[ 55.702184][ T26] audit: type=1800 audit(1574463956.838:27): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 55.733980][ T26] audit: type=1800 audit(1574463956.858:28): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 56.498501][ T26] audit: type=1800 audit(1574463957.728:29): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 56.528190][ T26] audit: type=1800 audit(1574463957.728:30): pid=7558 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.156' (ECDSA) to the list of known hosts. 2019/11/22 23:06:07 fuzzer started 2019/11/22 23:06:10 dialing manager at 10.128.0.105:37257 2019/11/22 23:06:10 syscalls: 2566 2019/11/22 23:06:10 code coverage: enabled 2019/11/22 23:06:10 comparison tracing: enabled 2019/11/22 23:06:10 extra coverage: extra coverage is not supported by the kernel 2019/11/22 23:06:10 setuid sandbox: enabled 2019/11/22 23:06:10 namespace sandbox: enabled 2019/11/22 23:06:10 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/22 23:06:10 fault injection: enabled 2019/11/22 23:06:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/22 23:06:10 net packet injection: enabled 2019/11/22 23:06:10 net device setup: enabled 2019/11/22 23:06:10 concurrency sanitizer: enabled 2019/11/22 23:06:10 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 75.224037][ T7723] KCSAN: could not find function: 'poll_schedule_timeout' 2019/11/22 23:06:23 adding functions to KCSAN blacklist: 'pipe_wait' 'ext4_has_free_clusters' 'do_nanosleep' 'add_timer' 'tick_nohz_idle_stop_tick' 'kauditd_thread' 'ktime_get_real_seconds' 'find_get_pages_range_tag' 'wbt_issue' 'pcpu_alloc' 'sbitmap_queue_clear' 'rcu_gp_fqs_loop' 'virtqueue_disable_cb' 'generic_fillattr' 'snd_ctl_notify' 'echo_char' 'do_exit' 'blk_mq_sched_dispatch_requests' 'n_tty_receive_buf_common' 'wbt_done' 'taskstats_exit' 'tick_sched_do_timer' 'rcu_gp_fqs_check_wake' '__mark_inode_dirty' 'wbt_wait' 'generic_permission' '__hrtimer_run_queues' '__splice_from_pipe' 'pipe_poll' 'tick_nohz_next_event' 'page_counter_try_charge' 'blk_mq_run_hw_queue' 'ext4_nonda_switch' 'audit_log_start' 'lruvec_lru_size' 'ext4_mb_find_by_goal' 'cma_comp_exch' 'blk_mq_get_request' 'flush_workqueue' 'blk_mq_dispatch_rq_list' '__snd_rawmidi_transmit_ack' 'do_syslog' 'ksys_read' 'poll_schedule_timeout' 'timer_clear_idle' 'pid_update_inode' 'list_lru_count_one' 'sit_tunnel_xmit' 'inactive_list_is_low' 'ip_finish_output2' 'enqueue_timer' 'yama_ptracer_del' '__ext4_new_inode' 'evict' 'tick_do_update_jiffies64' 'xas_find_marked' 'p9_poll_workfn' 'find_next_bit' 'ep_poll' 'generic_write_end' 'ext4_mark_iloc_dirty' 'ext4_free_inodes_count' 'futex_wait_queue_me' '__add_to_page_cache_locked' 'ns_capable_common' 'netlink_getname' 'iput' 'ktime_get_seconds' 'run_timer_softirq' 'tcp_add_backlog' 'xas_clear_mark' 'ext4_free_inode' 'atime_needs_update' 'shmem_file_read_iter' '__process_echoes' 'd_instantiate_new' 'ext4_da_write_end' 'dd_has_work' 'mem_cgroup_select_victim_node' 'virtqueue_enable_cb_delayed' 'snd_seq_check_queue' 'vm_area_dup' 'tomoyo_supervisor' 'copy_process' 23:10:04 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vat\x00\x00\x00\x00\x00\x00\x00\xa8\x03\x00', 0x43732e5398416f1a}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pread64(r0, &(0x7f0000000200)=""/39, 0x27, 0x0) close(r0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffffff, 0xc080661a, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0xfffffffffffffe5d, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800000010005fbafffffffffffffff1000e8788", @ANYRES32=0x0, @ANYBLOB="030000000000000008001b0000000000"], 0x28}}, 0x0) [ 303.369469][ T7728] IPVS: ftp: loaded support on port[0] = 21 [ 303.510821][ T7728] chnl_net:caif_netlink_parms(): no params data found [ 303.541648][ T7728] bridge0: port 1(bridge_slave_0) entered blocking state 23:10:04 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)) r2 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f00000000c0)=0x7) fcntl$setsig(r3, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r4}], 0x1, 0xffffffffffbffff8) dup2(r3, r4) fcntl$setown(r3, 0x8, r2) tkill(r2, 0x16) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=0x0) rt_tgsigqueueinfo(r2, r5, 