[info] Using makefile-style concurrent boot in runlevel 2. [ 42.521708][ T25] audit: type=1800 audit(1573803344.860:21): pid=7554 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 42.571417][ T25] audit: type=1800 audit(1573803344.860:22): pid=7554 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.181' (ECDSA) to the list of known hosts. 2019/11/15 07:35:56 fuzzer started 2019/11/15 07:35:57 dialing manager at 10.128.0.105:44219 2019/11/15 07:35:57 syscalls: 2566 2019/11/15 07:35:57 code coverage: enabled 2019/11/15 07:35:57 comparison tracing: enabled 2019/11/15 07:35:57 extra coverage: extra coverage is not supported by the kernel 2019/11/15 07:35:57 setuid sandbox: enabled 2019/11/15 07:35:57 namespace sandbox: enabled 2019/11/15 07:35:57 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/15 07:35:57 fault injection: enabled 2019/11/15 07:35:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/15 07:35:57 net packet injection: enabled 2019/11/15 07:35:57 net device setup: enabled 2019/11/15 07:35:57 concurrency sanitizer: enabled 2019/11/15 07:35:57 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/11/15 07:35:59 adding functions to KCSAN blacklist: 'ep_insert' 'tomoyo_supervisor' '__hrtimer_run_queues' 'pid_update_inode' 'tick_do_update_jiffies64' 'run_timer_softirq' '__rb_rotate_set_parents' 'pipe_wait' '__rb_insert_augmented' 'mod_timer' 'rcu_gp_fqs_check_wake' 'find_next_bit' 'add_timer' 07:36:00 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000000)={'raw\x00'}, &(0x7f00000004c0)=0x54) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'tunl0\x00', 0x0}) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, r3}, 0xc) dup2(r0, r1) 07:36:00 executing program 1: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet(0x2, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(r2, &(0x7f00000002c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) syzkaller login: [ 58.524442][ T7727] IPVS: ftp: loaded support on port[0] = 21 [ 58.608481][ T7727] chnl_net:caif_netlink_parms(): no params data found [ 58.682945][ T7727] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.698267][ T7727] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.712667][ T7727] device bridge_slave_0 entered promiscuous mode [ 58.729057][ T7727] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.738147][ T7727] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.746611][ T7727] device bridge_slave_1 entered promiscuous mode [ 58.759352][ T7730] IPVS: ftp: loaded support on port[0] = 21 07:36:01 executing program 2: r0 = getpid() r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x615, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001b40)=ANY=[@ANYBLOB="850000000700000025000000000000009500000000000000a579753dec29fe276240f076750753bc7b952ab5ad939c40c5f89f8b5c13a24800a26b3c68cea54994e702d609331ab3c70aa6b030ed69efddccd23e793e8287051d4f5fef499e2a4ce758601229b94574e7825441222e81748b4ee09cc6fa47ef6943a143669ef5fc545ab790ef72fd2ca305f386142d7835f213e72c7002a21731859eba975d4a1809acbc7b716c41ef6bac34d0c99d62456cc766be4825548e08587866d70b991d746067c73f47457a8713e7b70a85bbdb078320"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0xfd39, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r0, r1, 0x0, 0x64, &(0x7f0000000680)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd'}, 0x30) [ 58.780726][ T7727] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.802861][ T7727] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.850892][ T7727] team0: Port device team_slave_0 added [ 58.865495][ T7727] team0: Port device team_slave_1 added 07:36:01 executing program 3: open(0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x210007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x10408, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r0, &(0x7f00000012c0)="07268a927f1f6587b967483041ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba", 0xf83c, 0x3, 0x0, 0x27) r1 = memfd_create(&(0x7f00000001c0)='\xb3', 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6000087, 0x11, r1, 0x4758b000) dup2(r1, r0) [ 59.001243][ T7727] device hsr_slave_0 entered promiscuous mode [ 59.039330][ T7727] device hsr_slave_1 entered promiscuous mode [ 59.132238][ T7733] IPVS: ftp: loaded support on port[0] = 21 [ 59.169823][ T7730] chnl_net:caif_netlink_parms(): no params data found [ 59.311018][ T7730] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.340839][ T7730] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.388856][ T7730] device bridge_slave_0 entered promiscuous mode [ 59.448744][ T7730] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.455904][ T7730] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.469993][ T7730] device bridge_slave_1 entered promiscuous mode [ 59.522985][ T7752] IPVS: ftp: loaded support on port[0] = 21 [ 59.562839][ T7730] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.606590][ T7733] chnl_net:caif_netlink_parms(): no params data found [ 59.651398][ T7730] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.697407][ T7730] team0: Port device team_slave_0 added [ 59.782903][ T7730] team0: Port device team_slave_1 added 07:36:02 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x1c, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="04630440000000000e630c40000000002100c34d000000000f630c40"], 0x0, 0x0, 0x0}) [ 59.842968][ T7733] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.865413][ T7733] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.891987][ T7733] device bridge_slave_0 entered promiscuous mode [ 59.959975][ T7733] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.967042][ T7733] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.995161][ T7733] device bridge_slave_1 entered promiscuous mode [ 60.081518][ T7730] device hsr_slave_0 entered promiscuous mode [ 60.108524][ T7730] device hsr_slave_1 entered promiscuous mode [ 60.168403][ T7730] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.217691][ T7759] IPVS: ftp: loaded support on port[0] = 21 [ 60.311051][ T7733] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.371350][ T7752] chnl_net:caif_netlink_parms(): no params data found [ 60.407997][ T7733] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.612528][ T7733] team0: Port device team_slave_0 added [ 60.649436][ T7752] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.656607][ T7752] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.718984][ T7752] device bridge_slave_0 entered promiscuous mode [ 60.726986][ T21] device bridge_slave_1 left promiscuous mode [ 60.735080][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.860735][ T21] device bridge_slave_0 left promiscuous mode [ 60.866958][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.980692][ T21] device hsr_slave_0 left promiscuous mode [ 61.018357][ T21] device hsr_slave_1 left promiscuous mode 07:36:03 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x2, 0xd, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, [@sadb_x_sec_ctx={0x1}, @sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa8}}, 0x0) [ 61.108679][ T21] team0 (unregistering): Port device team_slave_1 removed [ 61.146225][ T21] team0 (unregistering): Port device team_slave_0 removed [ 61.208844][ T21] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 61.271445][ T21] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 61.392607][ T21] bond0 (unregistering): Released all slaves [ 61.513491][ T7733] team0: Port device team_slave_1 added [ 61.556554][ T7752] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.578242][ T7752] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.585948][ T7752] device bridge_slave_1 entered promiscuous mode [ 61.675113][ T7796] IPVS: ftp: loaded support on port[0] = 21 [ 61.675318][ T7795] IPVS: ftp: loaded support on port[0] = 21 [ 61.712520][ T7752] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.729695][ T7759] chnl_net:caif_netlink_parms(): no params data found [ 61.851795][ T7733] device hsr_slave_0 entered promiscuous mode [ 61.890331][ T7733] device hsr_slave_1 entered promiscuous mode [ 61.943225][ T7752] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.114431][ T7752] team0: Port device team_slave_0 added [ 62.151539][ T7752] team0: Port device team_slave_1 added [ 62.178435][ T7759] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.185646][ T7759] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.196477][ T7811] IPVS: ftp: loaded support on port[0] = 21 [ 62.235293][ T7759] device bridge_slave_0 entered promiscuous mode [ 62.322013][ T7759] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.338610][ T7759] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.370480][ T7759] device bridge_slave_1 entered promiscuous mode [ 62.432370][ T7752] device hsr_slave_0 entered promiscuous mode [ 62.470532][ T7752] device hsr_slave_1 entered promiscuous mode [ 