[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   41.611536][   T26] audit: type=1800 audit(1576019387.363:21): pid=7486 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0
[   41.650956][   T26] audit: type=1800 audit(1576019387.363:22): pid=7486 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts.
2019/12/10 23:09:58 fuzzer started
2019/12/10 23:09:59 dialing manager at 10.128.0.105:37821
2019/12/10 23:09:59 syscalls: 2689
2019/12/10 23:09:59 code coverage: enabled
2019/12/10 23:09:59 comparison tracing: enabled
2019/12/10 23:09:59 extra coverage: extra coverage is not supported by the kernel
2019/12/10 23:09:59 setuid sandbox: enabled
2019/12/10 23:09:59 namespace sandbox: enabled
2019/12/10 23:09:59 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/10 23:09:59 fault injection: enabled
2019/12/10 23:09:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/10 23:09:59 net packet injection: enabled
2019/12/10 23:09:59 net device setup: enabled
2019/12/10 23:09:59 concurrency sanitizer: enabled
2019/12/10 23:09:59 devlink PCI setup: PCI device 0000:00:10.0 is not available
syzkaller login: [   59.111597][ T7650] KCSAN: could not find function: 'poll_schedule_timeout'
2019/12/10 23:10:06 adding functions to KCSAN blacklist: 'ext4_has_free_clusters' 'futex_wait_queue_me' 'add_timer_on' 'lruvec_lru_size' 'bio_endio' 'tick_nohz_idle_stop_tick' 'generic_fillattr' 'audit_log_start' 'blk_mq_dispatch_rq_list' '__hrtimer_run_queues' 'find_get_pages_range_tag' 'xas_clear_mark' 'pcpu_alloc' 'tick_sched_do_timer' 'ext4_free_inodes_count' 'do_syslog' 'run_timer_softirq' 'tick_do_update_jiffies64' 'tomoyo_supervisor' 'vm_area_dup' 'mm_update_next_owner' 'ext4_nonda_switch' 'kauditd_thread' 'generic_write_end' 'dd_has_work' 'icmp_global_allow' 'find_next_bit' 'ep_poll' 'ktime_get_seconds' 'common_perm_cond' 'wbt_done' 'rcu_gp_fqs_loop' '__mark_inode_dirty' 'add_timer' 'echo_char' 'tcp_add_backlog' 'pipe_poll' 'rcu_gp_fqs_check_wake' 'poll_schedule_timeout' 'mod_timer' 'taskstats_exit' 'ext4_free_inode' 'do_signal_stop' 'blk_mq_get_request' 'list_lru_count_one' 'ktime_get_real_seconds' '__ext4_new_inode' 'mem_cgroup_select_victim_node' 'pipe_wait' '__snd_rawmidi_transmit_ack' 
23:11:42 executing program 0:
r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f00000000c0)={0x0, 0x4})

23:11:43 executing program 1:
r0 = socket$inet(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10)
r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x20400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r1, 0x4, 0x42000)
poll(&(0x7f0000000200)=[{r1}], 0x1, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x137)
ioctl$TIOCGPTLCK(0xffffffffffffffff, 0x80045439, &(0x7f0000000280))
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @local}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2)

[  157.439710][ T7654] IPVS: ftp: loaded support on port[0] = 21
[  157.504976][ T7656] IPVS: ftp: loaded support on port[0] = 21
23:11:43 executing program 2:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x101002, 0x0)
ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000018c0)=""/246)
ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f00000003c0)=0x17642c4)
r1 = dup2(r0, r0)
preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000540)=""/4087, 0xff7}], 0x1, 0x0)
write$P9_RATTACH(r1, 0x0, 0x0)

[  157.600611][ T7656] chnl_net:caif_netlink_parms(): no params data found
[  157.619866][ T7654] chnl_net:caif_netlink_parms(): no params data found
[  157.668714][ T7656] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.694284][ T7656] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.714753][ T7656] device bridge_slave_0 entered promiscuous mode
[  157.739330][ T7654] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.747900][ T7654] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.765498][ T7654] device bridge_slave_0 entered promiscuous mode
[  157.785520][ T7656] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.792606][ T7656] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.805815][ T7656] device bridge_slave_1 entered promiscuous mode
[  157.838015][ T7654] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.853918][ T7654] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.862241][ T7654] device bridge_slave_1 entered promiscuous mode
23:11:43 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000004d00)={0x18, 0x16, 0x1, 0x0, 0x0, {0xa, 0x2}, [@typed={0x4, 0x0, @binary}]}, 0x18}}, 0x0)

