[info] Using makefile-style concurrent boot in runlevel 2. [ 50.398637][ T26] audit: type=1800 audit(1573886571.117:21): pid=7507 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 50.451257][ T26] audit: type=1800 audit(1573886571.127:22): pid=7507 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts. 2019/11/16 06:43:02 fuzzer started 2019/11/16 06:43:04 dialing manager at 10.128.0.105:34521 2019/11/16 06:43:06 syscalls: 2566 2019/11/16 06:43:06 code coverage: enabled 2019/11/16 06:43:06 comparison tracing: enabled 2019/11/16 06:43:06 extra coverage: extra coverage is not supported by the kernel 2019/11/16 06:43:06 setuid sandbox: enabled 2019/11/16 06:43:06 namespace sandbox: enabled 2019/11/16 06:43:06 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/16 06:43:06 fault injection: enabled 2019/11/16 06:43:06 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/16 06:43:06 net packet injection: enabled 2019/11/16 06:43:06 net device setup: enabled 2019/11/16 06:43:06 concurrency sanitizer: enabled 2019/11/16 06:43:06 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 68.484171][ T7677] KCSAN: could not find function: 'poll_schedule_timeout' 2019/11/16 06:43:14 adding functions to KCSAN blacklist: 'blk_mq_sched_dispatch_requests' 'filemap_map_pages' 'run_timer_softirq' 'tick_sched_do_timer' 'blk_mq_dispatch_rq_list' 'copy_process' 'ext4_da_write_end' 'ext4_free_inode' 'do_nanosleep' 'tick_nohz_idle_stop_tick' 'blk_mq_run_hw_queue' 'ktime_get_real_seconds' 'pipe_wait' 'tick_nohz_next_event' 'pid_update_inode' 'generic_write_end' 'poll_schedule_timeout' 'find_next_bit' 'kcm_ioctl' 'p9_poll_workfn' 'sctp_assoc_migrate' 'lruvec_lru_size' 'n_tty_receive_buf_common' 'tcp_add_backlog' 'tomoyo_supervisor' 'common_perm_cond' 'audit_log_start' 'ext4_has_free_clusters' '__hrtimer_run_queues' 'dd_has_work' 'echo_char' 'mod_timer' 'taskstats_exit' 'pipe_poll' 'ep_poll' 'blk_mq_get_request' 'ext4_nonda_switch' 'tick_do_update_jiffies64' 'ext4_ext_insert_extent' 'pcpu_alloc' 'xas_clear_mark' 'rcu_gp_fqs_check_wake' '__ext4_new_inode' 'generic_fillattr' 'xas_find_marked' 'add_timer' 06:44:08 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) write(r1, &(0x7f0000000300)="240000001e0025eaa87865f51e86041b0004000200bff20182a9000c080008000b000000", 0x1e2) [ 127.476577][ T7680] IPVS: ftp: loaded support on port[0] = 21 06:44:08 executing program 1: mkdir(0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cpuacct.stat\x00', 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x42000) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x14, 0x23, 0x847, 0x0, 0x0, {0x2804}}, 0x14}, 0x1, 0x0, 0x0, 0xef3407281ad91a5d}, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') socket$netlink(0x10, 0x3, 0x0) ioctl$DRM_IOCTL_ADD_MAP(r1, 0xc0286415, &(0x7f0000000300)={&(0x7f0000041000/0x3000)=nil, 0xf1, 0x3, 0x352f6b48c5ed912a, &(0x7f0000044000/0x1000)=nil, 0x7}) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000180)={0x0, 0x0, 0x1, {0x5, @raw_data="efaa91e861aa9431ed1253263499a0b1b370c43f9fe8f2927337a7d398c6845cb38171589b15e8d8b61dc2e54209994fec0662ed54b2baa44404f48509356f73689ffee8d5b5900744889c501420724ea72c482a9e0dd0fa701629106ab573c94c82fa974e2cc0b74e5eb5d3df1eda89581c045ae28a41b014d328db1ec69773717d52c347e1ab293032682811cc8c1a943e4ff99d6413e857409534cbeb3d5c2cef8143ea24613061aca7b83d6a2dbb623aa0cb7093e6818c917710012a3be504412cf3dc2dc008"}}) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f0000000240)={0x0, 0x1}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYRESOCT=r1, @ANYRES32=0x0, @ANYBLOB], 0x3}}, 0x4) socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) r3 = socket$inet6(0xa, 0x800000003, 0xff) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) dup(r3) open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) io_setup(0x83, &(0x7f00000003c0)=0x0) io_submit(r4, 0x4110, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x10000}]) [ 127.551807][ T7680] chnl_net:caif_netlink_parms(): no params data found [ 127.615463][ T7680] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.641320][ T7680] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.649058][ T7680] device bridge_slave_0 entered promiscuous mode [ 127.672460][ T7680] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.679577][ T7680] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.687767][ T7680] device bridge_slave_1 entered promiscuous mode [ 127.705999][ T7680] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 127.717048][ T7680] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 127.719852][ T7683] IPVS: ftp: loaded support on port[0] = 21 [ 127.737587][ T7680] team0: Port device team_slave_0 added [ 127.744793][ T7680] team0: Port device team_slave_1 added 06:44:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x7b, 0x5, [0x9e], [0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}) [ 127.833503][ T7680] device hsr_slave_0 entered promiscuous mode [ 127.871882][ T7680] device hsr_slave_1 entered promiscuous mode [ 127.998353][ T7685] IPVS: ftp: loaded support on port[0] = 21 06:44:08 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x2) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06"], 0x1) ioctl$int_in(r0, 0x208008008010500c, &(0x7f00000000c0)) [ 128.089429][ T7680] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.096711][ T7680] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.104007][ T7680] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.111048][ T7680] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.124485][ T3902] ================================================================== [ 128.132624][ T3902] BUG: KCSAN: data-race in __rb_insert_augmented / vm_area_dup [ 128.140331][ T3902] [ 128.142669][ T3902] read to 0xffff888126269ed8 of 200 bytes by task 7687 on cpu 0: [ 128.150393][ T3902] vm_area_dup+0x70/0xf0 [ 128.154645][ T3902] dup_mm+0x330/0xba0 [ 128.158635][ T3902] copy_process+0x36f3/0x3b50 [ 128.163931][ T3902] _do_fork+0xfe/0x6e0 [ 128.168093][ T3902] __x64_sys_clone+0x12b/0x160 [ 128.172863][ T3902] do_syscall_64+0xcc/0x370 [ 128.177376][ T3902] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 128.183258][ T3902] [ 128.185588][ T3902] write to 0xffff888126269f30 of 8 bytes by task 3902 on cpu 1: [ 128.193224][ T3902] __rb_insert_augmented+0x1f0/0x370 [ 128.198514][ T3902] vma_interval_tree_insert_after+0x14b/0x170 [ 128.204590][ T3902] dup_mm+0x53e/0xba0 [ 128.208573][ T3902] copy_process+0x36f3/0x3b50 [ 128.213256][ T3902] _do_fork+0xfe/0x6e0 [ 128.217332][ T3902] __x64_sys_clone+0x12b/0x160 [ 128.222102][ T3902] do_syscall_64+0xcc/0x370 [ 128.226628][ T3902] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 128.232513][ T3902] [ 128.234847][ T3902] Reported by Kernel Concurrency Sanitizer on: [ 128.241055][ T3902] CPU: 1 PID: 3902 Comm: udevd Not tainted 5.4.0-rc7+ #0 [ 128.248098][ T3902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 128.258162][ T3902] ================================================================== [ 128.266249][ T3902] Kernel panic - not syncing: panic_on_warn set ... [ 128.272849][ T3902] CPU: 1 PID: 3902 Comm: udevd Not tainted 5.4.0-rc7+ #0 [ 128.275440][ T7680] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.279868][ T3902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 128.279873][ T3902] Call Trace: [ 128.279903][ T3902] dump_stack+0x11d/0x181 [ 128.279934][ T3902] panic+0x210/0x640 [ 128.308055][ T3902] ? vprintk_func+0x8d/0x140 [ 128.312668][ T3902] kcsan_report.cold+0xc/0xd [ 128.317271][ T3902] kcsan_setup_watchpoint+0x3fe/0x460 [ 128.318802][ T7680] 8021q: adding VLAN 0 to HW filter on device team0 [ 128.322673][ T3902] __tsan_unaligned_write8+0xc4/0x100 [ 128.322693][ T3902] __rb_insert_augmented+0x1f0/0x370 [ 128.322717][ T3902] ? kmem_cache_alloc+0x23f/0x5d0 [ 128.345041][ T3902] ? __anon_vma_interval_tree_subtree_search+0x160/0x160 [ 128.352079][ T3902] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 128.357993][ T3902] vma_interval_tree_insert_after+0x14b/0x170 [ 128.364082][ T3902] dup_mm+0x53e/0xba0 [ 128.368083][ T3902] copy_process+0x36f3/0x3b50 [ 128.372783][ T3902] _do_fork+0xfe/0x6e0 [ 128.376861][ T3902] ? apparmor_socket_setsockopt+0x33/0x40 [ 128.382785][ T3902] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 128.389044][ T3902] __x64_sys_clone+0x12b/0x160 [ 128.393837][ T3902] do_syscall_64+0xcc/0x370 [ 128.398961][ T3902] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 128.404858][ T3902] RIP: 0033:0x7f0da36baf46 [ 128.409301][ T3902] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 14 25 10 00 00 00 31 d2 49 81 c2 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 31 01 00 00 85 c0 41 89 c4 0f 85 3b 01 00 [ 128.428915][ T3902] RSP: 002b:00007ffe363de7c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 128.431322][ T7680] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 128.437326][ T3902] RAX: ffffffffffffffda RBX: 00007ffe363de7c0 RCX: 00007f0da36baf46 [ 128.437336][ T3902] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 128.437345][ T3902] RBP: 00007ffe363de820 R08: 0000000000000f3e R09: 0000000000000f3e [ 128.437365][ T3902] R10: 00007f0da3fd7a70 R11: 0000000000000246 R12: 0000000000000000 [ 128.476312][ T3902] R13: 00007ffe363de7e0 R14: 0000000001f84250 R15: 0000000000000000 [ 128.485777][ T3902] Kernel Offset: disabled [ 128.490166][ T3902] Rebooting in 86400 seconds..