[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   41.446325][   T25] audit: type=1800 audit(1576079039.374:21): pid=7485 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0
[   41.498867][   T25] audit: type=1800 audit(1576079039.384:22): pid=7485 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.254' (ECDSA) to the list of known hosts.
2019/12/11 15:44:10 fuzzer started
2019/12/11 15:44:12 dialing manager at 10.128.0.105:44805
2019/12/11 15:44:12 syscalls: 2689
2019/12/11 15:44:12 code coverage: enabled
2019/12/11 15:44:12 comparison tracing: enabled
2019/12/11 15:44:12 extra coverage: extra coverage is not supported by the kernel
2019/12/11 15:44:12 setuid sandbox: enabled
2019/12/11 15:44:12 namespace sandbox: enabled
2019/12/11 15:44:12 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/11 15:44:12 fault injection: enabled
2019/12/11 15:44:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/11 15:44:12 net packet injection: enabled
2019/12/11 15:44:12 net device setup: enabled
2019/12/11 15:44:12 concurrency sanitizer: enabled
2019/12/11 15:44:12 devlink PCI setup: PCI device 0000:00:10.0 is not available
syzkaller login: [   56.654623][ T7649] KCSAN: could not find function: 'poll_schedule_timeout'
2019/12/11 15:44:19 adding functions to KCSAN blacklist: 'do_nanosleep' 'tomoyo_domain_quota_is_ok' 'generic_fillattr' '__snd_rawmidi_transmit_ack' 'tick_do_update_jiffies64' 'ext4_free_inodes_count' 'generic_write_end' 'poll_schedule_timeout' 'echo_char' 'pcpu_alloc' 'do_syslog' '__hrtimer_run_queues' 'tomoyo_supervisor' 'pipe_poll' 'pid_update_inode' 'ktime_get_real_seconds' 'do_exit' 'wbt_done' 'icmp_global_allow' 'blk_mq_sched_dispatch_requests' 'futex_wait_queue_me' 'lruvec_lru_size' 'tick_sched_do_timer' 'pipe_wait' 'list_lru_count_one' '__delete_from_page_cache' 'ext4_has_free_clusters' 'kauditd_thread' 'run_timer_softirq' 'tick_nohz_next_event' 'rcu_gp_fqs_check_wake' 'taskstats_exit' 'add_timer' 'audit_log_start' 'mod_timer' '__ext4_new_inode' 'ep_poll' 'process_srcu' 'copy_process' 'queue_access_lock' 'dd_has_work' 'ext4_free_inode' 'find_next_bit' 'blk_mq_dispatch_rq_list' 'vm_area_dup' 'xas_clear_mark' 'common_perm_cond' 'wbt_issue' 'tcp_add_backlog' 'find_get_pages_range_tag' '__lru_cache_add' 
15:45:27 executing program 0:
r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x203, 0x1)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000080)={0x80, 0x6, 0x101, 0x0, 0x0, 0x0, 0x0})

15:45:27 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000002280)=[{{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000300)=""/171, 0x200003ab}], 0x1}}], 0x1, 0x0, 0x0)

[  129.992275][ T7653] IPVS: ftp: loaded support on port[0] = 21
[  130.080132][ T7653] chnl_net:caif_netlink_parms(): no params data found
[  130.139821][ T7653] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.156943][ T7653] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.164681][ T7653] device bridge_slave_0 entered promiscuous mode
[  130.188423][ T7653] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.195551][ T7653] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.203702][ T7653] device bridge_slave_1 entered promiscuous mode
[  130.221450][ T7653] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
15:45:28 executing program 2:
r0 = socket$caif_stream(0x25, 0x1, 0x0)
io_setup(0x80, &(0x7f0000000080)=<r1=>0x0)
io_submit(r1, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = fcntl$dupfd(r2, 0x0, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
io_submit(r1, 0x2000000000000155, &(0x7f00000006c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000)="b2", 0x1}])

[  130.242828][ T7653] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  130.257945][ T7656] IPVS: ftp: loaded support on port[0] = 21
[  130.306729][ T7653] team0: Port device team_slave_0 added
[  130.331860][ T7653] team0: Port device team_slave_1 added
15:45:28 executing program 3:
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0xa, &(0x7f0000000300)=0x2000000000005ea, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fb, &(0x7f0000000540)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0xfe20)
write$binfmt_elf64(r2, &(0x7f0000002300)=ANY=[@ANYRES64], 0xf43185f1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)

