Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts. 2019/12/03 20:01:48 fuzzer started 2019/12/03 20:01:50 dialing manager at 10.128.0.105:44523 2019/12/03 20:01:50 syscalls: 2684 2019/12/03 20:01:50 code coverage: enabled 2019/12/03 20:01:50 comparison tracing: enabled 2019/12/03 20:01:50 extra coverage: extra coverage is not supported by the kernel 2019/12/03 20:01:50 setuid sandbox: enabled 2019/12/03 20:01:50 namespace sandbox: enabled 2019/12/03 20:01:50 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/03 20:01:50 fault injection: enabled 2019/12/03 20:01:50 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/03 20:01:50 net packet injection: enabled 2019/12/03 20:01:50 net device setup: enabled 2019/12/03 20:01:50 concurrency sanitizer: enabled 2019/12/03 20:01:50 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 58.120203][ T7552] KCSAN: could not find function: 'poll_schedule_timeout' 2019/12/03 20:01:55 adding functions to KCSAN blacklist: 'tick_nohz_idle_stop_tick' 'blk_mq_dispatch_rq_list' 'vm_area_dup' 'tomoyo_check_path_acl' 'ext4_has_free_clusters' 'ext4_free_inodes_count' 'ext4_mb_find_by_goal' 'dd_has_work' 'do_nanosleep' 'dccp_fin' 'tomoyo_supervisor' 'pipe_poll' 'generic_write_end' 'find_next_bit' 'ext4_nonda_switch' 'wbt_done' 'blk_mq_get_request' 'taskstats_exit' 'mod_timer' 'tick_sched_do_timer' '__ext4_new_inode' 'poll_schedule_timeout' 'futex_wait_queue_me' 'rcu_gp_fqs_check_wake' 'd_delete' '__hrtimer_run_queues' 'xas_clear_mark' 'blk_mq_sched_dispatch_requests' 'generic_fillattr' 'tcp_add_backlog' 'ep_poll' 'tick_do_update_jiffies64' 'add_timer' 'run_timer_softirq' 20:02:24 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet_int(r1, 0x0, 0x32, &(0x7f0000000040), 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = fcntl$dupfd(r2, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) fcntl$setstatus(r0, 0x4, 0x80000000002c00) 20:02:24 executing program 1: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x80000000) sched_setattr(0x0, &(0x7f0000000040)={0x30}, 0x0) [ 88.218339][ T7556] IPVS: ftp: loaded support on port[0] = 21 [ 88.318638][ T7556] chnl_net:caif_netlink_parms(): no params data found [ 88.374445][ T7556] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.381526][ T7556] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.403571][ T7556] device bridge_slave_0 entered promiscuous mode [ 88.410890][ T7556] bridge0: port 2(bridge_slave_1) entered blocking state 20:02:24 executing program 2: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket$inet(0x2, 0x4000000805, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = dup3(r1, r2, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r3, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r2, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x70, &(0x7f000059aff8)={r4}, &(0x7f000034f000)=0x2059b000) [ 88.428882][ T7556] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.437120][ T7556] device bridge_slave_1 entered promiscuous mode [ 88.449319][ T7559] IPVS: ftp: loaded support on port[0] = 21 [ 88.470543][ T7556] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.490365][ T7556] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.522743][ T7556] team0: Port device team_slave_0 added [ 88.535353][ T7556] team0: Port device team_slave_1 added [ 88.595170][ T7556] device hsr_slave_0 entered promiscuous mode [ 88.633704][ T7556] device hsr_slave_1 entered promiscuous mode [ 88.696801][ T7561] IPVS: ftp: loaded support on port[0] = 21 20:02:24 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0xf28c0f1d4773c7cd, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) writev(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sched_setscheduler(0x0, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r0 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000140)='user\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000900)="585ccbc4ed83b836c1a6474914dc5500b66147b3c7218a91690000000042e3d35228897501f93191b076ac446ff0022b8753a1fa74ff569f435fb3bae96efb74b50ec93c2db8eae3198a29e5c0cfc60000ce0637cef580b4ec24c53d86571ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff33c1e8e036e5031949762d009d308bd73f477252d0000000000004000000000000000000000000000000000195e23", 0x395, r0) r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000100)='\x00', 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r2, r1, r2}, &(0x7f0000000700)=""/243, 0x356, &(0x7f0000000040)={&(0x7f0000000580)={'poly1305-simd\x00\x00\x00\x00\x00\x00\x03@\x00\x00\x00\x00\x02\x00\x00\x00\x0f\x00@\x00\x00\x01\x00'}, &(0x7f0000000180)}) socket$packet(0x11, 0x0, 0x300) [ 88.784240][ T7559] chnl_net:caif_netlink_parms(): no params data found [ 88.820333][ T7556] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.827440][ T7556] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.834730][ T7556] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.841769][ T7556] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.021144][ T7559] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.043226][ T7559] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.050992][ T7559] device bridge_slave_0 entered promiscuous mode [ 89.126354][ T7559] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.143077][ T7559] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.150880][ T7559] device bridge_slave_1 entered promiscuous mode [ 89.166579][ T7581] ================================================================== [ 89.174698][ T7581] BUG: KCSAN: data-race in common_perm_cond / pid_update_inode [ 89.182225][ T7581] [ 89.184587][ T7581] read to 0xffff8881250f8048 of 2 bytes by task 7587 on cpu 0: [ 89.192134][ T7581] common_perm_cond+0x74/0x110 [ 89.196898][ T7581] apparmor_inode_getattr+0x2b/0x40 [ 89.202092][ T7581] security_inode_getattr+0x9b/0xd0 [ 89.207293][ T7581] vfs_getattr+0x2e/0x70 [ 89.211535][ T7581] vfs_statx+0x102/0x190 [ 89.215784][ T7581] __do_sys_newstat+0x51/0xb0 [ 89.220456][ T7581] __x64_sys_newstat+0x3a/0x50 [ 89.225214][ T7581] do_syscall_64+0xcc/0x370 [ 89.229714][ T7581] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 89.235588][ T7581] [ 89.237911][ T7581] write to 0xffff8881250f8048 of 2 bytes by task 7581 on cpu 1: [ 89.245531][ T7581] pid_update_inode+0x51/0x70 [ 89.250204][ T7581] pid_revalidate+0x91/0xd0 [ 89.254699][ T7581] lookup_fast+0x6f2/0x700 [ 89.259107][ T7581] walk_component+0x6d/0xe70 [ 89.263690][ T7581] path_lookupat.isra.0+0x13a/0x5a0 [ 89.268881][ T7581] filename_lookup+0x145/0x2b0 [ 89.273638][ T7581] user_path_at_empty+0x4c/0x70 [ 89.278487][ T7581] vfs_statx+0xd9/0x190 [ 89.282723][ T7581] __do_sys_newstat+0x51/0xb0 [ 89.287395][ T7581] __x64_sys_newstat+0x3a/0x50 [ 89.292157][ T7581] do_syscall_64+0xcc/0x370 [ 89.296658][ T7581] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 89.302533][ T7581] [ 89.304850][ T7581] Reported by Kernel Concurrency Sanitizer on: [ 89.310992][ T7581] CPU: 1 PID: 7581 Comm: ps Not tainted 5.4.0-syzkaller #0 [ 89.318174][ T7581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.328219][ T7581] ================================================================== [ 89.336270][ T7581] Kernel panic - not syncing: panic_on_warn set ... [ 89.342852][ T7581] CPU: 1 PID: 7581 Comm: ps Not tainted 5.4.0-syzkaller #0 [ 89.350032][ T7581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.360077][ T7581] Call Trace: [ 89.363368][ T7581] dump_stack+0x11d/0x181 [ 89.367694][ T7581] panic+0x210/0x640 [ 89.371591][ T7581] ? do_one_initcall+0x57/0x3e8 [ 89.376443][ T7581] ? vprintk_func+0x8d/0x140 [ 89.381036][ T7581] kcsan_report.cold+0xc/0xd [ 89.385631][ T7581] kcsan_setup_watchpoint+0x3fe/0x460 [ 89.391005][ T7581] __tsan_unaligned_write2+0xc4/0x100 [ 89.396375][ T7581] pid_update_inode+0x51/0x70 [ 89.401049][ T7581] pid_revalidate+0x91/0xd0 [ 89.405553][ T7581] lookup_fast+0x6f2/0x700 [ 89.409981][ T7581] walk_component+0x6d/0xe70 [ 89.414573][ T7581] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 89.420821][ T7581] ? link_path_walk.part.0+0x77f/0xa90 [ 89.426282][ T7581] path_lookupat.isra.0+0x13a/0x5a0 [ 89.431481][ T7581] ? __read_once_size.constprop.0+0x12/0x20 [ 89.437368][ T7581] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 89.443616][ T7581] filename_lookup+0x145/0x2b0 [ 89.448385][ T7581] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 89.454617][ T7581] ? strncpy_from_user+0x219/0x2b0 [ 89.459739][ T7581] user_path_at_empty+0x4c/0x70 [ 89.464600][ T7581] vfs_statx+0xd9/0x190 [ 89.468754][ T7581] __do_sys_newstat+0x51/0xb0 [ 89.473428][ T7581] ? _raw_spin_unlock_irq+0x68/0x80 [ 89.478623][ T7581] ? mem_cgroup_handle_over_high+0x50/0x180 [ 89.484513][ T7581] ? __read_once_size.constprop.0+0x12/0x20 [ 89.490404][ T7581] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 89.496641][ T7581] ? debug_smp_processor_id+0x4c/0x172 [ 89.502101][ T7581] __x64_sys_newstat+0x3a/0x50 [ 89.506868][ T7581] do_syscall_64+0xcc/0x370 [ 89.511372][ T7581] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 89.517257][ T7581] RIP: 0033:0x7f44a7668c65 [ 89.521670][ T7581] Code: 00 00 00 e8 5d 01 00 00 48 83 c4 18 c3 90 90 90 90 90 90 90 90 83 ff 01 48 89 f0 77 18 48 89 c7 48 89 d6 b8 04 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 17 f3 c3 90 48 8b 05 a1 51 2b 00 64 c7 00 16 [ 89.541269][ T7581] RSP: 002b:00007ffe71ba6d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 89.549676][ T7581] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f44a7668c65 [ 89.557640][ T7581] RDX: 00007f44a7b36c60 RSI: 00007f44a7b36c60 RDI: 000000000140c220 [ 89.565602][ T7581] RBP: 0000000000020062 R08: 00007f44a791e5a0 R09: 0000000000000000 [ 89.573589][ T7581] R10: 1999999999999999 R11: 0000000000000246 R12: 000000000140c220 [ 89.581553][ T7581] R13: 000000000140c1c0 R14: 0000000000000005 R15: 0000000000000000 [ 89.590831][ T7581] Kernel Offset: disabled [ 89.595150][ T7581] Rebooting in 86400 seconds..