Warning: Permanently added '10.128.0.217' (ECDSA) to the list of known hosts. 2020/01/12 22:35:30 fuzzer started 2020/01/12 22:35:32 dialing manager at 10.128.0.105:37253 2020/01/12 22:35:32 checking machine... 2020/01/12 22:35:32 checking revisions... 2020/01/12 22:35:32 testing simple program... [ 66.063352][ T8009] IPVS: ftp: loaded support on port[0] = 21 2020/01/12 22:35:32 building call list... [ 66.443474][ T96] tipc: TX() has been purged, node left! executing program [ 69.363077][ T7992] can: request_module (can-proto-0) failed. [ 69.375107][ T7992] can: request_module (can-proto-0) failed. [ 69.386445][ T7992] can: request_module (can-proto-0) failed. 2020/01/12 22:35:39 syscalls: 2814 2020/01/12 22:35:39 code coverage: enabled 2020/01/12 22:35:39 comparison tracing: enabled 2020/01/12 22:35:39 extra coverage: enabled 2020/01/12 22:35:39 setuid sandbox: enabled 2020/01/12 22:35:39 namespace sandbox: enabled 2020/01/12 22:35:39 Android sandbox: /sys/fs/selinux/policy does not exist 2020/01/12 22:35:39 fault injection: enabled 2020/01/12 22:35:39 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/01/12 22:35:39 net packet injection: enabled 2020/01/12 22:35:39 net device setup: enabled 2020/01/12 22:35:39 concurrency sanitizer: enabled 2020/01/12 22:35:39 devlink PCI setup: PCI device 0000:00:10.0 is not available 22:35:40 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x0) 22:35:41 executing program 1: r0 = semget$private(0x0, 0x4, 0x0) semtimedop(r0, &(0x7f0000000080)=[{0x0, 0x0, 0x1c00}], 0x1, 0x0) semop(0x0, &(0x7f0000000000)=[{0x0, 0x401, 0x1800}], 0x1) [ 74.499092][ T8059] IPVS: ftp: loaded support on port[0] = 21 [ 74.600043][ T8059] chnl_net:caif_netlink_parms(): no params data found [ 74.658560][ T8059] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.683582][ T8059] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.691372][ T8059] device bridge_slave_0 entered promiscuous mode [ 74.714539][ T8059] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.721626][ T8059] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.733383][ T8059] device bridge_slave_1 entered promiscuous mode 22:35:41 executing program 2: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x8447, 0x0) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0285628, &(0x7f0000000040)={0x3, 0x0, 0x4, [], &(0x7f0000000140)}) [ 74.763387][ T8059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.801475][ T8062] IPVS: ftp: loaded support on port[0] = 21 [ 74.809375][ T8059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.860392][ T8059] team0: Port device team_slave_0 added [ 74.876093][ T8059] team0: Port device team_slave_1 added [ 74.942330][ T8064] IPVS: ftp: loaded support on port[0] = 21 [ 74.990272][ T8059] device hsr_slave_0 entered promiscuous mode [ 75.043832][ T8059] device hsr_slave_1 entered promiscuous mode [ 75.193514][ T8062] chnl_net:caif_netlink_parms(): no params data found [ 75.228749][ T8059] netdevsim netdevsim0 netdevsim0: renamed from eth0 22:35:41 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x3800) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = dup(r1) setsockopt$packet_int(r2, 0x107, 0x10000000000f, &(0x7f0000006ffc)=0x40000008, 0x4) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r4, 0x107, 0x0, &(0x7f0000000080), 0x4) setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x0, 0x0, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r1, &(0x7f0000000640)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r1, &(0x7f0000000300)="0503000006023e0001a00000c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a88161b6fd8f24286a57c3fe257c3314a3974bb654697f", 0xfdfa, 0x0, 0x0, 0x0) [ 75.283981][ T8059] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.325557][ T8059] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.387211][ T8059] netdevsim netdevsim0 netdevsim3: renamed from eth3 22:35:41 executing program 4: r0 = semget$private(0x0, 0x2000000010a, 0x0) semtimedop(r0, &(0x7f0000000140)=[{0x0, 0x1}, {}], 0x2, 0x0) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000280)=""/196) [ 75.436570][ T8062] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.449263][ T8062] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.458759][ T8062] device bridge_slave_0 entered promiscuous mode [ 75.520669][ T8062] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.529027][ T8062] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.537288][ T8062] device bridge_slave_1 entered promiscuous mode [ 75.550874][ T8059] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.557945][ T8059] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.565216][ T8059] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.572258][ T8059] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.600328][ T8069] IPVS: ftp: loaded support on port[0] = 21 [ 75.611062][ T8062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.621880][ T8064] chnl_net:caif_netlink_parms(): no params data found [ 75.666289][ T8062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.675693][ T2412] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.708132][ T2412] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.756551][ T8072] IPVS: ftp: loaded support on port[0] = 21 [ 75.769845][ T8064] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.793529][ T8064] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.801255][ T8064] device bridge_slave_0 entered promiscuous mode [ 75.815192][ T8062] team0: Port device team_slave_0 added [ 75.826757][ T8062] team0: Port device team_slave_1 added [ 75.835588][ T8064] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.842791][ T8064] bridge0: port 2(bridge_slave_1) entered disabled state 22:35:42 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000002180)=0xfc, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2}, 0x14) sendto$inet6(r0, &(0x7f0000000080)="030400000a03600003000000fff57b016d2763bd56373780398d537500e50602591f031ee616d5c0184374a7ffe4ec55e0654786a70100935ba514d40808efa000801600002fd08d49a47eff71bc4131fe4c1f99bf00a900000008d1843e770afd6e9ef5837dbd0000000053", 0x306c, 0x4000002, 0x0, 0x2ff) syz_extract_tcp_res(&(0x7f0000000280), 0x0, 0x0) [ 75.851354][ T8064] device bridge_slave_1 entered promiscuous mode [ 75.925795][ T8062] device hsr_slave_0 entered promiscuous mode [ 75.963956][ T8062] device hsr_slave_1 entered promiscuous mode [ 76.023546][ T8062] debugfs: Directory 'hsr0' with parent '/' already present! [ 76.058805][ T8075] IPVS: ftp: loaded support on port[0] = 21 [ 76.059860][ T8059] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.082104][ T8064] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.094704][ T8064] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.134184][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.142021][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.155503][ T8059] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.174668][ T8064] team0: Port device team_slave_0 added [ 76.195148][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.205702][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.214246][ T2412] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.221250][ T2412] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.229107][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.237985][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.246462][ T2412] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.253509][ T2412] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.261205][ T2412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 76.285489][ T8064] team0: Port device team_slave_1 added [ 76.323356][ T2412] ================================================================== [ 76.331463][ T2412] BUG: KCSAN: data-race in find_next_bit / rcu_report_exp_cpu_mult [ 76.339325][ T2412] [ 76.341636][ T2412] write to 0xffffffff85c7d080 of 8 bytes by interrupt on cpu 1: [ 76.349350][ T2412] rcu_report_exp_cpu_mult+0x4f/0xa0 [ 76.354632][ T2412] rcu_report_exp_rdp+0x6c/0x90 [ 76.359516][ T2412] rcu_exp_handler+0xe5/0x190 [ 76.364175][ T2412] flush_smp_call_function_queue+0x18c/0x2b0 [ 76.370225][ T2412] generic_smp_call_function_single_interrupt+0x1c/0x49 [ 76.377145][ T2412] smp_call_function_single_interrupt+0x3f/0x100 [ 76.383458][ T2412] call_function_single_interrupt+0xf/0x20 [ 76.389241][ T2412] [ 76.391562][ T2412] read to 0xffffffff85c7d080 of 8 bytes by task 2412 on cpu 0: [ 76.399320][ T2412] find_next_bit+0x57/0xe0 [ 76.403762][ T2412] sync_rcu_exp_select_node_cpus+0x28e/0x510 [ 76.409742][ T2412] sync_rcu_exp_select_cpus+0x30c/0x590 [ 76.415277][ T2412] wait_rcu_exp_gp+0x25/0x40 [ 76.419854][ T2412] process_one_work+0x3d4/0x890 [ 76.424691][ T2412] worker_thread+0xa0/0x800 [ 76.429172][ T2412] kthread+0x1d4/0x200 [ 76.433224][ T2412] ret_from_fork+0x1f/0x30 [ 76.437615][ T2412] [ 76.439924][ T2412] Reported by Kernel Concurrency Sanitizer on: [ 76.446058][ T2412] CPU: 0 PID: 2412 Comm: kworker/0:2 Not tainted 5.5.0-rc1-syzkaller #0 [ 76.454370][ T2412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.464506][ T2412] Workqueue: rcu_gp wait_rcu_exp_gp [ 76.469678][ T2412] ================================================================== [ 76.477718][ T2412] Kernel panic - not syncing: panic_on_warn set ... [ 76.484287][ T2412] CPU: 0 PID: 2412 Comm: kworker/0:2 Not tainted 5.5.0-rc1-syzkaller #0 [ 76.492591][ T2412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.502640][ T2412] Workqueue: rcu_gp wait_rcu_exp_gp [ 76.507814][ T2412] Call Trace: [ 76.511089][ T2412] dump_stack+0x11d/0x181 [ 76.515403][ T2412] panic+0x210/0x640 [ 76.519281][ T2412] ? vprintk_func+0x8d/0x140 [ 76.523868][ T2412] kcsan_report.cold+0xc/0xd [ 76.528454][ T2412] kcsan_setup_watchpoint+0x3fe/0x460 [ 76.533820][ T2412] __tsan_read8+0xc6/0x100 [ 76.538383][ T2412] find_next_bit+0x57/0xe0 [ 76.542822][ T2412] sync_rcu_exp_select_node_cpus+0x28e/0x510 [ 76.548794][ T2412] sync_rcu_exp_select_cpus+0x30c/0x590 [ 76.554340][ T2412] wait_rcu_exp_gp+0x25/0x40 [ 76.558934][ T2412] process_one_work+0x3d4/0x890 [ 76.563786][ T2412] worker_thread+0xa0/0x800 [ 76.568292][ T2412] kthread+0x1d4/0x200 [ 76.572344][ T2412] ? rescuer_thread+0x6a0/0x6a0 [ 76.577181][ T2412] ? kthread_unpark+0xe0/0xe0 [ 76.581849][ T2412] ret_from_fork+0x1f/0x30 [ 76.587616][ T2412] Kernel Offset: disabled [ 76.591942][ T2412] Rebooting in 86400 seconds..