[info] Using makefile-style concurrent boot in runlevel 2. [ 49.323224][ T26] audit: type=1800 audit(1575148353.278:21): pid=7470 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 49.370426][ T26] audit: type=1800 audit(1575148353.278:22): pid=7470 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. 2019/11/30 21:12:41 fuzzer started 2019/11/30 21:12:42 dialing manager at 10.128.0.105:36521 2019/11/30 21:12:42 syscalls: 2592 2019/11/30 21:12:42 code coverage: enabled 2019/11/30 21:12:42 comparison tracing: enabled 2019/11/30 21:12:42 extra coverage: extra coverage is not supported by the kernel 2019/11/30 21:12:42 setuid sandbox: enabled 2019/11/30 21:12:42 namespace sandbox: enabled 2019/11/30 21:12:42 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/30 21:12:42 fault injection: enabled 2019/11/30 21:12:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/30 21:12:42 net packet injection: enabled 2019/11/30 21:12:42 net device setup: enabled 2019/11/30 21:12:42 concurrency sanitizer: enabled 2019/11/30 21:12:42 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/11/30 21:12:43 adding functions to KCSAN blacklist: 'taskstats_exit' 'tomoyo_supervisor' '__hrtimer_run_queues' 'pipe_poll' '__ext4_new_inode' 'tcp_add_backlog' 21:12:45 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f0000001200)='/dev/vcsa#\x00', 0x1, 0x0) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) fcntl$setstatus(r0, 0x4, 0x2000) 21:12:45 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000580)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff9ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000020000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c7d1c6238975d43a4505f805303e089fc889f3c530cf08e467b592f868ee3b0a434df0a0e8c1bf176db2a6b2feb4b6fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c7c56f0979bd10b97163c1d6d0e196bf02f46c7953ab1abda45cbe8f9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000000000000b0c2940dd8e263f63223b7b80197aa743f7555193161f45346b100000000000000000089e399f6609876b5887437a172fbc02a740675298b79dc194e533583411c09058fc20200bdd3e26a5ab2728a0481e9f0da43bb6cfb851ce5a9ff19ffcafe3e64be033c9d2f972cc93c1c13caec04a347c24a9fb6a6991ddb737d527d6acb15426415b6e8b14f822e86067a5e991c3bd14984dfa2c6e94bd0339454c13ad3c328a182c15d7a61920350a007c2431d11d56cf173ffe50be1c35f1431c6bab14781ea588848c9f3e0a36787330ec0394679c1febe04"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0xf, 0x0, &(0x7f0000000540)="8d14fb003092bd81ed4e5b534c5747c8", 0x0, 0x1000, 0x0, 0x0, 0x250}, 0x28) syzkaller login: [ 61.576965][ T7636] IPVS: ftp: loaded support on port[0] = 21 [ 61.656313][ T7636] chnl_net:caif_netlink_parms(): no params data found [ 61.717303][ T7636] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.725915][ T7636] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.734145][ T7636] device bridge_slave_0 entered promiscuous mode [ 61.747242][ T7639] IPVS: ftp: loaded support on port[0] = 21 [ 61.753852][ T7636] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.765332][ T7636] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.773338][ T7636] device bridge_slave_1 entered promiscuous mode [ 61.825247][ T7636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.854558][ T7636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 21:12:45 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x404e20}, 0x1c) listen(r0, 0x400000001ffffffd) r1 = socket$inet6(0xa, 0x6, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$VFIO_IOMMU_MAP_DMA(0xffffffffffffffff, 0x3b71, &(0x7f0000000080)={0x20, 0x1, 0x401, 0x85, 0x7ff}) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000)={0x2, [0x0, 0x0]}, &(0x7f0000000140)=0xc) openat$cachefiles(0xffffffffffffff9c, 0x0, 0x200000, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000180)={0x0, 0x4000, 0x10001, 0xd9, 0x7, 0xd268, 0x1, 0x81, {0x0, @in6={{0xa, 0x0, 0x5f, @remote}}, 0x8, 0x0, 0x7f, 0x6}}, &(0x7f0000000240)=0xb0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) socket$inet6(0xa, 0x800, 0x20) [ 61.884449][ T7639] chnl_net:caif_netlink_parms(): no params data found [ 61.894783][ T7636] team0: Port device team_slave_0 added [ 61.902099][ T7636] team0: Port device team_slave_1 added [ 62.022655][ T7636] device