Warning: Permanently added '10.128.0.190' (ECDSA) to the list of known hosts. 2019/10/09 22:29:12 fuzzer started 2019/10/09 22:29:14 dialing manager at 10.128.0.105:43471 2019/10/09 22:29:14 syscalls: 2523 2019/10/09 22:29:14 code coverage: enabled 2019/10/09 22:29:14 comparison tracing: enabled 2019/10/09 22:29:14 extra coverage: extra coverage is not supported by the kernel 2019/10/09 22:29:14 setuid sandbox: enabled 2019/10/09 22:29:14 namespace sandbox: enabled 2019/10/09 22:29:14 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/09 22:29:14 fault injection: enabled 2019/10/09 22:29:14 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/09 22:29:14 net packet injection: enabled 2019/10/09 22:29:14 net device setup: enabled 2019/10/09 22:29:14 concurrency sanitizer: enabled 22:29:17 executing program 0: r0 = socket$kcm(0x2, 0x2, 0x73) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000100)) syzkaller login: [ 53.431232][ T7379] IPVS: ftp: loaded support on port[0] = 21 22:29:18 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x2, 0x0) gettid() ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) ioctl$TUNSETOWNER(r1, 0x400454cc, r2) creat(0x0, 0x0) r3 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r3, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmsg(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f00000013c0)=""/4096, 0x400c}], 0x1, 0x0, 0x32a}, 0x0) [ 53.535107][ T7379] chnl_net:caif_netlink_parms(): no params data found [ 53.631688][ T7379] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.654533][ T7379] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.662549][ T7379] device bridge_slave_0 entered promiscuous mode [ 53.676258][ T7379] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.683470][ T7379] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.704042][ T7379] device bridge_slave_1 entered promiscuous mode [ 53.727615][ T7379] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.740875][ T7379] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.766242][ T7379] team0: Port device team_slave_0 added [ 53.773476][ T7379] team0: Port device team_slave_1 added [ 53.778753][ T7382] IPVS: ftp: loaded support on port[0] = 21 22:29:18 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="340000002800070500"/20, @ANYRES32=r3, @ANYBLOB="0000ffff0200ffff000000000c000100677265640000000004000200"], 0x34}}, 0x0) r4 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r4, &(0x7f0000000180)=[{0x3, 0x1000000000000, &(0x7f0000000080), 0x0, &(0x7f0000000100)}], 0x492492492492642, 0x0) [ 53.847774][ T7379] device hsr_slave_0 entered promiscuous mode [ 53.884830][ T7379] device hsr_slave_1 entered promiscuous mode [ 54.009592][ T7379] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.016734][ T7379] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.024938][ T7379] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.032021][ T7379] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.132111][ T7379] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.147536][ T7382] chnl_net:caif_netlink_parms(): no params data found [ 54.167020][ T7379] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.185631][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.195122][ T3017] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.215530][ T3017] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.225939][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready 22:29:18 executing program 3: socket$inet6(0xa, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) write(r0, &(0x7f00000000c0)="1c0000001a009b8a14e5f40700090400ff00000000000005000a0000", 0x1c) ptrace(0xffffffffffffffff, 0x0) [ 54.269562][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.282413][ T7385] IPVS: ftp: loaded support on port[0] = 21 [ 54.291469][ T3017] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.298663][ T3017] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.337703][ T3017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.358609][ T3017] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.365747][ T3017] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.415958][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.436288][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.447793][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.473176][ T7379] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.487686][ T7379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.499495][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.511162][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.551317][ T7382] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.558543][ T7382] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.568588][ T7382] device bridge_slave_0 entered promiscuous mode [ 54.580592][ T7379] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.596731][ T7382] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.604018][ T7382] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.627106][ T7382] device bridge_slave_1 entered promiscuous mode [ 54.690479][ T7382] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.716248][ T7382] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.741252][ T7392] IPVS: ftp: loaded support on port[0] = 21 [ 54.772813][ T7382] team0: Port device team_slave_0 added 22:29:19 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0x8, 0x1ff}) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0x8, 0x20}) [ 54.854691][ T7382] team0: Port device team_slave_1 added [ 54.896325][ T7385] chnl_net:caif_netlink_parms(): no