[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   41.845725][   T26] audit: type=1800 audit(1574598449.384:21): pid=7449 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0
[   41.879722][   T26] audit: type=1800 audit(1574598449.384:22): pid=7449 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.127' (ECDSA) to the list of known hosts.
2019/11/24 12:27:40 fuzzer started
2019/11/24 12:27:42 dialing manager at 10.128.0.105:37257
2019/11/24 12:27:43 syscalls: 2566
2019/11/24 12:27:43 code coverage: enabled
2019/11/24 12:27:43 comparison tracing: enabled
2019/11/24 12:27:43 extra coverage: extra coverage is not supported by the kernel
2019/11/24 12:27:43 setuid sandbox: enabled
2019/11/24 12:27:43 namespace sandbox: enabled
2019/11/24 12:27:43 Android sandbox: /sys/fs/selinux/policy does not exist
2019/11/24 12:27:43 fault injection: enabled
2019/11/24 12:27:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/11/24 12:27:43 net packet injection: enabled
2019/11/24 12:27:43 net device setup: enabled
2019/11/24 12:27:43 concurrency sanitizer: enabled
2019/11/24 12:27:43 devlink PCI setup: PCI device 0000:00:10.0 is not available
syzkaller login: [   71.348979][ T7612] KCSAN: could not find function: 'poll_schedule_timeout'
2019/11/24 12:28:05 adding functions to KCSAN blacklist: 'kvm_mmu_notifier_invalidate_range_end' 'ext4_has_free_clusters' 'do_nanosleep' 'ktime_get_real_seconds' 'find_get_pages_range_tag' 'pipe_wait' 'wbt_issue' 'ip6_dst_gc' 'hrtimer_wakeup' 'do_task_stat' 'echo_char' 'generic_file_read_iter' 'ext4_writepages' 'ext4_xattr_get' 'blk_mq_sched_dispatch_requests' 'wbc_detach_inode' 'get_signal' 'tomoyo_update_stat' 'taskstats_exit' 'tick_sched_do_timer' 'rcu_gp_fqs_check_wake' 'inode_permission' 'install_new_memslots' 'pipe_poll' 'page_counter_try_charge' 'inet_sk_diag_fill' 'blk_mq_run_hw_queue' 'complete_signal' 'relay_switch_subbuf' 'lruvec_lru_size' 'flush_workqueue' '__snd_rawmidi_transmit_ack' 'timer_clear_idle' 'list_lru_count_one' 'inactive_list_is_low' 'ksys_read' '__dev_queue_xmit' 'snd_seq_timer_get_cur_tick' '__skb_try_recv_from_queue' 'handle_userfault' 'xas_find_marked' '__delete_from_page_cache' '__filemap_fdatawrite_range' 'ep_poll' 'ext4_free_inodes_count' 'futex_wait_queue_me' '__add_to_page_cache_locked' 'iput' '__writeback_single_inode' 'calc_timer_values' 'run_timer_softirq' 'ext4_free_inode' 'atime_needs_update' 'ktime_get_seconds' 'd_delete' 'blk_mq_free_request' 'dd_has_work' 'mem_cgroup_select_victim_node' 'virtqueue_enable_cb_delayed' 'snd_seq_check_queue' 'common_perm_cond' 'other_inode_match' 'd_set_mounted' 'fib6_clean_node' 'add_timer' 'tick_nohz_idle_stop_tick' 'kauditd_thread' 'bio_endio' 'ext4_setattr' 'pcpu_alloc' 'sbitmap_queue_clear' 'rcu_gp_fqs_loop' 'virtqueue_disable_cb' 'generic_fillattr' 'sctp_assoc_migrate' 'page_counter_charge' 'do_signal_stop' 'snd_ctl_notify' 'do_exit' 'shmem_getpage_gfp' 'ext4_mb_good_group' 'percpu_counter_add_batch' 'wbt_done' '__mark_inode_dirty' 'wbt_wait' 'generic_permission' 'n_tty_receive_buf_common' 'bio_chain' '__hrtimer_run_queues' '__splice_from_pipe' 'tick_nohz_next_event' 'commit_echoes' 'writeback_sb_inodes' 'ext4_nonda_switch' 'audit_log_start' 'fasync_remove_entry' 'add_timer_on' 'ext4_mb_find_by_goal' 'cma_comp_exch' 'wbc_attach_and_unlock_inode' 'af_alg_sendmsg' 'blk_mq_get_request' 'blk_mq_dispatch_rq_list' 'do_syslog' 'icmp_global_allow' 'packet_do_bind' 