[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 52.871406][ T7540] sshd (7540) used greatest stack depth: 10448 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 53.093804][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 53.093819][ T26] audit: type=1800 audit(1573801803.138:29): pid=7474 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 53.121208][ T26] audit: type=1800 audit(1573801803.138:30): pid=7474 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.3' (ECDSA) to the list of known hosts. 2019/11/15 07:10:11 fuzzer started 2019/11/15 07:10:12 dialing manager at 10.128.0.105:44219 2019/11/15 07:10:12 syscalls: 2566 2019/11/15 07:10:12 code coverage: enabled 2019/11/15 07:10:12 comparison tracing: enabled 2019/11/15 07:10:12 extra coverage: extra coverage is not supported by the kernel 2019/11/15 07:10:12 setuid sandbox: enabled 2019/11/15 07:10:12 namespace sandbox: enabled 2019/11/15 07:10:12 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/15 07:10:12 fault injection: enabled 2019/11/15 07:10:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/15 07:10:12 net packet injection: enabled 2019/11/15 07:10:12 net device setup: enabled 2019/11/15 07:10:12 concurrency sanitizer: enabled 2019/11/15 07:10:12 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/11/15 07:10:14 adding functions to KCSAN blacklist: 'mod_timer' 'rcu_gp_fqs_check_wake' 'find_next_bit' 'add_timer' 'run_timer_softirq' '__rb_rotate_set_parents' 'pipe_wait' 'tomoyo_supervisor' '__hrtimer_run_queues' 'pid_update_inode' 'tick_do_update_jiffies64' 'ep_insert' 07:10:15 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0x40405514, 0x0) 07:10:15 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile]}}, 0x0, 0x26}, 0x20) syzkaller login: [ 65.335684][ T7642] IPVS: ftp: loaded support on port[0] = 21 [ 65.441728][ T7642] chnl_net:caif_netlink_parms(): no params data found [ 65.460804][ T7645] IPVS: ftp: loaded support on port[0] = 21 [ 65.507909][ T7642] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.515053][ T7642] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.523112][ T7642] device bridge_slave_0 entered promiscuous mode [ 65.531141][ T7642] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.538190][ T7642] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.546056][ T7642] device bridge_slave_1 entered promiscuous mode [ 65.571990][ T7642] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.586794][ T7642] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.610598][ T7645] chnl_net:caif_netlink_parms(): no params data found 07:10:15 executing program 2: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000200)='configfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='lowerdir=.:file0']) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000140)=""/2, 0x18) [ 65.646347][ T7642] team0: Port device team_slave_0 added [ 65.653008][ T7642] team0: Port device team_slave_1 added [ 65.658714][ T7645] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.667384][ T7645] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.675548][ T7645] device bridge_slave_0 entered promiscuous mode [ 65.697834][ T7645] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.706085][ T7645] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.721349][ T7645] device bridge_slave_1 entered promiscuous mode [ 65.792195][ T7642] device hsr_slave_0 entered promiscuous mode [ 65.831122][ T7642] device hsr_slave_1 entered promiscuous mode [ 65.900786][ T7645] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.940889][ T7645] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 07:10:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x133, 0x0, 0x0, 0xff7d) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000040)="0f01d582ab06000466b97a03000066b9540b00000f320f20c06635100000000f22c02e0f01c20f01e52e2e660f6b39363e0f01c80f2349", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfffffffffffffd55, 0x40, 0x0, 