Warning: Permanently added '10.128.0.141' (ECDSA) to the list of known hosts. 2019/12/04 00:30:47 fuzzer started 2019/12/04 00:30:49 dialing manager at 10.128.0.26:42111 2019/12/04 00:30:49 syscalls: 2689 2019/12/04 00:30:49 code coverage: enabled 2019/12/04 00:30:49 comparison tracing: enabled 2019/12/04 00:30:49 extra coverage: extra coverage is not supported by the kernel 2019/12/04 00:30:49 setuid sandbox: enabled 2019/12/04 00:30:49 namespace sandbox: enabled 2019/12/04 00:30:49 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/04 00:30:49 fault injection: enabled 2019/12/04 00:30:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/04 00:30:49 net packet injection: enabled 2019/12/04 00:30:49 net device setup: enabled 2019/12/04 00:30:49 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/04 00:30:49 devlink PCI setup: PCI device 0000:00:10.0 is not available 00:30:50 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000dec000)={0x6, 0x4, 0x338d, 0x7, 0x0, 0xffffffffffffff9c}, 0x24) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000c88000)={r0, &(0x7f0000847f95), &(0x7f000089b000)}, 0x20) 00:30:50 executing program 1: timer_create(0x8, 0x0, &(0x7f0000000280)) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f0000000480)={{}, {r0, r1+30000000}}, 0x0) syzkaller login: [ 57.000501][ T8342] IPVS: ftp: loaded support on port[0] = 21 00:30:51 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r1, 0x1000008912, &(0x7f0000000040)="08a241055e0bcfe87b0071") setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0xf764}, 0x10) write(r0, &(0x7f0000000200)="200000001a00010000000066835f7f081c000058650000000000000004000700", 0x20) [ 57.151276][ T8342] chnl_net:caif_netlink_parms(): no params data found [ 57.186110][ T8344] IPVS: ftp: loaded support on port[0] = 21 [ 57.293388][ T8342] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.300476][ T8342] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.313831][ T8342] device bridge_slave_0 entered promiscuous mode [ 57.323872][ T8342] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.330937][ T8342] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.339758][ T8342] device bridge_slave_1 entered promiscuous mode [ 57.357345][ T8347] IPVS: ftp: loaded support on port[0] = 21 [ 57.389055][ T8342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.406436][ T8342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 00:30:51 executing program 3: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) close(r0) [ 57.466042][ T8342] team0: Port device team_slave_0 added [ 57.483348][ T8342] team0: Port device team_slave_1 added [ 57.491553][ T8344] chnl_net:caif_netlink_parms(): no params data found 00:30:51 executing program 4: r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000040)='ppp1^posix_acl_accesstrusted${[\x00', &(0x7f0000000080)="e7", 0x1) [ 57.694430][ T8342] device hsr_slave_0 entered promiscuous mode [ 57.782891][ T8342] device hsr_slave_1 entered promiscuous mode 00:30:51 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') getdents64(r0, &(0x7f00000002c0)=""/178, 0xb2) getdents64(r0, &(0x7f0000000200)=""/156, 0x9c) [ 57.946281][ T8351] IPVS: ftp: loaded support on port[0] = 21 [ 57.962657][ T8347] chnl_net:caif_netlink_parms(): no params data found [ 57.994934][ T8344] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.003639][ T8344] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.012507][ T8344] device bridge_slave_0 entered promiscuous mode [ 58.028959][ T8353] IPVS: ftp: loaded support on port[0] = 21 [ 58.071560][ T8344] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.079304][ T8344] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.088123][ T8344] device bridge_slave_1 entered promiscuous mode [ 58.105900][ T8342] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 58.173409][ T8347] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.180514][ T8347] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.190380][ T8347] device bridge_slave_0 entered promiscuous mode [ 58.200871][ T8347] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.208314][ T8347] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.216047][ T8347] device bridge_slave_1 entered promiscuous mode [ 58.240521][ T8342] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 58.241917][ T8355] IPVS: ftp: loaded support on port[0] = 21 [ 58.325355][ T8344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.339690][ T8344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.359492][ T8342] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 58.426182][ T8342] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 58.474266][ T8347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.488312][ T8347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.499573][ T8344] team0: Port device team_slave_0 added [ 58.508050][ T8344] team0: Port device team_slave_1 added [ 58.539826][ T8347] team0: Port device team_slave_0 added [ 58.604707][ T8344] device hsr_slave_0 entered promiscuous mode [ 58.642339][ T8344] device hsr_slave_1 entered promiscuous mode [ 58.681929][ T8344] debugfs: Directory 'hsr0' with parent '/' already present! [ 58.699728][ T8347] team0: Port device team_slave_1 added [ 58.766158][ T8351] chnl_net:caif_netlink_parms(): no params data found [ 58.844458][ T8347] device hsr_slave_0 entered promiscuous mode [ 58.912009][ T8347] device hsr_slave_1 entered promiscuous