[info] Using makefile-style concurrent boot in runlevel 2. [ 44.482271][ T26] audit: type=1800 audit(1572782400.167:21): pid=7139 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 44.525520][ T26] audit: type=1800 audit(1572782400.167:22): pid=7139 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.126' (ECDSA) to the list of known hosts. 2019/11/03 12:00:10 fuzzer started 2019/11/03 12:00:12 dialing manager at 10.128.0.105:43165 2019/11/03 12:00:12 syscalls: 2554 2019/11/03 12:00:12 code coverage: enabled 2019/11/03 12:00:12 comparison tracing: enabled 2019/11/03 12:00:12 extra coverage: extra coverage is not supported by the kernel 2019/11/03 12:00:12 setuid sandbox: enabled 2019/11/03 12:00:12 namespace sandbox: enabled 2019/11/03 12:00:12 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/03 12:00:12 fault injection: enabled 2019/11/03 12:00:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/03 12:00:12 net packet injection: enabled 2019/11/03 12:00:12 net device setup: enabled 2019/11/03 12:00:12 concurrency sanitizer: enabled syzkaller login: [ 61.940953][ T7308] KCSAN: could not find function: 'poll_schedule_timeout' 2019/11/03 12:00:31 adding functions to KCSAN blacklist: 'do_nanosleep' 'snapshot_refaults' 'kvm_arch_vcpu_load' 'ktime_get_real_seconds' 'xas_find_marked' 'blk_mq_get_request' 'pcpu_alloc' 'n_tty_receive_buf_common' 'find_match' 'wbt_issue' 'kauditd_thread' '__writeback_single_inode' '__hrtimer_run_queues' 'tcp_poll' 'find_next_bit' 'mod_timer' 'do_syslog' 'pipe_wait' 'poll_schedule_timeout' 'ksys_read' 'generic_file_read_iter' 'tick_sched_do_timer' 'blk_mq_sched_dispatch_requests' 'page_counter_try_charge' '__nf_conntrack_find_get' 'update_defense_level' 'install_new_memslots' 'virtqueue_disable_cb' 'rcu_gp_fqs_loop' 'snd_seq_check_queue' 'generic_write_end' '__dentry_kill' 'p9_poll_workfn' 'shmem_file_read_iter' 'ext4_free_inode' '__snd_rawmidi_transmit_ack' 'ext4_nonda_switch' 'bio_chain' 'fsnotify' '__dev_queue_xmit' 'tomoyo_supervisor' 'taskstats_exit' 'mem_cgroup_select_victim_node' 'getboottime64' 'pfkey_recvmsg' 'ep_poll' '__splice_from_pipe' 'sit_tunnel_xmit' 'copy_process' 'virtqueue_enable_cb_delayed' 'inode_permission' '__remove_hrtimer' 'tcp_add_backlog' 'pipe_poll' 'blk_mq_dispatch_rq_list' 'skb_dequeue' '__fput' 'generic_permission' 'pid_update_inode' 'ktime_get_seconds' 'echo_char' 'add_timer' 'rcu_gp_fqs_check_wake' 'ext4_mb_good_group' 'ext4_free_inodes_count' '__ext4_new_inode' 'tick_do_update_jiffies64' 'tomoyo_check_acl' 'evict' 'blk_mq_run_hw_queue' 'dd_has_work' 'inet_putpeer' 'do_signal_stop' '__tcp_select_window' 'run_timer_softirq' '__nf_ct_refresh_acct' 'ext4_has_free_clusters' 'tick_nohz_idle_stop_tick' 'do_exit' 'task_dump_owner' 'vm_area_dup' 'generic_fillattr' 'find_get_pages_range_tag' 'timer_clear_idle' 'do_readlinkat' 'audit_log_start' 'mm_update_next_owner' 'ext4_mark_iloc_dirty' 'ip_finish_output2' 12:04:19 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x29, 0x5, 0x0) sendmmsg(r1, &(0x7f0000004500)=[{{0x0, 0x0, &(0x7f0000003a80)=[{&(0x7f0000001880)="18", 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000004340)=[{&(0x7f0000004000)="a3", 0x20001881}], 0x1}}, {{0x0, 0x0, &(0x7f00000044c0)=[{&(0x7f0000004380)='F', 0x1}], 0x1}}], 0x4, 0x0) [ 304.082118][ T7313] IPVS: ftp: loaded support on port[0] = 21 12:04:19 