[info] Using makefile-style concurrent boot in runlevel 2. [ 43.095728][ T26] audit: type=1800 audit(1575543988.329:21): pid=7477 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 43.145383][ T26] audit: type=1800 audit(1575543988.329:22): pid=7477 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.112' (ECDSA) to the list of known hosts. 2019/12/05 11:06:39 fuzzer started 2019/12/05 11:06:41 dialing manager at 10.128.0.105:33795 2019/12/05 11:06:41 syscalls: 2684 2019/12/05 11:06:41 code coverage: enabled 2019/12/05 11:06:41 comparison tracing: enabled 2019/12/05 11:06:41 extra coverage: extra coverage is not supported by the kernel 2019/12/05 11:06:41 setuid sandbox: enabled 2019/12/05 11:06:41 namespace sandbox: enabled 2019/12/05 11:06:41 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/05 11:06:41 fault injection: enabled 2019/12/05 11:06:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/05 11:06:41 net packet injection: enabled 2019/12/05 11:06:41 net device setup: enabled 2019/12/05 11:06:41 concurrency sanitizer: enabled 2019/12/05 11:06:41 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/12/05 11:06:45 adding functions to KCSAN blacklist: 'find_next_bit' 'rcu_gp_fqs_loop' 'dd_has_work' 'xas_clear_mark' '__snd_rawmidi_transmit_ack' 'taskstats_exit' 'lruvec_lru_size' 'blk_mq_run_hw_queue' 'generic_write_end' 'ext4_nonda_switch' 'tomoyo_supervisor' 'ep_poll' 'tcp_add_backlog' 'do_nanosleep' 'run_timer_softirq' 'wbt_done' 'blk_mq_get_request' 'tick_sched_do_timer' '__hrtimer_run_queues' 'pipe_poll' 'tick_do_update_jiffies64' 'blk_mq_sched_dispatch_requests' 'ext4_has_free_clusters' 'do_syslog' 11:06:58 executing program 0: r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000080)={0xa}) 11:06:58 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@mcast2, 0x10000, 0x0, 0x102, 0x8000003}, 0x20) syzkaller login: [ 73.058988][ T7649] IPVS: ftp: loaded support on port[0] = 21 [ 73.190244][ T7649] chnl_net:caif_netlink_parms(): no params data found [ 73.257525][ T7649] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.264877][ T7649] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.272756][ T7649] device bridge_slave_0 entered promiscuous mode [ 73.281132][ T7649] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.285064][ T7652] IPVS: ftp: loaded support on port[0] = 21 [ 73.289363][ T7649] bridge0: port 2(bridge_slave_1) entered disabled state 11:06:58 executing program 2: r0 = fsopen(&(0x7f0000000000)='btrfs\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) [ 73.302553][ T7649] device bridge_slave_1 entered promiscuous mode [ 73.327446][ T7649] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.352266][ T7649] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.394591][ T7649] team0: Port device team_slave_0 added [ 73.401516][ T7649] team0: Port device team_slave_1 added [ 73.419847][ T7652] chnl_net:caif_netlink_parms(): no params data found [ 73.485593][ T7649] device hsr_slave_0 entered promiscuous mode [ 73.523784][ T7649] device hsr_slave_1 entered promiscuous mode 11:06:58 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000040)={0x7a, 0x0, [0x4b564d04]}) [ 73.631687][ T7652] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.646176][ T7652] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.665376][ T7652] device bridge_slave_0 entered promiscuous mode [ 73.694946][ T7655] IPVS: ftp: loaded support on port[0] = 21 [ 73.714904][ T7652] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.722013][ T7652] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.734386][ T7652] device bridge_slave_1 entered promiscuous mode [ 73.800761][ T7652] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.837750][ T7649] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.844901][ T7649] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.852567][ T7649] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.859643][ T7649] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.947379][ T7652] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.084225][ T7652] team0: Port device team_slave_0 added [ 74.091629][ T7652] team0: Port device team_slave_1 added [ 74.128232][ T7649] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.164471][ T7655] chnl_net:caif_netlink_parms(): no params data found [ 74.200379][ T7649] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.217184][ T3513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.235973][ T3513] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.274905][ T3513] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.295873][ T3513] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 74.341929][ T7679] IPVS: ftp: loaded support on port[0] = 21 [ 74.376741][ T7652] device hsr_slave_0 entered promiscuous mode [ 74.414792][ T7652] device hsr_slave_1 entered promiscuous mode [ 74.454377][ T7652] debugfs: Directory 'hsr0' with parent '/' already present! [ 74.474324][ T3513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.493863][ T3513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.514040][ T3513] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.521297][ T3513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.546603][ T3513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.565472][ T3513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 74.594134][ T3513] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.601401][ T3513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.653928][ T3513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 74.674178][ T3513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 74.686714][ T3513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 74.696167][ T3513] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 11:06:59 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@gettfilter={0x24, 0x2c, 0x1}, 0x24}}, 0x0) [ 74.707727][ T3513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 74.717235][ T3513] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 74.779185][ T7649] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 74.823457][ T7649] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 74.885840][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 74.905684][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 74.945623][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.985869][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 75.008843][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.096465][ T7655] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.125079][ T7655] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.145014][ T7655] device bridge_slave_0 entered promiscuous mode [ 75.171620][ T7682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.206025][ T7655] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.213276][ T7655] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.234751][ T7655] device bridge_slave_1 entered promiscuous mode [ 75.301456][ T7682] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.322344][ T7682] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 75.347886][ T7649] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.417971][ T7699] IPVS: ftp: loaded support on port[0] = 21 [ 75.441339][ T7655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.497767][ T7679] chnl_net:caif_netlink_parms(): no params data found 11:07:00 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7f, 0xa08c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x6}, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000, 0x2, 0x0, 0x0, 0x0, 0xfe73, 0xfffc}, 0x0, 0x0, 0xffffffffffffffff, 0x1) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) r1 = socket$inet6(0xa, 0x401000000001, 0x0) close(r1) r2 = open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) ftruncate(r2, 0x2007fff) sendfile(r1, r2, 0x0, 0x8000fffffffe) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r2, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000657c0c3088b3d0cefd0b9eb7b84345ca61da66261ce6c80aa023995a619ed68777190000e48f35649b81bd1a90259af892c2a71354f47d4edc337f556a8eab851d1bf6c9", @ANYRES16=r3, @ANYBLOB="ff00008245c5e9a742701332694980d8c800316bad2cb6d439b33516a7c57c48dabc9859ca614a6eefa1020d28c37ed35fc265fad63d63eff0febe90a22367a712266363d0c1989fc83fcd93859ab5acf1421301871723f813afc4a2a741f76fcd31b403b5c0c0f66c44e621627a5ae47c84564cd597dd00f987af9a68615d6e3ee5c0a45ff9af81cbe23b5ee48c49a3df16285108e7837017edbfe6"], 0x3}, 0x1, 0x0, 0x0, 0x8004811}, 0x840) socket$inet6(0xa, 0x0, 0x0) open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) r4 = open(&(0x7f0000000400)='./bus\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000001300), &(0x7f0000001340)=0x8) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f0000000340), 0x8) [ 75.549690][ T7655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.583052][ T7652] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.681267][ T7652] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.714749][ T7655] team0: Port device team_slave_0 added [ 75.727418][ T7682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 75.739190][ T7700] ================================================================== [ 75.747485][ T7700] BUG: KCSAN: data-race in common_perm_cond / task_dump_owner [ 75.755491][ T7700] [ 75.757830][ T7700] read to 0xffff888128853d6c of 4 bytes by task 7708 on cpu 0: [ 75.765392][ T7700] common_perm_cond+0x65/0x110 [ 75.770177][ T7700] apparmor_inode_getattr+0x2b/0x40 [ 75.775403][ T7700] security_inode_getattr+0x9b/0xd0 [ 75.780738][ T7700] vfs_getattr+0x2e/0x70 [ 75.785102][ T7700] vfs_statx+0x102/0x190 [ 75.789587][ T7700] __do_sys_newstat+0x51/0xb0 [ 75.794412][ T7700] __x64_sys_newstat+0x3a/0x50 [ 75.799431][ T7700] do_syscall_64+0xcc/0x370 [ 75.803946][ T7700] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.809835][ T7700] [ 75.812186][ T7700] write to 0xffff888128853d6c of 4 bytes by task 7700 on cpu 1: [ 75.820626][ T7700] task_dump_owner+0x237/0x260 [ 75.825403][ T7700] pid_update_inode+0x3c/0x70 [ 75.830154][ T7700] pid_revalidate+0x91/0xd0 [ 75.834671][ T7700] lookup_fast+0x6f2/0x700 [ 75.839095][ T7700] walk_component+0x6d/0xe70 [ 75.843696][ T7700] link_path_walk.part.0+0x5d3/0xa90 [ 75.849022][ T7700] path_openat+0x14f/0x36e0 [ 75.853622][ T7700] do_filp_open+0x11e/0x1b0 [ 75.858318][ T7700] do_sys_open+0x3b3/0x4f0 [ 75.862754][ T7700] __x64_sys_open+0x55/0x70 [ 75.867291][ T7700] do_syscall_64+0xcc/0x370 [ 75.871807][ T7700] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.877696][ T7700] [ 75.880025][ T7700] Reported by Kernel Concurrency Sanitizer on: [ 75.886324][ T7700] CPU: 1 PID: 7700 Comm: ps Not tainted 5.4.0-syzkaller #0 [ 75.893785][ T7700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.903945][ T7700] ================================================================== [ 75.912171][ T7700] Kernel panic - not syncing: panic_on_warn set ... [ 75.918769][ T7700] CPU: 1 PID: 7700 Comm: ps Not tainted 5.4.0-syzkaller #0 [ 75.926071][ T7700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.936147][ T7700] Call Trace: [ 75.939607][ T7700] dump_stack+0x11d/0x181 [ 75.943952][ T7700] panic+0x210/0x640 [ 75.948233][ T7700] ? vprintk_func+0x8d/0x140 [ 75.952857][ T7700] kcsan_report.cold+0xc/0xd [ 75.957575][ T7700] kcsan_setup_watchpoint+0x3fe/0x460 [ 75.963083][ T7700] __tsan_unaligned_write4+0xc4/0x100 [ 75.968470][ T7700] task_dump_owner+0x237/0x260 [ 75.973243][ T7700] ? __rcu_read_unlock+0x66/0x3c0 [ 75.978396][ T7700] pid_update_inode+0x3c/0x70 [ 75.983082][ T7700] pid_revalidate+0x91/0xd0 [ 75.987804][ T7700] lookup_fast+0x6f2/0x700 [ 75.992503][ T7700] walk_component+0x6d/0xe70 [ 75.997614][ T7700] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 76.004708][ T7700] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 76.011328][ T7700] ? security_inode_permission+0xa5/0xc0 [ 76.017279][ T7700] ? inode_permission+0xa0/0x3c0 [ 76.022740][ T7700] link_path_walk.part.0+0x5d3/0xa90 [ 76.028435][ T7700] path_openat+0x14f/0x36e0 [ 76.033128][ T7700] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 76.039320][ T7700] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 76.046586][ T7700] ? __rcu_read_unlock+0x66/0x3c0 [ 76.052009][ T7700] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 76.058184][ T7700] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 76.064154][ T7700] ? __read_once_size+0x41/0xe0 [ 76.070102][ T7700] do_filp_open+0x11e/0x1b0 [ 76.075181][ T7700] ? __alloc_fd+0x2ef/0x3b0 [ 76.080126][ T7700] do_sys_open+0x3b3/0x4f0 [ 76.085126][ T7700] __x64_sys_open+0x55/0x70 [ 76.090724][ T7700] do_syscall_64+0xcc/0x370 [ 76.095917][ T7700] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.101830][ T7700] RIP: 0033:0x7fbb21865120 [ 76.106257][ T7700] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 76.128656][ T7700] RSP: 002b:00007ffc88624d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 76.137917][ T7700] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007fbb21865120 [ 76.146741][ T7700] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fbb21d33d00 [ 76.154732][ T7700] RBP: 0000000000001000 R08: 0000000000000000 R09: 00007fbb21b2da10 [ 76.162792][ T7700] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbb21d32d00 [ 76.171905][ T7700] R13: 00000000009fe1c0 R14: 0000000000000005 R15: 0000000000000000 [ 76.181747][ T7700] Kernel Offset: disabled [ 76.186430][ T7700] Rebooting in 86400 seconds..