'poll_schedule_timeout' 'pid_update_inode' 'sit_tunnel_xmit' 'ip_finish_output2' 'enqueue_timer' 'yama_ptracer_del' 'unix_release_sock' '__ext4_new_inode' 'evict' 'tick_do_update_jiffies64' '__perf_event_overflow' 'file_remove_privs' 'find_next_bit' 'generic_write_end' 'ext4_mark_iloc_dirty' 'p9_poll_workfn' 'ns_capable_common' 'netlink_getname' 'snd_seq_prioq_cell_out' 'tcp_add_backlog' 'xas_clear_mark' 'shmem_file_read_iter' '__process_echoes' 'd_instantiate_new' 'ext4_da_write_end' 'ondemand_readahead' 'batadv_tt_local_add' 'vm_area_dup' 'tomoyo_supervisor' 'copy_process' 'process_srcu' 'watchdog' 'filemap_map_pages' 'lookup_fast' 
12:32:17 executing program 0:

[  330.117835][ T7616] IPVS: ftp: loaded support on port[0] = 21
12:32:17 executing program 1:

[  330.193844][ T7616] chnl_net:caif_netlink_parms(): no params data found
[  330.254693][ T7616] bridge0: port 1(bridge_slave_0) entered blocking state
[  330.262386][ T7616] bridge0: port 1(bridge_slave_0) entered disabled state
[  330.270079][ T7616] device bridge_slave_0 entered promiscuous mode
[  330.293649][ T7616] bridge0: port 2(bridge_slave_1) entered blocking state
[  330.300749][ T7616] bridge0: port 2(bridge_slave_1) entered disabled state
[  330.322750][ T7616] device bridge_slave_1 entered promiscuous mode
[  330.351601][ T7616] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  330.377343][ T7620] IPVS: ftp: loaded support on port[0] = 21
[  330.384883][ T7616] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
12:32:18 executing program 2:

[  330.417267][ T7616] team0: Port device team_slave_0 added
[  330.433412][ T7616] team0: Port device team_slave_1 added
[  330.524237][ T7616] device hsr_slave_0 entered promiscuous mode
[  330.562347][ T7616] device hsr_slave_1 entered promiscuous mode
[  330.660394][ T7623] IPVS: ftp: loaded support on port[0] = 21
[  330.704441][ T7616] bridge0: port 2(bridge_slave_1) entered blocking state
[  330.711624][ T7616] bridge0: port 2(bridge_slave_1) entered forwarding state
[  330.718987][ T7616] bridge0: port 1(bridge_slave_0) entered blocking state
[  330.726055][ T7616] bridge0: port 1(bridge_slave_0) entered forwarding state
[  330.786990][ T7620] chnl_net:caif_netlink_parms(): no params data found
[  330.883836][ T7616] 8021q: adding VLAN 0 to HW filter on device bond0
[  330.919082][ T7620] bridge0: port 1(bridge_slave_0) entered blocking state
12:32:18 executing program 3:

[  330.942128][ T7620] bridge0: port 1(bridge_slave_0) entered disabled state
[  330.973036][ T7620] device bridge_slave_0 entered promiscuous mode
[  330.998339][ T7616] 8021q: adding VLAN 0 to HW filter on device team0
[  331.016731][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  331.033956][ T3018] bridge0: port 1(bridge_slave_0) entered disabled state
[  331.062527][ T3018] bridge0: port 2(bridge_slave_1) entered disabled state
[  331.075158][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  331.133610][ T7620] bridge0: port 2(bridge_slave_1) entered blocking state
[  331.141029][ T7620] bridge0: port 2(bridge_slave_1) entered disabled state
[  331.182788][ T7620] device bridge_slave_1 entered promiscuous mode
[  331.257256][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  331.266115][ T3018] bridge0: port 1(bridge_slave_0) entered blocking state
[  331.273211][ T3018] bridge0: port 1(bridge_slave_0) entered forwarding state