[  130.489181][ T7653] device hsr_slave_0 entered promiscuous mode
[  130.537188][ T7653] device hsr_slave_1 entered promiscuous mode
[  130.630141][ T7656] chnl_net:caif_netlink_parms(): no params data found
[  130.664515][ T7659] IPVS: ftp: loaded support on port[0] = 21
[  130.676816][ T7661] IPVS: ftp: loaded support on port[0] = 21
15:45:28 executing program 4:
write$P9_ROPEN(0xffffffffffffffff, 0x0, 0xfffffffffffffecf)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, 0x0)
mkdir(0x0, 0x0)
prctl$PR_MCE_KILL_GET(0x22)
socket$inet6(0xa, 0x800000000000002, 0x0)
setgroups(0x0, &(0x7f0000000480))
syz_open_dev$mice(0x0, 0x0, 0x0)
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, 0x0)
r0 = timerfd_create(0x9, 0xc00)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000100)="6fcb64923e0de25c4a514cf4fca12a1b2a5fb747e691a5d1bd98d883df6cd0e9512b54eae44abf7ad2540d3e799d1a6b11f5599e35d7d7e01827f286e871f33a767a203fd0fb35576977bdaae078e07d74620538f72c179937843fb5902c24177297ccbe9d2b8db2b72e08ad79684c607c96cc22ed98825e417a0ae7772e0afc4178495d3a62961e0d30bdee0fb14922b4700089553017feceb7b0c6fbf0f00463887136ac27df01390739cb155e4c72e15bcdb8b188c8f7221a82a35207b282c0af9658805acc7e8cf6d059122cc56aa9e3229b9b1bb0168aa8386b82e99302d6962f672f44dfb6046fffe2524cf38f300027122565759d19a7b88eec133680")
ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, &(0x7f00000002c0)=""/4096)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unshare(0x40000000)

[  130.759835][ T7653] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.767030][ T7653] bridge0: port 2(bridge_slave_1) entered forwarding state
[  130.774749][ T7653] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.781891][ T7653] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.077297][ T7656] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.084479][ T7656] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.128995][ T7656] device bridge_slave_0 entered promiscuous mode
[  131.158186][ T7656] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.165282][ T7656] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.198540][ T7656] device bridge_slave_1 entered promiscuous mode
[  131.278013][ T3017] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.318023][ T3017] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.367488][ T7688] IPVS: ftp: loaded support on port[0] = 21
[  131.424167][ T7661] chnl_net:caif_netlink_parms(): no params data found
[  131.460285][ T7656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  131.482890][ T7679] ==================================================================
[  131.491023][ T7679] BUG: KCSAN: data-race in generic_permission / task_dump_owner
[  131.498639][ T7679] 
[  131.500964][ T7679] read to 0xffff888125644d6c of 4 bytes by task 7684 on cpu 1:
[  131.508506][ T7679]  generic_permission+0x65/0x3d0
[  131.513471][ T7679]  proc_pid_permission+0xea/0x1c0
[  131.518676][ T7679]  inode_permission+0x241/0x3c0
[  131.523542][ T7679]  link_path_walk.part.0+0x622/0xa90
[  131.528821][ T7679]  path_openat+0x14f/0x36e0
15:45:29 executing program 5:
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xa)
fsetxattr$security_evm(0xffffffffffffffff, &(0x7f0000000440)='security.evm\x00', 0x0, 0x0, 0x2)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x3, 0x0}}], 0x1, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getdents(0xffffffffffffffff, &(0x7f00000001c0)=""/236, 0xec)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000a80), 0xfffffffffffffffd)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0xb2)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000340)='maps\x00')
preadv(r1, &(0x7f00000017c0), 0x199, 0x0)

