Warning: Permanently added '10.128.1.50' (ECDSA) to the list of known hosts. 2019/10/09 07:22:15 fuzzer started 2019/10/09 07:22:17 dialing manager at 10.128.0.105:43333 2019/10/09 07:22:17 checking machine... 2019/10/09 07:22:17 checking revisions... 2019/10/09 07:22:17 testing simple program... syzkaller login: [ 45.811411][ T7268] IPVS: ftp: loaded support on port[0] = 21 2019/10/09 07:22:17 building call list... executing program [ 49.586766][ T7254] can: request_module (can-proto-0) failed. [ 49.599321][ T7254] can: request_module (can-proto-0) failed. 2019/10/09 07:22:26 syscalls: 2523 2019/10/09 07:22:26 code coverage: enabled 2019/10/09 07:22:26 comparison tracing: enabled 2019/10/09 07:22:26 extra coverage: extra coverage is not supported by the kernel 2019/10/09 07:22:26 setuid sandbox: enabled 2019/10/09 07:22:26 namespace sandbox: enabled 2019/10/09 07:22:26 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/09 07:22:26 fault injection: enabled 2019/10/09 07:22:26 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/09 07:22:26 net packet injection: enabled 2019/10/09 07:22:26 net device setup: enabled 2019/10/09 07:22:26 concurrency sanitizer: enabled 07:22:27 executing program 0: r0 = socket$inet(0x2, 0x3, 0x19) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet_mreqsrc(r0, 0x0, 0xe, &(0x7f0000000280)={@remote, @dev, @broadcast}, &(0x7f00000002c0)=0x1) [ 56.007945][ T7311] IPVS: ftp: loaded support on port[0] = 21 07:22:27 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)) mknod$loop(0x0, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000140), 0x8800000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) read(r1, 0x0, 0x0) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000002800)='/dev/ashmem\x00', 0x0, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) dup2(r2, r3) sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 56.101172][ T7311] chnl_net:caif_netlink_parms(): no params data found [ 56.140780][ T7311] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.147977][ T7311] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.166090][ T7311] device bridge_slave_0 entered promiscuous mode [ 56.187285][ T7311] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.194417][ T7311] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.206264][ T7311] device bridge_slave_1 entered promiscuous mode [ 56.259225][ T7311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.277557][ T7311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.330676][ T7311] team0: Port device team_slave_0 added [ 56.347111][ T7311] team0: Port device team_slave_1 added [ 56.378133][ T7314] IPVS: ftp: loaded support on port[0] = 21 [ 56.419129][ T7311] device hsr_slave_0 entered promiscuous mode 07:22:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="afdca50d1e8e96737bf070") r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$FUSE_INIT(r1, &(0x7f0000000140)={0x50}, 0x50) fcntl$setstatus(r1, 0x4, 0x6000) io_setup(0x2, &(0x7f00000004c0)=0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000100)={0x0, 0x0, 0xf3f5, 0x200000fffd}) io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x10000}]) [ 56.476339][ T7311] device hsr_slave_1 entered promiscuous mode [ 56.524090][ T7311] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.531247][ T7311] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.538628][ T7311] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.545670][ T7311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.632348][ T7311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.658912][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.668826][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.697066][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.717543][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 56.740019][ T7311] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.796571][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.805104][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.812174][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.821745][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.830609][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.837730][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.864354][ T7318] IPVS: ftp: loaded support on port[0] = 21 [ 56.878647][ T7320] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.889176][ T7320] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.905016][ T7314] chnl_net:caif_netlink_parms(): no params data found 07:22:28 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000003b00)=[{{&(0x7f0000000040)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10, 0x0}}, {{&(0x7f0000000100)={0x2, 0x4e24, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000800)=[@ip_tos_int={{0x14, 0x11, 0x67}}], 0x18}}], 0x2, 0x0) [ 56.924390][ T7320] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.943220][ T7311] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.955760][ T7311] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.977148][ T7321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.986829][ T7321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.030528][ T7321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.048385][ T7311] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.075366][ T7314] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.095638][ T7314] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.112415][ T7314] device bridge_slave_0 entered promiscuous mode [ 57.146522][ T7314] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.153708][ T7314] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.161905][ T7314] device bridge_slave_1 entered promiscuous mode [ 57.243625][ T7314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.300392][ T7314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.314401][ T7263] ================================================================== [ 57.322523][ T7263] BUG: KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent [ 57.330919][ T7263] [ 57.332260][ T7318] chnl_net:caif_netlink_parms(): no params data found [ 57.333254][ T7263] read to 0xffff888126b7ac28 of 8 bytes by task 7329 on cpu 0: [ 57.344467][ T7327] IPVS: ftp: loaded support on port[0] = 21 [ 57.347518][ T7263] ext4_es_lookup_extent+0x3ba/0x510 [ 57.347530][ T7263] ext4_map_blocks+0xc2/0xf70 [ 57.347553][ T7263] ext4_getblk+0x30b/0x380 [ 57.367756][ T7263] ext4_bread+0x4a/0x190 [ 57.371989][ T7263] __ext4_read_dirblock+0x3e/0x700 [ 57.377103][ T7263] ext4_add_entry+0x46b/0x8e0 [ 57.381766][ T7263] ext4_add_nondir+0x31/0xa0 [ 57.386353][ T7263] ext4_symlink+0x7c0/0x970 [ 57.390845][ T7263] vfs_symlink+0x218/0x310 [ 57.395252][ T7263] do_symlinkat+0x1a5/0x1e0 [ 57.399656][ T7314] team0: Port device team_slave_0 added [ 57.399758][ T7263] __x64_sys_symlink+0x3f/0x50 [ 57.410031][ T7263] do_syscall_64+0xcf/0x2f0 [ 57.414530][ T7263] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.420411][ T7263] [ 57.422744][ T7263] write to 0xffff888126b7ac28 of 8 bytes by task 7263 on cpu 1: [ 57.425188][ T7314] team0: Port device team_slave_1 added [ 57.430364][ T7263] ext4_es_lookup_extent+0x3d3/0x510 [ 57.430377][ T7263] ext4_map_blocks+0xc2/0xf70 [ 57.430401][ T7263] ext4_mpage_readpages+0x92b/0x1270 [ 57.444966][ T7318] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.445865][ T7263] ext4_readpages+0x92/0xc0 [ 57.451821][ T7318] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.458119][ T7263] read_pages+0xa2/0x2d0 [ 57.458132][ T7263] __do_page_cache_readahead+0x353/0x390 [ 57.458144][ T7263] ondemand_readahead+0x35d/0x710 [ 57.458155][ T7263] page_cache_async_readahead+0x22c/0x250 [ 57.458166][ T7263] generic_file_read_iter+0xffc/0x1440 [ 57.458178][ T7263] ext4_file_read_iter+0xfa/0x240 [ 57.458190][ T7263] new_sync_read+0x389/0x4f0 [ 57.458201][ T7263] __vfs_read+0xb1/0xc0 [ 57.458213][ T7263] integrity_kernel_read+0xa1/0xe0 [ 57.458228][ T7263] [ 57.464196][ T7318] device bridge_slave_0 entered promiscuous mode [ 57.469709][ T7263] Reported by Kernel Concurrency Sanitizer on: [ 57.469726][ T7263] CPU: 1 PID: 7263 Comm: syz-fuzzer Not tainted 5.3.0+ #0 [ 57.469734][ T7263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.469751][ T7263] ================================================================== [ 57.493212][ T7318] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.495701][ T7263] Kernel panic - not syncing: panic_on_warn set ... [ 57.495717][ T7263] CPU: 1 PID: 7263 Comm: syz-fuzzer Not tainted 5.3.0+ #0 [ 57.495736][ T7263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.501307][ T7318] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.505296][ T7263] Call Trace: [ 57.505319][ T7263] dump_stack+0xf5/0x159 [ 57.505347][ T7263] panic+0x209/0x639 [ 57.510868][ T7318] device