0x147) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 65.986225][ T7648] IPVS: ftp: loaded support on port[0] = 21 [ 66.009350][ T7645] team0: Port device team_slave_0 added [ 66.083274][ T7645] team0: Port device team_slave_1 added [ 66.252140][ T7645] device hsr_slave_0 entered promiscuous mode [ 66.285871][ T7645] device hsr_slave_1 entered promiscuous mode [ 66.379882][ T7645] debugfs: Directory 'hsr0' with parent '/' already present! [ 66.417523][ T7673] IPVS: ftp: loaded support on port[0] = 21 [ 66.543262][ T7648] chnl_net:caif_netlink_parms(): no params data found [ 66.754238][ T7648] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.809871][ T7648] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.817638][ T7648] device bridge_slave_0 entered promiscuous mode [ 66.921350][ T7648] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.928416][ T7648] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.990518][ T7648] device bridge_slave_1 entered promiscuous mode [ 67.066129][ T7648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.167383][ T7648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.204394][ T7673] chnl_net:caif_netlink_parms(): no params data found 07:10:17 executing program 4: r0 = mq_open(&(0x7f0000001380)='eth0\x00', 0x42, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) [ 67.236725][ T28] device bridge_slave_1 left promiscuous mode [ 67.246342][ T28] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.380090][ T28] device bridge_slave_0 left promiscuous mode [ 67.386284][ T28] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.520142][ T28] device hsr_slave_0 left promiscuous mode [ 67.570032][ T28] device hsr_slave_1 left promiscuous mode [ 67.631541][ T28] team0 (unregistering): Port device team_slave_1 removed [ 67.681494][ T28] team0 (unregistering): Port device team_slave_0 removed [ 67.760594][ T28] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 67.821301][ T28] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 67.957477][ T28] bond0 (unregistering): Released all slaves [ 68.103418][ T7648] team0: Port device team_slave_0 added [ 68.122338][ T7648] team0: Port device team_slave_1 added [ 68.158068][ T7701] IPVS: ftp: loaded support on port[0] = 21 [ 68.165755][ T7700] IPVS: ftp: loaded support on port[0] = 21 [ 68.272350][ T7648] device hsr_slave_0 entered promiscuous mode [ 68.301562][ T7648] device hsr_slave_1 entered promiscuous mode 07:10:18 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000000)={0x7fffffde, 0x1, 0x1}) [ 68.408392][ T7673] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.417084][ T7673] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.449387][ T7673] device bridge_slave_0 entered promiscuous mode [ 68.483509][ T7673] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.509879][ T7673] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.517487][ T7673] device bridge_slave_1 entered promiscuous mode [ 68.618635][ T7712] IPVS: ftp: loaded support on port[0] = 21 [ 68.692118][ T7673] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.828271][ T7673] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.949174][ T7701] chnl_net:caif_netlink_parms(): no params data found [ 68.995928][ T7673] team0: Port device team_slave_0 added [ 69.022204][ T7700] chnl_net:caif_netlink_parms(): no params data found [ 69.064186][ T7673] team0: Port device team_slave_1 added [ 69.077335][ T7742] IPVS: ftp: loaded support on port[0] = 21 [ 69.271821][ T7701] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.278881][ T7701] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.310890][ T7701] device bridge_slave_0 entered promiscuous mode [ 69.372332][ T7673] device hsr_slave_0 entered promiscuous mode [ 69.410080][ T7673] device hsr_slave_1 entered promiscuous mode [ 69.449882][ T7673] debugfs: Directory 'hsr0' with parent '/' already present! [ 69.469899][ T7700] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.477226][ T7700] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.520767][ T7700] device bridge_slave_0 entered promiscuous mode [ 69.555876][ T7701] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.569871][ T7701] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.609979][ T7701] device bridge_slave_1 entered promiscuous mode [ 69.679131][ T7700] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.718939][ T7700] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.744314][ T7700] device bridge_slave_1 entered promiscuous mode [ 69.802300][ T7712] chnl_net:caif_netlink_parms(): no params data found [ 69.835397][ T7701] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.951474][ T7701] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.993114][ T7700] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.049154][ T7700] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.170213][ T7712] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.177356][ T7712] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.230810][ T7712] device bridge_slave_0 entered promiscuous mode [ 70.252811][ T7701] team0: Port device team_slave_0 added [ 70.259519][ T7700] team0: Port device team_slave_0 added [ 70.288626][ T7712] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.343070][ T7712] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.383600][ T7712] device bridge_slave_1 entered promiscuous mode [ 70.423841][ T7701] team0: Port device team_slave_1 added [ 70.430328][ T7700] team0: Port device team_slave_1 added [ 70.572792][ T7700] device hsr_slave_0 entered promiscuous mode [ 70.633336][ T7700] device hsr_slave_1 entered promiscuous mode [ 70.689869][ T7700] debugfs: Directory 'hsr0' with parent '/' already present! [ 70.753761][ T7712] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.756144][ T7771] IPVS: ftp: loaded support on port[0] = 21 [ 70.792718][ T7701] device hsr_slave_0 entered promiscuous mode [ 70.830520][ T7701] device hsr_slave_1 entered promiscuous mode [ 70.849942][ T7701] debugfs: Directory 'hsr0' with parent '/' already present! [ 70.866579][ T7712] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.951182][ T7742] chnl_net:caif_netlink_parms(): no params data found [ 71.093886][ T7712] team0: Port device team_slave_0 added [ 71.161791][ T7712] team0: Port device team_slave_1 added [ 71.212493][ T7742] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.219727][ T7742] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.270738][ T7742] device bridge_slave_0 entered promiscuous mode [ 71.375365][ T7712] device hsr_slave_0 entered promiscuous mode [ 71.434637][ T7712] device hsr_slave_1 entered promiscuous mode [ 71.479899][ T7712] debugfs: Directory 'hsr0' with parent '/' already present! [ 71.496653][ T7742] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.519936][ T7742] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.573275][ T7742] device bridge_slave_1 entered promiscuous mode [ 71.642393][ T7771] chnl_net:caif_netlink_parms(): no params data found [ 71.719802][ T7742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.881284][ T7742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.991477][ T7771] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.998534][ T7771] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.083686][ T7771] device bridge_slave_0 entered promiscuous mode [ 72.119684][ T7742] team0: Port device team_slave_0 added [ 72.143458][ T7771] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.189937][ T7771] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.197705][ T7771] device bridge_slave_1 entered promiscuous mode [ 72.251643][ T7742] team0: Port device team_slave_1 added [ 72.289301][ T7801] IPVS: ftp: loaded support on port[0] = 21 [ 72.352592][ T7771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.402384][ T7742] device hsr_slave_0 entered promiscuous mode [ 72.453142][ T7742] device hsr_slave_1 entered promiscuous mode [ 72.472718][ T7742] debugfs: Directory 'hsr0' with parent '/' already present! [ 