[  157.883782][ T7660] IPVS: ftp: loaded support on port[0] = 21
[  157.885405][ T7656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  157.912242][ T7654] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  157.929450][ T7656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  157.945322][ T7654] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  157.983236][ T7656] team0: Port device team_slave_0 added
[  157.996631][ T7654] team0: Port device team_slave_0 added
[  158.016976][ T7656] team0: Port device team_slave_1 added
[  158.023779][ T7654] team0: Port device team_slave_1 added
[  158.117550][ T7656] device hsr_slave_0 entered promiscuous mode
23:11:43 executing program 4:
keyctl$join(0x1, &(0x7f0000000380)={'syz', 0x2})
r0 = request_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x2}, 0x0, 0xfffffffffffffffb)
keyctl$revoke(0x3, r0)
request_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x2}, 0x0, 0xfffffffffffffffb)

[  158.165933][ T7656] device hsr_slave_1 entered promiscuous mode
[  158.318079][ T7654] device hsr_slave_0 entered promiscuous mode
[  158.375371][ T7654] device hsr_slave_1 entered promiscuous mode
[  158.424559][ T7654] debugfs: Directory 'hsr0' with parent '/' already present!
[  158.444577][ T7660] chnl_net:caif_netlink_parms(): no params data found
[  158.454961][ T7670] IPVS: ftp: loaded support on port[0] = 21
[  158.456809][ T7663] IPVS: ftp: loaded support on port[0] = 21
[  158.621844][ T7656] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.628988][ T7656] bridge0: port 2(bridge_slave_1) entered forwarding state
[  158.636307][ T7656] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.643352][ T7656] bridge0: port 1(bridge_slave_0) entered forwarding state
[  158.785107][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.805971][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.916854][ T7660] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.945191][ T7660] bridge0: port 1(bridge_slave_0) entered disabled state
23:11:44 executing program 5:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r0, &(0x7f0000000140), 0x10)
setsockopt(r0, 0x65, 0x1, &(0x7f0000000700)="3b3561ac00814a4548c78d250bdd795fd74ffc69a3565b45f64e53148f3f1ba2f9ef4cd9bc9accca5a9e66aa66083c540e1c390ef3733d2d4aa8d18ac54b2a11459a84cd69778e626bf2180598cf27123f9e627bf4e0467e04f91dd4c9824be1fec0ce58dd168688e6c45a2d8381f4c9a4dfa0fdbb9c9f9e0ffe482aabc46830685fd52c4413cd4d9929999530dec36e01bfcd34099fbe33339b575ff07af0ec8c1a3c4470c103362070b6230923b6a576f83bd964cdafeaeec9e341d82f90054773b4bb1886feeab2b03ec217b9c7e1caba03da6c718f16cbf30431abe8bb25295fb02cdf4fe3a04f89cf9cc5152d48d92b3f8c9e53beb90474488822da8c6ff25760c06fa435f9d0854024945f872c2d61c78c2db8a5d40e8acbd8c00e008aa50d36c09ac673fb47850a7bf8c3394a2e8112c10c10b5c9a7ee6d364ca52a1e1422e433bb020f2e74eb600033d1af7f5e2bd98ba21417e6daa73284c958ac353dc9add51e9b3ce7558cd3f47417d148444ac3a4012a393f87f3edfe83a68f9c5c80fa3e3605150e199f0443b908f11934f96745dcdf9079b275908bdfa7f470c6583c2f17d00f865afa83a0161d65624de63dfa09e359e1eb0000000100000000b8726651fba34a330eb4d117571008a9634576a1d3e245355788c524a072e1dd361370769a3250291fbb1c0015bbe190d93320e4cf2bfe640f9082a4a33524291403c723ff866b37e651eb32b16803511b5e4ca7afa48ff5dba1559deb21413bee6d818b648d60e299d9ef9e39846d771f4eb6e2fbefac6290fc2cbb1af648451675a870b77b956db74420005e9393520c971741bb4529", 0x258)
close(r0)

