[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 34.561238][ T26] audit: type=1800 audit(1572003155.793:25): pid=6923 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 34.603139][ T26] audit: type=1800 audit(1572003155.793:26): pid=6923 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 34.638016][ T26] audit: type=1800 audit(1572003155.803:27): pid=6923 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.49' (ECDSA) to the list of known hosts. 2019/10/25 11:32:45 fuzzer started 2019/10/25 11:32:46 dialing manager at 10.128.0.105:33971 2019/10/25 11:32:47 syscalls: 2529 2019/10/25 11:32:47 code coverage: enabled 2019/10/25 11:32:47 comparison tracing: enabled 2019/10/25 11:32:47 extra coverage: extra coverage is not supported by the kernel 2019/10/25 11:32:47 setuid sandbox: enabled 2019/10/25 11:32:47 namespace sandbox: enabled 2019/10/25 11:32:47 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/25 11:32:47 fault injection: enabled 2019/10/25 11:32:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/25 11:32:47 net packet injection: enabled 2019/10/25 11:32:47 net device setup: enabled 2019/10/25 11:32:47 concurrency sanitizer: enabled 11:32:48 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x2, 0x8) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000200)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000100)={0x400000100002f}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000000)={{}, 'syz0\x00\x00\x00\x00\x00\x80\xa017\b\xec\xd6#\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00q\xab\x94%\x00\x00\xff\xff\xff\xff\xff\xff\xff\xe7\x00'}) ioctl$UI_DEV_CREATE(r0, 0x5501) 11:32:48 executing program 1: r0 = memfd_create(0x0, 0x0) pwritev(r0, &(0x7f0000000340)=[{&(0x7f0000000140)='!', 0x1}], 0x1, 0x81805) r1 = dup(r0) lseek(r1, 0x0, 0x3) ioctl$VIDIOC_DBG_S_REGISTER(r1, 0x4038564f, &(0x7f0000000b80)={{0x1, @addr=0x1}, 0x8, 0x1, 0x3}) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r2 = creat(&(0x7f00000001c0)='./bus\x00', 0xffffffffffdffffe) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$apparmor_current(r3, &(0x7f0000000380)=ANY=[@ANYRES64], 0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, @perf_config_ext={0xfff, 0x7ff}, 0x6218}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$audion(&(0x7f0000000280)='/dev/audio#\x00', 0x81, 0x8501) setsockopt$TIPC_MCAST_BROADCAST(r3, 0x10f, 0x85) write$USERIO_CMD_SET_PORT_TYPE(r4, &(0x7f0000000300)={0x1, 0xa1}, 0x2) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./bus\x00', 0x0, 0x0, 0x0, 0x0) syz_mount_image$nfs4(&(0x7f00000003c0)='nfs4\x00', &(0x7f0000000400)='./bus/file0\x00', 0x5db0, 0x8, &(0x7f0000000a80)=[{&(0x7f0000000440)="7b94a2629fabf521701a7a313ee300f8f60bf008db24369f41553078ceff8a0a807f0024c757a73affa6fe006fcacc89c1e1f6d1aa6351b554baec54189ce49e35715d0684b563a42450319d8e6aebf4e24422a4e5e2d71525fbf0787e21c24ad9a1041be35a6ad01eaa59757d3a43130f841e85110342ee40b4639cd59575a8ca45b0551f4e80ccd5a574ff22ede64e8beaae289190951d75233e3a725b62b4d3a452e108d8b84bf2b317ecc28cc880b8271e22c20f5f194c3f4b5e525b", 0xbe, 0x8}, {&(0x7f0000000500)="2399d073b444bc2699c7a86d64e95562a0617a36c5631e0b8e072b1528bf3563f8108e1f3c64a8214b0400fc518cf1d947edf9", 0x33, 0xb9b}, {&(0x7f0000000540)="53ab4b996541499f682e8aae8e57bf96a2fc81bbc1dbe723da345f068d89b871f9869ef476ecb18f66b9ab8547ae39f33a6bf3c18b43534d8dd3820139054fa1bb1221c47865f6592c22641c103685e2ddfc214bc864f953de7e76e01f82e44668eb8c531985325e4b1fd304e772c6a871109a6d8ae10e56d1107e3ae08ef0db5b108083addcebcd4cc70cf13c70b061f2b35cadf7ce43f35e7c", 0x9a, 0x8}, {&(0x7f0000000600)="42e0b889d9e6beac9dcf10cef523f1f05cb1304097f1c0bdabd694ed1bbb8f01f47a4234f68ba66bc825df53308e3fa10a38099c4b2a529135568828de265dc0211feaf7904862c47db4ba7e157e53fcfd747cbca9b5e15b747d25765301fb29e11eb5e6af58244cfa218de95a8a042c896a00b31032b120087093b3b5be71264a1d9fd6d62962239b878053c306e5092764cc9cf1470f4cf87db1139842a1f3fcc3d89a85f40e2f8d099ea9d92b7b4cff23749317a5dabf4bc7d2db8bca28457da7166d387f74841d6176d8168ed54f4310c2f35bdb", 0xd6, 