[  131.533320][ T7679]  do_filp_open+0x11e/0x1b0
[  131.537840][ T7679]  do_sys_open+0x3b3/0x4f0
[  131.542253][ T7679]  __x64_sys_open+0x55/0x70
[  131.546759][ T7679]  do_syscall_64+0xcc/0x370
[  131.551275][ T7679]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  131.557154][ T7679] 
[  131.559487][ T7679] write to 0xffff888125644d6c of 4 bytes by task 7679 on cpu 0:
[  131.567125][ T7679]  task_dump_owner+0x237/0x260
[  131.572004][ T7679]  pid_update_inode+0x3c/0x70
[  131.576690][ T7679]  pid_revalidate+0x91/0xd0
[  131.577022][ T7656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  131.581197][ T7679]  lookup_fast+0x6f2/0x700
[  131.581221][ T7679]  walk_component+0x6d/0xe70
[  131.599726][ T7679]  link_path_walk.part.0+0x5d3/0xa90
[  131.605530][ T7679]  path_openat+0x14f/0x36e0
[  131.610031][ T7679]  do_filp_open+0x11e/0x1b0
[  131.615224][ T7679]  do_sys_open+0x3b3/0x4f0
[  131.619742][ T7679]  __x64_sys_open+0x55/0x70
[  131.624279][ T7679]  do_syscall_64+0xcc/0x370
[  131.628910][ T7679]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  131.631363][ T7653] 8021q: adding VLAN 0 to HW filter on device bond0
[  131.634995][ T7679] 
[  131.643964][ T7679] Reported by Kernel Concurrency Sanitizer on:
[  131.650116][ T7679] CPU: 0 PID: 7679 Comm: ps Not tainted 5.4.0-syzkaller #0
[  131.657304][ T7679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  131.667363][ T7679] ==================================================================
[  131.675429][ T7679] Kernel panic - not syncing: panic_on_warn set ...
[  131.682032][ T7679] CPU: 0 PID: 7679 Comm: ps Not tainted 5.4.0-syzkaller #0
[  131.688309][ T7653] 8021q: adding VLAN 0 to HW filter on device team0
[  131.689241][ T7679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  131.706029][ T7679] Call Trace:
[  131.709334][ T7679]  dump_stack+0x11d/0x181
[  131.713668][ T7679]  panic+0x210/0x640
[  131.717563][ T7679]  ? vprintk_func+0x8d/0x140
[  131.722156][ T7679]  kcsan_report.cold+0xc/0xd
[  131.726765][ T7679]  kcsan_setup_watchpoint+0x3fe/0x460
[  131.732241][ T7679]  __tsan_unaligned_write4+0xc4/0x100
[  131.737791][ T7679]  task_dump_owner+0x237/0x260
[  131.742665][ T7679]  ? __rcu_read_unlock+0x66/0x3c0
[  131.747696][ T7679]  pid_update_inode+0x3c/0x70
[  131.754469][ T7679]  pid_revalidate+0x91/0xd0
[  131.758982][ T7679]  lookup_fast+0x6f2/0x700
[  131.764380][ T7679]  walk_component+0x6d/0xe70
[  131.768992][ T7679]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  131.775242][ T7679]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  131.778847][ T7653] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  131.781503][ T7679]  ? security_inode_permission+0xa5/0xc0
[  131.797420][ T7679]  ? inode_permission+0xa0/0x3c0
[  131.802801][ T7679]  link_path_walk.part.0+0x5d3/0xa90
[  131.808098][ T7679]  path_openat+0x14f/0x36e0
[  131.812611][ T7679]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  131.818591][ T7679]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  131.825888][ T7679]  ? __rcu_read_unlock+0x66/0x3c0
[  131.830929][ T7679]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  131.832320][ T7653] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  131.836823][ T7679]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  131.853002][ T7679]  ? __read_once_size+0x41/0xe0
[  131.857866][ T7679]  do_filp_open+0x11e/0x1b0
[  131.862454][ T7679]  ? __alloc_fd+0x2ef/0x3b0
[  131.866970][ T7679]  do_sys_open+0x3b3/0x4f0
[  131.871390][ T7679]  __x64_sys_open+0x55/0x70
[  131.875900][ T7679]  do_syscall_64+0xcc/0x370
[  131.880592][ T7679]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  131.886479][ T7679] RIP: 0033:0x7f42cdeb6120
[  131.890895][ T7679] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24
[  131.910497][ T7679] RSP: 002b:00007ffc3168aba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  131.918936][ T7679] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f42cdeb6120
[  131.926914][ T7679] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f42ce384d00
[  131.934902][ T7679] RBP: 0000000000001000 R08: 0000000000000000 R09: 00007f42ce17ea10
[  131.938745][ T7653] 8021q: adding VLAN 0 to HW filter on device batadv0
[  131.942869][ T7679] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f42ce383d00
[  131.942878][ T7679] R13: 00000000024531c0 R14: 0000000000000005 R15: 0000000000000000
[  131.951028][ T7679] Kernel Offset: disabled
[  131.973068][ T7679] Rebooting in 86400 seconds..