[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   42.068845][   T26] audit: type=1800 audit(1573799910.021:21): pid=7427 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0
[   42.117398][   T26] audit: type=1800 audit(1573799910.021:22): pid=7427 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.209' (ECDSA) to the list of known hosts.
2019/11/15 06:38:42 fuzzer started
2019/11/15 06:38:43 dialing manager at 10.128.0.105:44219
2019/11/15 06:38:43 syscalls: 2566
2019/11/15 06:38:43 code coverage: enabled
2019/11/15 06:38:43 comparison tracing: enabled
2019/11/15 06:38:43 extra coverage: extra coverage is not supported by the kernel
2019/11/15 06:38:43 setuid sandbox: enabled
2019/11/15 06:38:43 namespace sandbox: enabled
2019/11/15 06:38:43 Android sandbox: /sys/fs/selinux/policy does not exist
2019/11/15 06:38:43 fault injection: enabled
2019/11/15 06:38:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/11/15 06:38:43 net packet injection: enabled
2019/11/15 06:38:43 net device setup: enabled
2019/11/15 06:38:43 concurrency sanitizer: enabled
2019/11/15 06:38:43 devlink PCI setup: PCI device 0000:00:10.0 is not available
2019/11/15 06:38:44 adding functions to KCSAN blacklist: 'add_timer' 'run_timer_softirq' 'tomoyo_supervisor' '__hrtimer_run_queues' 'mod_timer' 'rcu_gp_fqs_check_wake' 'find_next_bit' 
06:38:45 executing program 0:
timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f00000000c0))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
r2 = gettid()
recvmmsg(r1, &(0x7f0000003c00)=[{{0x0, 0x0, &(0x7f0000003b00), 0x0, &(0x7f0000000180)=""/106, 0x28}}], 0x400000000000116, 0x0, &(0x7f0000000000)={0x77359400})
write$P9_RRENAMEAT(r1, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup2(r3, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
dup3(r0, r1, 0x0)
tkill(r2, 0x1004000000013)

06:38:45 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = eventfd2(0x0, 0x0)
r3 = dup(r2)
read$FUSE(r3, &(0x7f0000000280), 0x5a0)
r4 = open(&(0x7f0000000000)='./file0\x00', 0x200400c2, 0x0)
write$selinux_attr(r4, &(0x7f0000000180)='system_u:object_r:hugetlbfs_t:s0\x00', 0x5571)
sendfile(r3, r4, &(0x7f0000000080), 0x2008000fffffffe)

syzkaller login: [   57.512371][ T7598] IPVS: ftp: loaded support on port[0] = 21
[   57.592986][ T7598] chnl_net:caif_netlink_parms(): no params data found
[   57.651416][ T7598] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.667779][ T7598] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.687433][ T7598] device bridge_slave_0 entered promiscuous mode
[   57.698402][ T7598] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.705514][ T7598] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.720990][ T7598] device bridge_slave_1 entered promiscuous mode
[   57.738781][ T7598] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
06:38:45 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001440)=ANY=[@ANYBLOB="200000006800032500000000a90300000200000000000000080005000200000000000001f36b6744254ffe2e4173f657dcd8d2476d04795bd3bfc6afb4a84b79f6458dbe44cd490ac616f8476207dcb7d4380144abbbb4bc9481b435845656e6f859b78cc7d5fae9a6180e9485b06f1ffb80abb4b501000000000c6d757a3ccfa13467b13edfa687bdd02808a5605d1b73d76ea549012287087c9acc01ec20c2fb9ca3818fd4bba1653eb742f70008000000000076dc99133f080000ee4cfb0b3034197c9ffa10d6f56c338fe8f6d77505d76a2b09317034abef015aa5a0e80a088ea01a35d1379de0190f", @ANYRES32=0x0], 0x20}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x218fe53f1794f59, 0x0)

[   57.749960][ T7598] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.768866][ T7598] team0: Port device team_slave_0 added
[   57.781304][ T7598] team0: Port device team_slave_1 added
[   57.792074][ T7601] IPVS: ftp: loaded support on port[0] = 21
[   57.929634][ T7598] device hsr_slave_0 entered promiscuous mode
06:38:45 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = socket(0x2, 0x3, 0x2)
sendto$unix(r2, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x6a0000e0}, 0x6e)
getpeername(r2, &(0x7f0000000200)=@ll={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000280)=0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x12, 0x4, &(0x7f0000000000)=@raw=[@generic={0x9d, 0x9, 0xf, 0x2, 0x7}, @alu={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff0}, @map], &(0x7f0000000140)='syzkaller\x00', 0xfff, 0x25, &(0x7f00000001c0)=""/37, 0x41000, 0x7, [], r3, 0x5, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000340)={0x2, 0x1, 0x8, 0xb04c}, 0x10}, 0x70)
r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r4)
dup3(r1, r0, 0x80000)

