[ 57.768481][ T26] audit: type=1800 audit(1573097396.090:25): pid=7813 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 57.813836][ T26] audit: type=1800 audit(1573097396.090:26): pid=7813 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 57.846692][ T26] audit: type=1800 audit(1573097396.100:27): pid=7813 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 57.888345][ T26] audit: type=1800 audit(1573097396.210:28): pid=7813 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.50' (ECDSA) to the list of known hosts. 2019/11/07 03:30:06 fuzzer started 2019/11/07 03:30:08 dialing manager at 10.128.0.105:34849 2019/11/07 03:30:09 syscalls: 2553 2019/11/07 03:30:09 code coverage: enabled 2019/11/07 03:30:09 comparison tracing: enabled 2019/11/07 03:30:09 extra coverage: extra coverage is not supported by the kernel 2019/11/07 03:30:09 setuid sandbox: enabled 2019/11/07 03:30:09 namespace sandbox: enabled 2019/11/07 03:30:09 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/07 03:30:09 fault injection: enabled 2019/11/07 03:30:09 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/07 03:30:09 net packet injection: enabled 2019/11/07 03:30:09 net device setup: enabled 2019/11/07 03:30:09 concurrency sanitizer: enabled 2019/11/07 03:30:09 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/11/07 03:30:13 adding functions to KCSAN blacklist: 'generic_permission' 'pipe_poll' 'run_timer_softirq' 'find_next_bit' 'tick_sched_do_timer' '__hrtimer_run_queues' 'ext4_free_inode' 'blk_mq_dispatch_rq_list' 'rcu_gp_fqs_check_wake' 'alloc_empty_file' 'tick_do_update_jiffies64' 'audit_log_start' 'process_srcu' 'pid_update_inode' 'tcp_add_backlog' 'taskstats_exit' 'fasync_remove_entry' 'tomoyo_supervisor' 'ext4_has_free_clusters' 'generic_write_end' 'fanotify_handle_event' 'blk_mq_sched_dispatch_requests' 'ktime_get_real_seconds' 'tick_nohz_idle_stop_tick' 'vm_area_dup' 'do_nanosleep' 'ep_poll' 'blk_mq_get_request' 'blk_mq_free_request' '__ext4_new_inode' 'echo_char' 03:30:37 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = gettid() sendmmsg$unix(r1, &(0x7f0000000500)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@cred={{0x1c, 0x1, 0x2, {r2}}}, @rights={{0x14, 0x1, 0x1, [r1]}}], 0x38}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000003d00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/136, 0x88}}], 0x1, 0x10002, 0x0) syzkaller login: [ 99.472400][ T7984] IPVS: ftp: loaded support on port[0] = 21 03:30:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x14, 0x0, 0x6, 0xffffffffffffffff}, 0x14}, 0x1, 0xf000}, 0x0) [ 99.568870][ T7984] chnl_net:caif_netlink_parms(): no params data found [ 99.645574][ T7984] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.652724][ T7984] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.660559][ T7984] device bridge_slave_0 entered promiscuous mode [ 99.674881][ T7984] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.693889][ T7984] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.701825][ T7984] device bridge_slave_1 entered promiscuous mode [ 99.722414][ T7984] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.733173][ T7984] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.736507][ T7988] IPVS: ftp: loaded support on port[0] = 21 [ 99.754712][ T7984] team0: Port device team_slave_0 added [ 99.761585][ T7984] team0: Port device team_slave_1 added 03:30:38 executing program 2: r0 = io_uring_setup(0xb38, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, [], {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000001300)=[{&(0x7f0000000080)=""/92, 0x5c}, {&(0x7f0000001100)=""/197, 0xc5}], 0x2) [ 99.817247][ T7984] device hsr_slave_0 entered promiscuous mode [ 99.854878][ T7984] device hsr_slave_1 entered promiscuous mode [ 100.050906][ T7984] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.058113][ T7984] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.065484][ T7984] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.072532][ T7984] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.082195][ T7990] IPVS: ftp: loaded support on port[0] = 21 [ 100.265864][ T7988] chnl_net:caif_netlink_parms(): no params data found [ 100.403871][ T7988] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.410979][ T7988] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.419228][ T7988] device bridge_slave_0 entered promiscuous mode [ 100.454940][ T7988] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.462006][ T7988] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.494765][ T7988] device bridge_slave_1 entered promiscuous mode 03:30:38 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00L'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bridge0\x00\xff\xff\xfd\xfd\x00', 0xffffffffffffffdb}) ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x0) socket(0x0, 0x0, 0x0) socket(0x0, 0x0, 0x0) [ 100.559587][ T7988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.606875][ T7988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.655764][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.684196][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.797693][ T7988] team0: Port device team_slave_0 added [ 100.835214][ T7984] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.843192][ T7988] team0: Port device team_slave_1 added [ 100.946323][ T7988] device hsr_slave_0 entered promiscuous mode [ 100.974221][ T7988] device hsr_slave_1 entered promiscuous mode [ 101.014185][ T7988] debugfs: