[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   50.009034][   T25] audit: type=1800 audit(1573809650.845:21): pid=7503 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0
[   50.059438][   T25] audit: type=1800 audit(1573809650.845:22): pid=7503 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.33' (ECDSA) to the list of known hosts.
2019/11/15 09:21:02 fuzzer started
2019/11/15 09:21:04 dialing manager at 10.128.0.105:44219
2019/11/15 09:21:04 syscalls: 2566
2019/11/15 09:21:04 code coverage: enabled
2019/11/15 09:21:04 comparison tracing: enabled
2019/11/15 09:21:04 extra coverage: extra coverage is not supported by the kernel
2019/11/15 09:21:04 setuid sandbox: enabled
2019/11/15 09:21:04 namespace sandbox: enabled
2019/11/15 09:21:04 Android sandbox: /sys/fs/selinux/policy does not exist
2019/11/15 09:21:04 fault injection: enabled
2019/11/15 09:21:04 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/11/15 09:21:04 net packet injection: enabled
2019/11/15 09:21:04 net device setup: enabled
2019/11/15 09:21:04 concurrency sanitizer: enabled
2019/11/15 09:21:04 devlink PCI setup: PCI device 0000:00:10.0 is not available
2019/11/15 09:21:06 adding functions to KCSAN blacklist: 'mod_timer' 'run_timer_softirq' '__rb_insert_augmented' 'timer_clear_idle' 'ep_poll' 'tick_do_update_jiffies64' 'generic_permission' 'tcp_add_backlog' 'rcu_gp_fqs_check_wake' 'find_next_bit' 'add_timer' '__rb_rotate_set_parents' 'pipe_wait' 'tomoyo_supervisor' '__hrtimer_run_queues' 'pid_update_inode' 'ep_insert' 'vm_area_dup' 
09:21:07 executing program 0:
r0 = memfd_create(&(0x7f0000000040)='userloppp1ptoc\'\x00', 0x6)
fcntl$addseals(r0, 0x409, 0xa)
fallocate(r0, 0x3, 0x0, 0x100000001)

09:21:07 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newlink={0xac, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x80, 0x12, @ip6erspan={{0x10, 0x1, 'ip6erspan\x00'}, {0x6c, 0x2, [@IFLA_GRE_LOCAL={0x14, 0x6, @ipv4={[], [], @multicast2}}, @gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}], @IFLA_GRE_REMOTE={0x14, 0x7, @rand_addr="c4ddbba432f1ed5a7009fd4a6dea08ca"}, @IFLA_GRE_REMOTE={0x14, 0x7, @remote}, @IFLA_GRE_LOCAL={0x1, 0x6, @remote}, @IFLA_GRE_REMOTE={0x14, 0x7, @mcast2}]}}}, @IFLA_ADDRESS={0xc, 0xa, @dev={[], 0x1c}}]}, 0xac}}, 0x46118)

syzkaller login: [   67.020806][ T7673] IPVS: ftp: loaded support on port[0] = 21
[   67.102611][ T7673] chnl_net:caif_netlink_parms(): no params data found
[   67.167523][ T7673] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.175080][ T7673] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.195999][ T7673] device bridge_slave_0 entered promiscuous mode
[   67.203934][ T7673] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.211540][ T7673] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.220302][ T7673] device bridge_slave_1 entered promiscuous mode
[   67.236917][ T7676] IPVS: ftp: loaded support on port[0] = 21
[   67.238957][ T7673] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.254043][ T7673] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.274890][ T7673] team0: Port device team_slave_0 added
[   67.286668][ T7673] team0: Port device team_slave_1 added
09:21:08 executing program 2:
r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video0\x00', 0x2, 0x0)
ioctl$VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000140))

[   67.388660][ T7673] device hsr_slave_0 entered promiscuous mode
[   67.456165][ T7673] device hsr_slave_1 entered promiscuous mode
[   67.561263][ T7678] IPVS: ftp: loaded support on port[0] = 21
[   67.590442][ T7676] chnl_net:caif_netlink_parms(): no params data found
09:21:08 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000480)={'broute\x00', 0x0, 0x0, 0x0, [], 0x1, 0x0, 0x0, [{}]}, 0x88)

[   67.731624][ T7676] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.765326][ T7676] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.798418][ T7676] device bridge_slave_0 entered promiscuous mode
[   67.846483][ T7676] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.853623][ T7676] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.862943][ T7676] device bridge_slave_1 entered promiscuous mode
[   67.958921][ T7676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.000641][ T7678] chnl_net:caif_netlink_parms(): no params data found
[   68.028492][ T7676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.138253][ T7676] team0: Port device team_slave_0 added
[   68.144083][ T7678] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.177269][ T7678] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.205315][ T7678] device bridge_slave_0 entered promiscuous mode
[   68.227683][ T7676] team0: Port device team_slave_1 added
[   68.239486][ T7705] IPVS: ftp: loaded support on port[0] = 21
[   68.249466][ T7678] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.265657][ T7678] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.273328][ T7678] device bridge_slave_1 entered promiscuous mode
[   68.357526][ T7676] device hsr_slave_0 entered promiscuous mode
[   68.375541][ T7676] device hsr_slave_1 entered promiscuous mode
[   68.405307][ T7676] debugfs: Directory 'hsr0' with parent '/' already present!
[   68.456637][ T7678] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.539721][ T7678] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
09:21:09 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@array]}}, &(0x7f0000000180)=""/4096, 0x32, 0x1000, 0x1}, 0x20)

