[ 40.649540][ T26] audit: type=1800 audit(1573800238.765:21): pid=7396 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 40.698934][ T26] audit: type=1800 audit(1573800238.765:22): pid=7396 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 41.590041][ T7462] sshd (7462) used greatest stack depth: 10032 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. 2019/11/15 06:44:11 fuzzer started 2019/11/15 06:44:12 dialing manager at 10.128.0.105:44219 2019/11/15 06:44:12 syscalls: 2566 2019/11/15 06:44:12 code coverage: enabled 2019/11/15 06:44:12 comparison tracing: enabled 2019/11/15 06:44:12 extra coverage: extra coverage is not supported by the kernel 2019/11/15 06:44:12 setuid sandbox: enabled 2019/11/15 06:44:12 namespace sandbox: enabled 2019/11/15 06:44:12 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/15 06:44:12 fault injection: enabled 2019/11/15 06:44:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/15 06:44:12 net packet injection: enabled 2019/11/15 06:44:12 net device setup: enabled 2019/11/15 06:44:12 concurrency sanitizer: enabled 2019/11/15 06:44:12 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/11/15 06:44:13 adding functions to KCSAN blacklist: 'add_timer' 'run_timer_softirq' '__rb_rotate_set_parents' 'tomoyo_supervisor' '__hrtimer_run_queues' 'mod_timer' 'rcu_gp_fqs_check_wake' 'find_next_bit' 06:44:14 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000001000000010000000300000003000000"], 0x18}, 0x0) recvmsg(r1, &(0x7f0000004100)={0x0, 0xfffffffffffffd80, 0x0, 0x0, &(0x7f0000004080)=""/111, 0x6f}, 0x0) syzkaller login: [ 56.384676][ T7563] IPVS: ftp: loaded support on port[0] = 21 06:44:14 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x10004000000002, 0x0) connect(r1, &(0x7f0000931ff4)=@un=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) sendmmsg(r1, &(0x7f0000000000), 0x548, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x4, 0x5c832, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000002cc0)=[{{0x0, 0xfffffffffffffe22, 0x0}}], 0x1ece87a4671555d, 0x0, 0x0) close(0xffffffffffffffff) [ 56.454058][ T7563] chnl_net:caif_netlink_parms(): no params data found [ 56.511286][ T7563] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.518404][ T7563] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.539742][ T7563] device bridge_slave_0 entered promiscuous mode [ 56.547182][ T7563] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.569448][ T7563] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.577144][ T7563] device bridge_slave_1 entered promiscuous mode [ 56.620707][ T7563] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.635849][ T7566] IPVS: ftp: loaded support on port[0] = 21 [ 56.643368][ T7563] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 06:44:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") pipe(&(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2000) [ 56.676019][ T7563] team0: Port device team_slave_0 added [ 56.693774][ T7563] team0: Port device team_slave_1 added [ 56.780974][ T7563] device hsr_slave_0 entered promiscuous mode [ 56.819232][ T7563] device hsr_slave_1 entered promiscuous mode [ 56.886635][ T7566] chnl_net:caif_netlink_parms(): no params data found [ 56.925632][ T7570] IPVS: ftp: loaded support on port[0] = 21 [ 56.994484][ T7566] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.028969][ T7566] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.036802][ T7566] device bridge_slave_0 entered promiscuous mode 06:44:15 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000280)={0x40000000000002, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000400)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev}}}, 0x108) [ 57.099193][ T7566] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.106297][ T7566] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.125220][ T7566] device bridge_slave_1 entered promiscuous mode [ 57.165466][ T7566] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.211528][ T7566] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.265093][ T7566] team0: Port device team_slave_0 added [ 57.302082][ T7570] chnl_net:caif_netlink_parms(): no params data found [ 57.351879][ T7566] team0: Port device team_slave_1 added [ 57.442190][ T7566] device hsr_slave_0 entered promiscuous mode [ 57.489764][ T7566] device hsr_slave_1 entered promiscuous mode [ 57.529321][ T7566] debugfs: Directory 'hsr0' with parent '/' already present! [ 57.563233][ T7596] IPVS: ftp: loaded support on port[0] = 21 [ 57.593245][ T7570] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.603575][ T7570] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.629964][ T7570] device bridge_slave_0 entered promiscuous mode [ 57.679605][ T7570] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.686669][ T7570] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.729672][ T7570] device bridge_slave_1 entered promiscuous mode [ 57.839334][ T7570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.032986][ T7570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.128862][ T7570] team0: Port device team_slave_0 added [ 58.140113][ T7570] team0: Port device team_slave_1 added [ 58.212939][ T7596] chnl_net:caif_netlink_parms(): no params data found 06:44:16 executing program 4: signalfd(0xffffffffffffffff, &(0x7f00000000c0)={0xfffffffffffffffe}, 0x8) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0xffffffee, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') preadv(r0, &(0x7f00000017c0), 0x333, 0x0) [ 58.331299][ T7570] device hsr_slave_0 entered promiscuous mode [ 58.359210][ T7570] device hsr_slave_1 entered promiscuous mode [ 58.409028][ T7570] debugfs: Directory 'hsr0' with parent '/' already present! 