params data found 22:29:19 executing program 0: r0 = socket$kcm(0x2, 0x2, 0x73) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000100)) [ 54.987751][ T7382] device hsr_slave_0 entered promiscuous mode [ 55.045848][ T7382] device hsr_slave_1 entered promiscuous mode 22:29:19 executing program 0: r0 = socket$kcm(0x2, 0x2, 0x73) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000100)) [ 55.084543][ T7382] debugfs: Directory 'hsr0' with parent '/' already present! [ 55.205405][ T7385] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.212880][ T7385] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.248840][ T7385] device bridge_slave_0 entered promiscuous mode [ 55.272909][ T7382] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.283734][ T7385] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.291699][ T7385] bridge0: port 2(bridge_slave_1) entered disabled state 22:29:19 executing program 0: r0 = socket$kcm(0x2, 0x2, 0x73) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000100)) [ 55.306008][ T7385] device bridge_slave_1 entered promiscuous mode [ 55.352434][ T7382] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.358631][ T7406] IPVS: ftp: loaded support on port[0] = 21 [ 55.405287][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 55.416889][ T7409] ================================================================== [ 55.425115][ T7409] BUG: KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent [ 55.433626][ T7409] [ 55.436047][ T7409] read to 0xffff888126527c28 of 8 bytes by task 7377 on cpu 0: [ 55.443597][ T7409] ext4_es_lookup_extent+0x3ba/0x510 [ 55.448881][ T7409] ext4_map_blocks+0xc2/0xf70 [ 55.453554][ T7409] ext4_mpage_readpages+0x92b/0x1270 [ 55.458839][ T7409] ext4_readpages+0x92/0xc0 [ 55.463892][ T7409] read_pages+0xa2/0x2d0 [ 55.468154][ T7409] __do_page_cache_readahead+0x353/0x390 [ 55.473802][ T7409] ondemand_readahead+0x35d/0x710 [ 55.478853][ T7409] page_cache_async_readahead+0x22c/0x250 [ 55.484612][ T7409] generic_file_read_iter+0xffc/0x1440 [ 55.490079][ T7409] ext4_file_read_iter+0xfa/0x240 [ 55.495191][ T7409] new_sync_read+0x389/0x4f0 [ 55.500148][ T7409] __vfs_read+0xb1/0xc0 [ 55.504314][ T7409] integrity_kernel_read+0xa1/0xe0 [ 55.509781][ T7409] ima_calc_file_hash_tfm+0x1b5/0x260 [ 55.515146][ T7409] [ 55.517483][ T7409] write to 0xffff888126527c28 of 8 bytes by task 7409 on cpu 1: [ 55.525146][ T7409] ext4_es_lookup_extent+0x3d3/0x510 [ 55.530446][ T7409] ext4_map_blocks+0xc2/0xf70 [ 55.535127][ T7409] ext4_getblk+0x30b/0x380 [ 55.539565][ T7409] ext4_bread+0x4a/0x190 [ 55.543834][ T7409] __ext4_read_dirblock+0x3e/0x700 [ 55.548959][ T7409] ext4_add_entry+0x46b/0x8e0 [ 55.553649][ T7409] ext4_add_nondir+0x31/0xa0 [ 55.558236][ T7409] ext4_symlink+0x7c0/0x970 [ 55.562735][ T7409] vfs_symlink+0x218/0x310 [ 55.567147][ T7409] do_symlinkat+0x1a5/0x1e0 [ 55.571645][ T7409] __x64_sys_symlink+0x3f/0x50 [ 55.576403][ T7409] do_syscall_64+0xcf/0x2f0 [ 55.580905][ T7409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.586781][ T7409] [ 55.589101][ T7409] Reported by Kernel Concurrency Sanitizer on: [ 55.595427][ T7409] CPU: 1 PID: 7409 Comm: syz-executor.0 Not tainted 5.3.0+ #0 22:29:20 executing program 5: r0 = socket$kcm(0x2, 0x2, 0x73) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000100)) [ 55.602954][ T7409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.613004][ T7409] ================================================================== [ 55.621058][ T7409] Kernel panic - not syncing: panic_on_warn set ... [ 55.627655][ T7409] CPU: 1 PID: 7409 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 55.635910][ T7409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.646356][ T7409] Call Trace: [ 55.649740][ T7409] dump_stack+0xf5/0x159 [ 55.653995][ T7409] panic+0x209/0x639 [ 55.657889][ T7409] ? vfs_symlink+0x218/0x310 [ 55.662584][ T7409] ? vprintk_func+0x8d/0x140 [ 55.667192][ T7409] kcsan_report.cold+0xc/0x1b [ 55.672062][ T7409] __kcsan_setup_watchpoint+0x3ee/0x510 [ 55.677700][ T7409] __tsan_write8+0x32/0x40 [ 55.682393][ T7409] ext4_es_lookup_extent+0x3d3/0x510 [ 55.687807][ T7409] ext4_map_blocks+0xc2/0xf70 [ 55.692515][ T7409] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.698232][ T7409] ext4_getblk+0x30b/0x380 [ 55.702652][ T7409] ? fscrypt_setup_filename+0x310/0x710 [ 55.708273][ T7409] ext4_bread+0x4a/0x190 [ 55.712551][ T7409] __ext4_read_dirblock+0x3e/0x700 [ 55.718003][ T7409] ext4_add_entry+0x46b/0x8e0 [ 55.722755][ T7409] ext4_add_nondir+0x31/0xa0 [ 55.727335][ T7409] ext4_symlink+0x7c0/0x970 [ 55.731849][ T7409] vfs_symlink+0x218/0x310 [ 55.736258][ T7409] do_symlinkat+0x1a5/0x1e0 [ 55.740782][ T7409] __x64_sys_symlink+0x3f/0x50 [ 55.745536][ T7409] do_syscall_64+0xcf/0x2f0 [ 55.750029][ T7409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.755903][ T7409] RIP: 0033:0x459787 [ 55.759781][ T7409] Code: 0f 1f 00 b8 5c 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.779688][ T7409] RSP: 002b:00007fff99816cc8 EFLAGS: 00000202 ORIG_RAX: 0000000000000058 [ 55.788119][ T7409] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000459787 [ 55.796164][ T7409] RDX: 00007fff99816d63 RSI: 00000000004bf2f5 RDI: 00007fff99816d50 [ 55.804220][ T7409] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000013 [ 55.812272][ T7409] R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000000 [ 55.820402][ T7409] R13: 00007fff99816d00 R14: 0000000000000000 R15: 00007fff99816d10 [ 55.829587][ T7409] Kernel Offset: disabled [ 55.833926][ T7409] Rebooting in 86400 seconds..