[   58.008166][ T7598] device hsr_slave_1 entered promiscuous mode
[   58.115175][ T7603] IPVS: ftp: loaded support on port[0] = 21
[   58.166801][ T7605] IPVS: ftp: loaded support on port[0] = 21
[   58.241968][ T7619] ==================================================================
[   58.250110][ T7619] BUG: KCSAN: data-race in __rb_rotate_set_parents / vm_area_dup
[   58.257818][ T7619] 
[   58.260275][ T7619] read to 0xffff888122f61320 of 200 bytes by task 7621 on cpu 1:
[   58.268012][ T7619]  vm_area_dup+0x70/0xf0
[   58.272267][ T7619]  __split_vma+0x88/0x350
[   58.276596][ T7619]  split_vma+0x73/0xa0
[   58.280669][ T7619]  mprotect_fixup+0x43f/0x510
[   58.285376][ T7619]  do_mprotect_pkey+0x3eb/0x660
[   58.290233][ T7619]  __x64_sys_mprotect+0x51/0x70
[   58.295084][ T7619]  do_syscall_64+0xcc/0x370
[   58.299610][ T7619]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   58.305497][ T7619] 
[   58.307829][ T7619] write to 0xffff888122f61378 of 8 bytes by task 7619 on cpu 0:
[   58.315470][ T7619]  __rb_rotate_set_parents+0x4d/0xf0
[   58.320768][ T7619]  __rb_insert_augmented+0x109/0x370
[   58.326057][ T7619]  vma_interval_tree_insert+0x196/0x230
[   58.331602][ T7619]  __vma_link_file+0xd9/0x110
[   58.336278][ T7619]  vma_link+0xae/0x130
[   58.340354][ T7619]  mmap_region+0x8bb/0xd50
[   58.344767][ T7619]  do_mmap+0x6d4/0xba0
[   58.348839][ T7619]  vm_mmap_pgoff+0x12d/0x190
[   58.353428][ T7619]  ksys_mmap_pgoff+0x2d8/0x420
[   58.358187][ T7619]  __x64_sys_mmap+0x2e/0x40
[   58.362687][ T7619]  do_syscall_64+0xcc/0x370
[   58.366693][ T7601] chnl_net:caif_netlink_parms(): no params data found
[   58.367200][ T7619]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   58.379813][ T7619] 
[   58.382139][ T7619] Reported by Kernel Concurrency Sanitizer on:
[   58.388292][ T7619] CPU: 0 PID: 7619 Comm: grep Not tainted 5.4.0-rc7+ #0
[   58.395218][ T7619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.405266][ T7619] ==================================================================
[   58.413327][ T7619] Kernel panic - not syncing: panic_on_warn set ...
[   58.420051][ T7619] CPU: 0 PID: 7619 Comm: grep Not tainted 5.4.0-rc7+ #0
[   58.426986][ T7619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.437042][ T7619] Call Trace:
[   58.440336][ T7619]  dump_stack+0x11d/0x181
[   58.444684][ T7619]  panic+0x210/0x640
[   58.448583][ T7619]  ? vprintk_func+0x8d/0x140
[   58.453183][ T7619]  kcsan_report.cold+0xc/0xd
[   58.457789][ T7619]  kcsan_setup_watchpoint+0x3fe/0x460
[   58.463180][ T7619]  __tsan_unaligned_write8+0xc4/0x100
[   58.468555][ T7619]  __rb_rotate_set_parents+0x4d/0xf0
[   58.473847][ T7619]  __rb_insert_augmented+0x109/0x370
[   58.479139][ T7619]  ? vma_gap_callbacks_rotate+0x126/0x190
[   58.484874][ T7619]  ? __anon_vma_interval_tree_subtree_search+0x160/0x160
[   58.487562][ T7601] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.491904][ T7619]  vma_interval_tree_insert+0x196/0x230
[   58.491979][ T7619]  __vma_link_file+0xd9/0x110
[   58.509247][ T7619]  vma_link+0xae/0x130
[   58.513324][ T7619]  mmap_region+0x8bb/0xd50
[   58.517744][ T7619]  do_mmap+0x6d4/0xba0
[   58.518006][ T7601] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.521817][ T7619]  vm_mmap_pgoff+0x12d/0x190
[   58.521893][ T7619]  ksys_mmap_pgoff+0x2d8/0x420
[   58.538236][ T7619]  __x64_sys_mmap+0x2e/0x40
[   58.538582][ T7601] device bridge_slave_0 entered promiscuous mode
[   58.542739][ T7619]  do_syscall_64+0xcc/0x370
[   58.542765][ T7619]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   58.559441][ T7619] RIP: 0033:0x7f86fde6c3ea
[   58.563871][ T7619] Code: 48 8d 3d 81 69 00 00 b2 84 e8 52 ec ff ff f7 d8 89 05 ae ad 20 00 eb c6 90 90 90 90 90 90 90 90 49 89 ca b8 09 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d 8a ad 20 00 31 d2 48 29 c2 89
[   58.570936][ T7603] chnl_net:caif_netlink_parms(): no params data found
06:38:46 executing program 4:
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4}, 0x10)
write(r0, &(0x7f00000000c0)="240000001e005f0214fffffffffffff80700000000000000000000000800020000000000", 0x24)

[   58.583470][ T7619] RSP: 002b:00007ffc1d3071f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[   58.583486][ T7619] RAX: ffffffffffffffda RBX: 00007f86fe0749a8 RCX: 00007f86fde6c3ea
[   58.583496][ T7619] RDX: 0000000000000003 RSI: 0000000000005000 RDI: 00007f86fdc48000
[   58.583505][ T7619] RBP: 00007ffc1d307550 R08: 0000000000000003 R09: 0000000000183000
[   58.583514][ T7619] R10: 0000000000000812 R11: 0000000000000206 R12: 00007ffc1d307638
[   58.583596][ T7619] R13: 0000000000000002 R14: 00007ffc1d307270 R15: 00007ffc1d307240
[   58.640347][ T7619] Kernel Offset: disabled
[   58.644674][ T7619] Rebooting in 86400 seconds..