[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   36.003684][   T26] audit: type=1800 audit(1572286355.910:25): pid=7044 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0
[   36.023607][   T26] audit: type=1800 audit(1572286355.910:26): pid=7044 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0
[   36.051453][   T26] audit: type=1800 audit(1572286355.910:27): pid=7044 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts.
2019/10/28 18:12:47 fuzzer started
2019/10/28 18:12:49 dialing manager at 10.128.0.105:45117
2019/10/28 18:12:49 syscalls: 2540
2019/10/28 18:12:49 code coverage: enabled
2019/10/28 18:12:49 comparison tracing: enabled
2019/10/28 18:12:49 extra coverage: extra coverage is not supported by the kernel
2019/10/28 18:12:49 setuid sandbox: enabled
2019/10/28 18:12:49 namespace sandbox: enabled
2019/10/28 18:12:49 Android sandbox: /sys/fs/selinux/policy does not exist
2019/10/28 18:12:49 fault injection: enabled
2019/10/28 18:12:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/10/28 18:12:49 net packet injection: enabled
2019/10/28 18:12:49 net device setup: enabled
2019/10/28 18:12:49 concurrency sanitizer: enabled
syzkaller login: [   52.896475][ T7209] KCSAN: could not find function: 'poll_schedule_timeout'
2019/10/28 18:13:08 adding functions to KCSAN blacklist: 'tick_do_update_jiffies64' 'sit_tunnel_xmit' 'fsnotify' 'find_next_bit' 'shmem_getpage_gfp' 'ext4_nonda_switch' 'wbt_done' 'virtqueue_disable_cb' 'p9_poll_workfn' 'echo_char' 'poll_schedule_timeout' 'generic_write_end' 'find_get_pages_range_tag' 'ext4_mark_iloc_dirty' 'generic_fillattr' 'inet_putpeer' 'blk_mq_sched_dispatch_requests' 'wbt_wait' 'xas_find_marked' 'sk_stream_wait_memory' 'do_readlinkat' 'tcp_add_backlog' 'run_timer_softirq' 'mod_timer' 'generic_permission' 'vm_area_dup' 'queue_access_lock' 'unix_release_sock' '__hrtimer_run_queues' 'ep_poll' 'ext4_free_inode' '__splice_from_pipe' 'taskstats_exit' 'update_defense_level' 'process_srcu' 'pid_update_inode' 'do_syslog' '__ext4_new_inode' 'do_exit' 'ext4_has_free_clusters' 'do_wait' 'alloc_pid' 'add_timer_on' '__nf_ct_refresh_acct' 'blk_mq_dispatch_rq_list' 'blk_mq_run_hw_queue' 'shmem_file_read_iter' 'snd_ctl_notify' 'tick_sched_do_timer' 'd_shrink_add' '__snd_rawmidi_transmit_ack' 'kcm_rfree' 'add_timer' 'ipip_tunnel_xmit' 'rcu_gp_fqs_loop' '__tcp_select_window' 'task_dump_owner' 'do_nanosleep' 'tcp_poll' 'blk_mq_get_request' 'pipe_wait' '__nf_conntrack_find_get' 'tomoyo_supervisor' 'mm_update_next_owner' 'dd_has_work' 'futex_wait_queue_me' 'ktime_get_seconds' 'ktime_get_real_seconds' 'ext4_free_inodes_count' 'tick_nohz_idle_stop_tick' 'n_tty_receive_buf_common' 'copy_process' 'pipe_poll' 'vti_tunnel_xmit' 'enqueue_timer' 'rcu_gp_fqs_check_wake' 'xas_clear_mark' 'wbc_detach_inode' 'wbt_issue' 
18:16:12 executing program 0:
msgctl$MSG_INFO(0x0, 0xd, &(0x7f0000000140)=""/22)

18:16:12 executing program 1:
mkdir(0x0, 0x0)
getsockname(0xffffffffffffffff, 0x0, 0x0)
add_key$user(&(0x7f0000000140)='user\x00', &(0x7f0000000300)={'syz', 0x0}, &(0x7f00000004c0)="c7fe15c1b673255e04c6bc15a6da85ac708c1efa9418b9", 0x17, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
syz_genetlink_get_family_id$tipc2(0x0)
r0 = socket$inet6(0xa, 0x2000000001, 0x0)
accept$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @remote}, &(0x7f0000000900)=0x10)
syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00')
read$eventfd(0xffffffffffffffff, &(0x7f0000000080), 0xff97)
readahead(r0, 0x0, 0x3)
r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ppoll(&(0x7f00000000c0)=[{r1}], 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffff38}, 0x8)
