[ 41.982615][ T25] audit: type=1800 audit(1576133214.829:21): pid=7460 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 42.034682][ T25] audit: type=1800 audit(1576133214.829:22): pid=7460 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 43.101282][ T7525] sshd (7525) used greatest stack depth: 10128 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts. 2019/12/12 06:47:07 fuzzer started 2019/12/12 06:47:09 dialing manager at 10.128.0.105:39821 2019/12/12 06:47:09 syscalls: 2689 2019/12/12 06:47:09 code coverage: enabled 2019/12/12 06:47:09 comparison tracing: enabled 2019/12/12 06:47:09 extra coverage: extra coverage is not supported by the kernel 2019/12/12 06:47:09 setuid sandbox: enabled 2019/12/12 06:47:09 namespace sandbox: enabled 2019/12/12 06:47:09 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/12 06:47:09 fault injection: enabled 2019/12/12 06:47:09 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/12 06:47:09 net packet injection: enabled 2019/12/12 06:47:09 net device setup: enabled 2019/12/12 06:47:09 concurrency sanitizer: enabled 2019/12/12 06:47:09 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 61.016440][ T7625] KCSAN: could not find function: 'poll_schedule_timeout' 2019/12/12 06:47:15 adding functions to KCSAN blacklist: 'audit_log_start' 'echo_char' '__hrtimer_run_queues' 'xas_clear_mark' 'blk_mq_get_request' 'add_timer' 'run_timer_softirq' 'virtqueue_enable_cb_delayed' 'mod_timer' 'pipe_poll' 'taskstats_exit' '__snd_rawmidi_transmit_ack' 'copy_process' 'blk_mq_sched_dispatch_requests' 'do_nanosleep' 'dd_has_work' 'commit_echoes' 'sixpack_receive_buf' 'ext4_free_inode' 'tomoyo_supervisor' '__splice_from_pipe' 'tick_sched_do_timer' '__ext4_new_inode' 'wbt_done' '__mark_inode_dirty' 'poll_schedule_timeout' 'tcp_add_backlog' 'find_next_bit' 'tick_do_update_jiffies64' 'pid_update_inode' 'ext4_has_free_clusters' 'generic_write_end' 'tick_nohz_idle_stop_tick' 'ep_poll' 'rcu_gp_fqs_check_wake' 'find_get_pages_range_tag' 'lruvec_lru_size' 'ext4_nonda_switch' 'blk_mq_dispatch_rq_list' 'ktime_get_real_seconds' 'vm_area_dup' 'pipe_wait' 'filemap_fault' 'generic_fillattr' 06:48:10 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaa3, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x1000, 0x32) connect$bt_sco(r1, &(0x7f00000001c0)={0x1f, {0x2, 0xa5, 0x7, 0x6, 0x40, 0x5}}, 0x8) r2 = socket$inet6(0xa, 0x401000000001, 0x0) close(r2) syz_open_procfs(0x0, &(0x7f00000002c0)='comm\x00') r3 = syz_open_dev$sndpcmp(&(0x7f0000000480)='/dev/snd/pcmC#D#p\x00', 0x0, 0x405) dup2(0xffffffffffffffff, r3) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000500)='TIPCv2\x00') sendmsg$TIPC_NL_NET_GET(r3, &(0x7f0000000700)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000006c0)={&(0x7f0000000540)={0x154, r4, 0x10, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0x84, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffff}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x54f7724}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_MEDIA={0xbc, 0x5, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x200}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xcb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xdd}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xcb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x1}, 0x2000c040) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f0000000480)='/dev/snd/pcmC#D#p\x00', 0x0, 0x405) r7 = syz_open_dev$sndpcmp(&(0x7f0000000740)='/dev/snd/pcmC#D#p\x00', 0x1000, 0x40000) fspick(r7, &(0x7f0000000780)='./bus\x00', 0x0) r8 = socket$inet_udplite(0x2, 0x2, 0x88) dup2(r8, r6) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000100)={&(0x7f00000000c0)=[0x0, 0x0], 0x2}) readv(r5, &(0x7f0000000000)=[{&(0x7f0000000300)=""/204, 0xcc}, {&(0x7f0000000440)=""/155, 0x9b}], 0x2) r9 = open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) ftruncate(r9, 0x2007fff) sendfile(r2, r9, 0x0, 0x8000fffffffe) creat(&(0x7f0000000140)='./bus\x00', 0x0) [ 118.153018][ T7629] IPVS: ftp: loaded support on port[0] = 21 06:48:11 executing program 1: setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000540)=ANY=[@ANYBLOB="e0004001ac1414aa"], 0x1) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000240)={@multicast1, @local}, 0xc) getsockopt$inet_buf(r0, 0x0, 0x29, &(0x7f0000000540)=""/197, &(0x7f0000000400)=0xffc4) [ 118.220802][ T7629] chnl_net:caif_netlink_parms(): no params data found [ 118.280071][ T7629] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.297638][ T7629] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.305259][ T7629] device bridge_slave_0 entered promiscuous mode [ 118.327907][ T7629] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.335056][ T7629] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.343526][ T7629] device bridge_slave_1 entered promiscuous mode [ 118.361141][ T7629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 118.371609][ T7629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 118.391018][ T7629] team0: Port device team_slave_0 added [ 118.398036][ T7629] team0: Port device team_slave_1 added 06:48:11 executing program 2: perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0xfe41) syz_open_dev$admmidi(0x0, 0x0, 0x242281) connect$inet6(r0, &(0x7f0000000400)={0xa, 0x0, 0x80000000, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0)='tls\x00', 0x4) chmod(0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x303}, "b81cefe44eaac171", "672c7e7b1b92b68c118c2c998dbd06cedfb7c5cbcc766d84eb975916b6ddc16c", "4dc90fba", "f3b2dacd291ff247"}, 0x38) recvmmsg(r0, &(0x7f0000004bc0)=[{{&(0x7f0000004940)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000004a80), 0x0, &(0x7f0000000100)=""/210, 0xd2}}], 0x3d8, 0x0, &(0x7f0000004dc0)={0x77359400}) [ 118.469200][ T7629] device hsr_slave_0 entered promiscuous mode [ 118.498428][ T7629] device hsr_slave_1 entered promiscuous mode [ 118.575151][ T7632] IPVS: ftp: loaded support on port[0] = 21 [ 118.609963][ T7629] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.617161][ T7629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.624666][ T7629] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.631739][ T7629] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.751095][ T7650] IPVS: ftp: loaded support on port[0] = 21 [ 118.808589][ T7656] ================================================================== [ 118.816740][ T7656] BUG: KCSAN: data-race in generic_permission / task_dump_owner [ 118.824359][ T7656] [ 118.826687][ T7656] read to 0xffff888125252d6c of 4 bytes by task 7643 on cpu 0: [ 118.832174][ T7629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.834328][ T7656] generic_permission+0x65/0x3d0 [ 118.845830][ T7656] inode_permission+0x7f/0x3c0 [ 118.850602][ T7656] may_open.isra.0+0x144/0x250 [ 118.855363][ T7656] path_openat+0xf05/0x36e0 [ 118.859863][ T7656] do_filp_open+0x11e/0x1b0 [ 118.864372][ T7656] do_sys_open+0x3b3/0x4f0 [ 118.868784][ T7656] __x64_sys_open+0x55/0x70 [ 118.873285][ T7656] do_syscall_64+0xcc/0x370 [ 118.877786][ T7656] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 118.882808][ T7629] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.883697][ T7656] [ 118.892618][ T7656] write to 0xffff888125252d6c of 4 bytes by task 7656 on cpu 1: [ 118.900257][ T7656] task_dump_owner+0x237/0x260 [ 118.905021][ T7656] pid_update_inode+0x3c/0x70 [ 118.909703][ T7656] pid_revalidate+0x91/0xd0 [ 118.914202][ T7656] lookup_fast+0x618/0x700 [ 118.918618][ T7656] path_openat+0x2ac/0x36e0 [ 118.923118][ T7656] do_filp_open+0x11e/0x1b0 [ 118.927745][ T7656] do_sys_open+0x3b3/0x4f0 [ 118.932166][ T7656] __x64_sys_open+0x55/0x70 [ 118.936672][ T7656] do_syscall_64+0xcc/0x370 [ 118.941179][ T7656] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 118.947058][ T7656] [ 118.949374][ T7656] Reported by Kernel Concurrency Sanitizer on: [ 118.955521][ T7656] CPU: 1 PID: 7656 Comm: ps Not tainted 5.4.0-syzkaller #0 [ 118.962705][ T7656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.972759][ T7656] ================================================================== [ 118.980818][ T7656] Kernel panic - not syncing: panic_on_warn set ... [ 118.987411][ T7656] CPU: 1 PID: 7656 Comm: ps Not tainted 5.4.0-syzkaller #0 [ 118.987530][ T7629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 118.994595][ T7656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.994599][ T7656] Call Trace: [ 118.994622][ T7656] dump_stack+0x11d/0x181 [ 118.994649][ T7656] panic+0x210/0x640 [ 119.023258][ T7656] ? vprintk_func+0x8d/0x140 [ 119.032457][ T7656] kcsan_report.cold+0xc/0xd [ 119.037055][ T7656] kcsan_setup_watchpoint+0x3fe/0x460 [ 119.042426][ T7656] __tsan_unaligned_write4+0xc4/0x100 [ 119.047812][ T7656] task_dump_owner+0x237/0x260 [ 119.052566][ T7656] ? __rcu_read_unlock+0x66/0x3c0 [ 119.057594][ T7656] pid_update_inode+0x3c/0x70 [ 119.062273][ T7656] pid_revalidate+0x91/0xd0 [ 119.066777][ T7656] lookup_fast+0x618/0x700 [ 119.071227][ T7656] path_openat+0x2ac/0x36e0 [ 119.075745][ T7656] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 119.078566][ T7629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.081990][ T7656] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 119.094612][ T7656] ? __read_once_size+0x41/0xe0 [ 119.099471][ T7656] do_filp_open+0x11e/0x1b0 [ 119.103983][ T7656] ? __alloc_fd+0x2ef/0x3b0 [ 119.108500][ T7656] do_sys_open+0x3b3/0x4f0 [ 119.112917][ T7656] __x64_sys_open+0x55/0x70 [ 119.117428][ T7656] do_syscall_64+0xcc/0x370 [ 119.121948][ T7656] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 119.127837][ T7656] RIP: 0033:0x7f7df431f120 [ 119.132261][ T7656] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 119.151890][ T7656] RSP: 002b:00007fffed182f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 119.160311][ T7656] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f7df431f120 [ 119.168281][ T7656] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f7df47edd00 [ 119.176511][ T7656] RBP: 0000000000001000 R08: 0000000000000000 R09: 00007f7df45e757b [ 119.184485][ T7656] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7df47ecd00 [ 119.192453][ T7656] R13: 0000000000000020 R14: 0000000000000005 R15: 0000000000000000 [ 119.201976][ T7656] Kernel Offset: disabled [ 119.206306][ T7656] Rebooting in 86400 seconds..