[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.33' (ECDSA) to the list of known hosts. 2020/07/02 07:48:51 fuzzer started 2020/07/02 07:48:51 dialing manager at 10.128.0.105:42301 2020/07/02 07:48:52 syscalls: 3106 2020/07/02 07:48:52 code coverage: enabled 2020/07/02 07:48:52 comparison tracing: enabled 2020/07/02 07:48:52 extra coverage: enabled 2020/07/02 07:48:52 setuid sandbox: enabled 2020/07/02 07:48:52 namespace sandbox: enabled 2020/07/02 07:48:52 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/02 07:48:52 fault injection: enabled 2020/07/02 07:48:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/02 07:48:52 net packet injection: enabled 2020/07/02 07:48:52 net device setup: enabled 2020/07/02 07:48:52 concurrency sanitizer: enabled 2020/07/02 07:48:52 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/02 07:48:52 USB emulation: enabled 2020/07/02 07:48:54 suppressing KCSAN reports in functions: 'alloc_pid' 'expire_timers' 'blk_mq_sched_dispatch_requests' '__xa_clear_mark' 'do_nanosleep' 'find_get_pages_range_tag' 'blk_mq_rq_ctx_init' 'ext4_free_inode' '__ext4_new_inode' 'generic_write_end' 'do_epoll_wait' 'dd_has_work' 'pcpu_alloc' 07:49:06 executing program 0: r0 = socket$inet6(0xa, 0x6, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='veth1_to_bridge\x00', 0x10) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1={0xff, 0x2}}, 0x1b) syzkaller login: [ 47.143656][ T8650] IPVS: ftp: loaded support on port[0] = 21 [ 47.212762][ T8650] chnl_net:caif_netlink_parms(): no params data found [ 47.247743][ T8650] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.254806][ T8650] bridge0: port 1(bridge_slave_0) entered disabled state 07:49:07 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @loopback}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000140)=[{&(0x7f00000000c0)="390000001300034700bb65e1c3e4ffff06000000010000005600000025000000190004000400000007fd17e5ff8e0606040020000000000000", 0x39}], 0x1) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="390000001300034700bb65e1c3e4ffff06000000010000004500000025000000190004000400ad000200000000000006040000000000000000", 0x39}], 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff}) r4 = dup2(r3, r3) dup2(r4, r0) [ 47.262846][ T8650] device bridge_slave_0 entered promiscuous mode [ 47.270773][ T8650] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.278446][ T8650] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.286750][ T8650] device bridge_slave_1 entered promiscuous mode [ 47.303796][ T8650] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.314370][ T8650] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.332915][ T8650] team0: Port device team_slave_0 added [ 47.339936][ T8650] team0: Port device team_slave_1 added [ 47.354200][ T8650] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.361442][ T8650] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.388152][ T8650] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.400002][ T8650] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.407641][ T8650] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.442086][ T8650] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.457989][ T8804] IPVS: ftp: loaded support on port[0] = 21 07:49:07 executing program 2: semget(0x1, 0x0, 0x160) semop(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup/syz0\x00', 0x200002, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.net/syz0\x00', 0x200002, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) timer_create(0x3, &(0x7f0000000380)={0x0, 0x1f, 