0x80}, {&(0x7f0000000700)="cc396741a78a870d5741da4ac4a270e6ac0574d1390196d7226464f08f71e10e677668bf511c1f7491ece70d22b1b9494bbc24b7ceafd5d7362abe915aa897270cd4b61c015f424a353be619a8fda0d91412f7bd3074abee42415e9a871d763e95c059b8d672f19e51b4223dd6b4c9d58552b2b5076cb3869d36d8166f52b9d13504d52cc8af5dcccd1d0146a52f7b201decf17dcf33eea3839e560656898f386760ad03d026c5776d46a1383b2019a7c689ea7e1a0c9b8c802e2a8eac68ecc61a6d20755abc", 0xc6, 0x8e}, {&(0x7f0000000800)="ce93cd43b0d192e958f81a4a03b6be747f26989989b6dcb60d0949fa56299a226d24c73869f2555c5aa9e323eeff9087875bed3887aea5eb411c829f660b485c2c32c0faf384fbd815e1da42145014432bf9cdcaec372f5bc3f9868175271554bf0a89c231244b6ffdf207cc069007f72135d80f3e3d010d20f70a2fa60321510938a64241fd10b5145bb475c6a898d8fbea9596a4991b42f7b54e329a0a387e68f1f16e508719664f1b74e2f2b1fe5ca017650b3c8eed2b60246c47a70c9343aa2de63515c4b96f1a78a4b1ef6261bf7c14982e25745ad95a6ca87da937e4c931439f6a494ffb7956ac", 0xea, 0x7}, {&(0x7f0000000900)="c8e673e10e626f600935e9a8a42bbbe8c38fe9dd1f0f9d89213593bbd5b30a14b0b1832a5f29b636521aa7345d41c3a00990984d99e98ed71679dcad0ce80c48b741660e401cb87ff5316476b1067690afc0b9d478f6b4373a9a33b3ff4ee95029f5989478790a08a3ea78eced7c8f902b1d425e04dc0a1a0fc1595c00f13d993db29f306aa4bff31b547da51d1fdc4765469b02991864e43a16673f0ff5e71e429fe8e9cb851d0d5536fe3968187f85015e67cfa630f2645b1a3fc20bec46e5df5ab1c06ca68ef73c028205a36a47a75c3c1dd9eb63c4628be2", 0xda, 0x4}, {&(0x7f0000000a00)="e40236740704a5565fbd5aec023ad48f0b555e9a1f481b9bcb4304c6ad235ff29c5740bb409aca0acf00a67fe037032d7a9c7a4ec2e90c96e24b59fa5dfdf1ed98bcb28c7cdc6ba7237b38ea50d32800a22e525d4dcd39d5a921fdbeed792a01b69469735f60fb1eb7b118cd258fd2d1a2c0811bdca839ae20bf11df9ecd91", 0x7f, 0x2}], 0x40, &(0x7f0000000b40)='system_u:object_r:inetd_var_run_t:s0\x00') ioprio_set$uid(0x3, 0x0, 0x0) r5 = memfd_create(&(0x7f0000000240)='.^\x00', 0x0) pwritev(r5, &(0x7f0000000340)=[{&(0x7f0000000140)='!', 0x1}], 0x1, 0x81805) r6 = dup(r5) lseek(r6, 0x0, 0x3) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000d00)=r6, 0x4) quotactl(0x0, &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000280)) r7 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) lsetxattr$security_selinux(&(0x7f0000000240)='./bus\x00', &(0x7f00000002c0)='security.selinux\x00', &(0x7f0000000340)='system_u:object_r:inetd_var_run_t:s0\x00', 0x25, 0x0) sendfile(r3, r7, 0x0, 0x8000fffffffe) setsockopt$netrom_NETROM_T4(r7, 0x103, 0x6, &(0x7f0000000bc0)=0x1ff, 0x4) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f0000000c40)={'security\x00'}, &(0x7f0000000cc0)=0x54) read(r4, &(0x7f0000000c00)=""/29, 0x1d) creat(&(0x7f0000000140)='./bus\x00', 0x100000010) syzkaller login: [ 47.687040][ T7089] IPVS: ftp: loaded support on port[0] = 21 [ 47.820901][ T7089] chnl_net:caif_netlink_parms(): no params data found [ 47.858828][ T7089] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.866718][ T7089] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.874610][ T7089] device bridge_slave_0 entered promiscuous mode [ 47.882677][ T7089] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.890928][ T7089] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.899322][ T7089] device bridge_slave_1 entered promiscuous mode [ 47.921541][ T7089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.933108][ T7089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.975489][ T7089] team0: Port device team_slave_0 added [ 47.990398][ T7092] IPVS: ftp: loaded support on port[0] = 21 [ 47.996614][ T7089] team0: Port device team_slave_1 added 11:32:49 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") fallocate(r1, 0x0, 0x0, 0x110001) fallocate(r0, 0x0, 0x0, 0x110001) [ 48.087890][ T7089] device hsr_slave_0 entered promiscuous mode [ 48.125771][ T7089] device hsr_slave_1 entered promiscuous mode [ 48.277782][ T7089] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.284863][ T7089] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.292292][ T7089] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.299401][ T7089] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.312191][ T3890] ================================================================== [ 