[  158.994299][ T7660] device bridge_slave_0 entered promiscuous mode
[  159.116266][ T7660] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.123356][ T7660] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.175527][ T7660] device bridge_slave_1 entered promiscuous mode
[  159.305182][ T7660] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  159.400119][ T7670] chnl_net:caif_netlink_parms(): no params data found
[  159.488516][ T7660] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  159.531410][ T7670] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.591896][ T7692] ==================================================================
[  159.594113][ T7670] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.600031][ T7692] BUG: KCSAN: data-race in pid_update_inode / pid_update_inode
[  159.614538][ T7692] 
[  159.616867][ T7692] read to 0xffff888125181828 of 2 bytes by task 7703 on cpu 0:
[  159.624408][ T7692]  pid_update_inode+0x25/0x70
[  159.629078][ T7692]  pid_revalidate+0x91/0xd0
[  159.633668][ T7692]  lookup_fast+0x618/0x700
[  159.638077][ T7692]  path_openat+0x2ac/0x36e0
[  159.642591][ T7692]  do_filp_open+0x11e/0x1b0
[  159.647095][ T7692]  do_sys_open+0x3b3/0x4f0
[  159.651510][ T7692]  __x64_sys_open+0x55/0x70
[  159.654774][ T7670] device bridge_slave_0 entered promiscuous mode
[  159.656022][ T7692]  do_syscall_64+0xcc/0x370
[  159.666850][ T7692]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  159.672725][ T7692] 
[  159.675062][ T7692] write to 0xffff888125181828 of 2 bytes by task 7692 on cpu 1:
[  159.682683][ T7692]  pid_update_inode+0x51/0x70
[  159.687361][ T7692]  pid_revalidate+0x91/0xd0
[  159.691865][ T7692]  lookup_fast+0x618/0x700
[  159.696279][ T7692]  path_openat+0x2ac/0x36e0
[  159.700780][ T7692]  do_filp_open+0x11e/0x1b0
[  159.705284][ T7692]  do_sys_open+0x3b3/0x4f0
[  159.709811][ T7692]  __x64_sys_open+0x55/0x70
[  159.714321][ T7692]  do_syscall_64+0xcc/0x370
[  159.716039][ T7654] 8021q: adding VLAN 0 to HW filter on device bond0
[  159.718828][ T7692]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  159.718840][ T7692] 
[  159.733949][ T7692] Reported by Kernel Concurrency Sanitizer on:
[  159.740102][ T7692] CPU: 1 PID: 7692 Comm: ps Not tainted 5.4.0-syzkaller #0
[  159.748156][ T7692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  159.758201][ T7692] ==================================================================
[  159.766340][ T7692] Kernel panic - not syncing: panic_on_warn set ...
[  159.773508][ T7692] CPU: 1 PID: 7692 Comm: ps Not tainted 5.4.0-syzkaller #0
[  159.780706][ T7692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  159.790761][ T7692] Call Trace:
[  159.794059][ T7692]  dump_stack+0x11d/0x181
[  159.798390][ T7692]  panic+0x210/0x640
[  159.802291][ T7692]  ? vprintk_func+0x8d/0x140
[  159.806896][ T7692]  kcsan_report.cold+0xc/0xd
[  159.809571][ T7656] 8021q: adding VLAN 0 to HW filter on device bond0
[  159.811502][ T7692]  kcsan_setup_watchpoint+0x3fe/0x460
[  159.823461][ T7692]  __tsan_unaligned_write2+0xc4/0x100
[  159.828830][ T7692]  pid_update_inode+0x51/0x70
[  159.833506][ T7692]  pid_revalidate+0x91/0xd0
[  159.838040][ T7692]  lookup_fast+0x618/0x700
[  159.842463][ T7692]  path_openat+0x2ac/0x36e0
[  159.846983][ T7692]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  159.853252][ T7692]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  159.859146][ T7692]  ? __read_once_size+0x41/0xe0
[  159.865143][ T7692]  do_filp_open+0x11e/0x1b0
[  159.866964][ T7656] 8021q: adding VLAN 0 to HW filter on device team0
[  159.869657][ T7692]  ? __alloc_fd+0x2ef/0x3b0
[  159.880739][ T7692]  do_sys_open+0x3b3/0x4f0
[  159.885163][ T7692]  __x64_sys_open+0x55/0x70
[  159.889671][ T7692]  do_syscall_64+0xcc/0x370
[  159.894186][ T7692]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  159.900082][ T7692] RIP: 0033:0x7f1fe8ffb120
[  159.904503][ T7692] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24
[  159.924105][ T7692] RSP: 002b:00007ffed485f888 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  159.932525][ T7692] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f1fe8ffb120
[  159.940499][ T7692] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f1fe94c9d00
[  159.948474][ T7692] RBP: 0000000000001000 R08: 0000000000000000 R09: 00007f1fe92c3a10
[  159.956447][ T7692] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1fe94c8d00
[  159.964414][ T7692] R13: 00000000006ec1c0 R14: 0000000000000005 R15: 0000000000000000
[  159.973671][ T7692] Kernel Offset: disabled
[  159.978001][ T7692] Rebooting in 86400 seconds..