72.495308][ T7771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.672755][ T7771] team0: Port device team_slave_0 added [ 72.709378][ T7771] team0: Port device team_slave_1 added [ 72.771992][ T7824] ================================================================== [ 72.780132][ T7824] BUG: KCSAN: data-race in __rb_insert_augmented / vm_area_dup [ 72.787663][ T7824] [ 72.789986][ T7824] write to 0xffff88812936fda0 of 8 bytes by task 7822 on cpu 1: [ 72.797612][ T7824] __rb_insert_augmented+0x20b/0x370 [ 72.802902][ T7824] vma_interval_tree_insert+0x196/0x230 [ 72.808452][ T7824] __vma_link_file+0xd9/0x110 [ 72.813129][ T7824] __vma_adjust+0x1ac/0x12a0 [ 72.817711][ T7824] __split_vma+0x338/0x350 [ 72.822122][ T7824] __do_munmap+0xb02/0xb60 [ 72.826535][ T7824] mmap_region+0x165/0xd50 [ 72.830945][ T7824] do_mmap+0x6d4/0xba0 [ 72.835013][ T7824] vm_mmap_pgoff+0x12d/0x190 [ 72.839600][ T7824] ksys_mmap_pgoff+0x2d8/0x420 [ 72.844355][ T7824] __x64_sys_mmap+0x2e/0x40 [ 72.848859][ T7824] do_syscall_64+0xcc/0x370 [ 72.853362][ T7824] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.859235][ T7824] [ 72.861561][ T7824] read to 0xffff88812936fd48 of 200 bytes by task 7824 on cpu 0: [ 72.869375][ T7824] vm_area_dup+0x70/0xf0 [ 72.873614][ T7824] __split_vma+0x88/0x350 [ 72.877937][ T7824] __do_munmap+0xb02/0xb60 [ 72.882348][ T7824] mmap_region+0x165/0xd50 [ 72.886756][ T7824] do_mmap+0x6d4/0xba0 [ 72.890827][ T7824] vm_mmap_pgoff+0x12d/0x190 [ 72.895411][ T7824] ksys_mmap_pgoff+0x2d8/0x420 [ 72.900966][ T7824] __x64_sys_mmap+0x2e/0x40 [ 72.905470][ T7824] do_syscall_64+0xcc/0x370 [ 72.909975][ T7824] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.915853][ T7824] [ 72.918166][ T7824] Reported by Kernel Concurrency Sanitizer on: [ 72.924332][ T7824] CPU: 0 PID: 7824 Comm: ps Not tainted 5.4.0-rc7+ #0 [ 72.931082][ T7824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.941130][ T7824] ================================================================== [ 72.949186][ T7824] Kernel panic - not syncing: panic_on_warn set ... [ 72.955767][ T7824] CPU: 0 PID: 7824 Comm: ps Not tainted 5.4.0-rc7+ #0 [ 72.962510][ T7824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.972559][ T7824] Call Trace: [ 72.975852][ T7824] dump_stack+0x11d/0x181 [ 72.980180][ T7824] panic+0x210/0x640 [ 72.984071][ T7824] ? vprintk_func+0x8d/0x140 [ 72.988670][ T7824] kcsan_report.cold+0xc/0xd [ 72.993265][ T7824] kcsan_setup_watchpoint+0x3fe/0x460 [ 72.998635][ T7824] ? rb_replace_node_rcu+0x160/0x170 [ 73.003928][ T7824] __tsan_read_range+0xc4/0x100 [ 73.008775][ T7824] vm_area_dup+0x70/0xf0 [ 73.013014][ T7824] __split_vma+0x88/0x350 [ 73.017340][ T7824] ? find_vma+0x3e/0x110 [ 73.021601][ T7824] __do_munmap+0xb02/0xb60 [ 73.026020][ T7824] mmap_region+0x165/0xd50 [ 73.030445][ T7824] do_mmap+0x6d4/0xba0 [ 73.034541][ T7824] vm_mmap_pgoff+0x12d/0x190 [ 73.039138][ T7824] ksys_mmap_pgoff+0x2d8/0x420 [ 73.043907][ T7824] __x64_sys_mmap+0x2e/0x40 [ 73.048411][ T7824] do_syscall_64+0xcc/0x370 [ 73.052914][ T7824] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.058795][ T7824] RIP: 0033:0x7f9a49fce3ea [ 73.063211][ T7824] Code: 48 8d 3d 81 69 00 00 b2 84 e8 52 ec ff ff f7 d8 89 05 ae ad 20 00 eb c6 90 90 90 90 90 90 90 90 49 89 ca b8 09 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d 8a ad 20 00 31 d2 48 29 c2 89 [ 73.082814][ T7824] RSP: 002b:00007ffe6d9d8c08 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 73.091224][ T7824] RAX: ffffffffffffffda RBX: 00007f9a4a1d69a8 RCX: 00007f9a49fce3ea [ 73.099452][ T7824] RDX: 0000000000000003 RSI: 0000000000005000 RDI: 00007f9a49d87000 [ 73.107420][ T7824] RBP: 00007ffe6d9d8f60 R08: 0000000000000003 R09: 0000000000183000 [ 73.115390][ T7824] R10: 0000000000000812 R11: 0000000000000206 R12: 00007ffe6d9d9048 [ 73.123360][ T7824] R13: 0000000000000002 R14: 00007ffe6d9d8c80 R15: 00007ffe6d9d8c50 [ 73.132701][ T7824] Kernel Offset: disabled [ 73.137024][ T7824] Rebooting in 86400 seconds..