[ 50.671570][ T25] audit: type=1800 audit(1573140296.510:27): pid=7829 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 50.692763][ T25] audit: type=1800 audit(1573140296.510:28): pid=7829 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 51.490895][ T25] audit: type=1800 audit(1573140297.390:29): pid=7829 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 51.511053][ T25] audit: type=1800 audit(1573140297.390:30): pid=7829 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.133' (ECDSA) to the list of known hosts. 2019/11/07 15:25:08 fuzzer started 2019/11/07 15:25:09 dialing manager at 10.128.0.105:38105 2019/11/07 15:25:09 syscalls: 2553 2019/11/07 15:25:09 code coverage: enabled 2019/11/07 15:25:09 comparison tracing: enabled 2019/11/07 15:25:09 extra coverage: extra coverage is not supported by the kernel 2019/11/07 15:25:09 setuid sandbox: enabled 2019/11/07 15:25:09 namespace sandbox: enabled 2019/11/07 15:25:09 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/07 15:25:09 fault injection: enabled 2019/11/07 15:25:09 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/07 15:25:09 net packet injection: enabled 2019/11/07 15:25:09 net device setup: enabled 2019/11/07 15:25:09 concurrency sanitizer: enabled 2019/11/07 15:25:09 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/11/07 15:25:10 adding functions to KCSAN blacklist: '__hrtimer_run_queues' 'tcp_add_backlog' 'find_next_bit' 15:25:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(0xffffffffffffffff, 0x40a85321, 0x0) clone(0x22808100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_SET_KEEPCAPS(0x8, 0x0) request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb)={'\x00\x00\x10', 0xffffffffffffffff, 0x4c00000000006800}, &(0x7f0000001fee)='R\x10rist\xe3cusgrVid:De', 0x0) syzkaller login: [ 66.129839][ T8000] IPVS: ftp: loaded support on port[0] = 21 15:25:12 executing program 1: r0 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000440)={'vcan0\x00', 0x0}) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f0000000100)=0x40, 0x4) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000003c0)={&(0x7f0000000000)=""/17, 0x1000, 0x1000}, 0x18) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000800)=0x8, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000080)=0x80, 0x4) bind$xdp(r2, &(0x7f0000000300)={0x2c, 0x4, r1}, 0x10) [ 66.228781][ T8000] chnl_net:caif_netlink_parms(): no params data found [ 66.278079][ T8000] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.285299][ T8000] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.293993][ T8000] device bridge_slave_0 entered promiscuous mode [ 66.301730][ T8000] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.308930][ T8000] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.317570][ T8000] device bridge_slave_1 entered promiscuous mode [ 66.337090][ T8000] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.347514][ T8000] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.379870][ T8000] team0: Port device team_slave_0 added [ 66.389960][ T8000] team0: Port device team_slave_1 added 15:25:12 executing program 2: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_ifreq(r0, 0x8932, &(0x7f0000000000)={'veth1_to_hsr\x00', @ifru_map={0x0, 0x401, 0xcf, 0x2, 0x2}}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000140)="3cef1fbb2f8cb21be33eb954a92a24b078afe5d67fa565f942e3cadd9f7634c846866ea73b5281f140556071a30878f6a850c3296787e397a675faf9a1e3fd4b1e42626fa35ad72109b7e80500cdfc8cf30b61b1ebfcb1", 0xfd88) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) [ 66.474334][ T8000] device hsr_slave_0 entered promiscuous mode [ 66.552334][ T8000] device hsr_slave_1 entered promiscuous mode 15:25:12 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x27) sendto$inet(r0, &(0x7f00000012c0)=' ', 0x1, 0x0, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000000), 0x4) [ 66.700509][ T8003] IPVS: ftp: loaded support on port[0] = 21 [ 66.729546][ T8005] IPVS: ftp: loaded support on port[0] = 21 [ 66.810201][ T8000] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.817334][ T8000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.824791][ T8000] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.831857][ T8000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.059266][ T8000] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.178623][ T8000] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.211414][ T3501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.223728][ T3501] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.261529][ T3501] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.302485][ T3501] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 67.329398][ T8017] ================================================================== [ 67.337570][ T8017] BUG: KCSAN: data-race in common_perm_cond / task_dump_owner [ 67.345019][ T8017] [ 67.347361][ T8017] write to 0xffff8881248bf2dc of 4 bytes by task 8020 on cpu 0: [ 67.354998][ T8017] task_dump_owner+0x237/0x260 [ 67.359767][ T8017] pid_update_inode+0x3c/0x70 [ 67.364450][ T8017] pid_revalidate+0x91/0xd0 [ 67.368985][ T8017] lookup_fast+0x6f2/0x700 [ 67.373413][ T8017] walk_component+0x6d/0xe70 [ 67.378014][ T8017] link_path_walk.part.0+0x5d3/0xa90 [ 67.383308][ T8017] path_openat+0x14f/0x36e0 [ 67.387808][ T8017] do_filp_open+0x11e/0x1b0 [ 67.392309][ T8017] do_sys_open+0x3b3/0x4f0 [ 67.396724][ T8017] __x64_sys_open+0x55/0x70 [ 67.401242][ T8017] do_syscall_64+0xcc/0x370 [ 67.405753][ T8017] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.411639][ T8017] [ 67.413976][ T8017] read to 0xffff8881248bf2dc of 4 bytes by task 8017 on cpu 1: [ 67.421546][ T8017] common_perm_cond+0x65/0x110 [ 67.426308][ T8017] apparmor_inode_getattr+0x2b/0x40 [ 67.431515][ T8017] security_inode_getattr+0x9b/0xd0 [ 67.436725][ T8017] vfs_getattr+0x2e/0x70 [ 67.440966][ T8017] vfs_statx+0x102/0x190 [ 67.445207][ T8017] __do_sys_newstat+0x51/0xb0 [ 67.449888][ T8017] __x64_sys_newstat+0x3a/0x50 [ 67.454657][ T8017] do_syscall_64+0xcc/0x370 [ 67.459171][ T8017] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.465052][ T8017] [ 67.467378][ T8017] Reported by Kernel Concurrency Sanitizer on: [ 67.473541][ T8017] CPU: 1 PID: 8017 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 67.480302][ T8017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.490355][ T8017] ================================================================== [ 67.498409][ T8017] Kernel panic - not syncing: panic_on_warn set ... [ 67.505006][ T8017] CPU: 1 PID: 8017 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 67.511760][ T8017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.521813][ T8017] Call Trace: [ 67.525119][ T8017] dump_stack+0xf5/0x159 [ 67.529367][ T8017] panic+0x210/0x640 [ 67.533276][ T8017] ? vprintk_func+0x8d/0x140 [ 67.537883][ T8017] kcsan_report.cold+0xc/0xe [ 67.542491][ T8017] kcsan_setup_watchpoint+0x3fe/0x410 [ 67.547878][ T8017] __tsan_read4+0x145/0x1f0 [ 67.552398][ T8017] common_perm_cond+0x65/0x110 [ 67.557185][ T8017] apparmor_inode_getattr+0x2b/0x40 [ 67.562393][ T8017] security_inode_getattr+0x9b/0xd0 [ 67.567603][ T8017] vfs_getattr+0x2e/0x70 [ 67.571854][ T8017] vfs_statx+0x102/0x190 [ 67.576108][ T8017] __do_sys_newstat+0x51/0xb0 [ 67.580789][ T8017] ? mem_cgroup_handle_over_high+0x50/0x180 [ 67.586699][ T8017] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 67.592948][ T8017] ? debug_smp_processor_id+0x4c/0x172 [ 67.598424][ T8017] __x64_sys_newstat+0x3a/0x50 [ 67.603204][ T8017] do_syscall_64+0xcc/0x370 [ 67.607725][ T8017] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.613617][ T8017] RIP: 0033:0x7fd448d5fc65 [ 67.618062][ T8017] Code: 00 00 00 e8 5d 01 00 00 48 83 c4 18 c3 90 90 90 90 90 90 90 90 83 ff 01 48 89 f0 77 18 48 89 c7 48 89 d6 b8 04 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 17 f3 c3 90 48 8b 05 a1 51 2b 00 64 c7 00 16 [ 67.637673][ T8017] RSP: 002b:00007ffd28378c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 67.646093][ T8017] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007fd448d5fc65 [ 67.654070][ T8017] RDX: 00007fd44922dc60 RSI: 00007fd44922dc60 RDI: 00000000015cb220 [ 67.662047][ T8017] RBP: 0000000000020062 R08: 00007fd4490155a0 R09: 0000000000000000 [ 67.670024][ T8017] R10: 1999999999999999 R11: 0000000000000246 R12: 00000000015cb220 [ 67.677999][ T8017] R13: 00000000015cb1c0 R14: 0000000000000005 R15: 0000000000000000 [ 67.687436][ T8017] Kernel Offset: disabled [ 67.691768][ T8017] Rebooting in 86400 seconds..