[info] Using makefile-style concurrent boot in runlevel 2. [ 42.379842][ T25] audit: type=1800 audit(1574797604.254:21): pid=7442 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 42.417145][ T25] audit: type=1800 audit(1574797604.254:22): pid=7442 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.57' (ECDSA) to the list of known hosts. 2019/11/26 19:46:54 fuzzer started 2019/11/26 19:46:56 dialing manager at 10.128.0.105:46511 2019/11/26 19:46:56 checking machine... 2019/11/26 19:46:56 checking revisions... 2019/11/26 19:46:56 testing simple program... syzkaller login: [ 55.113213][ T7612] IPVS: ftp: loaded support on port[0] = 21 2019/11/26 19:46:57 building call list... executing program [ 58.075736][ T7617] can: request_module (can-proto-0) failed. [ 58.087410][ T7617] can: request_module (can-proto-0) failed. [ 58.099592][ T7617] can: request_module (can-proto-0) failed. 2019/11/26 19:47:04 syscalls: 2566 2019/11/26 19:47:04 code coverage: enabled 2019/11/26 19:47:04 comparison tracing: enabled 2019/11/26 19:47:04 extra coverage: extra coverage is not supported by the kernel 2019/11/26 19:47:04 setuid sandbox: enabled 2019/11/26 19:47:04 namespace sandbox: enabled 2019/11/26 19:47:04 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/26 19:47:04 fault injection: enabled 2019/11/26 19:47:04 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/26 19:47:04 net packet injection: enabled 2019/11/26 19:47:04 net device setup: enabled 2019/11/26 19:47:04 concurrency sanitizer: enabled 2019/11/26 19:47:04 devlink PCI setup: PCI device 0000:00:10.0 is not available 19:47:05 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='bpf\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="2c61707072616973655f747970653d696d617369672c726f6f74636f6e746578743d756e636f6e6669d9733a28752c61707072616973652c726f6f74636f6e746578743d73746166665f752c3d"]) 19:47:05 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) r1 = dup(r0) ioctl$BLKDISCARD(0xffffffffffffffff, 0x1277, &(0x7f00000000c0)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000180)='lp\x00', 0x3) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000003c0), 0x4) acct(&(0x7f0000000140)='./file0\x00') prctl$PR_GET_THP_DISABLE(0x2a) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x20}, 0x1c) sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$FITRIM(r4, 0xc0185879, &(0x7f0000000100)={0x100000000, 0x0, 0x1000}) r5 = fcntl$dupfd(r2, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$binfmt_elf64(r0, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYRES16], 0xffffffb4) shutdown(r0, 0x1) ioctl$sock_SIOCSIFBR(0xffffffffffffffff, 0x8941, &(0x7f00000001c0)=@get={0x1, 0x0}) recvmsg(r0, &(0x7f0000001440)={0x0, 0xa, &(0x7f00000015c0)=[{&(0x7f0000001600)=""/4096, 0xf99e}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x7115}, 0x100) [ 63.569255][ T7659] IPVS: ftp: loaded support on port[0] = 21 [ 63.652622][ T7659] chnl_net:caif_netlink_parms(): no params data found [ 63.716069][ T7659] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.737103][ T7659] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.744865][ T7659] device bridge_slave_0 entered promiscuous mode [ 63.768051][ T7659] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.775518][ T7659] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.783811][ T7659] device bridge_slave_1 entered promiscuous mode [ 63.801032][ T7659] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.811578][ T7659] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.813644][ T7662] IPVS: ftp: loaded support on port[0] = 21 [ 63.830980][ T7659] team0: Port device team_slave_0 added [ 63.838101][ T7659] team0: Port device team_slave_1 added 19:47:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000fdbff8)=[{&(0x7f00000025c0)="290000002100190000003fffffffda260200000000e80001040000040d00140080000000132eb75c35", 0x29}], 0x1) [ 63.909353][ T7659] device hsr_slave_0 entered promiscuous mode [ 63.977595][ T7659] device hsr_slave_1 entered promiscuous mode 19:47:05 executing program 3: unshare(0x400) r0 = socket$nl_generic(0x10, 0x3, 0x10) fchmod(r0, 0x0) [ 64.162727][ T7664] IPVS: ftp: loaded support on port[0] = 21 [ 64.225166][ T7659] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.232505][ T7659] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.239985][ T7659] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.247140][ T7659] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.485621][ T7691] IPVS: ftp: loaded support on port[0] = 21 [ 64.508076][ T7662] chnl_net:caif_netlink_parms(): no params data found [ 64.547804][ T7659] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.627730][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.638857][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.718134][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.750072][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 64.792383][ T7659] 8021q: adding VLAN 0 to HW filter on device team0 19:47:06 executing program 4: r0 = socket(0x400000000010, 0x2, 0x0) recvmsg(r0, &(0x7f00000027c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002700)=""/146, 0x92}, 0x0) setsockopt$sock_int(r0, 0x1, 0x22, &(0x7f0000000040)=0x4, 0x4) write(r0, &(0x7f0000000000)="2400000021002551071c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24) [ 64.845769][ T3514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.867815][ T3514] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.876324][ T3514] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.883425][ T3514] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.960822][ T7664] chnl_net:caif_netlink_parms(): no params data found [ 64.980470][ T7662] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.988153][ T7662] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.027193][ T7662] device bridge_slave_0 entered promiscuous mode [ 65.068245][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.078642][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.107295][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.114463][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.147655][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.167214][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 65.207891][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 65.247678][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.278967][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 65.308277][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.361046][ T7662] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.378486][ T7662] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.407105][ T7662] device bridge_slave_1 entered promiscuous mode [ 65.465775][ T7697] IPVS: ftp: loaded support on port[0] = 21 [ 65.472744][ T3514] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.488561][ T3514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 65.519294][ T3514] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.547725][ T3514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 65.579579][ T3514] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.604077][ T7659] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 19:47:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000008940)=ANY=[@ANYBLOB="0b0000000000000001000080bb"]) ioctl$KVM_SMI(r2, 0xaeb7) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 65.672359][ T7662] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.722941][ T7659] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.740033][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 65.754073][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.792865][ T7662] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.836596][ T7691] chnl_net:caif_netlink_parms(): no params data found [ 65.846664][ T7662] team0: Port device team_slave_0 added [ 65.853163][ T7664] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.860789][ T7664] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.869066][ T7664] device bridge_slave_0 entered promiscuous mode [ 65.878581][ T7664] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.885879][ T7664] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.893707][ T7664] device bridge_slave_1 entered promiscuous mode [ 65.905412][ T7662] team0: Port