bridge_slave_1 entered promiscuous mode [ 57.514567][ T7263] ? generic_file_read_iter+0xffc/0x1440 [ 57.514593][ T7263] ? vprintk_func+0x8d/0x140 [ 57.620916][ T7263] kcsan_report.cold+0xc/0x1b [ 57.625584][ T7263] __kcsan_setup_watchpoint+0x3ee/0x510 [ 57.631113][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.636731][ T7263] __tsan_write8+0x32/0x40 [ 57.641142][ T7263] ext4_es_lookup_extent+0x3d3/0x510 [ 57.646422][ T7263] ext4_map_blocks+0xc2/0xf70 [ 57.651095][ T7263] ext4_mpage_readpages+0x92b/0x1270 [ 57.656552][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.662181][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.667801][ T7263] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 57.673678][ T7263] ? ext4_invalidatepage+0x1e0/0x1e0 [ 57.678949][ T7263] ext4_readpages+0x92/0xc0 [ 57.683437][ T7263] ? ext4_invalidatepage+0x1e0/0x1e0 [ 57.688738][ T7263] read_pages+0xa2/0x2d0 [ 57.692986][ T7263] __do_page_cache_readahead+0x353/0x390 [ 57.698622][ T7263] ondemand_readahead+0x35d/0x710 [ 57.703639][ T7263] page_cache_async_readahead+0x22c/0x250 [ 57.709350][ T7263] generic_file_read_iter+0xffc/0x1440 [ 57.714806][ T7263] ext4_file_read_iter+0xfa/0x240 [ 57.719821][ T7263] new_sync_read+0x389/0x4f0 [ 57.724418][ T7263] __vfs_read+0xb1/0xc0 [ 57.728565][ T7263] integrity_kernel_read+0xa1/0xe0 [ 57.733666][ T7263] ima_calc_file_hash_tfm+0x1b5/0x260 [ 57.739027][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.744644][ T7263] ? __tsan_read8+0x2c/0x30 [ 57.749153][ T7263] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 57.754857][ T7263] ? widen_string+0x4a/0x1a0 [ 57.759431][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.765045][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.770664][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.776371][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.781985][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.787601][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.793228][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.798846][ T7263] ? __tsan_read4+0x2c/0x30 [ 57.803337][ T7263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.809566][ T7263] ? refcount_sub_and_test_checked+0xc8/0x190 [ 57.815616][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.821235][ T7263] ? __tsan_read4+0x2c/0x30 [ 57.825726][ T7263] ima_calc_file_hash+0x158/0xf10 [ 57.830745][ T7263] ? __tsan_write8+0x32/0x40 [ 57.835329][ T7263] ? ext4_xattr_get+0x10b/0x5c0 [ 57.840164][ T7263] ? __rcu_read_unlock+0x62/0xe0 [ 57.846657][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.852308][ T7263] ima_collect_measurement+0x384/0x3b0 [ 57.857761][ T7263] process_measurement+0x980/0xff0 [ 57.862865][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.868493][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.874110][ T7263] ? __tsan_read4+0x2c/0x30 [ 57.878601][ T7263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.884826][ T7263] ? refcount_sub_and_test_checked+0xc8/0x190 [ 57.890880][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.896496][ T7263] ? __kcsan_setup_watchpoint+0x96/0x510 [ 57.902124][ T7263] ima_file_check+0x7e/0xb0 [ 57.906618][ T7263] path_openat+0xfb1/0x3530 [ 57.911105][ T7263] ? delay_tsc+0x8f/0xc0 [ 57.915345][ T7263] do_filp_open+0x11e/0x1b0 [ 57.919839][ T7263] ? _raw_spin_unlock+0x4b/0x60 [ 57.924684][ T7263] ? __alloc_fd+0x316/0x4c0 [ 57.929267][ T7263] ? get_unused_fd_flags+0x93/0xc0 [ 57.934364][ T7263] do_sys_open+0x3b3/0x4f0 [ 57.938774][ T7263] __x64_sys_openat+0x62/0x80 [ 57.943442][ T7263] do_syscall_64+0xcf/0x2f0 [ 57.947942][ T7263] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.953821][ T7263] RIP: 0033:0x47c5aa [ 57.957723][ T7263] Code: e8 7b 6b fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 57.977323][ T7263] RSP: 002b:000000c420305850 EFLAGS: 00000206 ORIG_RAX: 0000000000000101 [ 57.985719][ T7263] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047c5aa [ 57.993678][ T7263] RDX: 0000000000080002 RSI: 000000c420097100 RDI: ffffffffffffff9c [ 58.002070][ T7263] RBP: 000000c4203058d0 R08: 0000000000000000 R09: 0000000000000000 [ 58.010034][ T7263] R10: 00000000000001a4 R11: 0000000000000206 R12: ffffffffffffffff [ 58.017999][ T7263] R13: 0000000000000089 R14: 0000000000000088 R15: 0000000000000100 [ 58.027105][ T7263] Kernel Offset: disabled [ 58.031456][ T7263] Rebooting in 86400 seconds..