[ 43.396718][ T25] audit: type=1800 audit(1572005204.121:21): pid=7137 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 43.441587][ T25] audit: type=1800 audit(1572005204.121:22): pid=7137 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [ 43.464563][ T25] audit: type=1800 audit(1572005204.121:23): pid=7137 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rsyslog" dev="sda1" ino=2475 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.132' (ECDSA) to the list of known hosts. 2019/10/25 12:06:54 fuzzer started 2019/10/25 12:06:56 dialing manager at 10.128.0.105:33971 2019/10/25 12:06:58 syscalls: 2529 2019/10/25 12:06:58 code coverage: enabled 2019/10/25 12:06:58 comparison tracing: enabled 2019/10/25 12:06:58 extra coverage: extra coverage is not supported by the kernel 2019/10/25 12:06:58 setuid sandbox: enabled 2019/10/25 12:06:58 namespace sandbox: enabled 2019/10/25 12:06:58 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/25 12:06:58 fault injection: enabled 2019/10/25 12:06:58 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/25 12:06:58 net packet injection: enabled 2019/10/25 12:06:58 net device setup: enabled 2019/10/25 12:06:58 concurrency sanitizer: enabled syzkaller login: [ 63.274735][ T7299] KCSAN: could not find function: 'poll_schedule_timeout' 2019/10/25 12:07:07 adding functions to KCSAN blacklist: 'xas_find_marked' '__tcp_select_window' 'generic_write_end' 'pid_update_inode' 'taskstats_exit' 'tick_sched_do_timer' 'find_next_bit' 'rcu_gp_fqs_check_wake' 'update_defense_level' 'tick_nohz_idle_stop_tick' 'rcu_gp_fqs_loop' '__dev_queue_xmit' 'echo_char' 'mod_timer' '__alloc_file' 'do_nanosleep' 'dd_has_work' 'ext4_setattr' '__nf_ct_refresh_acct' 'blk_mq_dispatch_rq_list' 'poll_schedule_timeout' 'ktime_get_seconds' 'ext4_has_free_clusters' '__hrtimer_run_queues' 'ep_poll' 'tcp_poll' 'generic_fillattr' 'task_dump_owner' 'datagram_poll' 'tomoyo_supervisor' '__ext4_new_inode' 'blk_mq_get_request' 'shmem_file_read_iter' 'ktime_get_real_seconds' 'pipe_poll' 'atime_needs_update' 'find_get_pages_range_tag' 'generic_permission' 'run_timer_softirq' 'ext4_free_inodes_count' 'tcp_add_backlog' 'tick_do_update_jiffies64' 12:07:44 executing program 0: socket$rxrpc(0x21, 0x2, 0xa) syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0xc230, 0x0) pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000600)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0xff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 104.405404][ T7303] IPVS: ftp: loaded support on port[0] = 21 12:07:45 executing program 1: perf_event_open$cgroup(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xefc4}, 0xe345c3afc62c1a7c, 0x0, 0xda, 0x0, 0x7, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x7) socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) openat$vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vsock\x00', 0x400000, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000040)='threaded\x00', 0xfea4) fallocate(0xffffffffffffffff, 0x0, 0x7ffd, 0x8000) fallocate(0xffffffffffffffff, 0x3, 0x0, 0xfff9) lstat(0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x4, 0x0) ioctl$VIDIOC_S_AUDOUT(r1, 0x40345632, &(0x7f0000000240)={0x0, "ce8b44145e2f523de46b0d29d445033ac5d680b4725ea59bb955f594e34cfda8", 0x2}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.n\xd3!\n\x82c~\x949', 0x1ff) socket$kcm(0x29, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000200)=0xa7) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000200)=0x1fb) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x401c5820, &(0x7f0000000000)) recvfrom$unix(0xffffffffffffffff, &(0x7f0000000280)=""/72, 0x48, 0x3000, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0x10, 0x2, 0x0) write(r2, &(0x7f0000000000)="1c0000001a009b8a14000000ff0000adf87e28000000000000000000", 0x1c) recvmmsg(r2, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) socket$kcm(0xa, 0x2, 0x0) [ 104.543952][ T7303] chnl_net:caif_netlink_parms(): no params data found [ 104.614658][ T7303] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.632267][ T7303] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.640340][ T7303] device bridge_slave_0 entered promiscuous mode [ 104.648464][ T7303] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.655982][ T7303] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.664496][ T7303] device bridge_slave_1 entered promiscuous mode [ 104.686798][ T7303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.703805][ T7303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 12:07:45 executing program 2: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x2, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000130a075a1dfffd946fa2830020200a0009000300001d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) [ 104.747077][ T7306] IPVS: ftp: loaded support on port[0] = 21 [ 104.758091][ T7303] team0: Port device team_slave_0 added [ 104.777163][ T7303] team0: Port device team_slave_1 added [ 104.865001][ T7303] device hsr_slave_0 entered promiscuous mode [ 104.902467][ T7303] device hsr_slave_1 entered promiscuous mode [ 105.027951][ T7308] IPVS: ftp: loaded support on port[0] = 21 [ 105.120504][ T7303] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.127666][ T7303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.135016][ T7303] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.142195][ T7303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.285314][ T7306] chnl_net:caif_netlink_parms(): no params data found [ 105.426077][ T7303] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.484136][ T7306] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.491279][ T7306] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.522209][ T7306] device bridge_slave_0 entered promiscuous mode [ 105.567916][ T7303] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.587034][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 105.622391][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.643232][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.675483][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 105.699090][ T7306] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.712171][ T7306] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.720309][ T7306] device bridge_slave_1 entered promiscuous mode [ 105.762862][ T7308] chnl_net:caif_netlink_parms(): no params data found 12:07:46 executing program 3: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000080)={@mcast2}, 0x14) [ 105.832825][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 105.845081][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 105.888360][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.895515][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.952937][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 105.994959][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 106.019199][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.026409][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.082973][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 106.125537][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 106.153788][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 106.182997][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 106.228851][ T7306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.249046][ T7303] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 106.314699][ T7303] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 106.407393][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 106.418319][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 106.465621][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 106.496207][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 106.535096][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 106.555662][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 106.595545][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 106.614557][ T7306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.670307][ T7335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 106.709478][ T7338] IPVS: ftp: loaded support on port[0] = 21 [ 106.717853][ T7308] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.734437][ T7308] bridge0: port 1(bridge_slave_0) entered disabled state 12:07:47 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000080)={0x10}) [ 106.772713][ T7308] device bridge_slave_0 entered promiscuous mode [ 106.805368][ T7306] team0: Port device team_slave_0 added [ 106.821796][ T7308] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.848408][ T7308] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.893071][ T7308] device bridge_slave_1 entered promiscuous mode [ 106.925639][ T7303] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.962321][ T7306] team0: Port device team_slave_1 added [ 107.069360][ T7308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.097400][ T7327] ================================================================== [ 107.105528][ T7327] BUG: KCSAN: data-race in pipe_wait / put_pipe_info [ 107.112180][ T7327] [ 107.114498][ T7327] read to 0xffff88810ac50dcc of 4 bytes by task 7328 on cpu 1: [ 107.122027][ T7327] pipe_wait+0xd7/0x140 [ 107.126254][ T7327] pipe_read+0x3b1/0x5e0 [ 107.130478][ T7327] new_sync_read+0x389/0x4f0 [ 107.135048][ T7327] __vfs_read+0xb1/0xc0 [ 107.139196][ T7327] vfs_read+0x143/0x2c0 [ 107.143342][ T7327] ksys_read+0xd5/0x1b0 [ 107.147480][ T7327] __x64_sys_read+0x4c/0x60 [ 107.151969][ T7327] do_syscall_64+0xcc/0x370 [ 107.156457][ T7327] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 107.162325][ T7327] [ 107.164639][ T7327] write to 0xffff88810ac50dcc of 4 bytes by task 7327 on cpu 0: [ 107.172263][ T7327] put_pipe_info+0x4d/0xb0 [ 107.176662][ T7327] pipe_release+0x152/0x1b0 [ 107.181148][ T7327] __fput+0x1e1/0x520 [ 107.185116][ T7327] ____fput+0x1f/0x30 [ 107.189085][ T7327] task_work_run+0xf6/0x130 [ 107.193590][ T7327] exit_to_usermode_loop+0x2b4/0x2c0 [ 107.198875][ T7327] do_syscall_64+0x353/0x370 [ 107.203898][ T7327] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 107.209764][ T7327] [ 107.212091][ T7327] Reported by Kernel Concurrency Sanitizer on: [ 107.218237][ T7327] CPU: 0 PID: 7327 Comm: ps Not tainted 5.4.0-rc3+ #0 [ 107.224980][ T7327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 107.235018][ T7327] ================================================================== [ 107.243074][ T7327] Kernel panic - not syncing: panic_on_warn set ... [ 107.249651][ T7327] CPU: 0 PID: 7327 Comm: ps Not tainted 5.4.0-rc3+ #0 [ 107.256390][ T7327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 107.266425][ T7327] Call Trace: [ 107.269802][ T7327] dump_stack+0xf5/0x159 [ 107.274030][ T7327] panic+0x210/0x640 [ 107.277915][ T7327] ? vprintk_func+0x8d/0x140 [ 107.282492][ T7327] kcsan_report.cold+0xc/0x10 [ 107.287157][ T7327] __kcsan_setup_watchpoint+0x32e/0x4a0 [ 107.292690][ T7327] __tsan_write4+0x32/0x40 [ 107.297105][ T7327] put_pipe_info+0x4d/0xb0 [ 107.301518][ T7327] pipe_release+0x152/0x1b0 [ 107.306009][ T7327] __fput+0x1e1/0x520 [ 107.309979][ T7327] ? put_pipe_info+0xb0/0xb0 [ 107.314556][ T7327] ____fput+0x1f/0x30 [ 107.318522][ T7327] task_work_run+0xf6/0x130 [ 107.323020][ T7327] exit_to_usermode_loop+0x2b4/0x2c0 [ 107.328309][ T7327] do_syscall_64+0x353/0x370 [ 107.332893][ T7327] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 107.338780][ T7327] RIP: 0033:0x7f529b3212b0 [ 107.343195][ T7327] Code: 40 75 0b 31 c0 48 83 c4 08 e9 0c ff ff ff 48 8d 3d c5 32 08 00 e8 c0 07 02 00 83 3d 45 a3 2b 00 00 75 10 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ce 8a 01 00 48 89 04 24 [ 107.362803][ T7327] RSP: 002b:00007ffff25d71f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 107.371212][ T7327] RAX: 0000000000000000 RBX: 00007f529b5d67a0 RCX: 00007f529b3212b0 [ 107.379166][ T7327] RDX: 00007f529b5d7df0 RSI: 0000000000000001 RDI: 0000000000000001 [ 107.387120][ T7327] RBP: 0000000000000000 R08: 00007f529ba1a700 R09: 00007f529ba1a700 [ 107.395078][ T7327] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 107.403036][ T7327] R13: 0000000000000001 R14: 0000000002373160 R15: 0000000000000000 [ 107.412370][ T7327] Kernel Offset: disabled [ 107.416732][ T7327] Rebooting in 86400 seconds..