prctl$PR_SET_PDEATHSIG(0x1, 0x13)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="020700001000000000000000000001000800120000000100000000000000000006000000000000000000000800000200e00040e0ff00000000000000000000000000ada800800400004015000000000003000600df120000020000809014ffbbf00000000000000003000500000100000200423b30632bd7b820000000000003a5b0c5dd867b11fbb0c741f2127b19a9eff79e7f40d6ef86"], 0x80}}, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r2, &(0x7f0000000180), 0x32bc45944b084a6, 0x0)

[  252.873555][ T7212] IPVS: ftp: loaded support on port[0] = 21
[  253.026635][ T7212] chnl_net:caif_netlink_parms(): no params data found
[  253.060706][ T7215] IPVS: ftp: loaded support on port[0] = 21
[  253.106323][ T7212] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.113706][ T7212] bridge0: port 1(bridge_slave_0) entered disabled state
[  253.122334][ T7212] device bridge_slave_0 entered promiscuous mode
[  253.143174][ T7212] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.150250][ T7212] bridge0: port 2(bridge_slave_1) entered disabled state
[  253.158779][ T7212] device bridge_slave_1 entered promiscuous mode
18:16:13 executing program 2:
creat(0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x11, 0x800000003, 0x0)
bind(r1, &(0x7f0000000080)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="480000002400e577a885ddb05cc582f24186cf0d", @ANYRES32, @ANYBLOB="00000000ffffffff0000000008000100687462001c00020018000200030000001a000000000000000000"], 0x48}}, 0x0)
open(0x0, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)

[  253.199746][ T7212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  253.254829][ T7212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  253.310615][ T7215] chnl_net:caif_netlink_parms(): no params data found
[  253.326321][ T7212] team0: Port device team_slave_0 added
[  253.343806][ T7212] team0: Port device team_slave_1 added
[  253.367869][ T7219] IPVS: ftp: loaded support on port[0] = 21
[  253.466435][ T7212] device hsr_slave_0 entered promiscuous mode
18:16:13 executing program 3:
creat(&(0x7f00000013c0)='./file0\x00', 0x0)
perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x8000000200029651, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000))

[  253.511799][ T7212] device hsr_slave_1 entered promiscuous mode
[  253.580314][ T7215] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.602975][ T7215] bridge0: port 1(bridge_slave_0) entered disabled state
[  253.623143][ T7215] device bridge_slave_0 entered promiscuous mode
[  253.633526][ T7215] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.650721][ T7215] bridge0: port 2(bridge_slave_1) entered disabled state
[  253.659416][ T7215] device bridge_slave_1 entered promiscuous mode
[  253.786901][ T7215] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  253.833469][ T7215] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  253.920618][ T7212] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.927817][ T7212] bridge0: port 2(bridge_slave_1) entered forwarding state
[  253.935218][ T7212] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.942354][ T7212] bridge0: port 1(bridge_slave_0) entered forwarding state
[  254.054005][ T7215] team0: Port device team_slave_0 added
[  254.140129][ T7219] chnl_net:caif_netlink_parms(): no params data found
[  254.185316][ T7215] team0: Port device team_slave_1 added
[  254.226769][ T3500] bridge0: port 1(bridge_slave_0) entered disabled state
[  254.242452][ T3500] bridge0: port 2(bridge_slave_1) entered disabled state
[  254.302492][ T7227] IPVS: ftp: loaded support on port[0] = 21
[  254.434812][ T7215] device hsr_slave_0 entered promiscuous mode
[  254.464117][ T7215] device hsr_slave_1 entered promiscuous mode
[  254.484000][ T7215] debugfs: Directory 'hsr0' with parent '/' already present!