[   68.681205][ T7678] team0: Port device team_slave_0 added
[   68.775642][ T7678] team0: Port device team_slave_1 added
[   68.843222][    T7] device bridge_slave_1 left promiscuous mode
[   68.858873][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.026946][    T7] device bridge_slave_0 left promiscuous mode
[   69.033193][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.135614][    T7] device hsr_slave_0 left promiscuous mode
[   69.165425][    T7] device hsr_slave_1 left promiscuous mode
[   69.245694][    T7] team0 (unregistering): Port device team_slave_1 removed
[   69.295644][    T7] team0 (unregistering): Port device team_slave_0 removed
[   69.357031][    T7] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   69.450011][    T7] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   69.602030][ T7725] ==================================================================
[   69.602582][    T7] bond0 (unregistering): Released all slaves
[   69.610179][ T7725] BUG: KCSAN: data-race in alloc_empty_file / percpu_counter_add_batch
[   69.610191][ T7725] 
[   69.627312][ T7725] write to 0xffffffff85a08548 of 8 bytes by task 7738 on cpu 0:
[   69.634947][ T7725]  percpu_counter_add_batch+0xca/0x150
[   69.640413][ T7725]  __fput+0x35d/0x520
[   69.644397][ T7725]  ____fput+0x1f/0x30
[   69.648379][ T7725]  task_work_run+0xf6/0x130
[   69.652876][ T7725]  do_exit+0x562/0x18f0
[   69.657022][ T7725]  do_group_exit+0xb4/0x1c0
[   69.661514][ T7725]  __x64_sys_exit_group+0x2e/0x30
[   69.666529][ T7725]  do_syscall_64+0xcc/0x370
[   69.671024][ T7725]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   69.676903][ T7725] 
[   69.679228][ T7725] read to 0xffffffff85a08548 of 8 bytes by task 7725 on cpu 1:
[   69.686760][ T7725]  alloc_empty_file+0x2d/0x180
[   69.691515][ T7725]  path_openat+0x74/0x36e0
[   69.695924][ T7725]  do_filp_open+0x11e/0x1b0
[   69.700421][ T7725]  do_sys_open+0x3b3/0x4f0
[   69.704827][ T7725]  __x64_sys_open+0x55/0x70
[   69.709325][ T7725]  do_syscall_64+0xcc/0x370
[   69.714111][ T7725]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   69.720093][ T7725] 
[   69.722417][ T7725] Reported by Kernel Concurrency Sanitizer on:
[   69.728568][ T7725] CPU: 1 PID: 7725 Comm: ps Not tainted 5.4.0-rc7+ #0
[   69.735747][ T7725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.745791][ T7725] ==================================================================
[   69.753861][ T7725] Kernel panic - not syncing: panic_on_warn set ...
[   69.760455][ T7725] CPU: 1 PID: 7725 Comm: ps Not tainted 5.4.0-rc7+ #0
[   69.767310][ T7725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.778324][ T7725] Call Trace:
[   69.781613][ T7725]  dump_stack+0x11d/0x181
[   69.785940][ T7725]  panic+0x210/0x640
[   69.789829][ T7725]  ? vprintk_func+0x8d/0x140
[   69.794444][ T7725]  kcsan_report.cold+0xc/0xd
[   69.799053][ T7725]  kcsan_setup_watchpoint+0x3fe/0x460
[   69.804420][ T7725]  __tsan_read8+0xc6/0x100
[   69.808830][ T7725]  alloc_empty_file+0x2d/0x180
[   69.813592][ T7725]  path_openat+0x74/0x36e0
[   69.818023][ T7725]  ? __read_once_size.constprop.0+0x12/0x20
[   69.823922][ T7725]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   69.830169][ T7725]  ? __virt_addr_valid+0x126/0x190
[   69.835285][ T7725]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   69.841532][ T7725]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   69.847767][ T7725]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   69.853652][ T7725]  ? __read_once_size+0x41/0xe0
[   69.858623][ T7725]  do_filp_open+0x11e/0x1b0
[   69.863137][ T7725]  ? __check_object_size+0x5f/0x346
[   69.869822][ T7725]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   69.875715][ T7725]  ? __alloc_fd+0x2ef/0x3b0
[   69.880221][ T7725]  do_sys_open+0x3b3/0x4f0
[   69.884637][ T7725]  __x64_sys_open+0x55/0x70
[   69.889137][ T7725]  do_syscall_64+0xcc/0x370
[   69.893649][ T7725]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   69.899529][ T7725] RIP: 0033:0x7f4d3d2ac120
[   69.903944][ T7725] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24
[   69.923554][ T7725] RSP: 002b:00007fff277e6ab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   69.931957][ T7725] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f4d3d2ac120
[   69.939919][ T7725] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f4d3d77ad00
[   69.947882][ T7725] RBP: 0000000000001000 R08: 0000000000000000 R09: 00007f4d3d57457b
[   69.955847][ T7725] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4d3d779d00
[   69.963828][ T7725] R13: 0000000000000020 R14: 0000000000000005 R15: 0000000000000000
[   69.973330][ T7725] Kernel Offset: disabled
[   69.977664][ T7725] Rebooting in 86400 seconds..