Warning: Permanently added '10.128.0.140' (ECDSA) to the list of known hosts. 2019/10/15 12:57:58 fuzzer started 2019/10/15 12:57:59 dialing manager at 10.128.0.105:38903 2019/10/15 12:57:59 syscalls: 2523 2019/10/15 12:57:59 code coverage: enabled 2019/10/15 12:57:59 comparison tracing: enabled 2019/10/15 12:57:59 extra coverage: extra coverage is not supported by the kernel 2019/10/15 12:57:59 setuid sandbox: enabled 2019/10/15 12:57:59 namespace sandbox: enabled 2019/10/15 12:57:59 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/15 12:57:59 fault injection: enabled 2019/10/15 12:57:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/15 12:57:59 net packet injection: enabled 2019/10/15 12:57:59 net device setup: enabled 2019/10/15 12:57:59 concurrency sanitizer: enabled 12:58:03 executing program 0: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_UNBIND(0xffffffffffffffff, 0x40106437, 0x0) setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0) getsockopt$inet_sctp_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, 0x0, &(0x7f0000001400)) perf_event_open(&(0x7f000001d000)={0x1, 0x223, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VT_RELDISP(0xffffffffffffffff, 0xb701) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) ioctl$VT_RELDISP(0xffffffffffffffff, 0xb701) socket(0x0, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) ioctl$VT_RELDISP(0xffffffffffffffff, 0xb701) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x4) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newqdisc={0x30, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="240000001100070500"/20, @ANYRES32=r4, @ANYBLOB='[`\x00'/12], 0x24}}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2000, &(0x7f00000068c0)) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, &(0x7f00000077c0)={0x0, 0x0, &(0x7f0000007780)={0x0}}, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x10, 0xffffffffffffffff, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200)) syzkaller login: [ 51.411418][ T7303] IPVS: ftp: loaded support on port[0] = 21 12:58:03 executing program 1: openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x0, 0x0) syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x2, 0x2) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000380)={&(0x7f0000000340)='./file0\x00'}, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000003, 0x5c831, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, 0xffffffffffffffff) setsockopt$inet6_mtu(r4, 0x29, 0x17, &(0x7f0000000200)=0x5, 0x4) ioctl$sock_inet6_udp_SIOCINQ(r4, 0x541b, &(0x7f0000000000)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f00001da000/0x18000)=nil, 0x0, 0xfffffe72, 0x0, 0x0, 0xa00000000000000) [ 51.502897][ T7303] chnl_net:caif_netlink_parms(): no params data found [ 51.565709][ T7303] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.584065][ T7303] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.600240][ T7303] device bridge_slave_0 entered promiscuous mode [ 51.620107][ T7303] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.627323][ T7303] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.650218][ T7303] device bridge_slave_1 entered promiscuous mode [ 51.681635][ T7303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 51.710880][ T7303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 51.757624][ T7306] IPVS: ftp: loaded support on port[0] = 21 [ 51.764839][ T7303] team0: Port device team_slave_0 added [ 51.781582][ T7303] team0: Port device team_slave_1 added 