Directory 'hsr0' with parent '/' already present! [ 101.054688][ T8019] IPVS: ftp: loaded support on port[0] = 21 [ 101.055023][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.094824][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.127961][ T7984] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.305844][ T7987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.336571][ T7987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.411327][ T7987] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.418468][ T7987] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.606800][ T7987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.616076][ T7987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.665582][ T7987] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.672725][ T7987] bridge0: port 2(bridge_slave_1) entered forwarding state 03:30:40 executing program 4: bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x0, 0x60, 0x0, 0x50}]}}, &(0x7f0000000340)=""/175, 0x2a, 0xaf, 0x1}, 0x20) [ 101.754395][ T7987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 101.799228][ T7987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 101.855034][ T7987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 101.914404][ T7987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.990435][ T7990] chnl_net:caif_netlink_parms(): no params data found [ 102.061899][ T7987] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 102.082328][ T7987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 102.148643][ T7987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 102.214656][ T7987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 102.228880][ T8037] ================================================================== [ 102.237895][ T8037] BUG: KCSAN: data-race in generic_fillattr / task_dump_owner [ 102.245335][ T8037] [ 102.247678][ T8037] write to 0xffff888125bde7fc of 4 bytes by task 8032 on cpu 1: [ 102.255510][ T8037] task_dump_owner+0x237/0x260 [ 102.260291][ T8037] pid_update_inode+0x3c/0x70 [ 102.264986][ T8037] pid_revalidate+0x91/0xd0 [ 102.269506][ T8037] lookup_fast+0x6f2/0x700 [ 102.273940][ T8037] walk_component+0x6d/0xe70 [ 102.278542][ T8037] path_lookupat.isra.0+0x13a/0x5a0 [ 102.283738][ T8037] filename_lookup+0x145/0x2b0 [ 102.288508][ T8037] user_path_at_empty+0x4c/0x70 [ 102.293384][ T8037] vfs_statx+0xd9/0x190 [ 102.297545][ T8037] __do_sys_newstat+0x51/0xb0 [ 102.302223][ T8037] __x64_sys_newstat+0x3a/0x50 [ 102.306995][ T8037] do_syscall_64+0xcc/0x370 [ 102.311504][ T8037] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 102.317390][ T8037] [ 102.319750][ T8037] read to 0xffff888125bde7fc of 4 bytes by task 8037 on cpu 0: [ 102.327333][ T8037] generic_fillattr+0xac/0x1e0 [ 102.332100][ T8037] pid_getattr+0x74/0x1a0 [ 102.336443][ T8037] vfs_getattr_nosec+0x12e/0x170 [ 102.341380][ T8037] vfs_getattr+0x54/0x70 [ 102.345625][ T8037] vfs_statx+0x102/0x190 [ 102.349881][ T8037] __do_sys_newstat+0x51/0xb0 [ 102.354567][ T8037] __x64_sys_newstat+0x3a/0x50 [ 102.359355][ T8037] do_syscall_64+0xcc/0x370 [ 102.363866][ T8037] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 102.369759][ T8037] [ 102.372093][ T8037] Reported by Kernel Concurrency Sanitizer on: [ 102.378358][ T8037] CPU: 0 PID: 8037 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 102.385125][ T8037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 102.395183][ T8037] ================================================================== [ 102.403372][ T8037] Kernel panic - not syncing: panic_on_warn set ... [ 102.409977][ T8037] CPU: 0 PID: 8037 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 102.416739][ T8037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 102.426800][ T8037] Call Trace: [ 102.430133][ T8037] dump_stack+0xf5/0x159 [ 102.434390][ T8037] panic+0x210/0x640 [ 102.438301][ T8037] ? vprintk_func+0x8d/0x140 [ 102.442907][ T8037] kcsan_report.cold+0xc/0xe [ 102.447511][ T8037] kcsan_setup_watchpoint+0x3fe/0x410 [ 102.452893][ T8037] __tsan_read4+0x145/0x1f0 [ 102.457401][ T8037] generic_fillattr+0xac/0x1e0 [ 102.462177][ T8037] pid_getattr+0x74/0x1a0 [ 102.466526][ T8037] vfs_getattr_nosec+0x12e/0x170 [ 102.471480][ T8037] ? task_dump_owner+0x260/0x260 [ 102.476433][ T8037] vfs_getattr+0x54/0x70 [ 102.480683][ T8037] vfs_statx+0x102/0x190 [ 102.484932][ T8037] __do_sys_newstat+0x51/0xb0 [ 102.489627][ T8037] __x64_sys_newstat+0x3a/0x50 [ 102.494409][ T8037] do_syscall_64+0xcc/0x370 [ 102.498946][ T8037] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 102.504856][ T8037] RIP: 0033:0x7f740d6fcc65 [ 102.509293][ T8037] Code: 00 00 00 e8 5d 01 00 00 48 83 c4 18 c3 90 90 90 90 90 90 90 90 83 ff 01 48 89 f0 77 18 48 89 c7 48 89 d6 b8 04 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 17 f3 c3 90 48 8b 05 a1 51 2b 00 64 c7 00 16 [ 102.529341][ T8037] RSP: 002b:00007fff79903e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 102.538020][ T8037] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f740d6fcc65 [ 102.546000][ T8037] RDX: 00007f740dbcac60 RSI: 00007f740dbcac60 RDI: 000000000145f220 [ 102.553982][ T8037] RBP: 0000000000020062 R08: 00007f740d9b25a0 R09: 0000000000000000 [ 102.561959][ T8037] R10: 1999999999999999 R11: 0000000000000246 R12: 000000000145f220 [ 102.569954][ T8037] R13: 000000000145f1c0 R14: 0000000000000005 R15: 0000000000000000 [ 102.579414][ T8037] Kernel Offset: disabled [ 102.583886][ T8037] Rebooting in 86400 seconds..