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a7082dbb78abd55fba3da80b856445ab100621d6234555c08dc540473786cd89e9b08e3f5972fe9ca162b123e19268c89c9dd81c796f27f537cc5a3fb54aff8eaff4f6b59c41705b96a6711d4679079d00"/137], 0x15) r3 = dup(r1) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) lstat(&(0x7f0000000380)='./file0\x00', 0x0) lgetxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000340)=@known='trusted.overlay.metacopy\x00', 0x0, 0x0) [ 304.198647][ T7313] chnl_net:caif_netlink_parms(): no params data found [ 304.272643][ T7313] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.290760][ T7313] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.298794][ T7313] device bridge_slave_0 entered promiscuous mode [ 304.317647][ T7316] IPVS: ftp: loaded support on port[0] = 21 [ 304.325189][ T7313] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.332331][ T7313] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.348640][ T7313] device bridge_slave_1 entered promiscuous mode [ 304.395864][ T7313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 304.414693][ T7313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 12:04:20 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, &(0x7f0000000100)={0x0, 0x0, "e1cd6dd7819d886e84823f11834b936ed3abfe94db15bd40f249c6f804c0ee16"}) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)='X', 0x1, 0xfffffffffffffffe) keyctl$update(0x2, r2, &(0x7f0000000440)="c0ca1cdbaa1aedbbed80dddaa28e15b9449e2e82cca4244c40ecf9f1b7793abbec38ef06b17affd0ed4e6631c7d3d86e1339de17344340b02dd527f2d8b3ae6c1db3594e657da33c5dc668f143974a65753472df5319a6b83e1e86b8f2666c61a2e700d1c1e0ae1fc52494bd4885a5c64e9007d39fa11313805290dd6342f9775f01a02ec88f6bee22f25a377a9b143abba1264586d2779088006d5f9be82b00f10287031623f73470264cc5b3883da88ae22666649337850000000000000000", 0xc0) r3 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000000c0), 0x9a, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r3, r2, r3}, &(0x7f0000000700)=""/240, 0xffffffff000000c0, 0x0) open(0x0, 0x0, 0x0) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) [ 304.481138][ T7313] team0: Port device team_slave_0 added [ 304.488126][ T7313] team0: Port device team_slave_1 added [ 304.528185][ T7316] chnl_net:caif_netlink_parms(): no params data found [ 304.593576][ T7313] device hsr_slave_0 entered promiscuous mode [ 304.631036][ T7313] device hsr_slave_1 entered promiscuous mode [ 304.745097][ T7320] IPVS: ftp: loaded support on port[0] = 21 [ 304.788141][ T7313] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.795260][ T7313] bridge0: port 2(bridge_slave_1) entered forwarding state [ 304.802672][ T7313] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.809714][ T7313] bridge0: port 1(bridge_slave_0) entered forwarding state [ 304.838378][ T7316] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.846001][ T7316] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.885498][ T7316] device bridge_slave_0 entered promiscuous mode [ 304.942767][ T7316] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.953673][ T7316] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.968861][ T7338] ================================================================== [ 304.976973][ T7338] BUG: KCSAN: data-race in d_alloc_parallel / d_set_d_op [ 304.983975][ T7338] [ 304.986303][ T7338] read to 0xffff888125fef9c0 of 4 bytes by task 7336 on cpu 1: [ 304.993844][ T7338] d_alloc_parallel+0x8e9/0xea0 [ 304.998683][ T7338] proc_fill_cache+0x182/0x290 [ 305.003433][ T7338] proc_pid_readdir+0x1c4/0x3ce [ 305.008277][ T7338] proc_root_readdir+0x8f/0xb0 [ 305.013036][ T7338] iterate_dir+0x312/0x380 [ 305.017442][ T7338] __x64_sys_getdents+0x14b/0x280 [ 305.022461][ T7338] do_syscall_64+0xcc/0x370 [ 305.026959][ T7338] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 305.032837][ T7338] [ 305.035173][ T7338] write to 0xffff888125fef9c0 of 4 bytes by task 7338 on cpu 0: [ 305.042801][ T7338] d_set_d_op+0x10c/0x230 [ 305.047121][ T7338] proc_pid_instantiate+0xdc/0x110 [ 305.052224][ T7338] proc_fill_cache+0x1db/0x290 [ 305.056977][ T7338] proc_pid_readdir+0x1c4/0x3ce [ 305.061813][ T7338] proc_root_readdir+0x8f/0xb0 [ 305.066569][ T7338] iterate_dir+0x312/0x380 [ 305.070976][ T7338] __x64_sys_getdents+0x14b/0x280 [ 305.075997][ T7338] do_syscall_64+0xcc/0x370 [ 305.080488][ T7338] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 305.086369][ T7338] [ 305.088684][ T7338] Reported by Kernel Concurrency Sanitizer on: [ 305.094832][ T7338] CPU: 0 PID: 7338 Comm: ps Not tainted 5.4.0-rc3+ #0 [ 305.101577][ T7338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.111622][ T7338] ================================================================== [ 305.119677][ T7338] Kernel panic - not syncing: panic_on_warn set ... [ 305.126277][ T7338] CPU: 0 PID: 7338 Comm: ps Not tainted 5.4.0-rc3+ #0 [ 305.133023][ T7338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.143088][ T7338] Call Trace: [ 305.146386][ T7338] dump_stack+0xf5/0x159 [ 305.150626][ T7338] panic+0x210/0x640 [ 305.155472][ T7338] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 305.161532][ T7338] ? vprintk_func+0x8d/0x140 [ 305.166117][ T7338] kcsan_report.cold+0xc/0x10 [ 305.170796][ T7338] __kcsan_setup_watchpoint+0x32e/0x4a0 [ 305.176368][ T7338] __tsan_write4+0x32/0x40 [ 305.180783][ T7338] d_set_d_op+0x10c/0x230 [ 305.185109][ T7338] proc_pid_instantiate+0xdc/0x110 [ 305.190216][ T7338] proc_fill_cache+0x1db/0x290 [ 305.194973][ T7338] ? proc_task_lookup+0x1a0/0x1a0 [ 305.199996][ T7338] proc_pid_readdir+0x1c4/0x3ce [ 305.204846][ T7338] proc_root_readdir+0x8f/0xb0 [ 305.209606][ T7338] iterate_dir+0x312/0x380 [ 305.214016][ T7338] __x64_sys_getdents+0x14b/0x280 [ 305.219028][ T7338] ? filldir64+0x340/0x340 [ 305.223443][ T7338] do_syscall_64+0xcc/0x370 [ 305.227944][ T7338] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 305.233830][ T7338] RIP: 0033:0x7f07ce03a575 [ 305.238247][ T7338] Code: 83 c7 13 e9 ed 53 fd ff 90 90 90 90 90 90 90 90 90 90 90 90 90 41 56 49 89 f0 48 63 ff b8 4e 00 00 00 41 55 41 54 55 53 0f 05 <48> 3d 00 f0 ff ff 77 58 4d 8d 24 00 49 89 c5 4d 39 e0 73 40 4c 89 [ 305.257846][ T7338] RSP: 002b:00007ffdcb66dc70 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 305.266252][ T7338] RAX: ffffffffffffffda RBX: 0000000001c69270 RCX: 00007f07ce03a575 [ 305.274218][ T7338] RDX: 0000000000008000 RSI: 0000000001c692a0 RDI: 0000000000000005 [ 305.282191][ T7338] RBP: ffffffffffffffa8 R08: 0000000001c692a0 R09: 0000000000000000 [ 305.290163][ T7338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000019 [ 305.298134][ T7338] R13: 0000000001c692a0 R14: 0000000000000005 R15: 0000000000000000 [ 305.307502][ T7338] Kernel Offset: disabled [ 305.311867][ T7338] Rebooting in 86400 seconds..