0x21, &(0x7f0000000080)={0x12, 0x6, 0x1}) r6 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r6, 0x890b, &(0x7f0000000140)={0x750, {}, {0x2, 0x0, @loopback}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x2, 0x46a, 0x800}) [ 303.558957][ T7728] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.573922][ T7728] device bridge_slave_0 entered promiscuous mode [ 303.594350][ T7728] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.601467][ T7728] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.613864][ T7728] device bridge_slave_1 entered promiscuous mode [ 303.631463][ T7728] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 303.642039][ T7728] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 303.674190][ T7728] team0: Port device team_slave_0 added [ 303.680851][ T7728] team0: Port device team_slave_1 added [ 303.755525][ T7728] device hsr_slave_0 entered promiscuous mode 23:10:05 executing program 2: r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) fcntl$setstatus(r0, 0x4, 0x6100) write$cgroup_type(r0, &(0x7f0000000200)='threaded\x00', 0x6e00) [ 303.803902][ T7728] device hsr_slave_1 entered promiscuous mode [ 303.876248][ T7731] IPVS: ftp: loaded support on port[0] = 21 [ 303.923958][ T7728] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.931132][ T7728] bridge0: port 2(bridge_slave_1) entered forwarding state [ 303.938575][ T7728] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.945689][ T7728] bridge0: port 1(bridge_slave_0) entered forwarding state [ 304.159196][ T7740] IPVS: ftp: loaded support on port[0] = 21 [ 304.181103][ T7728] 8021q: adding VLAN 0 to HW filter on device bond0 [ 304.263211][ T7728] 8021q: adding VLAN 0 to HW filter on device team0 [ 304.295556][ T3018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 304.315110][ T3018] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.339157][ T7756] ================================================================== [ 304.347478][ T7756] BUG: KCSAN: data-race in common_perm_cond / task_dump_owner [ 304.354931][ T7756] [ 304.357269][ T7756] read to 0xffff88812534182c of 4 bytes by task 7750 on cpu 0: [ 304.364820][ T7756] common_perm_cond+0x65/0x110 [ 304.369594][ T7756] apparmor_inode_getattr+0x2b/0x40 [ 304.374887][ T7756] security_inode_getattr+0x9b/0xd0 [ 304.380106][ T7756] vfs_getattr+0x2e/0x70 [ 304.384354][ T7756] vfs_statx+0x102/0x190 [ 304.388593][ T7756] __do_sys_newstat+0x51/0xb0 [ 304.393274][ T7756] __x64_sys_newstat+0x3a/0x50 [ 304.398041][ T7756] do_syscall_64+0xcc/0x370 [ 304.402546][ T7756] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 304.408426][ T7756] [ 304.410759][ T7756] write to 0xffff88812534182c of 4 bytes by task 7756 on cpu 1: [ 304.418834][ T7756] task_dump_owner+0x237/0x260 [ 304.423596][ T7756] pid_update_inode+0x3c/0x70 [ 304.429928][ T7756] pid_revalidate+0x91/0xd0 [ 304.434435][ T7756] lookup_fast+0x6f2/0x700 [ 304.438878][ T7756] walk_component+0x6d/0xe70 [ 304.443689][ T7756] link_path_walk.part.0+0x5d3/0xa90 [ 304.448980][ T7756] path_openat+0x14f/0x36e0 [ 304.453493][ T7756] do_filp_open+0x11e/0x1b0 [ 304.458014][ T7756] do_sys_open+0x3b3/0x4f0 23:10:05 executing program 3: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) chroot(&(0x7f0000000080)='./file0\x00') mount$bpf(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='bpf\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, 0x0) write$P9_RREAD(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0xffffffffffffff7c, &(0x7f00000bfff0)={&(0x7f0000006440)=ANY=[@ANYBLOB="b800000019000100000000005b000000ff010000000000000000000000000001e000000100000000800000000000000000000000000000000a0001000000002e", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000fbbccf810000000000000000fd85d16e79bad40ac3794899000000000000000000000000000000d94bfeadbfce0d4ed6f71b242b42000000ea0000000000000000000000000000000000000500000000000000000000000000000000000000e6010000000100000000000000"], 0xb8}}, 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = fcntl$getown(r0, 0x9) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(0x0, r1, 0x10, 0xffffffffffffffff, 