06:44:16 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x211, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x11, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x1007, 0x0) [ 58.457448][ T7596] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.568972][ T7596] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.576661][ T7596] device bridge_slave_0 entered promiscuous mode [ 58.662193][ T7596] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.709560][ T7596] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.760604][ T7596] device bridge_slave_1 entered promiscuous mode [ 58.853658][ T7626] IPVS: ftp: loaded support on port[0] = 21 [ 58.882778][ T28] device bridge_slave_1 left promiscuous mode [ 58.899088][ T28] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.929588][ T28] device bridge_slave_0 left promiscuous mode [ 58.936605][ T28] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.124829][ T28] device hsr_slave_0 left promiscuous mode [ 59.179055][ T28] device hsr_slave_1 left promiscuous mode [ 59.196523][ T7641] ================================================================== [ 59.204656][ T7641] BUG: KCSAN: data-race in pid_update_inode / vfs_read [ 59.211523][ T7641] [ 59.213862][ T7641] read to 0xffff88812521b828 of 2 bytes by task 7647 on cpu 0: [ 59.221404][ T7641] vfs_read+0x1ad/0x2c0 [ 59.225580][ T7641] ksys_read+0xd5/0x1b0 [ 59.229742][ T7641] __x64_sys_read+0x4c/0x60 [ 59.234239][ T7641] do_syscall_64+0xcc/0x370 [ 59.238734][ T7641] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.244608][ T7641] [ 59.246933][ T7641] write to 0xffff88812521b828 of 2 bytes by task 7641 on cpu 1: [ 59.254561][ T7641] pid_update_inode+0x51/0x70 [ 59.259230][ T7641] pid_revalidate+0x91/0xd0 [ 59.263745][ T7641] lookup_fast+0x618/0x700 [ 59.268160][ T7641] path_openat+0x2ac/0x36e0 [ 59.272669][ T7641] do_filp_open+0x11e/0x1b0 [ 59.277179][ T7641] do_sys_open+0x3b3/0x4f0 [ 59.281598][ T7641] __x64_sys_open+0x55/0x70 [ 59.286102][ T7641] do_syscall_64+0xcc/0x370 [ 59.290628][ T7641] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.296504][ T7641] [ 59.298833][ T7641] Reported by Kernel Concurrency Sanitizer on: [ 59.304994][ T7641] CPU: 1 PID: 7641 Comm: ps Not tainted 5.4.0-rc7+ #0 [ 59.311742][ T7641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.321831][ T7641] ================================================================== [ 59.329900][ T7641] Kernel panic - not syncing: panic_on_warn set ... [ 59.336486][ T7641] CPU: 1 PID: 7641 Comm: ps Not tainted 5.4.0-rc7+ #0 [ 59.343237][ T7641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.353293][ T7641] Call Trace: [ 59.356603][ T7641] dump_stack+0x11d/0x181 [ 59.360936][ T7641] panic+0x210/0x640 [ 59.364832][ T7641] ? vprintk_func+0x8d/0x140 [ 59.369429][ T7641] kcsan_report.cold+0xc/0xd [ 59.374032][ T7641] kcsan_setup_watchpoint+0x3fe/0x460 [ 59.379410][ T7641] __tsan_unaligned_write2+0xc4/0x100 [ 59.384780][ T7641] pid_update_inode+0x51/0x70 [ 59.389449][ T7641] pid_revalidate+0x91/0xd0 [ 59.393950][ T7641] lookup_fast+0x618/0x700 [ 59.398374][ T7641] path_openat+0x2ac/0x36e0 [ 59.402976][ T7641] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 59.409240][ T7641] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 59.415125][ T7641] ? __read_once_size+0x41/0xe0 [ 59.419987][ T7641] do_filp_open+0x11e/0x1b0 [ 59.424492][ T7641] ? __alloc_fd+0x2ef/0x3b0 [ 59.429000][ T7641] do_sys_open+0x3b3/0x4f0 [ 59.433425][ T7641] __x64_sys_open+0x55/0x70 [ 59.437930][ T7641] do_syscall_64+0xcc/0x370 [ 59.442437][ T7641] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.448330][ T7641] RIP: 0033:0x7f156c3b5120 [ 59.452750][ T7641] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 59.472362][ T7641] RSP: 002b:00007ffe6cf28b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 59.480775][ T7641] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f156c3b5120 [ 59.488740][ T7641] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f156c883d00 [ 59.496707][ T7641] RBP: 0000000000001000 R08: 0000000000000000 R09: 00007f156c67d57b [ 59.504681][ T7641] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f156c882d00 [ 59.512646][ T7641] R13: 0000000000000020 R14: 0000000000000005 R15: 0000000000000000 [ 59.522096][ T7641] Kernel Offset: disabled [ 59.526468][ T7641] Rebooting in 86400 seconds..