[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 34.778626][ T25] audit: type=1800 audit(1572279142.189:25): pid=7024 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 34.806168][ T25] audit: type=1800 audit(1572279142.199:26): pid=7024 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 34.833404][ T25] audit: type=1800 audit(1572279142.199:27): pid=7024 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts. 2019/10/28 16:12:34 fuzzer started 2019/10/28 16:12:35 dialing manager at 10.128.0.105:45117 2019/10/28 16:12:35 syscalls: 2540 2019/10/28 16:12:35 code coverage: enabled 2019/10/28 16:12:35 comparison tracing: enabled 2019/10/28 16:12:35 extra coverage: extra coverage is not supported by the kernel 2019/10/28 16:12:35 setuid sandbox: enabled 2019/10/28 16:12:35 namespace sandbox: enabled 2019/10/28 16:12:35 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/28 16:12:35 fault injection: enabled 2019/10/28 16:12:35 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/28 16:12:35 net packet injection: enabled 2019/10/28 16:12:35 net device setup: enabled 2019/10/28 16:12:35 concurrency sanitizer: enabled 2019/10/28 16:12:39 adding functions to KCSAN blacklist: 'echo_char' '__nf_ct_refresh_acct' 'pid_update_inode' 'rcu_gp_fqs_loop' '__tcp_select_window' 'tcp_add_backlog' 'ep_poll' 'tomoyo_supervisor' 'tick_do_update_jiffies64' '__hrtimer_run_queues' 'tick_sched_do_timer' 'blk_mq_sched_dispatch_requests' '__nf_conntrack_find_get' 16:12:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x6) 16:12:43 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cr4={0x1, 0x100000}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) syzkaller login: [ 55.666482][ T7192] IPVS: ftp: loaded support on port[0] = 21 [ 55.780454][ T7194] IPVS: ftp: loaded support on port[0] = 21 [ 55.857703][ T7192] chnl_net:caif_netlink_parms(): no params data found 16:12:43 executing program 2: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000240)={0x1, @win={{0x0, 0x0, 0x0, 0xd0a}, 0x0, 0x0, 0x0, 0x0, 0x0}}) [ 55.951643][ T7192] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.963972][ T7192] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.981132][ T7192] device bridge_slave_0 entered promiscuous mode [ 56.013766][ T7192] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.030359][ T7192] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.050366][ T7192] device bridge_slave_1 entered promiscuous mode [ 56.081499][ T7194] chnl_net:caif_netlink_parms(): no params data found [ 56.110863][ T7192] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.138665][ T7192] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.190300][ T7194] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.190510][ T7199] IPVS: ftp: loaded support on port[0] = 21 [ 56.197459][ T7194] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.213642][ T7194] device bridge_slave_0 entered promiscuous mode [ 56.232613][ T7194] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.239893][ T7194] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.248033][ T7194] device bridge_slave_1 entered promiscuous mode [ 56.258089][ T7192] team0: Port device team_slave_0 added [ 56.281796][ T7192] team0: Port device team_slave_1 added [ 56.297471][ T7194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 16:12:43 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(r0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x80\x01\xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) [ 56.321978][ T7194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.393003][ T7192] device hsr_slave_0 entered promiscuous mode [ 56.441516][ T7192] device hsr_slave_1 entered promiscuous mode [ 56.502185][ T7194] team0: Port device team_slave_0 added [ 56.574807][ T7194] team0: Port device team_slave_1 added [ 56.862797][ T7194] device hsr_slave_0 entered promiscuous mode [ 56.879865][ T7194] device hsr_slave_1 entered promiscuous mode [ 56.929520][ T7194] debugfs: Directory 'hsr0' with parent '/' already present! [ 56.938892][ T7192] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.945980][ T7192] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.953360][ T7192] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.960621][ T7192] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.015379][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.061426][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.103214][ T7213] IPVS: ftp: loaded support on port[0] = 21 [ 57.107517][ T7199] chnl_net:caif_netlink_parms(): no params data found 16:12:44 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000001580)='/dev/sg#\x00', 0x0, 0x5) writev(r0, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000000000)="83009daa1d484ed021340aa84d4577670e6665fc56c9953fbd806378ee39bcec5a2cde3a27b238", 0x27}], 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0xc0040, 0x0) unshare(0x2040400) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r1, 0x84, 0x78, 0x0, 0xffffff15) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000440)="f38465a12ffe71080696cfd7254c6003d2560284820723bf3999d525c40d26c4c924e1660e99fd9a1aff221f5c9c6ab376b5cc6a64747798e4fa710a77228267f70b455f5d2e5fe8c4aa243733a4540f0add97adaa146724c9fc9e321806136d9593c94966a20881f5128a6926a7ff4f7742676d86eb9ddb6e60c567281d", 0x7e) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) add_key$keyring(&(0x7f0000000380)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) keyctl$setperm(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = getpid() sched_setscheduler(r4, 0x5, &(0x7f0000000380)) ioctl$sock_FIOSETOWN(r3, 0x8901, &(0x7f00000001c0)=r4) add_key$user(0x0, &(0x7f0000000640)={'syz', 0x0}, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000380)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) keyctl$setperm(0x5, 0x0, 0x0) ioctl$sock_ifreq(r2, 0x8991, &(0x7f00000000c0)={'bond0\x00\x16\b\xea\xff\xff\x80\x00\x06\x02\xff', @ifru_names='bond_slave_1\x00t\x00'}) ioctl$sock_ifreq(r2, 0x8990, &(0x7f0000000240)={'bond0\x00\xe1\x03\f\x00!!