[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts. 2020/07/01 02:49:01 fuzzer started 2020/07/01 02:49:02 dialing manager at 10.128.0.105:41605 2020/07/01 02:49:02 syscalls: 3106 2020/07/01 02:49:02 code coverage: enabled 2020/07/01 02:49:02 comparison tracing: enabled 2020/07/01 02:49:02 extra coverage: enabled 2020/07/01 02:49:02 setuid sandbox: enabled 2020/07/01 02:49:02 namespace sandbox: enabled 2020/07/01 02:49:02 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/01 02:49:02 fault injection: enabled 2020/07/01 02:49:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/01 02:49:02 net packet injection: enabled 2020/07/01 02:49:02 net device setup: enabled 2020/07/01 02:49:02 concurrency sanitizer: enabled 2020/07/01 02:49:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/01 02:49:02 USB emulation: enabled 2020/07/01 02:49:02 suppressing KCSAN reports in functions: 'filemap_map_pages' 'blk_mq_sched_dispatch_requests' 'alloc_pid' 02:49:05 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="d800000018008100e00f80ecdb4cb904021d65ef0b007c06e87c55a1bc000900b8000699030000000500150005008178a8001600400001000200000003ac000000d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e9703", 0xd8}], 0x1}, 0x0) syzkaller login: [ 34.283564][ T8647] IPVS: ftp: loaded support on port[0] = 21 02:49:05 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ifreq(r0, 0x8993, &(0x7f0000000040)={'team_slave_1\x00', @ifru_settings={0x0, 0x0, @cisco=0x0}}) [ 34.352203][ T8647] chnl_net:caif_netlink_parms(): no params data found [ 34.385634][ T8647] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.393205][ T8647] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.401815][ T8647] device bridge_slave_0 entered promiscuous mode [ 34.410422][ T8647] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.425133][ T8647] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.433270][ T8647] device bridge_slave_1 entered promiscuous mode [ 34.453939][ T8647] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 34.464455][ T8647] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.483131][ T8647] team0: Port device team_slave_0 added [ 34.489820][ T8647] team0: Port device team_slave_1 added [ 34.503703][ T8647] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.511675][ T8647] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.538536][ T8647] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.551457][ T8647] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.559184][ T8647] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.590150][ T8647] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 02:49:05 executing program 2: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000001c0)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) dup3(r3, r0, 0x0) [ 34.615183][ T8801] IPVS: ftp: loaded support on port[0] = 21 [ 34.650086][ T8647] device hsr_slave_0 entered promiscuous mode [ 34.688866][ T8647] device hsr_slave_1 entered promiscuous mode [ 34.800807][ T8813] IPVS: ftp: loaded support on port[0] = 21 02:49:06 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884ee, 0x0, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2, 0x20000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x3800) write$binfmt_aout(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="47627303bc7e3e269bbf8d418af81ed2e3b90f24b8713c5dbc33bedbb5d7ae770e6d8b15bf0486569e3d945bb8ab38a67286a713620cdbc26279ec72b00ce9a36f0003c607e3cf757869b4"], 0x1) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r4 = fanotify_init(0x200, 0x2) fanotify_mark(r4, 0x1, 0x4800003e, r3, 0x0) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x8, 0x0, 0x5, 0x8, 0x0, 0x0, 0x0, 0x6, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x9, 0x1, @perf_config_ext={0x1, 0x8}, 0x80a0, 0x0, 0x4, 0x1, 0x0, 0x5, 0x40}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x2) creat(&(0x7f0000000140)='./bus\x00', 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffffff, 0xc080661a, &(0x7f0000000200)={{0x0, 0x0, @descriptor="13175392f8516c34"}}) openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) syz_open_dev$media(&(0x7f0000000100)='/dev/media#\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r5, 0x0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000000080), 0x0) write$sndseq(r5, &(0x7f0000000080)=[{0x10081, 0x6, 0x0, 0x0, @tick, {}, {}, @queue}], 0x30) ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r5, 0x40044104, 0x0) clock_gettime(0x0, &(0x7f0000000240)) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f0000000040)={0x40}) [ 