Warning: Permanently added '10.128.1.23' (ECDSA) to the list of known hosts. 2019/10/29 04:06:55 fuzzer started 2019/10/29 04:06:56 dialing manager at 10.128.0.105:40771 2019/10/29 04:06:56 checking machine... 2019/10/29 04:06:56 checking revisions... 2019/10/29 04:06:56 testing simple program... syzkaller login: [ 44.929028][ T7180] IPVS: ftp: loaded support on port[0] = 21 2019/10/29 04:06:56 building call list... executing program [ 48.816889][ T7166] can: request_module (can-proto-0) failed. [ 48.829873][ T7166] can: request_module (can-proto-0) failed. 2019/10/29 04:07:03 syscalls: 2540 2019/10/29 04:07:03 code coverage: enabled 2019/10/29 04:07:03 comparison tracing: enabled 2019/10/29 04:07:03 extra coverage: extra coverage is not supported by the kernel 2019/10/29 04:07:03 setuid sandbox: enabled 2019/10/29 04:07:03 namespace sandbox: enabled 2019/10/29 04:07:03 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/29 04:07:03 fault injection: enabled 2019/10/29 04:07:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/29 04:07:03 net packet injection: enabled 2019/10/29 04:07:03 net device setup: enabled 2019/10/29 04:07:03 concurrency sanitizer: enabled 04:07:04 executing program 0: r0 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000300)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) r1 = add_key$keyring(&(0x7f0000000280)='keyring\x00', &(0x7f0000000080)={'syz'}, 0x0, 0x0, r0) request_key(&(0x7f00000002c0)='dns_resolver\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f00000003c0)='dns_resolver\x00', 0xfffffffffffffffe) add_key(&(0x7f0000000100)='dns_resolver\x00', &(0x7f0000000000)={'syz', 0x1}, &(0x7f0000000140)="dee7030022cf9e5e1dbac27b0426fc0299c40800000000000000c894f365ae68edf335abf35ec53d6751467ebd2c187491bcab2c8d34fec505fc8a14622dba33ff9b054eb7e8a5bc4ab2719cb230328931deb95ef3fcafb1ce27743a93f4715976ede8860ab49c3a4f51ab0124b50c3362201a307df03000", 0x78, r1) request_key(&(0x7f0000000040)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0) 04:07:04 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc028aa03, &(0x7f00000a0fe0)={{&(0x7f00005e3000/0x800000)=nil, 0x20ce6000}, 0x200000}) [ 53.042295][ T7223] IPVS: ftp: loaded support on port[0] = 21 [ 53.143499][ T7223] chnl_net:caif_netlink_parms(): no params data found [ 53.197571][ T7223] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.215481][ T7223] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.223655][ T7223] device bridge_slave_0 entered promiscuous mode [ 53.250959][ T7223] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.259244][ T7223] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.267309][ T7223] device bridge_slave_1 entered promiscuous mode [ 53.290291][ T7223] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.301982][ T7223] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.327859][ T7223] team0: Port device team_slave_0 added [ 53.333493][ T7226] IPVS: ftp: loaded support on port[0] = 21 [ 53.334766][ T7223] team0: Port device team_slave_1 added 04:07:05 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8), 0x8) mkdir(&(0x7f00000000c0)='./control\x00', 0x0) r2 = inotify_init1(0x0) r3 = dup2(r2, r1) inotify_add_watch(r3, &(0x7f0000000000)='.\x00', 0xa4000960) open(&(0x7f00003f5000)='./control\x00', 0x2309c0, 0x0) [ 53.438688][ T7223] device hsr_slave_0 entered promiscuous mode [ 53.495773][ T7223] device hsr_slave_1 entered promiscuous mode [ 53.644393][ T7223] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.651550][ T7223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.658923][ T7223] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.666028][ T7223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.827590][ T7230] IPVS: ftp: loaded support on port[0] = 21 [ 54.054986][ T7226] chnl_net:caif_netlink_parms(): no params data found [ 54.132553][ T7223] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.151139][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.177346][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.207520][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 54.262465][ T7223] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.279326][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.289658][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.369310][ T7233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.396304][ T7233] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.425244][ T7233] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.432392][ T7233] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.461057][ T7233] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.491317][ T7233] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.522148][ T7233] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.529271][ T7233] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.566182][ T7233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.628906][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.646930][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.678021][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.696854][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.716310][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.737968][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.758075][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.786749][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.817640][ T3001] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.838198][ T7226] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.845324][ T7226] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.876445][ T7226] device bridge_slave_0 entered promiscuous mode 04:07:06 executing program 3: r0 = socket$inet(0x2, 0x3, 0x2) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt(r0, 0x0, 0xd0, 0x0, 0x0) [ 54.884129][ T7226] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.892703][ T7226] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.901075][ T7226] device bridge_slave_1 entered promiscuous mode [ 54.931323][ T7233] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.959306][ T7223] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.007676][ T7230] chnl_net:caif_netlink_parms(): no params data found [ 55.039408][ T7226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.067748][ T7226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.113479][ T7223] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.157527][ T7230] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.164825][ T7230] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.176616][ T7230] device bridge_slave_0 entered promiscuous mode [ 55.196198][ T7230] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.203262][ T7230] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.223258][ T7230] device bridge_slave_1 entered promiscuous mode [ 55.257877][ T7226] team0: Port device team_slave_0 added [ 55.266404][ T7226] team0: Port device team_slave_1 added [ 55.287374][ T7230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.314478][ T7230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.468468][ T7226] device hsr_slave_0 entered promiscuous mode [ 55.498184][ T7226] device hsr_slave_1 entered promiscuous mode [ 55.547968][ T7226] debugfs: Directory 'hsr0' with parent '/' already present! [ 55.569083][ T7230] team0: Port device team_slave_0 added [ 55.591997][ T7230] team0: Port device team_slave_1 added [ 55.731351][ T7230] device hsr_slave_0 entered promiscuous mode [ 55.772290][ T7265] IPVS: ftp: loaded support on port[0] = 21 [ 55.795953][ T7230] device hsr_slave_1 entered promiscuous mode 04:07:07 executing program 0: r0 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000300)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) r1 = add_key$keyring(&(0x7f0000000280)='keyring\x00', &(0x7f0000000080)={'syz'}, 0x0, 0x0, r0) request_key(&(0x7f00000002c0)='dns_resolver\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f00000003c0)='dns_resolver\x00', 0xfffffffffffffffe) add_key(&(0x7f0000000100)='dns_resolver\x00', &(0x7f0000000000)={'syz', 0x1}, &(0x7f0000000140)="dee7030022cf9e5e1dbac27b0426fc0299c40800000000000000c894f365ae68edf335abf35ec53d6751467ebd2c187491bcab2c8d34fec505fc8a14622dba33ff9b054eb7e8a5bc4ab2719cb230328931deb95ef3fcafb1ce27743a93f4715976ede8860ab49c3a4f51ab0124b50c3362201a307df03000", 0x78, r1) request_key(&(0x7f0000000040)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0) [ 55.857708][ T7230] debugfs: Directory 'hsr0' with parent '/' already present! [ 56.190705][ T7226] 8021q: adding VLAN 0 to HW filter on device bond0 04:07:08 executing program 0: r0 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000300)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) r1 = add_key$keyring(&(0x7f0000000280)='keyring\x00', &(0x7f0000000080)={'syz'}, 0x0, 0x0, r0) request_key(&(0x7f00000002c0)='dns_resolver\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f00000003c0)='dns_resolver\x00', 0xfffffffffffffffe) add_key(&(0x7f0000000100)='dns_resolver\x00', &(0x7f0000000000)={'syz', 0x1}, &(0x7f0000000140)="dee7030022cf9e5e1dbac27b0426fc0299c40800000000000000c894f365ae68edf335abf35ec53d6751467ebd2c187491bcab2c8d34fec505fc8a14622dba33ff9b054eb7e8a5bc4ab2719cb230328931deb95ef3fcafb1ce27743a93f4715976ede8860ab49c3a4f51ab0124b50c3362201a307df03000", 0x78, r1) request_key(&(0x7f0000000040)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0) [ 56.577540][ T7320] ================================================================== [ 56.585682][ T7320] BUG: KCSAN: data-race in task_dump_owner / task_dump_owner [ 56.589252][ T7226] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.593043][ T7320] [ 56.601936][ T7320] write to 0xffff8881248bda8c of 4 bytes by task 7315 on cpu 1: [ 56.609567][ T7320] task_dump_owner+0x237/0x260 [ 56.614329][ T7320] pid_update_inode+0x3c/0x70 [ 56.619004][ T7320] pid_revalidate+0x91/0xd0 [ 56.623502][ T7320] lookup_fast+0x6f2/0x700 [ 56.627911][ T7320] walk_component+0x6d/0xe80 [ 56.632494][ T7320] link_path_walk.part.0+0x5d3/0xa90 [ 56.637776][ T7320] path_openat+0x14f/0x36e0 [ 56.639858][ T7233] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.642308][ T7320] do_filp_open+0x11e/0x1b0 [ 56.653968][ T7320] do_sys_open+0x3b3/0x4f0 [ 56.658420][ T7320] __x64_sys_open+0x55/0x70 [ 56.662918][ T7320] do_syscall_64+0xcc/0x370 [ 56.666230][ T7233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.667426][ T7320] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.680552][ T7320] [ 56.682879][ T7320] write to 0xffff8881248bda8c of 4 bytes by task 7320 on cpu 0: [ 56.685459][ T7265] chnl_net:caif_netlink_parms(): no params data found [ 56.690524][ T7320] task_dump_owner+0x237/0x260 [ 56.702063][ T7320] pid_update_inode+0x3c/0x70 [ 56.706739][ T7320] pid_revalidate+0x91/0xd0 [ 56.711244][ T7320] lookup_fast+0x6f2/0x700 [ 56.715661][ T7320] walk_component+0x6d/0xe80 [ 56.720249][ T7320] link_path_walk.part.0+0x5d3/0xa90 [ 56.725530][ T7320] path_openat+0x14f/0x36e0 [ 56.730021][ T7320] do_filp_open+0x11e/0x1b0 [ 56.734513][ T7320] do_sys_open+0x3b3/0x4f0 [ 56.738921][ T7320] __x64_sys_open+0x55/0x70 [ 56.743424][ T7320] do_syscall_64+0xcc/0x370 [ 56.747009][ T7230] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.747935][ T7320] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.760364][ T7320] [ 56.762683][ T7320] Reported by Kernel Concurrency Sanitizer on: [ 56.768831][ T7320] CPU: 0 PID: 7320 Comm: ps Not tainted 5.4.0-rc3+ #0 [ 56.775928][ T7320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.785986][ T7320] ================================================================== [ 56.794061][ T7320] Kernel panic - not syncing: panic_on_warn set ... [ 56.800645][ T7320] CPU: 0 PID: 7320 Comm: ps Not tainted 5.4.0-rc3+ #0 [ 56.805187][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.807396][ T7320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.807400][ T7320] Call Trace: [ 56.807423][ T7320] dump_stack+0xf5/0x159 [ 56.807440][ T7320] panic+0x210/0x640 [ 56.807467][ T7320] ? do_sys_open+0x3b3/0x4f0 [ 56.837521][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.841742][ T7320] ? vprintk_func+0x8d/0x140 [ 56.841762][ T7320] kcsan_report.cold+0xc/0x10 [ 56.841780][ T7320] __kcsan_setup_watchpoint+0x32e/0x4a0 [ 56.841794][ T7320] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 56.841819][ T7320] __tsan_write4+0x32/0x40 [ 56.874694][ T7320] task_dump_owner+0x237/0x260 [ 56.879459][ T7320] ? __rcu_read_unlock+0x66/0x3c0 [ 56.884481][ T7320] pid_update_inode+0x3c/0x70 [ 56.889149][ T7320] pid_revalidate+0x91/0xd0 [ 56.893650][ T7320] lookup_fast+0x6f2/0x700 [ 56.898161][ T7320] walk_component+0x6d/0xe80 [ 56.902754][ T7320] ? __tsan_read8+0x2c/0x30 [ 56.906100][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.907263][ T7320] ? security_inode_permission+0xa5/0xc0 [ 56.907296][ T7320] link_path_walk.part.0+0x5d3/0xa90 [ 56.914313][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.919926][ T7320] path_openat+0x14f/0x36e0 [ 56.919942][ T7320] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 56.920021][ T7320] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 56.948189][ T7320] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 56.953816][ T7320] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 56.959435][ T7320] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 56.965065][ T7320] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 56.970691][ T7320] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 56.976366][ T7320] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 56.981995][ T7320] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 56.987886][ T7320] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 56.993515][ T7320] do_filp_open+0x11e/0x1b0 [ 56.998027][ T7320] ? __alloc_fd+0x316/0x4c0 [ 57.002529][ T7320] do_sys_open+0x3b3/0x4f0 [ 57.006939][ T7320] __x64_sys_open+0x55/0x70 [ 57.010314][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.012331][ T7320] do_syscall_64+0xcc/0x370 [ 57.012354][ T7320] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.012377][ T7320] RIP: 0033:0x7f5665e78120 [ 57.035284][ T7320] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 57.054882][ T7320] RSP: 002b:00007fff14d12c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 57.063292][ T7320] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f5665e78120 [ 57.066791][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.071249][ T7320] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f5666346d00 [ 57.071259][ T7320] RBP: 0000000000001000 R08: 0000000000000000 R09: 00007f566614057b [ 57.071268][ T7320] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5666345d00 [ 57.071276][ T7320] R13: 0000000000000020 R14: 0000000000000005 R15: 0000000000000000 [ 57.080585][ T7320] Kernel Offset: disabled [ 57.116726][ T7320] Rebooting in 86400 seconds..