[ 52.241692][ T26] audit: type=1800 audit(1573139176.048:27): pid=7892 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 52.292641][ T26] audit: type=1800 audit(1573139176.048:28): pid=7892 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 53.206042][ T26] audit: type=1800 audit(1573139177.058:29): pid=7892 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 53.227905][ T26] audit: type=1800 audit(1573139177.068:30): pid=7892 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.60' (ECDSA) to the list of known hosts. 2019/11/07 15:06:27 fuzzer started 2019/11/07 15:06:29 dialing manager at 10.128.0.105:36923 2019/11/07 15:06:29 syscalls: 2553 2019/11/07 15:06:29 code coverage: enabled 2019/11/07 15:06:29 comparison tracing: enabled 2019/11/07 15:06:29 extra coverage: extra coverage is not supported by the kernel 2019/11/07 15:06:29 setuid sandbox: enabled 2019/11/07 15:06:29 namespace sandbox: enabled 2019/11/07 15:06:29 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/07 15:06:29 fault injection: enabled 2019/11/07 15:06:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/07 15:06:29 net packet injection: enabled 2019/11/07 15:06:29 net device setup: enabled 2019/11/07 15:06:29 concurrency sanitizer: enabled 2019/11/07 15:06:29 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/11/07 15:06:31 adding functions to KCSAN blacklist: 'generic_permission' '__splice_from_pipe' 'tcp_add_backlog' 'generic_write_end' 'ext4_free_inode' 'dd_has_work' '__hrtimer_run_queues' 'tick_nohz_next_event' 'run_timer_softirq' 'tomoyo_supervisor' 'find_next_bit' 'ktime_get_real_seconds' 'task_dump_owner' 'find_get_pages_range_tag' 'ktime_get_seconds' 'ep_poll' 15:06:38 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/zero\x00', 0x0, 0x0) sendto$ax25(r0, 0x0, 0x0, 0x40000, 0x0, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f00000002c0)={0x0, 0x7, 0x2, [0x0, 0x0]}, 0xc) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000d40)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4004}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) syz_genetlink_get_family_id$net_dm(0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000440)='TIPCv2\x00') umount2(&(0x7f0000000600)='./file0\x00', 0x9) r2 = creat(0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7) inotify_add_watch(0xffffffffffffffff, 0x0, 0x2fe) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0) sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000000c0)=ANY=[@ANYRES16=0x0, @ANYBLOB], 0x2}}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x766802, 0x0) fsetxattr$security_smack_entry(0xffffffffffffffff, &(0x7f0000000080)='security.SMACK64MMAP\x00', &(0x7f0000000180)='user_id', 0x7, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000009c0)='timers\x00') ioctl$VIDIOC_S_AUDOUT(r3, 0x40345632, &(0x7f00000001c0)={0xff28, "f878dc4f836afdec1165441a319d1c8b605a87d0ec31fdab7a5be7974befb7b0"}) socket$nl_route(0x10, 0x3, 0x0) getsockopt$netrom_NETROM_N2(r2, 0x103, 0x3, 0x0, 0x0) 15:06:39 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x30, 0x0, 0x0, 0xfffff004}, {0x80000006}]}, 0x10) syzkaller login: [ 75.274774][ T8066] IPVS: ftp: loaded support on port[0] = 21 [ 75.401359][ T8066] chnl_net:caif_netlink_parms(): no params data found [ 75.437460][ T8069] IPVS: ftp: loaded support on port[0] = 21 [ 75.454729][ T8066] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.466467][ T8066] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.474817][ T8066] device bridge_slave_0 entered promiscuous mode [ 75.498994][ T8066] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.506119][ T8066] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.514168][ T8066] device bridge_slave_1 entered promiscuous mode 15:06:39 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x209, 0x0) close(r0) [ 75.548680][ T8066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.569281][ T8066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.610109][ T8066] team0: Port device team_slave_0 added [ 75.620583][ T8069] chnl_net:caif_netlink_parms(): no params data found [ 75.642579][ T8066] team0: Port device team_slave_1 added [ 75.751389][ T8066] device hsr_slave_0 entered promiscuous mode 15:06:39 executing program 3: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) unshare(0x400) splice(r0, 0x0, r1, 0x0, 0x80003, 0x0) [ 75.852553][ T8066] device hsr_slave_1 entered promiscuous mode [ 75.927846][ T8069] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.934941][ T8069] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.958478][ T8069] device bridge_slave_0 entered promiscuous mode [ 75.968291][ T8069] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.975503][ T8069] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.998439][ T8069] device bridge_slave_1 entered promiscuous mode [ 76.014956][ T8072] IPVS: ftp: loaded support on port[0] = 21 [ 76.041747][ T8074] IPVS: ftp: loaded support on port[0] = 21 [ 76.079179][ T8069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.136690][ T8069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.153449][ T8066] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.160583][ T8066] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.167965][ T8066] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.175031][ T8066] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.284191][ T8069] team0: Port device team_slave_0 added 15:06:40 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_int(r2, 0x0, 0xb, &(0x7f00006ed000), &(0x7f00000000c0)=0x4) [ 76.332715][ T8094] ================================================================== [ 76.340884][ T8094] BUG: KCSAN: data-race in pid_update_inode / security_file_open [ 76.348623][ T8094] [ 76.350965][ T8094] write to 0xffff8881244e2048 of 2 bytes by task 8096 on cpu 1: [ 76.358610][ T8094] pid_update_inode+0x51/0x70 [ 76.363301][ T8094] pid_revalidate+0x91/0xd0 [ 76.367816][ T8094] lookup_fast+0x618/0x700 [ 76.372249][ T8094] path_openat+0x2ac/0x36e0 [ 76.376771][ T8094] do_filp_open+0x11e/0x1b0 [ 76.381284][ T8094] do_sys_open+0x3b3/0x4f0 [ 76.385703][ T8094] __x64_sys_open+0x55/0x70 [ 76.390219][ T8094] do_syscall_64+0xcc/0x370 [ 76.394737][ T8094] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.400625][ T8094] [ 76.402960][ T8094] read to 0xffff8881244e2048 of 2 bytes by task 8094 on cpu 0: [ 76.410516][ T8094] security_file_open+0x11c/0x210 [ 76.415560][ T8094] do_dentry_open+0x20a/0x8f0 [ 76.420242][ T8094] vfs_open+0x62/0x80 [ 76.424235][ T8094] path_openat+0xf73/0x36e0 [ 76.428740][ T8094] do_filp_open+0x11e/0x1b0 [ 76.433248][ T8094] do_sys_open+0x3b3/0x4f0 [ 76.437674][ T8094] __x64_sys_open+0x55/0x70 [ 76.442202][ T8094] do_syscall_64+0xcc/0x370 [ 76.446712][ T8094] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.452605][ T8094] [ 76.454950][ T8094] Reported by Kernel Concurrency Sanitizer on: [ 76.461122][ T8094] CPU: 0 PID: 8094 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 76.467884][ T8094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.478191][ T8094] ================================================================== [ 76.486258][ T8094] Kernel panic - not syncing: panic_on_warn set ... [ 76.492867][ T8094] CPU: 0 PID: 8094 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 76.499630][ T8094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.509689][ T8094] Call Trace: [ 76.513294][ T8094] dump_stack+0xf5/0x159 [ 76.517587][ T8094] panic+0x210/0x640 [ 76.521683][ T8094] ? vprintk_func+0x8d/0x140 [ 76.526289][ T8094] kcsan_report.cold+0xc/0xe [ 76.530897][ T8094] kcsan_setup_watchpoint+0x3fe/0x410 [ 76.536293][ T8094] __tsan_read2+0x145/0x1f0 [ 76.540814][ T8094] security_file_open+0x11c/0x210 [ 76.545857][ T8094] do_dentry_open+0x20a/0x8f0 [ 76.550540][ T8094] ? security_inode_permission+0xa5/0xc0 [ 76.556188][ T8094] vfs_open+0x62/0x80 [ 76.560200][ T8094] path_openat+0xf73/0x36e0 [ 76.564720][ T8094] ? proc_pid_status+0xee1/0x1000 [ 76.570379][ T8094] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 76.576288][ T8094] ? __read_once_size+0x41/0xe0 [ 76.581160][ T8094] do_filp_open+0x11e/0x1b0 [ 76.585707][ T8094] ? __alloc_fd+0x2ef/0x3b0 [ 76.590249][ T8094] do_sys_open+0x3b3/0x4f0 [ 76.594691][ T8094] __x64_sys_open+0x55/0x70 [ 76.599211][ T8094] do_syscall_64+0xcc/0x370 [ 76.603744][ T8094] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.609638][ T8094] RIP: 0033:0x7f796f5ca120 [ 76.614248][ T8094] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 76.633867][ T8094] RSP: 002b:00007ffff8279618 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 76.642294][ T8094] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f796f5ca120 [ 76.650273][ T8094] RDX: 00007ffff8279650 RSI: 0000000000000000 RDI: 00007ffff8279640 [ 76.658256][ T8094] RBP: 0000000000020000 R08: 0000000000000000 R09: 00007f796f89255f [ 76.666234][ T8094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000905220 [ 76.674218][ T8094] R13: 0000000000000020 R14: 00007f796fc7f010 R15: 0000000000000000 [ 76.683495][ T8094] Kernel Offset: disabled [ 76.687821][ T8094] Rebooting in 86400 seconds..