34.885420][ T8647] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 34.961352][ T8647] netdevsim netdevsim0 netdevsim1: renamed from eth1 02:49:06 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_link_settings={0x4b}}) [ 35.030510][ T8647] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 35.082360][ T8801] chnl_net:caif_netlink_parms(): no params data found [ 35.104389][ T8975] IPVS: ftp: loaded support on port[0] = 21 [ 35.114862][ T8647] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 35.187340][ T8647] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.194936][ T8647] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.202826][ T8647] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.211469][ T8647] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.238905][ T21] ================================================================== [ 35.249279][ T21] BUG: KCSAN: data-race in copy_process / copy_process [ 35.256594][ T21] [ 35.258917][ T21] write to 0xffffffff8927a410 of 4 bytes by task 3299 on cpu 1: [ 35.269749][ T21] copy_process+0x2e84/0x3300 [ 35.271851][ T8647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.275003][ T21] _do_fork+0xf1/0x660 [ 35.286949][ T21] kernel_thread+0x85/0xb0 [ 35.289158][ T8647] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.291368][ T21] call_usermodehelper_exec_work+0x4f/0x1b0 [ 35.305654][ T21] process_one_work+0x3e1/0x9a0 [ 35.311885][ T21] worker_thread+0x665/0xbe0 [ 35.318816][ T21] kthread+0x20d/0x230 [ 35.321645][ T8647] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 35.325242][ T21] ret_from_fork+0x1f/0x30 [ 35.337340][ T21] [ 35.340591][ T21] read to 0xffffffff8927a410 of 4 bytes by task 21 on cpu 0: [ 35.348046][ T8647] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.348350][ T21] copy_process+0xac4/0x3300 [ 35.348359][ T21] _do_fork+0xf1/0x660 [ 35.348369][ T21] kernel_thread+0x85/0xb0 [ 35.348380][ T21] call_usermodehelper_exec_work+0x4f/0x1b0 [ 35.348390][ T21] process_one_work+0x3e1/0x9a0 [ 35.348398][ T21] worker_thread+0x665/0xbe0 [ 35.348405][ T21] kthread+0x20d/0x230 [ 35.348415][ T21] ret_from_fork+0x1f/0x30 [ 35.348417][ T21] [ 35.348419][ T21] Reported by Kernel Concurrency Sanitizer on: [ 35.348430][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc3-syzkaller #0 [ 35.348441][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.439037][ T21] Workqueue: events_unbound call_usermodehelper_exec_work [ 35.447108][ T21] ================================================================== [ 35.455957][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 35.468204][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc3-syzkaller #0 [ 35.483162][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.495149][ T21] Workqueue: events_unbound call_usermodehelper_exec_work [ 35.502414][ T21] Call Trace: [ 35.505792][ T21] dump_stack+0x10f/0x19d [ 35.510549][ T21] panic+0x207/0x64a [ 35.515998][ T21] ? vprintk_emit+0x44a/0x4f0 [ 35.523513][ T21] kcsan_report+0x684/0x690 [ 35.528402][ T21] ? kcsan_setup_watchpoint+0x453/0x4d0 [ 35.534361][ T21] ? copy_process+0xac4/0x3300 [ 35.544918][ T21] ? _do_fork+0xf1/0x660 [ 35.549318][ T21] ? kernel_thread+0x85/0xb0 [ 35.554777][ T21] ? call_usermodehelper_exec_work+0x4f/0x1b0 [ 35.563378][ T21] ? process_one_work+0x3e1/0x9a0 [ 35.569620][ T21] ? worker_thread+0x665/0xbe0 [ 35.575156][ T21] ? kthread+0x20d/0x230 [ 35.581299][ T21] ? ret_from_fork+0x1f/0x30 [ 35.586154][ T21] ? debug_smp_processor_id+0x18/0x20 [ 35.592820][ T21] ? copy_creds+0x280/0x350 [ 35.597957][ T21] ? copy_creds+0x280/0x350 [ 35.604109][ T21] kcsan_setup_watchpoint+0x453/0x4d0 [ 35.610178][ T21] ? copy_creds+0x280/0x350 [ 35.616690][ T21] copy_process+0xac4/0x3300 [ 35.623090][ T21] ? check_preempt_wakeup+0x1cb/0x370 [ 35.630754][ T21] ? proc_cap_handler+0x280/0x280 [ 35.636785][ T21] _do_fork+0xf1/0x660 [ 35.642244][ T21] ? enqueue_entity+0x25a/0x480 [ 35.648149][ T21] ? proc_cap_handler+0x280/0x280 [ 35.653517][ T21] kernel_thread+0x85/0xb0 [ 35.658896][ T21] ? proc_cap_handler+0x280/0x280 [ 35.668287][ T21] call_usermodehelper_exec_work+0x4f/0x1b0 [ 35.674471][ T21] process_one_work+0x3e1/0x9a0 [ 35.679585][ T21] worker_thread+0x665/0xbe0 [ 35.684417][ T21] ? process_one_work+0x9a0/0x9a0 [ 35.689543][ T21] kthread+0x20d/0x230 [ 35.693846][ T21] ? process_one_work+0x9a0/0x9a0 [ 35.698928][ T21] ? kthread_blkcg+0x80/0x80 [ 35.703895][ T21] ret_from_fork+0x1f/0x30 [ 35.709680][ T21] Kernel Offset: disabled [ 35.714115][ T21] Rebooting in 86400 seconds..