[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 52.296419][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 52.296433][ T26] audit: type=1800 audit(1575473681.210:29): pid=7331 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 52.327480][ T26] audit: type=1800 audit(1575473681.210:30): pid=7331 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.53' (ECDSA) to the list of known hosts. 2019/12/04 15:34:50 fuzzer started 2019/12/04 15:34:52 dialing manager at 10.128.0.105:44241 2019/12/04 15:34:55 syscalls: 2684 2019/12/04 15:34:55 code coverage: enabled 2019/12/04 15:34:55 comparison tracing: enabled 2019/12/04 15:34:55 extra coverage: extra coverage is not supported by the kernel 2019/12/04 15:34:55 setuid sandbox: enabled 2019/12/04 15:34:55 namespace sandbox: enabled 2019/12/04 15:34:55 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/04 15:34:55 fault injection: enabled 2019/12/04 15:34:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/04 15:34:55 net packet injection: enabled 2019/12/04 15:34:55 net device setup: enabled 2019/12/04 15:34:55 concurrency sanitizer: enabled 2019/12/04 15:34:55 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 67.376089][ T7499] KCSAN: could not find function: 'poll_schedule_timeout' 2019/12/04 15:35:04 adding functions to KCSAN blacklist: 'ext4_free_inodes_count' 'poll_schedule_timeout' '__writeback_single_inode' 'generic_fillattr' 'taskstats_exit' 'copy_process' 'do_nanosleep' 'xas_clear_mark' 'run_timer_softirq' 'generic_write_end' 'ext4_free_inode' 'do_exit' 'tick_nohz_idle_stop_tick' 'tick_sched_do_timer' 'page_counter_try_charge' 'kauditd_thread' 'add_timer' 'find_next_bit' 'n_tty_receive_buf_common' 'pipe_wait' 'xas_find_marked' 'handle_mm_fault' 'mod_timer' 'pcpu_alloc' 'tomoyo_supervisor' '__hrtimer_run_queues' 'pid_update_inode' 'fprop_fraction_percpu' '__snd_rawmidi_transmit_ack' 'common_perm_cond' 'ktime_get_real_seconds' '__ext4_new_inode' 'blk_mq_dispatch_rq_list' 'ext4_has_free_clusters' 'blk_mq_get_request' 'sit_tunnel_xmit' 'wbt_done' '__rb_insert_augmented' '__filemap_fdatawrite_range' 'find_get_pages_range_tag' 'futex_wait_queue_me' 'shmem_getpage_gfp' 'pipe_poll' 'mem_cgroup_select_victim_node' 'audit_log_start' '__splice_from_pipe' 'dd_has_work' 'ext4_nonda_switch' 'sctp_assoc_migrate' 'tomoyo_check_path_acl' 'tcp_add_backlog' 'blk_mq_run_hw_queue' 'ep_poll' 'rcu_gp_fqs_check_wake' 'tick_do_update_jiffies64' 'lruvec_lru_size' 15:35:58 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000240)='t\bnu\x8c\xc4', 0x0) pwritev(r0, &(0x7f0000000340)=[{&(0x7f0000000040)='9', 0x1}], 0x1, 0x881806) read(r0, &(0x7f0000000000)=""/30, 0xfffffe4c) 15:35:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x4, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r2, 0x4018aee1, 0x0) [ 129.763556][ T7502] IPVS: ftp: loaded support on port[0] = 21 [ 129.884834][ T7502] chnl_net:caif_netlink_parms(): no params data found [ 129.939327][ T7502] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.946431][ T7502] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.954954][ T7502] device bridge_slave_0 entered promiscuous mode [ 129.962536][ T7502] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.970444][ T7502] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.978158][ T7502] device bridge_slave_1 entered promiscuous mode 15:35:58 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) set_mempolicy(0x4002, &(0x7f0000000000)=0x3, 0x54) set_mempolicy(0x0, 0x0, 0x0) [ 129.996829][ T7502] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 130.007088][ T7502] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 130.009834][ T7505] IPVS: ftp: loaded support on port[0] = 21 [ 130.026289][ T7502] team0: Port device team_slave_0 added [ 130.033556][ T7502] team0: Port device team_slave_1 added [ 130.101397][ T7502] device hsr_slave_0 entered promiscuous mode [ 130.149361][ T7502] device hsr_slave_1 entered promiscuous mode [ 130.212592][ T7507] IPVS: ftp: loaded support on port[0] = 21 [ 130.300610][ T7502] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.307721][ T7502] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.315024][ T7502] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.322087][ T7502] bridge0: port 1(bridge_slave_0) entered forwarding state 15:35:59 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fchown(r0, 0x0, 0xee00) [ 130.462411][ T7505] chnl_net:caif_netlink_parms(): no params data found [ 130.539544][ T7502] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.585280][ T3512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 130.625938][ T3512] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.670117][ T3512] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.700368][ T3512] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 130.747686][ T7502] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.779737][ T7535] IPVS: ftp: loaded support on port[0] = 21 [ 130.799384][ T7505] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.806514][ T7505] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.839874][ T7505] device bridge_slave_0 entered promiscuous mode [ 130.861027][ T3512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 130.879486][ T3512] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.886531][ T3512] bridge0: port 1(bridge_slave_0) entered forwarding state [ 130.919875][ T3512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 130.950489][ T3512] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.957552][ T3512] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.999898][ T7507] chnl_net:caif_netlink_parms(): no params data found [ 131.012087][ T7505] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.030315][ T7505] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.049949][ T7505] device bridge_slave_1 entered promiscuous mode [ 