[ 53.206750][ T26] audit: type=1800 audit(1573054197.390:27): pid=7931 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 53.230558][ T26] audit: type=1800 audit(1573054197.390:28): pid=7931 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 54.084407][ T26] audit: type=1800 audit(1573054198.350:29): pid=7931 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 54.118403][ T26] audit: type=1800 audit(1573054198.350:30): pid=7931 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.23' (ECDSA) to the list of known hosts. 2019/11/06 15:30:05 fuzzer started 2019/11/06 15:30:07 dialing manager at 10.128.0.105:44951 2019/11/06 15:30:09 syscalls: 2553 2019/11/06 15:30:09 code coverage: enabled 2019/11/06 15:30:09 comparison tracing: enabled 2019/11/06 15:30:09 extra coverage: extra coverage is not supported by the kernel 2019/11/06 15:30:09 setuid sandbox: enabled 2019/11/06 15:30:09 namespace sandbox: enabled 2019/11/06 15:30:09 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/06 15:30:09 fault injection: enabled 2019/11/06 15:30:09 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/06 15:30:09 net packet injection: enabled 2019/11/06 15:30:09 net device setup: enabled 2019/11/06 15:30:09 concurrency sanitizer: enabled 2019/11/06 15:30:09 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 69.006791][ T8098] KCSAN: could not find function: 'poll_schedule_timeout' 2019/11/06 15:30:16 adding functions to KCSAN blacklist: 'find_next_bit' 'blk_mq_get_request' 'init_peercred' 'echo_char' 'pipe_poll' '__skb_try_recv_from_queue' 'blk_mq_sched_dispatch_requests' 'generic_fillattr' '__ext4_new_inode' 'lruvec_lru_size' 'ep_poll' 'generic_permission' 'ktime_get_seconds' 'p9_poll_workfn' 'ext4_free_inodes_count' '__hrtimer_run_queues' 'tomoyo_supervisor' 'blk_mq_dispatch_rq_list' 'ktime_get_real_seconds' 'taskstats_exit' 'ext4_nonda_switch' 'poll_schedule_timeout' 'xas_clear_mark' 'mod_timer' 'tick_do_update_jiffies64' 'do_nanosleep' 'dd_has_work' 'sit_tunnel_xmit' 'add_timer' 'ext4_free_inode' 'generic_write_end' 'tcp_add_backlog' 'tick_nohz_next_event' 'vm_area_dup' 'run_timer_softirq' 'rcu_gp_fqs_check_wake' 'tick_sched_do_timer' 'rcu_gp_fqs_loop' 'pid_update_inode' 'wbt_done' 15:30:45 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x0, 0x5010, 0x0) umount2(&(0x7f0000000040)='./file0\x00', 0x0) [ 101.320511][ T8102] IPVS: ftp: loaded support on port[0] = 21 15:30:45 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r2, 0x800000c0045005, &(0x7f0000000000)=0x7b) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) ioctl$int_in(r2, 0x800000c0045005, &(0x7f0000000040)=0x47c15) [ 101.400277][ T8102] chnl_net:caif_netlink_parms(): no params data found [ 101.455540][ T8102] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.472953][ T8102] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.493187][ T8102] device bridge_slave_0 entered promiscuous mode [ 101.503614][ T8102] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.510856][ T8102] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.519402][ T8102] device bridge_slave_1 entered promiscuous mode [ 101.538450][ T8102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.549000][ T8102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.570851][ T8102] team0: Port device team_slave_0 added [ 101.578296][ T8102] team0: Port device team_slave_1 added 15:30:45 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000300)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x106], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 101.646263][ T8102] device hsr_slave_0 entered promiscuous mode [ 101.743145][ T8102] device hsr_slave_1 entered promiscuous mode [ 101.801095][ T8105] IPVS: ftp: loaded support on port[0] = 21 [ 101.886301][ T8102] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.893557][ T8102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.900833][ T8102] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.907933][ T8102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.014509][ T8117] IPVS: ftp: loaded support on port[0] = 21 [ 102.225475][ T8102] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.279614][ T8105] chnl_net:caif_netlink_parms(): no params data found [ 102.320329][ T8102] 8021q: adding VLAN 0 to HW filter on device team0 15:30:46 executing program 3: sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x14c80) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f0000000c40)={{}, {}, [{}, {}], {}, [{}, {}, {}, {}, {}]}, 0x5c, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) [ 102.367123][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.376322][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.424212][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.464686][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 102.534158][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 102.553118][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 102.561545][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.568628][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.623531][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 102.632102][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 