0xf) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)=ANY=[@ANYBLOB="9e11202e2f66696c65300a061149aa53b8c9a63b2e380e18e8c27b80b59369c0ca8674f06ef0acb261bb45b031067b0b1a042e4eb2c462096893bda561205a6a307cc15b3dcaddb763594d26b6e444735518108ea19c3a47381c6c3df5c7cf686a69ae64f88f5f9f996a710190d0f002dd5dcfccecc52f61306a46196a58f020907ba02064322e81efd6d5889d01bfc9dc03a8308514ad93a807f3b1c414458891dba2f4f60191cc023f6a28f5997cff38bd3e830788"], 0xb6) close(r2) add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) r3 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, r3) r4 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0x0) r5 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, r4) add_key$keyring(&(0x7f00000003c0)='keyring\x00', &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, r5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x0) r6 = socket$inet6(0xa, 0x1000000000000002, 0x0) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x6}, 0x1c) sendmmsg(r6, &(0x7f00000092c0), 0x4ff, 0x80fe) [ 304.462444][ T7756] __x64_sys_open+0x55/0x70 [ 304.466991][ T7756] do_syscall_64+0xcc/0x370 [ 304.471501][ T7756] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 304.477468][ T7756] [ 304.479805][ T7756] Reported by Kernel Concurrency Sanitizer on: [ 304.485967][ T7756] CPU: 1 PID: 7756 Comm: ps Not tainted 5.4.0-rc7+ #0 [ 304.492815][ T7756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.502888][ T7756] ================================================================== [ 304.511200][ T7756] Kernel panic - not syncing: panic_on_warn set ... [ 304.517795][ T7756] CPU: 1 PID: 7756 Comm: ps Not tainted 5.4.0-rc7+ #0 [ 304.524901][ T7756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.534950][ T7756] Call Trace: [ 304.538251][ T7756] dump_stack+0x11d/0x181 [ 304.542585][ T7756] panic+0x210/0x640 [ 304.546509][ T7756] ? vprintk_func+0x8d/0x140 [ 304.551113][ T7756] kcsan_report.cold+0xc/0xd [ 304.555723][ T7756] kcsan_setup_watchpoint+0x3fe/0x460 [ 304.561285][ T7756] __tsan_unaligned_write4+0xc4/0x100 [ 304.566682][ T7756] task_dump_owner+0x237/0x260 [ 304.571464][ T7756] ? __rcu_read_unlock+0x66/0x3c0 [ 304.576501][ T7756] pid_update_inode+0x3c/0x70 [ 304.581181][ T7756] pid_revalidate+0x91/0xd0 [ 304.585696][ T7756] lookup_fast+0x6f2/0x700 [ 304.590144][ T7756] walk_component+0x6d/0xe70 [ 304.594749][ T7756] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 304.600996][ T7756] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 304.607279][ T7756] ? security_inode_permission+0xa5/0xc0 [ 304.612954][ T7756] ? inode_permission+0xa0/0x3c0 [ 304.617915][ T7756] link_path_walk.part.0+0x5d3/0xa90 [ 304.623221][ T7756] path_openat+0x14f/0x36e0 [ 304.627749][ T7756] ? __read_once_size.constprop.0+0x12/0x20 [ 304.634088][ T7756] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 304.640345][ T7756] ? __virt_addr_valid+0x126/0x190 [ 304.645578][ T7756] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 304.651918][ T7756] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 304.658214][ T7756] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 304.664115][ T7756] ? __read_once_size+0x41/0xe0 [ 304.668980][ T7756] do_filp_open+0x11e/0x1b0 [ 304.673508][ T7756] ? __alloc_fd+0x2ef/0x3b0 [ 304.678025][ T7756] do_sys_open+0x3b3/0x4f0 [ 304.682626][ T7756] __x64_sys_open+0x55/0x70 [ 304.687143][ T7756] do_syscall_64+0xcc/0x370 [ 304.691760][ T7756] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 304.697670][ T7756] RIP: 0033:0x7f00a47b6120 [ 304.702117][ T7756] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 304.722947][ T7756] RSP: 002b:00007ffc5f1938e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 304.731370][ T7756] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f00a47b6120 [ 304.739361][ T7756] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f00a4c84d00 [ 304.747335][ T7756] RBP: 0000000000001000 R08: 0000000000000000 R09: 00007f00a4a7e57b [ 304.757040][ T7756] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f00a4c83d00 [ 304.765012][ T7756] R13: 0000000000000020 R14: 0000000000000005 R15: 0000000000000000 [ 304.774537][ T7756] Kernel Offset: disabled [ 304.778876][ T7756] Rebooting in 86400 seconds..