62.483465][ T7822] ================================================================== [ 62.491809][ T7822] BUG: KCSAN: data-race in generic_permission / task_dump_owner [ 62.499425][ T7822] [ 62.501818][ T7822] read to 0xffff88812888e04c of 4 bytes by task 7819 on cpu 1: [ 62.509370][ T7822] generic_permission+0x65/0x3d0 [ 62.514416][ T7822] proc_pid_permission+0xea/0x1c0 [ 62.519647][ T7822] inode_permission+0x241/0x3c0 [ 62.524507][ T7822] link_path_walk.part.0+0x622/0xa90 [ 62.529830][ T7822] path_openat+0x14f/0x36e0 [ 62.534341][ T7822] do_filp_open+0x11e/0x1b0 [ 62.538879][ T7822] do_sys_open+0x3b3/0x4f0 [ 62.543292][ T7822] __x64_sys_open+0x55/0x70 [ 62.547895][ T7822] do_syscall_64+0xcc/0x370 [ 62.552398][ T7822] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.559267][ T7822] [ 62.561593][ T7822] write to 0xffff88812888e04c of 4 bytes by task 7822 on cpu 0: [ 62.569219][ T7822] task_dump_owner+0x237/0x260 [ 62.574338][ T7822] pid_update_inode+0x3c/0x70 [ 62.579150][ T7822] pid_revalidate+0x91/0xd0 [ 62.583742][ T7822] lookup_fast+0x6f2/0x700 [ 62.588153][ T7822] walk_component+0x6d/0xe70 [ 62.592746][ T7822] link_path_walk.part.0+0x5d3/0xa90 [ 62.598029][ T7822] path_openat+0x14f/0x36e0 [ 62.602528][ T7822] do_filp_open+0x11e/0x1b0 [ 62.607033][ T7822] do_sys_open+0x3b3/0x4f0 [ 62.611472][ T7822] __x64_sys_open+0x55/0x70 [ 62.616082][ T7822] do_syscall_64+0xcc/0x370 [ 62.620600][ T7822] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.626590][ T7822] [ 62.628906][ T7822] Reported by Kernel Concurrency Sanitizer on: [ 62.635172][ T7822] CPU: 0 PID: 7822 Comm: ps Not tainted 5.4.0-rc7+ #0 [ 62.642012][ T7822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.652149][ T7822] ================================================================== [ 62.660295][ T7822] Kernel panic - not syncing: panic_on_warn set ... [ 62.666895][ T7822] CPU: 0 PID: 7822 Comm: ps Not tainted 5.4.0-rc7+ #0 [ 62.673645][ T7822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.683744][ T7822] Call Trace: [ 62.687055][ T7822] dump_stack+0x11d/0x181 [ 62.691401][ T7822] panic+0x210/0x640 [ 62.695309][ T7822] ? vprintk_func+0x8d/0x140 [ 62.699914][ T7822] kcsan_report.cold+0xc/0xd [ 62.704514][ T7822] kcsan_setup_watchpoint+0x3fe/0x460 [ 62.710677][ T7822] __tsan_unaligned_write4+0xc4/0x100 [ 62.716066][ T7822] task_dump_owner+0x237/0x260 [ 62.720833][ T7822] ? __rcu_read_unlock+0x66/0x3c0 [ 62.725860][ T7822] pid_update_inode+0x3c/0x70 [ 62.730558][ T7822] pid_revalidate+0x91/0xd0 [ 62.735070][ T7822] lookup_fast+0x6f2/0x700 [ 62.739503][ T7822] walk_component+0x6d/0xe70 [ 62.744445][ T7822] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 62.750793][ T7822] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 62.757249][ T7822] ? security_inode_permission+0xa5/0xc0 [ 62.762893][ T7822] ? inode_permission+0xa0/0x3c0 [ 62.767851][ T7822] link_path_walk.part.0+0x5d3/0xa90 [ 62.773336][ T7822] path_openat+0x14f/0x36e0 [ 62.777841][ T7822] ? __read_once_size.constprop.0+0x12/0x20 [ 62.783737][ T7822] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 62.790000][ T7822] ? __virt_addr_valid+0x126/0x190 [ 62.795246][ T7822] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 62.801925][ T7822] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 62.808177][ T7822] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 62.814685][ T7822] ? __read_once_size+0x41/0xe0 [ 62.819652][ T7822] do_filp_open+0x11e/0x1b0 [ 62.824168][ T7822] ? __alloc_fd+0x2ef/0x3b0 [ 62.828684][ T7822] do_sys_open+0x3b3/0x4f0 [ 62.833198][ T7822] __x64_sys_open+0x55/0x70 [ 62.837722][ T7822] do_syscall_64+0xcc/0x370 [ 62.842337][ T7822] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.848287][ T7822] RIP: 0033:0x7f920eec0120 [ 62.853106][ T7822] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 62.873351][ T7822] RSP: 002b:00007fff11a480d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 62.882910][ T7822] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f920eec0120 [ 62.890993][ T7822] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f920f38ed00 [ 62.899065][ T7822] RBP: 0000000000001000 R08: 0000000000000000 R09: 00007f920f18857b [ 62.907031][ T7822] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f920f38dd00 [ 62.918330][ T7822] R13: 0000000000000020 R14: 0000000000000005 R15: 0000000000000000 [ 62.927938][ T7822] Kernel Offset: disabled [ 62.932379][ T7822] Rebooting in 86400 seconds..