102.671529][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.678622][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.724147][ T8105] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.731295][ T8105] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.773532][ T8105] device bridge_slave_0 entered promiscuous mode [ 102.798375][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 102.814184][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 102.833530][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 102.853654][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 102.862733][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 102.904102][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 102.940434][ T8102] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 102.963152][ T8102] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 102.996122][ T8105] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.006923][ T8105] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.023769][ T8105] device bridge_slave_1 entered promiscuous mode [ 103.048889][ T8128] ================================================================== [ 103.057033][ T8128] BUG: KCSAN: data-race in common_perm_cond / task_dump_owner [ 103.064480][ T8128] [ 103.066821][ T8128] write to 0xffff888123975a8c of 4 bytes by task 8124 on cpu 0: [ 103.068541][ T8105] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.077409][ T8128] task_dump_owner+0xd8/0x260 [ 103.077427][ T8128] pid_update_inode+0x3c/0x70 [ 103.077508][ T8128] pid_revalidate+0x91/0xd0 [ 103.100338][ T8128] lookup_fast+0x6f2/0x700 [ 103.104768][ T8128] walk_component+0x6d/0xe70 [ 103.109371][ T8128] link_path_walk.part.0+0x5d3/0xa90 [ 103.114670][ T8128] path_openat+0x14f/0x36e0 [ 103.119172][ T8128] do_filp_open+0x11e/0x1b0 [ 103.123682][ T8128] do_sys_open+0x3b3/0x4f0 [ 103.128099][ T8128] __x64_sys_open+0x55/0x70 [ 103.132611][ T8128] do_syscall_64+0xcc/0x370 [ 103.134299][ T8105] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.137130][ T8128] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 103.152077][ T8128] [ 103.154416][ T8128] read to 0xffff888123975a8c of 4 bytes by task 8128 on cpu 1: [ 103.161969][ T8128] common_perm_cond+0x65/0x110 [ 103.166739][ T8128] apparmor_inode_getattr+0x2b/0x40 [ 103.171943][ T8128] security_inode_getattr+0x9b/0xd0 [ 103.177144][ T8128] vfs_getattr+0x2e/0x70 [ 103.181390][ T8128] vfs_statx+0x102/0x190 [ 103.185640][ T8128] __do_sys_newstat+0x51/0xb0 [ 103.190321][ T8128] __x64_sys_newstat+0x3a/0x50 [ 103.195095][ T8128] do_syscall_64+0xcc/0x370 [ 103.199600][ T8128] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 103.203986][ T8105] team0: Port device team_slave_0 added [ 103.205547][ T8128] [ 103.212134][ T8105] team0: Port device team_slave_1 added [ 103.213385][ T8128] Reported by Kernel Concurrency Sanitizer on: [ 103.213407][ T8128] CPU: 1 PID: 8128 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 103.213417][ T8128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 103.213437][ T8128] ================================================================== [ 103.249933][ T8128] Kernel panic - not syncing: panic_on_warn set ... [ 103.256530][ T8128] CPU: 1 PID: 8128 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 103.263291][ T8128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 103.273787][ T8128] Call Trace: [ 103.277097][ T8128] dump_stack+0xf5/0x159 [ 103.281345][ T8128] panic+0x210/0x640 [ 103.285254][ T8128] ? vprintk_func+0x8d/0x140 [ 103.289854][ T8128] kcsan_report.cold+0xc/0xe [ 103.294456][ T8128] kcsan_setup_watchpoint+0x3fe/0x410 [ 103.299839][ T8128] __tsan_read4+0x145/0x1f0 [ 103.304348][ T8128] common_perm_cond+0x65/0x110 [ 103.309133][ T8128] apparmor_inode_getattr+0x2b/0x40 [ 103.314341][ T8128] security_inode_getattr+0x9b/0xd0 [ 103.319551][ T8128] vfs_getattr+0x2e/0x70 [ 103.323886][ T8128] vfs_statx+0x102/0x190 [ 103.328140][ T8128] __do_sys_newstat+0x51/0xb0 [ 103.332832][ T8128] ? mem_cgroup_handle_over_high+0x50/0x180 [ 103.338921][ T8128] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 103.345169][ T8128] ? debug_smp_processor_id+0x4c/0x172 [ 103.350641][ T8128] __x64_sys_newstat+0x3a/0x50 [ 103.355415][ T8128] do_syscall_64+0xcc/0x370 [ 103.359956][ T8128] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 103.365853][ T8128] RIP: 0033:0x7f76a677cc65 [ 103.370284][ T8128] Code: 00 00 00 e8 5d 01 00 00 48 83 c4 18 c3 90 90 90 90 90 90 90 90 83 ff 01 48 89 f0 77 18 48 89 c7 48 89 d6 b8 04 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 17 f3 c3 90 48 8b 05 a1 51 2b 00 64 c7 00 16 [ 103.389899][ T8128] RSP: 002b:00007fff31587388 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 103.398319][ T8128] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f76a677cc65 [ 103.406298][ T8128] RDX: 00007f76a6c4ac60 RSI: 00007f76a6c4ac60 RDI: 0000000000df2220 [ 103.414271][ T8128] RBP: 0000000000020062 R08: 00007f76a6a325a0 R09: 0000000000000000 [ 103.422250][ T8128] R10: 1999999999999999 R11: 0000000000000246 R12: 0000000000df2220 [ 103.430229][ T8128] R13: 0000000000df21c0 R14: 0000000000000005 R15: 0000000000000000 [ 103.439493][ T8128] Kernel Offset: disabled [ 103.443819][ T8128] Rebooting in 86400 seconds..