[info] Using makefile-style concurrent boot in runlevel 2. [ 43.159027][ T26] audit: type=1800 audit(1574872519.458:21): pid=7452 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 43.211548][ T26] audit: type=1800 audit(1574872519.458:22): pid=7452 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts. 2019/11/27 16:35:31 fuzzer started 2019/11/27 16:35:33 dialing manager at 10.128.0.105:36065 2019/11/27 16:35:34 syscalls: 2567 2019/11/27 16:35:34 code coverage: enabled 2019/11/27 16:35:34 comparison tracing: enabled 2019/11/27 16:35:34 extra coverage: extra coverage is not supported by the kernel 2019/11/27 16:35:34 setuid sandbox: enabled 2019/11/27 16:35:34 namespace sandbox: enabled 2019/11/27 16:35:34 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/27 16:35:34 fault injection: enabled 2019/11/27 16:35:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/27 16:35:34 net packet injection: enabled 2019/11/27 16:35:34 net device setup: enabled 2019/11/27 16:35:34 concurrency sanitizer: enabled 2019/11/27 16:35:34 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/11/27 16:35:37 adding functions to KCSAN blacklist: 'rcu_gp_fqs_check_wake' 'ext4_has_free_clusters' 'mod_timer' 'ep_poll' 'tcp_add_backlog' 'find_next_bit' 'pipe_poll' 'blk_mq_get_request' 'tick_do_update_jiffies64' 'wbt_done' 'ext4_free_inode' 'tomoyo_supervisor' 'inet_dgram_connect' 'run_timer_softirq' 'blk_mq_sched_dispatch_requests' '__ext4_new_inode' 'ext4_free_inodes_count' 'find_get_pages_range_tag' 'tick_nohz_idle_stop_tick' 'blk_mq_run_hw_queue' 'icmp_global_allow' 'vm_area_dup' 'generic_write_end' 'dput' '__hrtimer_run_queues' 16:35:52 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) sendmsg$TIPC_NL_PUBL_GET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0) io_setup(0x5, &(0x7f00000000c0)=0x0) dup2(r2, r0) io_submit(r3, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x12f}]) syzkaller login: [ 75.839338][ T7625] IPVS: ftp: loaded support on port[0] = 21 16:35:52 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000140)="c0", 0x1}], 0x1, &(0x7f00000001c0)=[@dstaddrv6={0x20, 0x84, 0x8, @mcast2}], 0x20}, 0x0) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 75.907850][ T7625] chnl_net:caif_netlink_parms(): no params data found [ 75.967853][ T7625] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.983882][ T7625] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.005078][ T7625] device bridge_slave_0 entered promiscuous mode [ 76.012692][ T7625] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.033886][ T7625] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.041632][ T7625] device bridge_slave_1 entered promiscuous mode [ 76.075888][ T7625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.086226][ T7625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.089079][ T7628] IPVS: ftp: loaded support on port[0] = 21 [ 76.115014][ T7625] team0: Port device team_slave_0 added 16:35:52 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000140)={0x0, 0x8, 0x0}) [ 76.138787][ T7625] team0: Port device team_slave_1 added [ 76.226242][ T7625] device hsr_slave_0 entered promiscuous mode [ 76.294234][ T7625] device hsr_slave_1 entered promiscuous mode [ 76.369609][ T7630] IPVS: ftp: loaded support on port[0] = 21 16:35:52 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1e, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x0}) ioctl$ASHMEM_GET_NAME(0xffffffffffffffff, 0x81007702, &(0x7f0000000280)=""/101) r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0xff00) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000080)={[], 0x0, 0x400, 0x3ff, 0x0, 0x26}) [ 76.462128][ T7625] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.469359][ T7625] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.476716][ T7625] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.483741][ T7625] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.610304][ T7628] chnl_net:caif_netlink_parms(): no params data found [ 76.749895][ T7625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.793025][ T7628] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.814037][ T7628] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.834887][ T7628] device bridge_slave_0 entered promiscuous mode [ 76.910650][ T7628] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.933963][ T7628] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.941820][ T7628] device bridge_slave_1 entered promiscuous mode [ 76.985201][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.024152][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.054505][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 77.069757][ T7650] ================================================================== [ 77.077874][ T7650] BUG: KCSAN: data-race in pid_update_inode / pid_update_inode [ 77.085403][ T7650] [ 77.087739][ T7650] read to 0xffff88812520aac8 of 2 bytes by task 7655 on cpu 1: [ 77.095298][ T7650] pid_update_inode+0x25/0x70 [ 77.099968][ T7650] pid_revalidate+0x91/0xd0 [ 77.104469][ T7650] lookup_fast+0x618/0x700 [ 77.108880][ T7650] path_openat+0x2ac/0x36e0 [ 77.113377][ T7650] do_filp_open+0x11e/0x1b0 [ 77.117887][ T7650] do_sys_open+0x3b3/0x4f0 [ 77.122302][ T7650] __x64_sys_open+0x55/0x70 [ 77.126837][ T7650] do_syscall_64+0xcc/0x370 [ 77.131338][ T7650] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.137218][ T7650] [ 77.139547][ T7650] write to 0xffff88812520aac8 of 2 bytes by task 7650 on cpu 0: [ 77.147178][ T7650] pid_update_inode+0x51/0x70 [ 77.151849][ T7650] pid_revalidate+0x91/0xd0 [ 77.156459][ T7650] lookup_fast+0x618/0x700 [ 77.160881][ T7650] path_openat+0x2ac/0x36e0 [ 77.165390][ T7650] do_filp_open+0x11e/0x1b0 [ 77.169895][ T7650] do_sys_open+0x3b3/0x4f0 [ 77.174309][ T7650] __x64_sys_open+0x55/0x70 [ 77.178816][ T7650] do_syscall_64+0xcc/0x370 [ 77.183319][ T7650] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.189196][ T7650] [ 77.191515][ T7650] Reported by Kernel Concurrency Sanitizer on: [ 77.197661][ T7650] CPU: 0 PID: 7650 Comm: ps Not tainted 5.4.0-syzkaller #0 16:35:53 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x22, 0x4, 0x400, 0x0, 0x1}, 0x3c) socket$rxrpc(0x21, 0x2, 0xa) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000140), 0x1c) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5}, 0xfffffffffffffeb4) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x10020000000, 0x0}, 0x2c) recvfrom$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x19, &(0x7f00000000c0), 0x4) [ 77.204845][ T7650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.214895][ T7650] ================================================================== [ 77.222946][ T7650] Kernel panic - not syncing: panic_on_warn set ... [ 77.229535][ T7650] CPU: 0 PID: 7650 Comm: ps Not tainted 5.4.0-syzkaller #0 [ 77.236718][ T7650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.246772][ T7650] Call Trace: [ 77.250067][ T7650] dump_stack+0x11d/0x181 [ 77.254409][ T7650] panic+0x210/0x640 [ 77.258307][ T7650] ? vprintk_func+0x8d/0x140 [ 77.262904][ T7650] kcsan_report.cold+0xc/0xd [ 77.267503][ T7650] kcsan_setup_watchpoint+0x3fe/0x460 [ 77.272877][ T7650] __tsan_unaligned_write2+0xc4/0x100 [ 77.278253][ T7650] pid_update_inode+0x51/0x70 [ 77.282930][ T7650] pid_revalidate+0x91/0xd0 [ 77.287435][ T7650] lookup_fast+0x618/0x700 [ 77.291866][ T7650] path_openat+0x2ac/0x36e0 [ 77.296373][ T7650] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 77.302610][ T7650] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 77.308513][ T7650] ? __read_once_size+0x41/0xe0 [ 77.313370][ T7650] do_filp_open+0x11e/0x1b0 [ 77.317877][ T7650] ? __alloc_fd+0x2ef/0x3b0 [ 77.322394][ T7650] do_sys_open+0x3b3/0x4f0 [ 77.326818][ T7650] __x64_sys_open+0x55/0x70 [ 77.331330][ T7650] do_syscall_64+0xcc/0x370 [ 77.335842][ T7650] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.341736][ T7650] RIP: 0033:0x7f746a457120 [ 77.346160][ T7650] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 77.365767][ T7650] RSP: 002b:00007ffd53265298 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 77.374179][ T7650] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f746a457120 [ 77.383372][ T7650] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f746a925d00 [ 77.391344][ T7650] RBP: 0000000000001000 R08: 0000000000000000 R09: 00007f746a71fa10 [ 77.399309][ T7650] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f746a924d00 [ 77.407274][ T7650] R13: 0000000000a431c0 R14: 0000000000000005 R15: 0000000000000000 [ 77.416712][ T7650] Kernel Offset: disabled [ 77.421069][ T7650] Rebooting in 86400 seconds..