device team_slave_1 added [ 65.920637][ T7711] IPVS: ftp: loaded support on port[0] = 21 [ 65.978997][ T7662] device hsr_slave_0 entered promiscuous mode [ 66.027526][ T7662] device hsr_slave_1 entered promiscuous mode [ 66.047204][ C1] ================================================================== [ 66.055721][ C1] BUG: KCSAN: data-race in add_timer / run_timer_softirq [ 66.063429][ C1] [ 66.065881][ C1] read to 0xffff88812bf1b6c8 of 8 bytes by task 146 on cpu 0: [ 66.073992][ C1] add_timer+0x16f/0x550 [ 66.078479][ C1] __queue_delayed_work+0x13b/0x1d0 [ 66.083764][ C1] queue_delayed_work_on+0xf3/0x110 [ 66.088971][ C1] bond_netdev_notify_work+0x150/0x160 [ 66.094660][ C1] process_one_work+0x3d4/0x890 [ 66.099512][ C1] worker_thread+0xa0/0x800 [ 66.104147][ C1] kthread+0x1d4/0x200 [ 66.108485][ C1] ret_from_fork+0x1f/0x30 [ 66.112891][ C1] [ 66.115223][ C1] write to 0xffff88812bf1b6c8 of 8 bytes by interrupt on cpu 1: [ 66.123549][ C1] run_timer_softirq+0xc14/0xcd0 [ 66.128676][ C1] __do_softirq+0x115/0x33f [ 66.133177][ C1] irq_exit+0xbb/0xe0 [ 66.137277][ C1] smp_apic_timer_interrupt+0xe6/0x280 [ 66.142818][ C1] apic_timer_interrupt+0xf/0x20 [ 66.147791][ C1] native_safe_halt+0xe/0x10 [ 66.152370][ C1] arch_cpu_idle+0xa/0x10 [ 66.156686][ C1] default_idle_call+0x1e/0x40 [ 66.161437][ C1] do_idle+0x1af/0x280 [ 66.165492][ C1] cpu_startup_entry+0x1b/0x20 [ 66.170247][ C1] start_secondary+0x168/0x1b0 [ 66.174997][ C1] secondary_startup_64+0xa4/0xb0 [ 66.180005][ C1] [ 66.182319][ C1] Reported by Kernel Concurrency Sanitizer on: [ 66.188468][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.4.0-syzkaller #0 [ 66.196045][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.206125][ C1] ================================================================== [ 66.214177][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 66.220757][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.4.0-syzkaller #0 [ 66.228285][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.238355][ C1] Call Trace: [ 66.241626][ C1] [ 66.244495][ C1] dump_stack+0x11d/0x181 [ 66.248877][ C1] panic+0x210/0x640 [ 66.253551][ C1] ? vprintk_func+0x8d/0x140 [ 66.258149][ C1] kcsan_report.cold+0xc/0xd [ 66.262738][ C1] kcsan_setup_watchpoint+0x3fe/0x460 [ 66.268114][ C1] ? dsp_cmx_receive+0x730/0x730 [ 66.273495][ C1] __tsan_unaligned_write8+0xc4/0x100 [ 66.279151][ C1] run_timer_softirq+0xc14/0xcd0 [ 66.284263][ C1] ? kvm_sched_clock_read+0x9/0x20 [ 66.289530][ C1] ? sched_clock+0x13/0x20 [ 66.294095][ C1] ? sched_clock_cpu+0x15/0xe0 [ 66.299227][ C1] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 66.305594][ C1] __do_softirq+0x115/0x33f [ 66.310099][ C1] irq_exit+0xbb/0xe0 [ 66.314321][ C1] smp_apic_timer_interrupt+0xe6/0x280 [ 66.319981][ C1] apic_timer_interrupt+0xf/0x20 [ 66.324998][ C1] [ 66.327946][ C1] RIP: 0010:native_safe_halt+0xe/0x10 [ 66.333351][ C1] Code: 90 90 90 90 90 90 90 90 90 90 90 90 e9 07 00 00 00 0f 00 2d 7c ad 48 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 6c ad 48 00 fb f4 90 55 48 89 e5 41 55 41 54 53 e8 42 6d 9f fc e8 bd 1a b5 fd 0f [ 66.353186][ C1] RSP: 0018:ffffc90000cd3e70 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 66.361831][ C1] RAX: 0000000000000001 RBX: ffff88812b38b0c0 RCX: ffffffff824ee349 [ 66.369795][ C1] RDX: 0000000000000000 RSI: ffffffff824ee357 RDI: 0000000000000005 [ 66.377899][ C1] RBP: ffffc90000cd3e90 R08: ffff88812b38b0c0 R09: 0000ffff857d2168 [ 66.386011][ C1] R10: 000000000002a3c0 R11: 0000ffff857d216f R12: 0000000000000001 [ 66.394419][ C1] R13: ffff88812b38b0c0 R14: 0000000000000000 R15: 0000000000000000 [ 66.402993][ C1] ? debug_smp_processor_id+0x39/0x172 [ 66.409032][ C1] ? debug_smp_processor_id+0x47/0x172 [ 66.414735][ C1] ? default_idle+0x26/0x180 [ 66.419451][ C1] arch_cpu_idle+0xa/0x10 [ 66.423889][ C1] default_idle_call+0x1e/0x40 [ 66.428794][ C1] do_idle+0x1af/0x280 [ 66.432868][ C1] ? complete+0x44/0x50 [ 66.437037][ C1] cpu_startup_entry+0x1b/0x20 [ 66.441857][ C1] start_secondary+0x168/0x1b0 [ 66.446621][ C1] secondary_startup_64+0xa4/0xb0 [ 66.453543][ C1] Kernel Offset: disabled [ 66.457886][ C1] Rebooting in 86400 seconds..