12:58:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x201000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000848aaf2f6eb2993a15a8ec45991c100e1817086f00eb35e70a1ad0d362b47b8c8ff683a2d82e0cf4df0b8c4cb48360dc0b8cb043599c9c4f504e0fa4e7a34d1f70f46ea1e1024632d140980dc29eeff367ec3e89f4a4c20de9609e37f2f84b0d398c27cbd8043c113a7b335e322c5ac0bd6cdc3bf3bfc863823d12b4a809c33b8639d7e3267c909fb647903296de60d3339ef0191106e0691a792ad9dfe644c6cc55acf4702e2149cf37744b7146dd4f70148779a55ac648323648c6fd0f39d07e3d5d936f0b95a5"], 0x48}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newqdisc={0x30, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, 'hhf\x00'}, {0x4}}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000009200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newqdisc={0x58, 0x24, 0x507, 0x0, 0x0, {0x0, r4, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8, 0x1, 'sfb\x00'}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28}}}]}, 0x58}}, 0x0) [ 51.872643][ T7303] device hsr_slave_0 entered promiscuous mode [ 51.920305][ T7303] device hsr_slave_1 entered promiscuous mode [ 51.977181][ T7303] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.984325][ T7303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.991879][ T7303] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.998932][ T7303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.149994][ T7303] 8021q: adding VLAN 0 to HW filter on device bond0 12:58:04 executing program 3: accept4$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000300)=0x1c, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8937, 0x0) rmdir(&(0x7f0000000140)='./bus\x00') r4 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x13000000, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) perf_event_open(0x0, 0x0, 0x2, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x4326060000000000, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x801, 0x0) r5 = dup(0xffffffffffffffff) flock(0xffffffffffffffff, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) syz_emit_ethernet(0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60d8652b00142100fe800000397d000000000d81560000aafe80000000000000000000aa00000000ea00", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="500000019078"], 0x0) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, &(0x7f00000001c0)={0xa927, 0x2d, 0x0, 0xffffffffffffff9c}) [ 52.226255][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.226462][ T7308] IPVS: ftp: loaded support on port[0] = 21 [ 52.241342][ T44] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.264001][ T7308] ================================================================== [ 52.272268][ T7308] BUG: KCSAN: data-race in __zone_watermark_ok / get_page_from_freelist [ 52.280580][ T7308] [ 52.283004][ T7308] write to 0xffff88812fffcef0 of 8 bytes by task 7285 on cpu 1: [ 52.290731][ T7308] get_page_from_freelist+0x1217/0x2300 [ 52.296364][ T7308] __alloc_pages_nodemask+0x255/0x4d0 [ 52.301732][ T7308] alloc_pages_current+0xd1/0x170 [ 52.306758][ T7308] __page_cache_alloc+0x183/0x1a0 [ 52.311774][ T7308] __do_page_cache_readahead+0x13e/0x390 [ 52.317401][ T7308] ondemand_readahead+0x35d/0x710 [ 52.322419][ T7308] page_cache_async_readahead+0x22c/0x250 [ 52.328135][ T7308] generic_file_read_iter+0xffc/0x1440 [ 52.335512][ T7308] ext4_file_read_iter+0xfa/0x240 [ 52.340537][ T7308] new_sync_read+0x389/0x4f0 [ 52.345120][ T7308] __vfs_read+0xb1/0xc0 [ 52.349274][ T7308] integrity_kernel_read+0xa1/0xe0 [ 52.354380][ T7308] ima_calc_file_hash_tfm+0x1b5/0x260 [ 52.359752][ T7308] ima_calc_file_hash+0x158/0xf10 [ 52.364771][ T7308] [ 52.367254][ T7308] read to 0xffff88812fffcef0 of 8 bytes by task 7308 on cpu 0: [ 52.374806][ T7308] __zone_watermark_ok+0x106/0x240 [ 52.379920][ T7308] get_page_from_freelist+0x629/0x2300 [ 52.385558][ T7308] __alloc_pages_nodemask+0x255/0x4d0 [ 52.390977][ T7308] cache_grow_begin+0x76/0x670 [ 52.395743][ T7308] __kmalloc+0x59c/0x690 [ 52.399993][ T7308] ops_init+0xf0/0x240 [ 52.404069][ T7308] setup_net+0x194/0x4b0 [ 52.408393][ T7308] copy_net_ns+0x1dc/0x336 [ 52.412807][ T7308] create_new_namespaces+0x2e2/0x4b0 [ 52.418091][ T7308] unshare_nsproxy_namespaces+0xb9/0x170 [ 52.423718][ T7308] ksys_unshare+0x2dc/0x710 [ 52.428226][ T7308] __x64_sys_unshare+0x28/0x40 [ 52.432993][ T7308] do_syscall_64+0xcf/0x2f0 [ 52.437565][ T7308] [ 52.439876][ T7308] Reported by Kernel Concurrency Sanitizer on: [ 52.446114][ T7308] CPU: 0 PID: 7308 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 52.453576][ T7308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.463710][ T7308] ================================================================== [ 52.471767][ T7308] Kernel panic - not syncing: panic_on_warn set ... [ 52.478353][ T7308] CPU: 0 PID: 7308 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 52.485797][ T7308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.495851][ T7308] Call Trace: [ 52.499149][ T7308] dump_stack+0xf5/0x159 [ 52.503393][ T7308] panic+0x209/0x639 [ 52.507289][ T7308] ? create_new_namespaces+0x2e2/0x4b0 [ 52.512743][ T7308] ? vprintk_func+0x8d/0x140 [ 52.517333][ T7308] kcsan_report.cold+0xc/0x1b [ 52.522014][ T7308] __kcsan_setup_watchpoint+0x3ee/0x510 [ 52.527652][ T7308] __tsan_read8+0x2c/0x30 [ 52.532007][ T7308] __zone_watermark_ok+0x106/0x240 [ 52.537141][ T7308] get_page_from_freelist+0x629/0x2300 [ 52.542606][ T7308] ? __kcsan_setup_watchpoint+0x96/0x510 [ 52.548237][ T7308] ? __kcsan_setup_watchpoint+0x96/0x510 [ 52.553895][ T7308] ? __kcsan_setup_watchpoint+0x96/0x510 [ 52.559671][ T7308] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 52.565916][ T7308] ? __tsan_read8+0x2c/0x30 [ 52.570424][ T7308] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 52.576697][ T7308] ? __kcsan_setup_watchpoint+0x96/0x510 [ 52.582597][ T7308] __alloc_pages_nodemask+0x255/0x4d0 [ 52.587973][ T7308] ? __kcsan_setup_watchpoint+0x96/0x510 [ 52.593615][ T7308] cache_grow_begin+0x76/0x670 [ 52.598377][ T7308] ? __tsan_read8+0x2c/0x30 [ 52.602905][ T7308] __kmalloc+0x59c/0x690 [ 52.607150][ T7308] ? init_gssp_clnt+0x4c/0x50 [ 52.611933][ T7308] ? __kcsan_setup_watchpoint+0x96/0x510 [ 52.617572][ T7308] ? ops_init+0xf0/0x240 [ 52.621939][ T7308] ops_init+0xf0/0x240 [ 52.626008][ T7308] setup_net+0x194/0x4b0 [ 52.630252][ T7308] copy_net_ns+0x1dc/0x336 [ 52.634671][ T7308] create_new_namespaces+0x2e2/0x4b0 [ 52.639964][ T7308] unshare_nsproxy_namespaces+0xb9/0x170 [ 52.645686][ T7308] ksys_unshare+0x2dc/0x710 [ 52.650184][ T7308] ? __tsan_read8+0x2c/0x30 [ 52.654692][ T7308] __x64_sys_unshare+0x28/0x40 [ 52.659453][ T7308] do_syscall_64+0xcf/0x2f0 [ 52.663955][ T7308] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 52.669838][ T7308] RIP: 0033:0x45c527 [ 52.674571][ T7308] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 52.694266][ T7308] RSP: 002b:00007ffd911893a8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 52.702687][ T7308] RAX: ffffffffffffffda RBX: 000000000075ca28 RCX: 000000000045c527 [ 52.710660][ T7308] RDX: 0000000000000000 RSI: 00007ffd91189350 RDI: 0000000040000000 [ 52.718635][ T7308] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005 [ 52.726599][ T7308] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000075ca28 [ 52.734567][ T7308] R13: 00007ffd91189618 R14: 0000000000000000 R15: 0000000000000000 [ 52.744652][ T7308] Kernel Offset: disabled [ 52.749197][ T7308] Rebooting in 86400 seconds..