131.093130][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 131.125722][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 131.177781][ T7505] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 131.221831][ T7507] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.228906][ T7507] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.269658][ T7507] device bridge_slave_0 entered promiscuous mode [ 131.291882][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 131.309834][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.341514][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 131.371003][ T7505] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 131.407009][ T7502] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 131.438968][ T7502] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 15:36:00 executing program 4: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000b80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000000)=0x14) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0xfffffec6) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x4ce]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 131.479818][ T7507] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.487054][ T7507] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.541198][ T7507] device bridge_slave_1 entered promiscuous mode [ 131.600213][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 131.625439][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.646278][ T7530] ================================================================== [ 131.654413][ T7530] BUG: KCSAN: data-race in mmap_region / task_vsize [ 131.659768][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 131.660994][ T7530] [ 131.671135][ T7530] write to 0xffff88811e57f700 of 8 bytes by task 7520 on cpu 0: [ 131.678764][ T7530] mmap_region+0x328/0xd50 [ 131.679466][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 131.683182][ T7530] do_mmap+0x6d4/0xba0 [ 131.694933][ T7530] vm_mmap_pgoff+0x12d/0x190 [ 131.699520][ T7530] ksys_mmap_pgoff+0x99/0x420 [ 131.700268][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 131.704288][ T7530] __x64_sys_mmap+0x2e/0x40 [ 131.716685][ T7530] do_syscall_64+0xcc/0x370 [ 131.721198][ T7530] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 131.727190][ T7530] [ 131.729528][ T7530] read to 0xffff88811e57f700 of 8 bytes by task 7530 on cpu 1: [ 131.737081][ T7530] task_vsize+0x24/0x40 [ 131.739921][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 131.741250][ T7530] do_task_stat+0xff/0x1370 [ 131.753438][ T7530] proc_tgid_stat+0x3d/0x60 [ 131.757941][ T7530] proc_single_show+0x89/0xe0 [ 131.762616][ T7530] seq_read+0x350/0x960 [ 131.766768][ T7530] __vfs_read+0x67/0xc0 [ 131.770918][ T7530] vfs_read+0x143/0x2c0 [ 131.775067][ T7530] ksys_read+0xd5/0x1b0 [ 131.779263][ T7530] __x64_sys_read+0x4c/0x60 [ 131.783766][ T7530] do_syscall_64+0xcc/0x370 [ 131.788266][ T7530] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 131.794143][ T7530] [ 131.796460][ T7530] Reported by Kernel Concurrency Sanitizer on: [ 131.799484][ T7502] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.802619][ T7530] CPU: 1 PID: 7530 Comm: ps Not tainted 5.4.0-syzkaller #0 [ 131.802626][ T7530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 131.802631][ T7530] ================================================================== [ 131.802638][ T7530] Kernel panic - not syncing: panic_on_warn set ... [ 131.802651][ T7530] CPU: 1 PID: 7530 Comm: ps Not tainted 5.4.0-syzkaller #0 [ 131.802667][ T7530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 131.858586][ T7530] Call Trace: [ 131.861883][ T7530] dump_stack+0x11d/0x181 [ 131.866219][ T7530] panic+0x210/0x640 [ 131.870120][ T7530] ? vprintk_func+0x8d/0x140 [ 131.874718][ T7530] kcsan_report.cold+0xc/0xd [ 131.879320][ T7530] kcsan_setup_watchpoint+0x3fe/0x460 [ 131.884728][ T7530] __tsan_read8+0xc6/0x100 [ 131.889152][ T7530] task_vsize+0x24/0x40 [ 131.893308][ T7530] do_task_stat+0xff/0x1370 [ 131.897822][ T7530] ? __read_once_size.constprop.0+0x12/0x20 [ 131.903904][ T7530] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 131.906114][ T7543] IPVS: ftp: loaded support on port[0] = 21 [ 131.910141][ T7530] ? should_fail+0xd4/0x45d [ 131.910161][ T7530] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 131.910176][ T7530] ? debug_smp_processor_id+0x4c/0x172 [ 131.910198][ T7530] ? __rcu_read_unlock+0x66/0x3c0 [ 131.910220][ T7530] proc_tgid_stat+0x3d/0x60 [ 131.910235][ T7530] proc_single_show+0x89/0xe0 [ 131.910259][ T7530] seq_read+0x350/0x960 [ 131.950619][ T7530] ? security_file_permission+0x88/0x280 [ 131.956262][ T7530] __vfs_read+0x67/0xc0 [ 131.960421][ T7530] ? seq_hlist_start_head_rcu+0x60/0x60 [ 131.965962][ T7530] vfs_read+0x143/0x2c0 [ 131.970116][ T7530] ksys_read+0xd5/0x1b0 [ 131.974279][ T7530] __x64_sys_read+0x4c/0x60 [ 131.978789][ T7530] do_syscall_64+0xcc/0x370 [ 131.983300][ T7530] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 131.989191][ T7530] RIP: 0033:0x7f222e692310 [ 131.993610][ T7530] Code: 73 01 c3 48 8b 0d 28 4b 2b 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 83 3d e5 a2 2b 00 00 75 10 b8 00 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 6e 8a 01 00 48 89 04 24 [ 132.013211][ T7530] RSP: 002b:00007ffd0dc003b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 132.021620][ T7530] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f222e692310 [ 132.029592][ T7530] RDX: 0000000000000fff RSI: 00007f222eb5fd00 RDI: 0000000000000006 [ 132.037560][ T7530] RBP: 0000000000000fff R08: 0000000000000000 R09: 00007f222e95aa10 [ 132.045530][ T7530] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f222eb5fd00 [ 132.053503][ T7530] R13: 00000000014331c0 R14: 0000000000000005 R15: 0000000000000000 [ 132.062931][ T7530] Kernel Offset: disabled [ 132.067268][ T7530] Rebooting in 86400 seconds..