[  254.527547][ T7219] bridge0: port 1(bridge_slave_0) entered blocking state
[  254.551552][ T7219] bridge0: port 1(bridge_slave_0) entered disabled state
[  254.559663][ T7219] device bridge_slave_0 entered promiscuous mode
[  254.592718][ T7219] bridge0: port 2(bridge_slave_1) entered blocking state
[  254.599881][ T7219] bridge0: port 2(bridge_slave_1) entered disabled state
[  254.634862][ T7219] device bridge_slave_1 entered promiscuous mode
[  254.805478][ T7219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  254.864390][ T7212] 8021q: adding VLAN 0 to HW filter on device bond0
[  254.907935][ T7219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  255.001382][ T7212] 8021q: adding VLAN 0 to HW filter on device team0
[  255.053346][ T7216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  255.082074][ T7216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  255.201499][ T7216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  255.210716][ T7216] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  255.233849][ T7263] ==================================================================
[  255.241980][ T7263] BUG: KCSAN: data-race in get_wchan / worker_thread
[  255.248655][ T7263] 
[  255.250981][ T7263] write to 0xffff88812acd90d0 of 8 bytes by task 416 on cpu 0:
[  255.258524][ T7263]  worker_thread+0x1c3/0x800
[  255.263122][ T7263]  kthread+0x1d4/0x200
[  255.267192][ T7263]  ret_from_fork+0x1f/0x30
[  255.271592][ T7263] 
[  255.273921][ T7263] read to 0xffff88812acd90d0 of 8 bytes by task 7263 on cpu 1:
[  255.281463][ T7263]  get_wchan+0x47/0x180
[  255.282293][ T7216] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.285627][ T7263]  do_task_stat+0xdf0/0x1370
[  255.292696][ T7216] bridge0: port 1(bridge_slave_0) entered forwarding state
[  255.297214][ T7263]  proc_tgid_stat+0x3d/0x60
[  255.308874][ T7263]  proc_single_show+0x89/0xe0
[  255.313539][ T7263]  seq_read+0x350/0x960
[  255.317704][ T7263]  __vfs_read+0x67/0xc0
[  255.321857][ T7263]  vfs_read+0x143/0x2c0
[  255.326003][ T7263]  ksys_read+0xd5/0x1b0
[  255.330148][ T7263]  __x64_sys_read+0x4c/0x60
[  255.334646][ T7263]  do_syscall_64+0xcc/0x370
[  255.340105][ T7263]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  255.346595][ T7263] 
[  255.348913][ T7263] Reported by Kernel Concurrency Sanitizer on:
[  255.355056][ T7263] CPU: 1 PID: 7263 Comm: ps Not tainted 5.4.0-rc3+ #0
[  255.361890][ T7263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  255.371934][ T7263] ==================================================================
[  255.379984][ T7263] Kernel panic - not syncing: panic_on_warn set ...
[  255.386685][ T7263] CPU: 1 PID: 7263 Comm: ps Not tainted 5.4.0-rc3+ #0
[  255.392236][ T7216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  255.393433][ T7263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  255.393437][ T7263] Call Trace:
[  255.393459][ T7263]  dump_stack+0xf5/0x159
[  255.393485][ T7263]  panic+0x210/0x640
[  255.422952][ T7263]  ? __x64_sys_read+0x4c/0x60
[  255.427732][ T7263]  ? vprintk_func+0x8d/0x140
[  255.432339][ T7263]  kcsan_report.cold+0xc/0x10
[  255.432418][ T7216] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  255.437049][ T7263]  __kcsan_setup_watchpoint+0x32e/0x4a0
[  255.450534][ T7263]  ? __tsan_write4+0x32/0x40
[  255.455135][ T7263]  __tsan_read8+0x2c/0x30
[  255.459463][ T7263]  get_wchan+0x47/0x180
[  255.463633][ T7263]  do_task_stat+0xdf0/0x1370
[  255.468237][ T7263]  proc_tgid_stat+0x3d/0x60
[  255.472748][ T7263]  proc_single_show+0x89/0xe0
[  255.477444][ T7263]  seq_read+0x350/0x960
[  255.481607][ T7263]  __vfs_read+0x67/0xc0
[  255.482309][ T7216] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.485914][ T7263]  ? seq_hlist_start_head_rcu+0x60/0x60
[  255.493011][ T7216] bridge0: port 2(bridge_slave_1) entered forwarding state
[  255.498478][ T7263]  vfs_read+0x143/0x2c0
[  255.509924][ T7263]  ksys_read+0xd5/0x1b0
[  255.514078][ T7263]  __x64_sys_read+0x4c/0x60
[  255.518575][ T7263]  do_syscall_64+0xcc/0x370
[  255.523093][ T7263]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  255.528994][ T7263] RIP: 0033:0x7f6b512e6310
[  255.533414][ T7263] Code: 73 01 c3 48 8b 0d 28 4b 2b 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 83 3d e5 a2 2b 00 00 75 10 b8 00 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 6e 8a 01 00 48 89 04 24
[  255.553013][ T7263] RSP: 002b:00007ffc5c368f08 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  255.561426][ T7263] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f6b512e6310
[  255.568336][ T7216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  255.569402][ T7263] RDX: 0000000000000fff RSI: 00007f6b517b3d00 RDI: 0000000000000006
[  255.585234][ T7263] RBP: 0000000000000fff R08: 0000000000000000 R09: 00007f6b515aea10
[  255.593201][ T7263] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6b517b3d00
[  255.594051][ T7219] team0: Port device team_slave_0 added
[  255.601162][ T7263] R13: 00000000024ec1c0 R14: 0000000000000005 R15: 0000000000000000
[  255.602735][ T7263] Kernel Offset: disabled
[  255.620568][ T7263] Rebooting in 86400 seconds..