][ T25] ? _do_fork+0xf1/0x660 [ 47.773498][ T25] ? kernel_thread+0x85/0xb0 [ 47.778089][ T25] ? call_usermodehelper_exec_work+0x4f/0x1b0 [ 47.784231][ T25] ? process_one_work+0x3e1/0x9a0 [ 47.789243][ T25] ? worker_thread+0x665/0xbe0 [ 47.793995][ T25] ? kthread+0x20d/0x230 [ 47.798220][ T25] ? ret_from_fork+0x1f/0x30 [ 47.802805][ T25] ? debug_smp_processor_id+0x18/0x20 [ 47.806793][ T8984] chnl_net:caif_netlink_parms(): no params data found [ 47.808160][ T25] ? copy_creds+0x280/0x350 [ 47.808171][ T25] ? copy_creds+0x280/0x350 [ 47.808187][ T25] kcsan_setup_watchpoint+0x453/0x4d0 [ 47.829222][ T25] ? copy_creds+0x280/0x350 [ 47.833715][ T25] copy_process+0xac4/0x3300 [ 47.838302][ T25] ? check_preempt_wakeup+0x1cb/0x370 [ 47.843662][ T25] ? proc_cap_handler+0x280/0x280 [ 47.848684][ T25] _do_fork+0xf1/0x660 [ 47.852744][ T25] ? enqueue_entity+0x25a/0x480 [ 47.857582][ T25] ? proc_cap_handler+0x280/0x280 [ 47.862591][ T25] kernel_thread+0x85/0xb0 01:52:44 executing program 4: r0 = socket$kcm(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @dev}, 0x10) r1 = add_key$user(&(0x7f0000000540)='user\x00', &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000100), 0x26, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f00000002c0)={0x0, 0x0, r1}, 0x0, 0x0, 0x0) connect(r0, &(0x7f0000000000)=@un=@abs, 0x80) r2 = socket$kcm(0x2, 0x2, 0x73) bind$inet(r2, &(0x7f00000002c0)={0x2, 0x0, @dev}, 0x10) [ 47.867078][ T25] ? proc_cap_handler+0x280/0x280 [ 47.872092][ T25] call_usermodehelper_exec_work+0x4f/0x1b0 [ 47.877976][ T25] process_one_work+0x3e1/0x9a0 [ 47.882816][ T25] worker_thread+0x665/0xbe0 [ 47.887396][ T25] ? finish_task_switch+0x8b/0x270 [ 47.892495][ T25] ? process_one_work+0x9a0/0x9a0 [ 47.897508][ T25] kthread+0x20d/0x230 [ 47.901561][ T25] ? process_one_work+0x9a0/0x9a0 [ 47.906567][ T25] ? kthread_blkcg+0x80/0x80 [ 47.911147][ T25] ret_from_fork+0x1f/0x30 [ 47.916826][ T25] Kernel Offset: disabled [ 47.921142][ T25] Rebooting in 86400 seconds..