mode [ 58.981961][ T8347] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.063064][ T8351] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.070266][ T8351] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.078936][ T8351] device bridge_slave_0 entered promiscuous mode [ 59.087250][ T8351] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.094684][ T8351] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.102763][ T8351] device bridge_slave_1 entered promiscuous mode [ 59.120705][ T8344] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 59.163736][ T8344] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 59.205113][ T8344] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 59.258084][ T8344] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 59.326970][ T8351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.339667][ T8347] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 59.417247][ T8353] chnl_net:caif_netlink_parms(): no params data found [ 59.426698][ T8351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.440429][ T8347] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 59.483332][ T8347] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 59.573410][ T8355] chnl_net:caif_netlink_parms(): no params data found [ 59.593840][ T8347] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 59.648216][ T8342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.666879][ T8351] team0: Port device team_slave_0 added [ 59.674516][ T8351] team0: Port device team_slave_1 added [ 59.725084][ T8353] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.732897][ T8353] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.740487][ T8353] device bridge_slave_0 entered promiscuous mode [ 59.748964][ T8353] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.756138][ T8353] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.763949][ T8353] device bridge_slave_1 entered promiscuous mode [ 59.771315][ T8355] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.781117][ T8355] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.789207][ T8355] device bridge_slave_0 entered promiscuous mode [ 59.801388][ T8342] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.828158][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.836866][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.845989][ T8355] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.853174][ T8355] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.861405][ T8355] device bridge_slave_1 entered promiscuous mode [ 59.903844][ T8351] device hsr_slave_0 entered promiscuous mode [ 59.962213][ T8351] device hsr_slave_1 entered promiscuous mode [ 60.001823][ T8351] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.012076][ T8353] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.029072][ T8353] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.068083][ T2724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.077470][ T2724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.086493][ T2724] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.093922][ T2724] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.102315][ T2724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.110796][ T2724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.119186][ T2724] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.126283][ T2724] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.134379][ T2724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.143622][ T8355] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.159549][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.171264][ T8353] team0: Port device team_slave_0 added [ 60.180092][ T8353] team0: Port device team_slave_1 added [ 60.210549][ T8355] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.239934][ T2724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.250707][ T2724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.262687][ T2724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.270975][ T2724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.279837][ T2724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.288486][ T2724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.297168][ T2724] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.305776][ T2724] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.331427][ T8355] team0: Port device team_slave_0 added [ 60.338429][ T8351] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 60.433441][ T8353] device hsr_slave_0 entered promiscuous mode [ 60.472021][ T8353] device hsr_slave_1 entered promiscuous mode [ 60.522033][ T8353] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.536664][ T8342] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.548843][ T8342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.562699][ T8355] team0: Port device team_slave_1 added [ 60.568930][ T8351] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 60.605875][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 60.614816][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.629991][ T8347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.646459][ T8351] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 60.696266][ T8351] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 60.784979][ T8355] device hsr_slave_0 entered promiscuous mode [ 60.832164][ T8355] device hsr_slave_1 entered promiscuous mode [ 60.871879][ T8355] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.898984][ T8342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.910614][ T2724] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 60.918765][ T2724] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 60.942486][ T8344] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.950193][ T8353] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 61.030770][ T8347] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.059395][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.067720][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.083621][ T8353] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 61.125446][ T8353] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 61.190727][ T8353] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 61.246558][ T8355] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 61.293910][ T8355] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 166.281643][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 166.288457][ C1] rcu: 1-...!: (10499 ticks this GP) idle=eda/1/0x4000000000000002 softirq=11544/11544 fqs=41 [ 166.299045][ C1] (t=10501 jiffies g=6445 q=43) [ 166.303980][ C1] rcu: rcu_preempt kthread starved for 10420 jiffies! g6445 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 166.315063][ C1] rcu: RCU grace-period kthread stack dump: [ 166.320942][ C1] rcu_preempt R running task 29048 10 2 0x80004000 [ 166.328834][ C1] Call Trace: [ 166.332122][ C1] __schedule+0x9a0/0xcc0 [ 166.336451][ C1] schedule+0x181/0x210 [ 166.340597][ C1] schedule_timeout+0x14f/0x240 [ 166.345439][ C1] ? run_local_timers+0x120/0x120 [ 166.350454][ C1] rcu_gp_kthread+0xed8/0x1770 [ 166.355220][ C1] kthread+0x332/0x350 [ 166.359278][ C1] ? rcu_report_qs_rsp+0x140/0x140 [ 166.364382][ C1] ? kthread_blkcg+0xe0/0xe0 [ 166.368963][ C1] ret_from_fork+0x24/0x30 [ 166.373388][ C1] NMI backtrace for cpu 1 [ 166.377725][ C1] CPU: 1 PID: 8313 Comm: udevd Not tainted 5.4.0-syzkaller #0 [ 166.385165][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 166.395208][ C1] Call Trace: [ 166.401473][ C1] [ 166.404334][ C1] dump_stack+0x1fb/0x318 [ 166.408676][ C1] nmi_cpu_backtrace+0xaf/0x1a0 [ 166.413552][ C1] ? nmi_trigger_cpumask_backtrace+0x16d/0x290 [ 166.419716][ C1] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 166.425774][ C1] nmi_trigger_cpumask_backtrace+0x174/0x290 [ 166.431745][ C1] arch_trigger_cpumask_backtrace+0x10/0x20 [ 166.437628][ C1] rcu_dump_cpu_stacks+0x15a/0x220 [ 166.442739][ C1] rcu_sched_clock_irq+0xe25/0x1ad0 [ 166.447930][ C1] ? trace_hardirqs_off+0x74/0x80 [ 166.452946][ C1] update_process_times+0x12d/0x180 [ 166.458137][ C1] tick_sched_timer+0x263/0x420 [ 166.463083][ C1] ? tick_setup_sched_timer+0x3d0/0x3d0 [ 166.468618][ C1] __hrtimer_run_queues+0x403/0x840 [ 166.473820][ C1] hrtimer_interrupt+0x38c/0xda0 [ 166.478764][ C1] ? debug_smp_processor_id+0x9/0x20 [ 166.484041][ C1] smp_apic_timer_interrupt+0x109/0x280 [ 166.489615][ C1] apic_timer_interrupt+0xf/0x20 [ 166.494540][ C1] [ 166.497471][ C1] RIP: 0010:__memcg_kmem_uncharge+0xd/0x2e0 [ 166.503352][ C1] Code: 81 c3 08 02 00 00 48 89 df 4c 89 f6 e8 dc 7d ff ff 5b 41 5e 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 <50> 89 f3 49 89 fc 48 b8 00 00 00 00 00 fc ff df 4c 8d 77 38 4d 89 [ 166.522943][ C1] RSP: 0018:ffffc90001e07ad8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 166.531554][ C1] RAX: ffffffff81486ea4 RBX: ffffea0001b0f1c0 RCX: ffff8880895c2180 [ 166.539556][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea0001b0f1c0 [ 166.547519][ C1] RBP: ffffc90001e07b00 R08: dffffc0000000000 R09: fffffbfff120248a [ 166.555480][ C1] R10: fffffbfff120248a R11: 0000000000000000 R12: ffff88806c3c4d20 [ 166.563441][ C1] R13: dffffc0000000000 R14: 1ffff1100d8789a4 R15: ffff88809a76ba28 [ 166.571419][ C1] ? free_thread_stack+0x124/0x590 [ 166.576530][ C1] ? free_thread_stack+0x124/0x590 [ 166.581638][ C1] free_thread_stack+0x12e/0x590 [ 166.586562][ C1] put_task_stack+0xa3/0x130 [ 166.591138][ C1] finish_task_switch+0x3f1/0x550 [ 166.596157][ C1] __schedule+0x9a8/0xcc0 [ 166.600487][ C1] schedule+0x181/0x210 [ 166.604631][ C1] schedule_hrtimeout_range_clock+0x3c7/0x510 [ 166.610693][ C1] ? trace_hrtimer_expire_exit+0x2d0/0x2d0 [ 166.616492][ C1] schedule_hrtimeout_range+0x2a/0x40 [ 166.621857][ C1] ep_poll+0xa4d/0xe80 [ 166.625927][ C1] ? do_task_dead+0xc0/0xc0 [ 166.630423][ C1] ? __kasan_check_read+0x11/0x20 [ 166.635443][ C1] do_epoll_wait+0x1ee/0x260 [ 166.640029][ C1] __x64_sys_epoll_wait+0x9a/0xb0 [ 166.645066][ C1] do_syscall_64+0xf7/0x1c0 [ 166.649561][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 166.655441][ C1] RIP: 0033:0x7fc24ef6a943 [ 166.659847][ C1] Code: 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 83 3d b5 dc 2a 00 00 75 13 49 89 ca b8 e8 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 3b c4 00 00 48 89 04 24 [ 166.679444][ C1] RSP: 002b:00007ffea6a134d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8 [ 166.687852][ C1] RAX: ffffffffffffffda RBX: 0000000000e3c250 RCX: 00007fc24ef6a943 [ 166.695834][ C1] RDX: 0000000000000004 RSI: 00007ffea6a135a0 RDI: 0000000000000007 [ 166.703842][ C1] RBP: 0000000000625500 R08: 00007ffea6a134c0 R09: 00007ffea6a800b8 [ 166.711817][ C1] R10: 000000000000ee42 R11: 0000000000000246 R12: 0000000000e3d180 [ 166.719777][ C1] R13: 00007ffea6a145f7 R14: 0000000000000005 R15: 0000000000e3c250