[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 35.475456][ T25] audit: type=1800 audit(1572869268.466:25): pid=7022 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 35.502854][ T25] audit: type=1800 audit(1572869268.466:26): pid=7022 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 35.523420][ T25] audit: type=1800 audit(1572869268.476:27): pid=7022 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts. 2019/11/04 12:08:00 fuzzer started 2019/11/04 12:08:01 dialing manager at 10.128.0.105:43623 2019/11/04 12:08:02 syscalls: 2553 2019/11/04 12:08:02 code coverage: enabled 2019/11/04 12:08:02 comparison tracing: enabled 2019/11/04 12:08:02 extra coverage: extra coverage is not supported by the kernel 2019/11/04 12:08:02 setuid sandbox: enabled 2019/11/04 12:08:02 namespace sandbox: enabled 2019/11/04 12:08:02 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/04 12:08:02 fault injection: enabled 2019/11/04 12:08:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/04 12:08:02 net packet injection: enabled 2019/11/04 12:08:02 net device setup: enabled 2019/11/04 12:08:02 concurrency sanitizer: enabled 2019/11/04 12:08:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/11/04 12:08:05 adding functions to KCSAN blacklist: 'tcp_add_backlog' 'ext4_has_free_clusters' 'pipe_poll' '__hrtimer_run_queues' 'find_next_bit' 'ep_poll' 'ktime_get_real_seconds' 'generic_permission' 'generic_fillattr' 'add_timer' 'tomoyo_supervisor' '__tcp_select_window' 'tcp_poll' '__nf_conntrack_find_get' 12:08:08 executing program 0: r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r1 = gettid() ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r1}) fcntl$setlease(r0, 0x400, 0x1) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) close(r0) 12:08:08 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000100)=0x300000000) read(r0, &(0x7f0000000240)=""/204, 0xffffff83) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)=ANY=[]) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) syzkaller login: [ 55.839663][ T7196] IPVS: ftp: loaded support on port[0] = 21 [ 55.974184][ T7196] chnl_net:caif_netlink_parms(): no params data found [ 56.056671][ T7196] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.079108][ T7196] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.088834][ T7196] device bridge_slave_0 entered promiscuous mode [ 56.100907][ T7196] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.108002][ T7196] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.117011][ T7196] device bridge_slave_1 entered promiscuous mode 12:08:09 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) syz_open_dev$dmmidi(0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) getpid() r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a708145a339bd57fba3da80b856445ab100621d6234555c08dc540473753cd89e9b08e3f5972fe9ca162b123e192e8c89c9dd81c796f27f537cc5a3fb54aff8eaff4f6b59c41705b9379079d0000000000000000000000000000008ce0891802ff9726e5d3ecfe2064c00c167a7c97"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) setxattr$trusted_overlay_nlink(&(0x7f0000000180)='./file0\x00', &(0x7f0000000340)='trusted.overlay.nlink\x00', &(0x7f00000003c0)={'U+', 0x7}, 0x28, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000c80), 0x0) [ 56.152012][ T7199] IPVS: ftp: loaded support on port[0] = 21 [ 56.161579][ T7196] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.184452][ T7196] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.269475][ T7196] team0: Port device team_slave_0 added [ 56.276325][ T7196] team0: Port device team_slave_1 added [ 56.391233][ T7196] device hsr_slave_0 entered promiscuous mode 12:08:09 executing program 3: clone(0x2000004100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() futex(&(0x7f0000000000)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x420e, r0, 0x8, 0x0) [ 56.439494][ T7196] device hsr_slave_1 entered promiscuous mode [ 56.493725][ T7201] IPVS: ftp: loaded support on port[0] = 21 [ 56.637796][ T7199] chnl_net:caif_netlink_parms(): no params data found [ 56.664371][ T7196] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.671582][ T7196] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.678969][ T7196] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.686062][ T7196] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.885480][ T7199] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.915566][ T7223] ================================================================== [ 56.923678][ T7223] BUG: KCSAN: data-race in pid_update_inode / pid_update_inode [ 56.931196][ T7223] [ 56.933521][ T7223] read to 0xffff88812a7c0d58 of 2 bytes by task 7218 on cpu 0: [ 56.941058][ T7223] pid_update_inode+0x25/0x70 [ 56.945729][ T7223] pid_revalidate+0x91/0xd0 [ 56.950229][ T7223] lookup_fast+0x6f2/0x700 [ 56.954639][ T7223] walk_component+0x6d/0xe80 [ 56.959221][ T7223] link_path_walk.part.0+0x5d3/0xa90 [ 56.964495][ T7223] path_openat+0x14f/0x36e0 [ 56.968987][ T7223] do_filp_open+0x11e/0x1b0 [ 56.973480][ T7223] do_sys_open+0x3b3/0x4f0 [ 56.977882][ T7223] __x64_sys_open+0x55/0x70 [ 56.982379][ T7223] do_syscall_64+0xcc/0x370 [ 56.986878][ T7223] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.988349][ T7199] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.992751][ T7223] [ 56.992763][ T7223] write to 0xffff88812a7c0d58 of 2 bytes by task 7223 on cpu 1: [ 56.992775][ T7223] pid_update_inode+0x51/0x70 [ 56.992785][ T7223] pid_revalidate+0x91/0xd0 [ 56.992797][ T7223] lookup_fast+0x6f2/0x700 [ 56.992808][ T7223] walk_component+0x6d/0xe80 [ 56.992835][ T7223] link_path_walk.part.0+0x5d3/0xa90 [ 57.033127][ T7223] path_openat+0x14f/0x36e0 [ 57.037625][ T7223] do_filp_open+0x11e/0x1b0 [ 57.040846][ T7199] device bridge_slave_0 entered promiscuous mode [ 57.042157][ T7223] do_sys_open+0x3b3/0x4f0 [ 57.052853][ T7223] __x64_sys_open+0x55/0x70 [ 57.057351][ T7223] do_syscall_64+0xcc/0x370 [ 57.061847][ T7223] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.067720][ T7223] [ 57.069430][ T7199] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.070123][ T7223] Reported by Kernel Concurrency Sanitizer on: [ 57.077138][ T7199] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.083259][ T7223] CPU: 1 PID: 7223 Comm: ps Not tainted 5.4.0-rc3+ #0 [ 57.083267][ T7223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.083271][ T7223] ================================================================== [ 57.083278][ T7223] Kernel panic - not syncing: panic_on_warn set ... [ 57.083292][ T7223] CPU: 1 PID: 7223 Comm: ps Not tainted 5.4.0-rc3+ #0 [ 57.083299][ T7223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.083303][ T7223] Call Trace: [ 57.083326][ T7223] dump_stack+0xf5/0x159 [ 57.083342][ T7223] panic+0x210/0x640 [ 57.083439][ T7223] ? __x64_sys_open+0x55/0x70 [ 57.154693][ T7223] ? vprintk_func+0x8d/0x140 [ 57.159315][ T7223] kcsan_report.cold+0xc/0x10 [ 57.163995][ T7223] __kcsan_setup_watchpoint+0x32e/0x4a0 [ 57.169535][ T7223] ? task_dump_owner+0xf7/0x260 [ 57.174380][ T7223] __tsan_write2+0x32/0x40 [ 57.178790][ T7223] pid_update_inode+0x51/0x70 [ 57.179363][ T7199] device bridge_slave_1 entered promiscuous mode [ 57.183464][ T7223] pid_revalidate+0x91/0xd0 [ 57.194268][ T7223] lookup_fast+0x6f2/0x700 [ 57.198688][ T7223] walk_component+0x6d/0xe80 [ 57.203282][ T7223] ? __tsan_read8+0x2c/0x30 [ 57.207785][ T7223] ? security_inode_permission+0xa5/0xc0 [ 57.213428][ T7223] link_path_walk.part.0+0x5d3/0xa90 [ 57.218719][ T7223] path_openat+0x14f/0x36e0 [ 57.223308][ T7223] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 57.229038][ T7223] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 57.234763][ T7223] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 57.240388][ T7223] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 57.246017][ T7223] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 57.251641][ T7223] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 57.257268][ T7223] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 57.262900][ T7223] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 57.268530][ T7223] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 57.274418][ T7223] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 57.280051][ T7223] do_filp_open+0x11e/0x1b0 [ 57.284557][ T7223] ? __alloc_fd+0x316/0x4c0 [ 57.289056][ T7223] do_sys_open+0x3b3/0x4f0 [ 57.293475][ T7223] __x64_sys_open+0x55/0x70 [ 57.297987][ T7223] do_syscall_64+0xcc/0x370 [ 57.302495][ T7223] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.308385][ T7223] RIP: 0033:0x7f1c47511120 [ 57.311335][ T7199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.312805][ T7223] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 57.341400][ T7223] RSP: 002b:00007ffd2f155ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 57.349812][ T7223] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f1c47511120 [ 57.357793][ T7223] RDX: 00007ffd2f155f32 RSI: 0000000000000000 RDI: 00007ffd2f155f20 [ 57.365759][ T7223] RBP: 0000000000020000 R08: 0000000000000000 R09: 00007f1c477d955f [ 57.373722][ T7223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000890220 [ 57.380111][ T7199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.381724][ T7223] R13: 0000000000000020 R14: 00007f1c47bc6010 R15: 0000000000000000 [ 57.399976][ T7223] Kernel Offset: disabled [ 57.404295][ T7223] Rebooting in 86400 seconds..