0x1, @thr={&(0x7f0000000500)="342e4d3eda9dc4aecee6471f57d970653611bacd3342f1467a2f15cb2fc22bafa3d10f54e7e47644e1b66e247aa7a367af666ce5d1c72fa1c45afec0cb593af42ccc9d24b2d5c20618aaaae507e63bcf29c94ecf38c9df676f77f182a0c6c82b8538ca948f73bb7fbe787632858f1a1a50f54de5795d45e88a1d806222e1d0c3dcd1bdff766dd1942b20f337fb856babff5db6ba92043e3c00f669f12a80cfbebf0d912d1b7d6fc794f921790f92e3f696d1c829b44a3b2dd45e7b45b99db21cde734f28cc4c593ab6e39c34775775cdecd4bf4c654cbecfb975bc4c1c172d87dd1d4943d5990456f066f28118ffe10bcc4fb7fa", &(0x7f0000000600)="38f59f5528b8586cb3e919c21d25f8bfec5e9ef6dad6c0b9cd78adaff7b3b1dac08d5f746d75ec2dd1971f276bc4b22a3c55826e4305e23f557813bfcb9e0a6aefadb4db786933b795ffe0b0038dfd28320fcc265c9947a35249d7a4a296cdf2c71d08da72b4a5ea43b0f4399d6f9441fda8809e332ef73a766c3e26763033f2388aa6fe04d297630a0a380f379d69c7cd95b9e8c7e0addad80d127c114e115f3f16f2999b460ae559cd2e9b9e293873b6c483ae6afd415db2f01badba18ee43ac3d49970fa11a344acdbb0182d33623889fddf2b1726868204afb27cc1fb3bab5685a56c08640b6f87a1c0c79"}}, &(0x7f0000000400)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x2, [@datasec={0x0, 0x0, 0x0, 0xf, 0x1, [], "f3"}, @datasec={0x0, 0x0, 0x0, 0xf, 0x3, [], "060000"}]}}, &(0x7f0000000480)=""/264, 0x36, 0x108, 0x8}, 0x20) [ 47.509126][ T8650] device hsr_slave_0 entered promiscuous mode [ 47.547263][ T8650] device hsr_slave_1 entered promiscuous mode [ 47.659212][ T8832] IPVS: ftp: loaded support on port[0] = 21 [ 47.738748][ T8804] chnl_net:caif_netlink_parms(): no params data found 07:49:07 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) pread64(r1, 0x0, 0xfeffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) [ 47.788542][ T8650] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.875386][ T8650] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.924298][ T8832] chnl_net:caif_netlink_parms(): no params data found [ 47.933139][ T8650] netdevsim netdevsim0 netdevsim2: renamed from eth2 07:49:07 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ptype\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0xf8) [ 48.008406][ T8650] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 48.101085][ T9070] IPVS: ftp: loaded support on port[0] = 21 [ 48.112261][ T8804] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.126592][ T8804] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.135365][ T8804] device bridge_slave_0 entered promiscuous mode [ 48.152187][ T9082] IPVS: ftp: loaded support on port[0] = 21 [ 48.160353][ T8650] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.167399][ T8650] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.174617][ T8650] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.181790][ T8650] bridge0: port 1(bridge_slave_0) entered forwarding state 07:49:07 executing program 5: getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x23, &(0x7f0000000000), &(0x7f0000000040)=0x14) [ 48.213662][ T8804] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.221009][ T8804] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.232213][ T8804] device bridge_slave_1 entered promiscuous mode [ 48.304498][ T4738] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.312874][ T4738] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.334379][ T8832] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.341454][ T8832] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.349281][ T8832] device bridge_slave_0 entered promiscuous mode [ 48.357911][ T8832] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.364962][ T8832] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.373107][ T8832] device bridge_slave_1 entered promiscuous mode [ 48.384508][ T9153] IPVS: ftp: loaded support on port[0] = 21 [ 48.403476][ T3217] ================================================================== [ 48.411582][ T3217] BUG: KCSAN: data-race in copy_process / release_task [ 48.412287][ T9070] chnl_net:caif_netlink_parms(): no params data found [ 48.418405][ T3217] [ 48.418417][ T3217] write to 0xffffffff8927a410 of 4 bytes by task 9233 on cpu 0: [ 48.418434][ T3217] release_task+0x6c8/0xb90 [ 48.418448][ T3217] do_exit+0x1140/0x16e0 [ 48.443879][ T3217] call_usermodehelper_exec_async+0x2da/0x2e0 [ 48.445708][ T8804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.449952][ T3217] ret_from_fork+0x1f/0x30 [ 48.449954][ T3217] [ 48.449964][ T3217] read to 0xffffffff8927a410 of 4 bytes by task 3217 on cpu 1: [ 48.449990][ T3217] copy_process+0xac4/0x3300 [ 48.450000][ T3217] _do_fork+0xf1/0x660 [ 48.450031][ T3217] kernel_thread+0x85/0xb0 [ 48.461062][ T8804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.463463][ T3217] call_usermodehelper_exec_work+0x4f/0x1b0 [ 48.477063][ T8804] team0: Port device team_slave_0 added [ 48.477848][ T3217] process_one_work+0x3e1/0x9a0 [ 48.484271][ T8804] team0: Port device team_slave_1 added [ 48.486285][ T3217] worker_thread+0x665/0xbe0 [ 48.506225][ T8804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.506725][ T3217] kthread+0x20d/0x230 [ 48.506737][ T3217] ret_from_fork+0x1f/0x30 [ 48.506739][ T3217] [ 48.506742][ T3217] Reported by Kernel Concurrency Sanitizer on: [ 48.506753][ T3217] CPU: 1 PID: 3217 Comm: kworker/u4:3 Not tainted 5.8.0-rc3-syzkaller #0 [ 48.506758][ T3217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.506779][ T3217] Workqueue: events_unbound call_usermodehelper_exec_work [ 48.514060][ T8804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.517122][ T3217] ================================================================== [ 48.517129][ T3217] Kernel panic - not syncing: panic_on_warn set ... [ 48.517140][ T3217] CPU: 1 PID: 3217 Comm: kworker/u4:3 Not tainted 5.8.0-rc3-syzkaller #0 [ 48.517145][ T3217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.517160][ T3217] Workqueue: events_unbound call_usermodehelper_exec_work [ 48.517165][ T3217] Call Trace: [ 48.517181][ T3217] dump_stack+0x10f/0x19d [ 48.517189][ T3217] panic+0x207/0x64a [ 48.517216][ T3217] ? vprintk_emit+0x44a/0x4f0 [ 48.517244][ T3217] kcsan_report+0x684/0x690 [ 48.517256][ T3217] ? kcsan_setup_watchpoint+0x453/0x4d0 [ 48.517266][ T3217] ? copy_process+0xac4/0x3300 [ 48.517275][ T3217] ? _do_fork+0xf1/0x660 [ 48.517285][ T3217] ? kernel_thread+0x85/0xb0 [ 48.517317][ T3217] ? call_usermodehelper_exec_work+0x4f/0x1b0 [ 48.525609][ T8804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.528820][ T3217] ? process_one_work+0x3e1/0x9a0 [ 48.528831][ T3217] ? worker_thread+0x665/0xbe0 [ 48.528841][ T3217] ? kthread+0x20d/0x230 [ 48.528852][ T3217] ? ret_from_fork+0x1f/0x30 [ 48.528874][ T3217] ? debug_smp_processor_id+0x18/0x20 [ 48.539051][ T8804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.539652][ T3217] ? copy_creds+0x280/0x350 [ 48.545780][ T8804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.554157][ T3217] ? copy_creds+0x280/0x350 [ 48.554169][ T3217] kcsan_setup_watchpoint+0x453/0x4d0 [ 48.554182][ T3217] ? copy_creds+0x280/0x350 [ 48.554208][ T3217] copy_process+0xac4/0x3300 [ 48.554225][ T3217] ? check_preempt_wakeup+0x1cb/0x370 [ 48.566800][ T8804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.571374][ T3217] ? proc_cap_handler+0x280/0x280 [ 48.795092][ T3217] _do_fork+0xf1/0x660 [ 48.799135][ T3217] ? check_preemption_disabled+0x51/0x140 [ 48.804823][ T3217] ? proc_cap_handler+0x280/0x280 [ 48.809815][ T3217] kernel_thread+0x85/0xb0 [ 48.814199][ T3217] ? proc_cap_handler+0x280/0x280 [ 48.819193][ T3217] call_usermodehelper_exec_work+0x4f/0x1b0 [ 48.825055][ T3217] ? __list_del_entry_valid+0x54/0xc0 [ 48.830398][ T3217] process_one_work+0x3e1/0x9a0 [ 48.835217][ T3217] worker_thread+0x665/0xbe0 [ 48.839903][ T3217] ? process_one_work+0x9a0/0x9a0 [ 48.844895][ T3217] kthread+0x20d/0x230 [ 48.848942][ T3217] ? process_one_work+0x9a0/0x9a0 [ 48.853961][ T3217] ? kthread_blkcg+0x80/0x80 [ 48.858520][ T3217] ret_from_fork+0x1f/0x30 [ 48.863919][ T3217] Kernel Offset: disabled [ 48.868226][ T3217] Rebooting in 86400 seconds..