\x00\x01\x00\x01', @ifru_names='bond_slave_1\x00\x00\x00\b'}) [ 57.442367][ T7199] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.479489][ T7199] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.487753][ T7199] device bridge_slave_0 entered promiscuous mode [ 57.568626][ T7192] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.613722][ T7199] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.649622][ T7199] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.689556][ T7199] device bridge_slave_1 entered promiscuous mode [ 57.775755][ T7192] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.934213][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.950276][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.971753][ T7199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.001441][ T7199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.152713][ T7194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.195869][ T7198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.212913][ T7198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.280514][ T7198] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.287598][ T7198] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.380264][ T7198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.432706][ T7198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.480184][ T7198] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.487254][ T7198] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.572541][ T7198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.613380][ T7198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.740118][ T7192] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 58.775800][ T7240] ================================================================== [ 58.784137][ T7240] BUG: KCSAN: data-race in task_dump_owner / task_dump_owner [ 58.791489][ T7240] [ 58.793818][ T7240] write to 0xffff88812a7ff04c of 4 bytes by task 7244 on cpu 1: [ 58.799538][ T7192] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 58.801459][ T7240] task_dump_owner+0x237/0x260 [ 58.816505][ T7240] pid_update_inode+0x3c/0x70 [ 58.821181][ T7240] pid_revalidate+0x91/0xd0 [ 58.825683][ T7240] lookup_fast+0x618/0x700 [ 58.830127][ T7240] path_openat+0x2ac/0x36e0 [ 58.834620][ T7240] do_filp_open+0x11e/0x1b0 [ 58.839113][ T7240] do_sys_open+0x3b3/0x4f0 [ 58.843544][ T7240] __x64_sys_open+0x55/0x70 [ 58.848080][ T7240] do_syscall_64+0xcc/0x370 [ 58.852582][ T7240] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.858460][ T7240] [ 58.860878][ T7240] write to 0xffff88812a7ff04c of 4 bytes by task 7240 on cpu 0: [ 58.861536][ T7199] team0: Port device team_slave_0 added [ 58.868516][ T7240] task_dump_owner+0x237/0x260 [ 58.877575][ T7252] IPVS: ftp: loaded support on port[0] = 21 [ 58.878839][ T7240] pid_update_inode+0x3c/0x70 [ 58.889384][ T7240] pid_revalidate+0x91/0xd0 [ 58.893887][ T7240] lookup_fast+0x618/0x700 [ 58.898299][ T7240] path_openat+0x2ac/0x36e0 [ 58.902796][ T7240] do_filp_open+0x11e/0x1b0 [ 58.907304][ T7240] do_sys_open+0x3b3/0x4f0 [ 58.911719][ T7240] __x64_sys_open+0x55/0x70 [ 58.916223][ T7240] do_syscall_64+0xcc/0x370 [ 58.920729][ T7240] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.921163][ T7199] team0: Port device team_slave_1 added [ 58.926704][ T7240] [ 58.934566][ T7240] Reported by Kernel Concurrency Sanitizer on: [ 58.940728][ T7240] CPU: 0 PID: 7240 Comm: ps Not tainted 5.4.0-rc3+ #0 [ 58.949045][ T7240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.959095][ T7240] ================================================================== [ 58.967156][ T7240] Kernel panic - not syncing: panic_on_warn set ... [ 58.973769][ T7240] CPU: 0 PID: 7240 Comm: ps Not tainted 5.4.0-rc3+ #0 [ 58.980523][ T7240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.990570][ T7240] Call Trace: [ 58.993874][ T7240] dump_stack+0xf5/0x159 [ 58.998123][ T7240] panic+0x210/0x640 [ 59.002024][ T7240] ? do_syscall_64+0xcc/0x370 [ 59.006701][ T7240] ? vprintk_func+0x8d/0x140 [ 59.011303][ T7240] kcsan_report.cold+0xc/0x10 [ 59.015993][ T7240] __kcsan_setup_watchpoint+0x32e/0x4a0 [ 59.021541][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 59.027170][ T7240] __tsan_write4+0x32/0x40 [ 59.031585][ T7240] task_dump_owner+0x237/0x260 [ 59.036346][ T7240] ? __rcu_read_unlock+0x66/0x3c0 [ 59.041887][ T7240] pid_update_inode+0x3c/0x70 [ 59.046565][ T7240] pid_revalidate+0x91/0xd0 [ 59.051073][ T7240] lookup_fast+0x618/0x700 [ 59.055490][ T7240] path_openat+0x2ac/0x36e0 [ 59.059990][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 59.065615][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 59.071247][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 59.076877][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 59.082510][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 59.088142][ T7240] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 59.094034][ T7240] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 59.099666][ T7240] do_filp_open+0x11e/0x1b0 [ 59.104170][ T7240] ? __alloc_fd+0x316/0x4c0 [ 59.108768][ T7240] do_sys_open+0x3b3/0x4f0 [ 59.113193][ T7240] __x64_sys_open+0x55/0x70 [ 59.117702][ T7240] do_syscall_64+0xcc/0x370 [ 59.122224][ T7240] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.128118][ T7240] RIP: 0033:0x7fe4b694d120 [ 59.132535][ T7240] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 59.152132][ T7240] RSP: 002b:00007ffeb55750e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 59.160544][ T7240] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007fe4b694d120 [ 59.168514][ T7240] RDX: 00007ffeb5575122 RSI: 0000000000000000 RDI: 00007ffeb5575110 [ 59.176510][ T7240] RBP: 0000000000020000 R08: 0000000000000000 R09: 00007fe4b6c1555f [ 59.184482][ T7240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000b06220 [ 59.192477][ T7240] R13: 0000000000000020 R14: 00007fe4b7002010 R15: 0000000000000000 [ 59.201966][ T7240] Kernel Offset: disabled [ 59.206295][ T7240] Rebooting in 86400 seconds..