[ 51.160397][ T26] audit: type=1800 audit(1573141471.551:27): pid=7898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 51.182117][ T26] audit: type=1800 audit(1573141471.551:28): pid=7898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 51.701785][ T7964] sshd (7964) used greatest stack depth: 10128 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 51.969136][ T26] audit: type=1800 audit(1573141472.421:29): pid=7898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts. 2019/11/07 15:44:42 fuzzer started 2019/11/07 15:44:45 dialing manager at 10.128.0.105:38105 2019/11/07 15:44:45 syscalls: 2553 2019/11/07 15:44:45 code coverage: enabled 2019/11/07 15:44:45 comparison tracing: enabled 2019/11/07 15:44:45 extra coverage: extra coverage is not supported by the kernel 2019/11/07 15:44:45 setuid sandbox: enabled 2019/11/07 15:44:45 namespace sandbox: enabled 2019/11/07 15:44:45 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/07 15:44:45 fault injection: enabled 2019/11/07 15:44:45 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/07 15:44:45 net packet injection: enabled 2019/11/07 15:44:45 net device setup: enabled 2019/11/07 15:44:45 concurrency sanitizer: enabled 2019/11/07 15:44:45 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 67.548569][ T8068] KCSAN: could not find function: 'poll_schedule_timeout' 2019/11/07 15:44:48 adding functions to KCSAN blacklist: 'ktime_get_real_seconds' 'generic_fillattr' 'taskstats_exit' 'ep_poll' 'ext4_has_free_clusters' 'tcp_add_backlog' 'tomoyo_supervisor' 'generic_permission' 'ext4_nonda_switch' 'find_next_bit' 'run_timer_softirq' 'blk_mq_run_hw_queue' 'tick_do_update_jiffies64' '__hrtimer_run_queues' 'common_perm_cond' 'poll_schedule_timeout' 'pipe_poll' 'ext4_free_inode' '__skb_try_recv_from_queue' 15:44:56 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) close(r0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x4) dup(r3) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r0, r4, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x2, 0x0, 0x0, 0xe1) 15:44:56 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f00009f2000)={0x0, 0x0, &(0x7f0000226000)={&(0x7f0000000000)={0x14, 0x18, 0x2ff, 0x0, 0x0, {0xa, 0x0, 0x4b9}}, 0x14}}, 0x0) [ 75.831220][ T8072] IPVS: ftp: loaded support on port[0] = 21 [ 75.966304][ T8072] chnl_net:caif_netlink_parms(): no params data found [ 76.034173][ T8072] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.041287][ T8072] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.049210][ T8072] device bridge_slave_0 entered promiscuous mode [ 76.056791][ T8072] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.064078][ T8072] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.071995][ T8072] device bridge_slave_1 entered promiscuous mode 15:44:56 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(0xffffffffffffffff, &(0x7f0000000000)="0f42", 0xfffffeab) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xf000, 0x1000, &(0x7f0000001000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000002c0)) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 76.090824][ T8072] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.101612][ T8072] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.121638][ T8075] IPVS: ftp: loaded support on port[0] = 21 [ 76.123393][ T8072] team0: Port device team_slave_0 added [ 76.135156][ T8072] team0: Port device team_slave_1 added [ 76.196473][ T8072] device hsr_slave_0 entered promiscuous mode [ 76.234297][ T8072] device hsr_slave_1 entered promiscuous mode [ 76.330543][ T8077] IPVS: ftp: loaded support on port[0] = 21 [ 76.436597][ T8072] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.443768][ T8072] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.451142][ T8072] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.458233][ T8072] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.588836][ T8075] chnl_net:caif_netlink_parms(): no params data found 15:44:57 executing program 3: r0 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x2, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0585609, &(0x7f00000000c0)={0x0, 0x9}) [ 76.717536][ T8075] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.754064][ T8075] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.762131][ T8075] device bridge_slave_0 entered promiscuous mode [ 76.805132][ T8075] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.812559][ T8075] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.875768][ T8075] device bridge_slave_1 entered promiscuous mode [ 76.965152][ T8072] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.004889][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.034345][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.055607][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 77.113806][ T8075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.140380][ T8072] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.168743][ T8098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.185374][ T8098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.216545][ T8075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.236480][ T8107] IPVS: ftp: loaded support on port[0] = 21 [ 77.245414][ T8102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.265303][ T8102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.295134][ T8102] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.302204][ T8102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.355611][ T8102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.385557][ T8102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.405072][ T8102] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.412144][ T8102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.455464][ T8102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.485772][ T8077] chnl_net:caif_netlink_parms(): no params data found [ 77.531194][ T8075] team0: Port device team_slave_0 added [ 77.545157][ T8075] team0: Port device team_slave_1 added 15:44:58 executing program 4: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0, 0x260}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='comm\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x33d, 0x0) [ 77.617023][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.639075][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.694794][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.703753][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.759415][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.798279][ T8072] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 77.845362][ T8072] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.934448][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.942568][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.984732][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.015836][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.046690][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.089062][ T8077] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.110279][ T8077] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.130423][ T8077] device bridge_slave_0 entered promiscuous mode 15:44:58 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket(0x10, 0x802, 0x0) write(0xffffffffffffffff, &(0x7f0000000140)="fc0000004800070fab092500090007000a060000000000000001369321000100ff0100000005d00000000000000398996c92773411419da79bb94b46fe000000bc0002", 0xfdec) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x179e91c5) splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) [ 78.176184][ T8075] device hsr_slave_0 entered promiscuous mode [ 78.214320][ T8075] device hsr_slave_1 entered promiscuous mode [ 78.314121][ T8075] debugfs: Directory 'hsr0' with parent '/' already present! [ 78.322039][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.333743][ T8077] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.341448][ T8077] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.349376][ T8077] device bridge_slave_1 entered promiscuous mode [ 78.374960][ T8111] IPVS: ftp: loaded support on port[0] = 21 [ 78.398920][ T8119] IPVS: ftp: loaded support on port[0] = 21 [ 78.501840][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.528714][ T8105] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.543394][ T8072] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.561795][ T8077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.631639][ T8077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.686753][ T8075] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.708016][ T8077] team0: Port device team_slave_0 added [ 78.762573][ T8075] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.776654][ T8077] team0: Port device team_slave_1 added [ 78.789776][ T8140] ================================================================== [ 78.797933][ T8140] BUG: KCSAN: data-race in pid_update_inode / pid_update_inode [ 78.805472][ T8140] [ 78.807816][ T8140] write to 0xffff88812a7ad2d8 of 2 bytes by task 8132 on cpu 0: [ 78.815463][ T8140] pid_update_inode+0x51/0x70 [ 78.820150][ T8140] pid_revalidate+0x91/0xd0 [ 78.824665][ T8140] lookup_fast+0x6f2/0x700 [ 78.829092][ T8140] walk_component+0x6d/0xe70 [ 78.833687][ T8140] path_lookupat.isra.0+0x13a/0x5a0 [ 78.838892][ T8140] filename_lookup+0x145/0x2b0 [ 78.843660][ T8140] user_path_at_empty+0x4c/0x70 [ 78.848514][ T8140] vfs_statx+0xd9/0x190 [ 78.852674][ T8140] __do_sys_newstat+0x51/0xb0 [ 78.857370][ T8140] __x64_sys_newstat+0x3a/0x50 [ 78.862143][ T8140] do_syscall_64+0xcc/0x370 [ 78.866808][ T8140] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 78.872690][ T8140] [ 78.875042][ T8140] read to 0xffff88812a7ad2d8 of 2 bytes by task 8140 on cpu 1: [ 78.882596][ T8140] pid_update_inode+0x44/0x70 [ 78.887279][ T8140] pid_revalidate+0x91/0xd0 [ 78.891902][ T8140] lookup_fast+0x6f2/0x700 [ 78.896335][ T8140] walk_component+0x6d/0xe70 [ 78.900944][ T8140] link_path_walk.part.0+0x5d3/0xa90 [ 78.906242][ T8140] path_openat+0x14f/0x36e0 [ 78.910747][ T8140] do_filp_open+0x11e/0x1b0 [ 78.915260][ T8140] do_sys_open+0x3b3/0x4f0 [ 78.919671][ T8140] __x64_sys_open+0x55/0x70 [ 78.924182][ T8140] do_syscall_64+0xcc/0x370 [ 78.928697][ T8140] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 78.934583][ T8140] [ 78.936903][ T8140] Reported by Kernel Concurrency Sanitizer on: [ 78.943063][ T8140] CPU: 1 PID: 8140 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 78.949822][ T8140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.959880][ T8140] ================================================================== [ 78.967958][ T8140] Kernel panic - not syncing: panic_on_warn set ... [ 78.974647][ T8140] CPU: 1 PID: 8140 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 78.981401][ T8140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.991540][ T8140] Call Trace: [ 78.994855][ T8140] dump_stack+0xf5/0x159 [ 78.999107][ T8140] panic+0x210/0x640 [ 79.003037][ T8140] ? vprintk_func+0x8d/0x140 [ 79.007653][ T8140] kcsan_report.cold+0xc/0xe [ 79.012252][ T8140] kcsan_setup_watchpoint+0x3fe/0x410 [ 79.017634][ T8140] __tsan_read2+0x145/0x1f0 [ 79.022152][ T8140] pid_update_inode+0x44/0x70 [ 79.026842][ T8140] pid_revalidate+0x91/0xd0 [ 79.031366][ T8140] lookup_fast+0x6f2/0x700 [ 79.035807][ T8140] walk_component+0x6d/0xe70 [ 79.040413][ T8140] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.046667][ T8140] ? security_inode_permission+0xa5/0xc0 [ 79.052315][ T8140] ? inode_permission+0xa0/0x3c0 [ 79.057286][ T8140] link_path_walk.part.0+0x5d3/0xa90 [ 79.062590][ T8140] path_openat+0x14f/0x36e0 [ 79.067128][ T8140] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 79.073036][ T8140] ? __rcu_read_unlock+0x66/0x3c0 [ 79.078072][ T8140] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 79.083976][ T8140] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 79.089880][ T8140] ? __read_once_size+0x41/0xe0 [ 79.094748][ T8140] do_filp_open+0x11e/0x1b0 [ 79.099286][ T8140] ? __alloc_fd+0x2ef/0x3b0 [ 79.103813][ T8140] do_sys_open+0x3b3/0x4f0 [ 79.108260][ T8140] __x64_sys_open+0x55/0x70 [ 79.112784][ T8140] do_syscall_64+0xcc/0x370 [ 79.117313][ T8140] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 79.123207][ T8140] RIP: 0033:0x7f8ee60dd120 [ 79.127640][ T8140] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 79.147257][ T8140] RSP: 002b:00007ffc1eebf8f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 79.155676][ T8140] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f8ee60dd120 [ 79.163651][ T8140] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f8ee65abd00 [ 79.171719][ T8140] RBP: 0000000000001000 R08: 0000000000000000 R09: 00007f8ee63a5a10 [ 79.179689][ T8140] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8ee65aad00 [ 79.187677][ T8140] R13: 0000000000c7c1c0 R14: 0000000000000005 R15: 0000000000000000 [ 79.196881][ T8140] Kernel Offset: disabled [ 79.201217][ T8140] Rebooting in 86400 seconds..