48.320323][ T3890] BUG: KCSAN: data-race in generic_permission / kernfs_refresh_inode [ 48.328375][ T3890] [ 48.330708][ T3890] write to 0xffff88812582eb68 of 2 bytes by task 4148 on cpu 1: [ 48.338331][ T3890] kernfs_refresh_inode+0x42/0x140 [ 48.343438][ T3890] kernfs_iop_permission+0x66/0xa0 [ 48.348542][ T3890] inode_permission+0x241/0x3c0 [ 48.353387][ T3890] link_path_walk.part.0+0x622/0xa90 [ 48.358668][ T3890] path_lookupat.isra.0+0x77/0x5a0 [ 48.363770][ T3890] filename_lookup+0x145/0x2b0 [ 48.368534][ T3890] user_path_at_empty+0x4c/0x70 [ 48.373380][ T3890] do_readlinkat+0x84/0x220 [ 48.377876][ T3890] __x64_sys_readlink+0x51/0x70 [ 48.382719][ T3890] do_syscall_64+0xcc/0x370 [ 48.387219][ T3890] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 48.393098][ T3890] [ 48.395423][ T3890] read to 0xffff88812582eb68 of 2 bytes by task 3890 on cpu 0: [ 48.402962][ T3890] generic_permission+0x36/0x3d0 [ 48.407896][ T3890] kernfs_iop_permission+0x7d/0xa0 [ 48.413007][ T3890] inode_permission+0x241/0x3c0 [ 48.417862][ T3890] link_path_walk.part.0+0x622/0xa90 [ 48.423145][ T3890] path_openat+0x14f/0x36e0 [ 48.427647][ T3890] do_filp_open+0x11e/0x1b0 [ 48.432151][ T3890] do_sys_open+0x3b3/0x4f0 [ 48.436567][ T3890] __x64_sys_open+0x55/0x70 [ 48.441074][ T3890] do_syscall_64+0xcc/0x370 [ 48.445579][ T3890] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 48.451457][ T3890] [ 48.453775][ T3890] Reported by Kernel Concurrency Sanitizer on: [ 48.459929][ T3890] CPU: 0 PID: 3890 Comm: udevd Not tainted 5.4.0-rc3+ #0 [ 48.466942][ T3890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.476990][ T3890] ================================================================== [ 48.481339][ T7089] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.485060][ T3890] Kernel panic - not syncing: panic_on_warn set ... [ 48.498207][ T3890] CPU: 0 PID: 3890 Comm: udevd Not tainted 5.4.0-rc3+ #0 [ 48.505215][ T3890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.515259][ T3890] Call Trace: [ 48.518556][ T3890] dump_stack+0xf5/0x159 [ 48.522819][ T3890] panic+0x210/0x640 [ 48.526707][ T3890] ? do_syscall_64+0xcc/0x370 [ 48.531371][ T3890] ? vprintk_func+0x8d/0x140 [ 48.535951][ T3890] kcsan_report.cold+0xc/0x10 [ 48.540620][ T3890] __kcsan_setup_watchpoint+0x32e/0x4a0 [ 48.546346][ T3890] __tsan_read2+0x2c/0x30 [ 48.550672][ T3890] generic_permission+0x36/0x3d0 [ 48.555615][ T3890] kernfs_iop_permission+0x7d/0xa0 [ 48.560713][ T3890] ? kernfs_iop_getattr+0x90/0x90 [ 48.565726][ T3890] inode_permission+0x241/0x3c0 [ 48.570569][ T3890] link_path_walk.part.0+0x622/0xa90 [ 48.575848][ T3890] path_openat+0x14f/0x36e0 [ 48.580341][ T3890] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 48.585960][ T3890] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 48.591592][ T3890] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 48.597226][ T3890] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 48.603104][ T3890] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 48.608756][ T3890] do_filp_open+0x11e/0x1b0 [ 48.613261][ T3890] ? __alloc_fd+0x316/0x4c0 [ 48.617758][ T3890] do_sys_open+0x3b3/0x4f0 [ 48.622163][ T3890] __x64_sys_open+0x55/0x70 [ 48.626656][ T3890] do_syscall_64+0xcc/0x370 [ 48.631150][ T3890] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 48.637807][ T3890] RIP: 0033:0x7f734c97c120 [ 48.642213][ T3890] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 48.661802][ T3890] RSP: 002b:00007fff49d23a48 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 48.670202][ T3890] RAX: ffffffffffffffda RBX: 0000000001525cf0 RCX: 00007f734c97c120 [ 48.678160][ T3890] RDX: 00000000000001b6 RSI: 0000000000080000 RDI: 00007fff49d23b20 [ 48.686118][ T3890] RBP: 00007fff49d23ac0 R08: 0000000000000008 R09: 0000000000000001 [ 48.694072][ T3890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 48.702033][ T3890] R13: 000000000041f57a R14: 000000000152ea20 R15: 0000000000000000 [ 48.711333][ T3890] Kernel Offset: disabled [ 48.715652][ T3890] Rebooting in 86400 seconds..