hsr_slave_0 entered promiscuous mode 21:12:46 executing program 3: r0 = clone3(&(0x7f0000001540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) io_setup(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) process_vm_writev(r0, &(0x7f00000026c0)=[{&(0x7f0000000240)=""/2, 0xa4}], 0x1, &(0x7f0000000200), 0x369, 0x0) [ 62.111741][ T7636] device hsr_slave_1 entered promiscuous mode [ 62.193944][ T7639] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.204240][ T7639] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.263969][ T7639] device bridge_slave_0 entered promiscuous mode [ 62.315133][ T7642] IPVS: ftp: loaded support on port[0] = 21 [ 62.325582][ T7639] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.350599][ T7639] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.358359][ T7639] device bridge_slave_1 entered promiscuous mode [ 62.414995][ T7636] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.422170][ T7636] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.429837][ T7636] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.436943][ T7636] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.536164][ T7639] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.612465][ T7639] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.629279][ T7667] IPVS: ftp: loaded support on port[0] = 21 [ 62.675749][ T7639] team0: Port device team_slave_0 added [ 62.730796][ T2416] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.751443][ T2416] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.805297][ T7636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.821558][ T7639] team0: Port device team_slave_1 added [ 62.863264][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.881382][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 21:12:46 executing program 4: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) socket$inet(0xa, 0x0, 0x0) pipe(0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000000)=@broute={'\n\x00oute\x00', 0x20, 0x8, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20d9f000], 0x0, 0x0, 0x0}, 0xa8) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$KVM_GET_NR_MMU_PAGES(r0, 0xae45, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000640)='/dev/vbi#\x00', 0x3, 0x2) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000006c0)={r1, 0xffff7fff, 0x1}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e24, 0x7e40, @remote, 0x1}}, [0x2, 0x800000000000, 0x3, 0x81, 0x6, 0x9, 0x0, 0x400, 0x0, 0x5, 0x2f, 0x80000000, 0x5, 0x1, 0x2]}, &(0x7f0000000300)=0x100) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000340)={r2, 0x7, 0xdad8}, &(0x7f0000000380)=0x8) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') socket$kcm(0xa, 0x0, 0x73) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) chdir(0x0) bind(0xffffffffffffffff, &(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @dev, 0x3}, 0x80) getsockname(0xffffffffffffffff, 0x0, &(0x7f000000ad00)) syz_init_net_socket$rose(0xb, 0x5, 0x0) r3 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 62.950550][ T7636] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.969558][ T7642] chnl_net:caif_netlink_parms(): no params data found [ 63.042648][ T7639] device hsr_slave_0 entered promiscuous mode [ 63.070801][ T7639] device hsr_slave_1 entered promiscuous mode [ 63.110471][ T7639] debugfs: Directory 'hsr0' with parent '/' already present! [ 63.154552][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.163593][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.200893][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.208414][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.240926][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.249629][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.312838][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.319927][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.351104][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.360138][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.411563][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.440747][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.449982][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.501326][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.568596][ T7636] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 63.590273][ T7636] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.637506][ T7677] ================================================================== [ 63.645652][ T7677] BUG: KCSAN: data-race in __rb_erase_color / vm_area_dup [ 63.649145][ T7672] IPVS: ftp: loaded support on port[0] = 21 [ 63.652748][ T7677] [ 63.652764][ T7677] write to 0xffff88811e0f7b48 of 8 bytes by task 7675 on cpu 0: [ 63.652788][ T7677] __rb_erase_color+0x635/0x700 [ 63.652806][ T7677] vma_interval_tree_remove+0x4e8/0x8a0 [ 63.652819][ T7677] __remove_shared_vm_struct+0xad/0xd0 [ 63.652831][ T7677] unlink_file_vma+0x69/0x90 [ 63.652844][ T7677] free_pgtables+0x14f/0x200 [ 63.652855][ T7677] exit_mmap+0x151/0x300 [ 63.652868][ T7677] mmput+0xea/0x280 [ 63.652881][ T7677] do_exit+0x4c9/0x18f0 [ 63.652900][ T7677] do_group_exit+0xb4/0x1c0 [ 63.652912][ T7677] __x64_sys_exit_group+0x2e/0x30 [ 63.652932][ T7677] do_syscall_64+0xcc/0x370 [ 63.652947][ T7677] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.652950][ T7677] [ 63.652962][ T7677] read to 0xffff88811e0f7af0 of 200 bytes by task 7677 on cpu 1: [ 63.652974][ T7677] vm_area_dup+0x70/0xf0 [ 63.652998][ T7677] __split_vma+0x88/0x350 [ 63.749317][ T7677] __do_munmap+0xb02/0xb60 [ 63.753743][ T7677] mmap_region+0x165/0xd50 [ 63.758160][ T7677] do_mmap+0x6d4/0xba0 [ 63.762233][ T7677] vm_mmap_pgoff+0x12d/0x190 [ 63.766822][ T7677] ksys_mmap_pgoff+0x2d8/0x420 [ 63.771597][ T7677] __x64_sys_mmap+0x2e/0x40 [ 63.776107][ T7677] do_syscall_64+0xcc/0x370 [ 63.780629][ T7677] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.786506][ T7677] [ 63.788823][ T7677] Reported by Kernel Concurrency Sanitizer on: [ 63.794985][ T7677] CPU: 1 PID: 7677 Comm: grep Not tainted 5.4.0-syzkaller #0 [ 63.802349][ T7677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.812849][ T7677] ================================================================== [ 63.820948][ T7677] Kernel panic - not syncing: panic_on_warn set ... [ 63.827539][ T7677] CPU: 1 PID: 7677 Comm: grep Not tainted 5.4.0-syzkaller #0 [ 63.835334][ T7677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.845386][ T7677] Call Trace: [ 63.848689][ T7677] dump_stack+0x11d/0x181 [ 63.853027][ T7677] panic+0x210/0x640 [ 63.856933][ T7677] ? vprintk_func+0x8d/0x140 [ 63.861718][ T7677] kcsan_report.cold+0xc/0xd [ 63.866330][ T7677] kcsan_setup_watchpoint+0x3fe/0x460 [ 63.871714][ T7677] ? __rb_rotate_set_parents+0x70/0xf0 [ 63.878412][ T7677] __tsan_read_range+0xc4/0x100 [ 63.883278][ T7677] vm_area_dup+0x70/0xf0 [ 63.887559][ T7677] __split_vma+0x88/0x350 [ 63.891901][ T7677] ? find_vma+0x3e/0x110 [ 63.896164][ T7677] __do_munmap+0xb02/0xb60 [ 63.900602][ T7677] mmap_region+0x165/0xd50 [ 63.905061][ T7677] do_mmap+0x6d4/0xba0 [ 63.909158][ T7677] vm_mmap_pgoff+0x12d/0x190 [ 63.914200][ T7677] ksys_mmap_pgoff+0x2d8/0x420 [ 63.918969][ T7677] __x64_sys_mmap+0x2e/0x40 [ 63.923494][ T7677] do_syscall_64+0xcc/0x370 [ 63.928013][ T7677] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.934007][ T7677] RIP: 0033:0x7efec692b3ea [ 63.938432][ T7677] Code: 48 8d 3d 81 69 00 00 b2 84 e8 52 ec ff ff f7 d8 89 05 ae ad 20 00 eb c6 90 90 90 90 90 90 90 90 49 89 ca b8 09 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d 8a ad 20 00 31 d2 48 29 c2 89 [ 63.959174][ T7677] RSP: 002b:00007ffd8298ecd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 63.967593][ T7677] RAX: ffffffffffffffda RBX: 00007efec6b339a8 RCX: 00007efec692b3ea [ 63.975595][ T7677] RDX: 0000000000000003 RSI: 0000000000005000 RDI: 00007efec6707000 21:12:47 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = socket$unix(0x1, 0x3, 0x0) bind$unix(r1, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) connect$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000002dc0), 0x49a, 0x4ffe0) dup2(r0, r2) [ 63.983571][ T7677] RBP: 00007ffd8298f030 R08: 0000000000000003 R09: 0000000000183000 [ 63.991540][ T7677] R10: 0000000000000812 R11: 0000000000000206 R12: 00007ffd8298f118 [ 63.999612][ T7677] R13: 0000000000000002 R14: 00007ffd8298ed50 R15: 00007ffd8298ed20 [ 64.009162][ T7677] Kernel Offset: disabled [ 64.013505][ T7677] Rebooting in 86400 seconds..