[  331.343848][ T7620] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  331.394806][ T7647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  331.395485][ T7652] IPVS: ftp: loaded support on port[0] = 21
[  331.409624][ T7647] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  331.446423][ T7647] bridge0: port 2(bridge_slave_1) entered blocking state
[  331.453579][ T7647] bridge0: port 2(bridge_slave_1) entered forwarding state
[  331.503148][ T7647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  331.524874][ T7620] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  331.592416][ T7620] team0: Port device team_slave_0 added
[  331.599370][ T7620] team0: Port device team_slave_1 added
[  331.641426][ T7623] chnl_net:caif_netlink_parms(): no params data found
12:32:19 executing program 4:

[  331.714040][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  331.733443][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  331.745855][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  331.874343][ T7620] device hsr_slave_0 entered promiscuous mode
[  331.912462][ T7620] device hsr_slave_1 entered promiscuous mode
[  331.982234][ T7620] debugfs: Directory 'hsr0' with parent '/' already present!
[  331.992975][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  332.012838][ T7636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  332.032869][ T7645] ==================================================================
[  332.040987][ T7645] BUG: KCSAN: data-race in __d_lookup_done / __dentry_kill
[  332.048164][ T7645] 
[  332.050498][ T7645] read to 0xffff8881255e6540 of 4 bytes by task 7643 on cpu 1:
[  332.058039][ T7645]  __dentry_kill+0x1be/0x3c0
[  332.062623][ T7645]  dput+0x3b5/0x750
[  332.066424][ T7645]  __lookup_slow+0x271/0x2a0
[  332.071011][ T7645]  lookup_slow+0x4f/0x70
[  332.075245][ T7645]  walk_component+0x4a2/0xe70
[  332.079919][ T7645]  path_lookupat.isra.0+0x13a/0x5a0
[  332.085119][ T7645]  filename_lookup+0x145/0x2b0
[  332.089879][ T7645]  user_path_at_empty+0x4c/0x70
[  332.094724][ T7645]  vfs_statx+0xd9/0x190
[  332.098867][ T7645]  __do_sys_newstat+0x51/0xb0
[  332.103535][ T7645]  __x64_sys_newstat+0x3a/0x50
[  332.108302][ T7645]  do_syscall_64+0xcc/0x370
[  332.112805][ T7645]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  332.118682][ T7645] 
[  332.121011][ T7645] write to 0xffff8881255e6540 of 4 bytes by task 7645 on cpu 0:
[  332.128665][ T7645]  __d_lookup_done+0xb0/0x2f0
[  332.133335][ T7645]  __lookup_slow+0x254/0x2a0
[  332.137924][ T7645]  lookup_slow+0x4f/0x70
[  332.142164][ T7645]  walk_component+0x4a2/0xe70
[  332.146860][ T7645]  path_lookupat.isra.0+0x13a/0x5a0
[  332.152068][ T7645]  filename_lookup+0x145/0x2b0
[  332.156835][ T7645]  user_path_at_empty+0x4c/0x70
[  332.161687][ T7645]  vfs_statx+0xd9/0x190
[  332.165850][ T7645]  __do_sys_newstat+0x51/0xb0
[  332.170555][ T7645]  __x64_sys_newstat+0x3a/0x50
[  332.175338][ T7645]  do_syscall_64+0xcc/0x370
[  332.179834][ T7645]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  332.185703][ T7645] 
[  332.188026][ T7645] Reported by Kernel Concurrency Sanitizer on:
[  332.194181][ T7645] CPU: 0 PID: 7645 Comm: ps Not tainted 5.4.0-rc7+ #0
[  332.200930][ T7645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  332.210973][ T7645] ==================================================================
[  332.219024][ T7645] Kernel panic - not syncing: panic_on_warn set ...
