Warning: Permanently added '10.128.1.36' (ECDSA) to the list of known hosts. 2019/11/15 08:38:55 fuzzer started 2019/11/15 08:38:56 dialing manager at 10.128.0.105:44219 2019/11/15 08:38:57 syscalls: 2566 2019/11/15 08:38:57 code coverage: enabled 2019/11/15 08:38:57 comparison tracing: enabled 2019/11/15 08:38:57 extra coverage: extra coverage is not supported by the kernel 2019/11/15 08:38:57 setuid sandbox: enabled 2019/11/15 08:38:57 namespace sandbox: enabled 2019/11/15 08:38:57 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/15 08:38:57 fault injection: enabled 2019/11/15 08:38:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/15 08:38:57 net packet injection: enabled 2019/11/15 08:38:57 net device setup: enabled 2019/11/15 08:38:57 concurrency sanitizer: enabled 2019/11/15 08:38:57 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/11/15 08:38:59 adding functions to KCSAN blacklist: 'tomoyo_supervisor' '__hrtimer_run_queues' 'pid_update_inode' 'ep_insert' 'mod_timer' 'run_timer_softirq' '__rb_insert_augmented' 'timer_clear_idle' 'tick_do_update_jiffies64' 'generic_permission' 'tcp_add_backlog' 'rcu_gp_fqs_check_wake' 'find_next_bit' 'add_timer' '__rb_rotate_set_parents' 'pipe_wait' 08:39:00 executing program 0: open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x6db6e559) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, &(0x7f00000000c0)) 08:39:00 executing program 1: r0 = gettid() openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) madvise(&(0x7f0000516000/0x2000)=nil, 0x2000, 0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x404000, 0x15) syzkaller login: [ 59.259205][ T7661] IPVS: ftp: loaded support on port[0] = 21 [ 59.379937][ T7661] chnl_net:caif_netlink_parms(): no params data found [ 59.441019][ T7661] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.448205][ T7661] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.456191][ T7661] device bridge_slave_0 entered promiscuous mode [ 59.463757][ T7661] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.470996][ T7661] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.478980][ T7661] device bridge_slave_1 entered promiscuous mode 08:39:01 executing program 2: r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = creat(&(0x7f00000001c0)='./bus\x00', 0xffffffffffdffffe) ioctl$VIDIOC_DBG_G_CHIP_INFO(r1, 0xc0c85666, &(0x7f00000003c0)={{0x0, @name="8782f4cb35aa08ff16ef2c146ef69b7eb6d6a5b939f038f8bb7152bd908bed69"}, "ea35339097b22e96c20f29600c91828629b18ba6d17d9b28b883657529833f78", 0x1}) ioctl$CAPI_INSTALLED(r1, 0x80024322) r2 = syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x1, 0x2) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, 0x0, 0x0) r3 = socket(0x11, 0x800000003, 0x0) bind(r3, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000080)={@mcast2, 0x3f, r4}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000007c0)={'vxcan/\xff\xff\xff\xff\xea\x00', r4}) connect(r0, &(0x7f0000000740)=@ll={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x80) r6 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/attr/fscreate\x00', 0x2, 0x0) write$apparmor_current(r6, &(0x7f0000000380)=ANY=[@ANYRES64], 0x1) r7 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x8000fffffffe) r8 = creat(&(0x7f00000001c0)='./bus\x00', 0xffffffffffdffffe) ioctl$VIDIOC_DBG_G_CHIP_INFO(r8, 0xc0c85666, &(0x7f00000003c0)={{0x0, @name="8782f4cb35aa08ff16ef2c146ef69b7eb6d6a5b939f038f8bb7152bd908bed69"}, "ea35339097b22e96c20f29600c91828629b18ba6d17d9b28b883657529833f78", 0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r6, &(0x7f0000000100)={0x1, 0x10, 0xfa00, {&(0x7f0000000000), r9}}, 0x18) sendmsg$can_bcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000e3ffffffffffff9f440a32e9cd1c1473326edf3b3fdfd753fcc1fd99f26a778c3240c3937d41e78dfced62b906e47811f46fcdda40d6dbf5ea2184882d91119bfdb8cc840003f28d3a694627622b0f5f018bb213ca0f525d6b9b63f78b6a9474466524632c8660adca0adcd334ab148d31e3a5ab6db97eb97232c9adeebfd4175a"], 0x6}}, 0x0) [ 59.497749][ T7661] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.509039][ T7661] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.511392][ T7664] IPVS: ftp: loaded support on port[0] = 21 [ 59.544877][ T7661] team0: Port device team_slave_0 added [ 59.552032][ T7661] team0: Port device team_slave_1 added [ 59.626893][ T7661] device hsr_slave_0 entered promiscuous mode [ 59.664214][ T7661] device hsr_slave_1 entered promiscuous mode [ 59.733910][ T7667] IPVS: ftp: loaded support on port[0] = 21 08:39:01 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) ioctl$FIONREAD(r0, 0x5412, &(0x7f0000000000)) [ 59.870968][ T7664] chnl_net:caif_netlink_parms(): no params data found [ 60.061994][ T7664] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.103898][ T7664] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.111918][ T7664] device bridge_slave_0 entered promiscuous mode [ 60.175104][ T7664] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.182190][ T7664] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.225102][ T7664] device bridge_slave_1 entered promiscuous mode [ 60.311151][ T7664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.368018][ T7664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.405978][ T7667] chnl_net:caif_netlink_parms(): no params data found [ 60.416990][ T7692] IPVS: ftp: loaded support on port[0] = 21 [ 60.459253][ T7664] team0: Port device team_slave_0 added [ 60.517480][ T7664] team0: Port device team_slave_1 added [ 60.618564][ T7667] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.643937][ T7667] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.655808][ T7667] device bridge_slave_0 entered promiscuous mode 08:39:02 executing program 4: r0 = socket(0x400000000010, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000021002551071c0165ff00fc020200000000100f000ee1000c08000b0000fffff0", 0x24) [ 60.718120][ T7664] device hsr_slave_0 entered promiscuous mode [ 60.775457][ T7664] device hsr_slave_1 entered promiscuous mode [ 60.803840][ T7664] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.817183][ T7667] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.835101][ T7667] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.864067][ T7667] device bridge_slave_1 entered promiscuous mode [ 61.025996][ T7667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.083910][ T7692] chnl_net:caif_netlink_parms(): no params data found [ 61.172245][ T7667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.335743][ T7667] team0: Port device team_slave_0 added [ 61.342788][ T7667] team0: Port device team_slave_1 added [ 61.409600][ T7714] IPVS: ftp: loaded support on port[0] = 21 [ 61.426065][ T23] device bridge_slave_1 left promiscuous mode [ 61.432312][ T23] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.541252][ T23] device bridge_slave_0 left promiscuous mode [ 61.549072][ T23] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.674181][ T23] device hsr_slave_0 left promiscuous mode [ 61.733870][ T23] device hsr_slave_1 left promiscuous mode [ 61.769552][ T23] team0 (unregistering): Port device team_slave_1 removed [ 61.804122][ T23] team0 (unregistering): Port device team_slave_0 removed [ 61.843924][ T23] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface 08:39:03 executing program 5: r0 = socket(0x10, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/rt_cache\x00') sendfile(r0, r1, &(0x7f00000001c0)=0x51, 0x8) [ 61.904026][ T23] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 61.996223][ T23] bond0 (unregistering): Released all slaves [ 62.116017][ T7692] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.123121][ T7692] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.144090][ T7692] device bridge_slave_0 entered promiscuous mode [ 62.202036][ T7727] IPVS: ftp: loaded support on port[0] = 21 [ 62.218071][ T7667] device hsr_slave_0 entered promiscuous mode [ 62.284117][ T7667] device hsr_slave_1 entered promiscuous mode [ 62.360254][ T7692] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.367696][ T7692] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.394602][ T7692] device bridge_slave_1 entered promiscuous mode [ 62.471085][ T7729] IPVS: ftp: loaded support on port[0] = 21 [ 62.577764][ T7692] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.620128][ T7692] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.848776][ T7692] team0: Port device team_slave_0 added [ 62.898005][ T7692] team0: Port device team_slave_1 added [ 63.023718][ T7714] chnl_net:caif_netlink_parms(): no params data found [ 63.096631][ T7692] device hsr_slave_0 entered promiscuous mode [ 63.165776][ T7692] device hsr_slave_1 entered promiscuous mode [ 63.193825][ T7692] debugfs: Directory 'hsr0' with parent '/' already present! [ 63.231711][ T7727] chnl_net:caif_netlink_parms(): no params data found [ 63.260054][ T7729] chnl_net:caif_netlink_parms(): no params data found [ 63.374368][ T7714] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.381478][ T7714] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.456750][ T7714] device bridge_slave_0 entered promiscuous mode [ 63.575970][ T7768] ================================================================== [ 63.584134][ T7768] BUG: KCSAN: data-race in vm_area_dup / vma_interval_tree_insert_after [ 63.592467][ T7768] [ 63.594811][ T7768] write to 0xffff888123346f40 of 8 bytes by task 7766 on cpu 0: [ 63.602452][ T7768] vma_interval_tree_insert_after+0x135/0x170 [ 63.608534][ T7768] dup_mm+0x53e/0xba0 [ 63.612511][ T7768] copy_process+0x36f3/0x3b50 [ 63.617181][ T7768] _do_fork+0xfe/0x6e0 [ 63.621258][ T7768] __x64_sys_clone+0x12b/0x160 [ 63.626032][ T7768] do_syscall_64+0xcc/0x370 [ 63.630546][ T7768] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.636424][ T7768] [ 63.638756][ T7768] read to 0xffff888123346ed8 of 200 bytes by task 7768 on cpu 1: [ 63.646500][ T7768] vm_area_dup+0x70/0xf0 [ 63.650740][ T7768] dup_mm+0x330/0xba0 [ 63.654731][ T7768] copy_process+0x36f3/0x3b50 [ 63.659409][ T7768] _do_fork+0xfe/0x6e0 [ 63.663481][ T7768] __x64_sys_clone+0x12b/0x160 [ 63.668244][ T7768] do_syscall_64+0xcc/0x370 [ 63.672741][ T7768] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.678621][ T7768] [ 63.681046][ T7768] Reported by Kernel Concurrency Sanitizer on: [ 63.687207][ T7768] CPU: 1 PID: 7768 Comm: net.agent Not tainted 5.4.0-rc7+ #0 [ 63.694572][ T7768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.704751][ T7768] ================================================================== [ 63.712833][ T7768] Kernel panic - not syncing: panic_on_warn set ... [ 63.719425][ T7768] CPU: 1 PID: 7768 Comm: net.agent Not tainted 5.4.0-rc7+ #0 [ 63.726873][ T7768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.736945][ T7768] Call Trace: [ 63.740240][ T7768] dump_stack+0x11d/0x181 [ 63.744574][ T7768] panic+0x210/0x640 [ 63.748473][ T7768] ? vprintk_func+0x8d/0x140 [ 63.753066][ T7768] kcsan_report.cold+0xc/0xd [ 63.757667][ T7768] kcsan_setup_watchpoint+0x3fe/0x460 [ 63.763041][ T7768] __tsan_read_range+0xc4/0x100 [ 63.767892][ T7768] vm_area_dup+0x70/0xf0 [ 63.772129][ T7768] dup_mm+0x330/0xba0 [ 63.776124][ T7768] copy_process+0x36f3/0x3b50 [ 63.780803][ T7768] ? do_wp_page+0x19f/0x11f0 [ 63.785432][ T7768] _do_fork+0xfe/0x6e0 [ 63.789504][ T7768] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 63.795748][ T7768] ? handle_mm_fault+0x2c6/0x530 [ 63.800689][ T7768] __x64_sys_clone+0x12b/0x160 [ 63.805471][ T7768] do_syscall_64+0xcc/0x370 [ 63.809980][ T7768] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.815861][ T7768] RIP: 0033:0x7f3728f0cf46 [ 63.820282][ T7768] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 14 25 10 00 00 00 31 d2 49 81 c2 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 31 01 00 00 85 c0 41 89 c4 0f 85 3b 01 00 [ 63.839887][ T7768] RSP: 002b:00007ffee2b19680 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 63.848298][ T7768] RAX: ffffffffffffffda RBX: 00007ffee2b19680 RCX: 00007f3728f0cf46 [ 63.856286][ T7768] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 63.864268][ T7768] RBP: 00007ffee2b196c0 R08: 0000000000001e58 R09: 0000000000001e58 [ 63.872249][ T7768] R10: 00007f37294039d0 R11: 0000000000000246 R12: 0000000000000000 [ 63.880221][ T7768] R13: 0000000000000000 R14: 0000000000000002 R15: 0000000001414090 [ 63.889754][ T7768] Kernel Offset: disabled [ 63.894094][ T7768] Rebooting in 86400 seconds..