[  332.225628][ T7645] CPU: 0 PID: 7645 Comm: ps Not tainted 5.4.0-rc7+ #0
[  332.232394][ T7645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  332.242430][ T7645] Call Trace:
[  332.245723][ T7645]  dump_stack+0x11d/0x181
[  332.250078][ T7645]  panic+0x210/0x640
[  332.253973][ T7645]  ? vprintk_func+0x8d/0x140
[  332.258566][ T7645]  kcsan_report.cold+0xc/0xd
[  332.263153][ T7645]  kcsan_setup_watchpoint+0x3fe/0x460
[  332.268530][ T7645]  __tsan_unaligned_write4+0xc4/0x100
[  332.273900][ T7645]  __d_lookup_done+0xb0/0x2f0
[  332.278588][ T7645]  ? proc_lookup+0x3e/0x50
[  332.283003][ T7645]  __lookup_slow+0x254/0x2a0
[  332.287598][ T7645]  lookup_slow+0x4f/0x70
[  332.291838][ T7645]  walk_component+0x4a2/0xe70
[  332.296509][ T7645]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  332.302760][ T7645]  ? link_path_walk.part.0+0x77f/0xa90
[  332.308221][ T7645]  ? ___cache_free+0x2e/0x320
[  332.312912][ T7645]  path_lookupat.isra.0+0x13a/0x5a0
[  332.318109][ T7645]  ? __read_once_size.constprop.0+0x12/0x20
[  332.324015][ T7645]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  332.330356][ T7645]  filename_lookup+0x145/0x2b0
[  332.335125][ T7645]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  332.341357][ T7645]  ? strncpy_from_user+0x219/0x2b0
[  332.346470][ T7645]  user_path_at_empty+0x4c/0x70
[  332.351320][ T7645]  vfs_statx+0xd9/0x190
[  332.355651][ T7645]  __do_sys_newstat+0x51/0xb0
[  332.360316][ T7645]  ? _raw_spin_unlock_irq+0x68/0x80
[  332.365510][ T7645]  ? mem_cgroup_handle_over_high+0x50/0x180
[  332.371408][ T7645]  ? __read_once_size.constprop.0+0x12/0x20
[  332.377321][ T7645]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
12:32:19 executing program 5:

[  332.383556][ T7645]  ? debug_smp_processor_id+0x4c/0x172
[  332.389018][ T7645]  __x64_sys_newstat+0x3a/0x50
[  332.393780][ T7645]  do_syscall_64+0xcc/0x370
[  332.398275][ T7645]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  332.404179][ T7645] RIP: 0033:0x7f8163541c65
[  332.408611][ T7645] Code: 00 00 00 e8 5d 01 00 00 48 83 c4 18 c3 90 90 90 90 90 90 90 90 83 ff 01 48 89 f0 77 18 48 89 c7 48 89 d6 b8 04 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 17 f3 c3 90 48 8b 05 a1 51 2b 00 64 c7 00 16
[  332.428207][ T7645] RSP: 002b:00007ffe13eff848 EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  332.436617][ T7645] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f8163541c65
[  332.444586][ T7645] RDX: 00007f8163a0fc60 RSI: 00007f8163a0fc60 RDI: 0000000001670220
[  332.452549][ T7645] RBP: 0000000000020062 R08: 00007f81637f75a0 R09: 0000000000000000
[  332.460520][ T7645] R10: 1999999999999999 R11: 0000000000000246 R12: 0000000001670220
[  332.468505][ T7645] R13: 00000000016701c0 R14: 0000000000000005 R15: 0000000000000000
[  332.477885][ T7645] Kernel Offset: disabled
[  332.482226][ T7645] Rebooting in 86400 seconds..