[ 54.235913][ T26] audit: type=1800 audit(1573487498.250:27): pid=7793 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 54.256541][ T26] audit: type=1800 audit(1573487498.250:28): pid=7793 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 54.768661][ T26] audit: type=1800 audit(1573487498.850:29): pid=7793 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 54.788855][ T26] audit: type=1800 audit(1573487498.850:30): pid=7793 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.221' (ECDSA) to the list of known hosts. 2019/11/11 15:51:48 fuzzer started 2019/11/11 15:51:49 dialing manager at 10.128.0.105:44241 2019/11/11 15:51:52 syscalls: 2566 2019/11/11 15:51:52 code coverage: enabled 2019/11/11 15:51:52 comparison tracing: enabled 2019/11/11 15:51:52 extra coverage: extra coverage is not supported by the kernel 2019/11/11 15:51:52 setuid sandbox: enabled 2019/11/11 15:51:52 namespace sandbox: enabled 2019/11/11 15:51:52 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/11 15:51:52 fault injection: enabled 2019/11/11 15:51:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/11 15:51:52 net packet injection: enabled 2019/11/11 15:51:52 net device setup: enabled 2019/11/11 15:51:52 concurrency sanitizer: enabled 2019/11/11 15:51:52 devlink PCI setup: PCI device 0000:00:10.0 is not available 15:51:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f0000000080)={0xefb}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @pic={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x5}}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15:51:53 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x44, 0x0, &(0x7f0000000300)=[@reply={0x40106309, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) syzkaller login: [ 69.800531][ T7961] IPVS: ftp: loaded support on port[0] = 21 [ 69.955302][ T7961] chnl_net:caif_netlink_parms(): no params data found [ 69.988430][ T7961] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.995762][ T7961] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.004575][ T7961] device bridge_slave_0 entered promiscuous mode [ 70.012455][ T7961] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.019914][ T7961] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.028686][ T7961] device bridge_slave_1 entered promiscuous mode [ 70.047616][ T7964] IPVS: ftp: loaded support on port[0] = 21 15:51:54 executing program 2: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000180)={0x0, 0x7}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x6}, 0x8) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x77, &(0x7f0000000080)={0x0, 0x2, 0x4000}, 0x12d48122) [ 70.050097][ T7961] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.065016][ T7961] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.088970][ T7961] team0: Port device team_slave_0 added [ 70.097260][ T7961] team0: Port device team_slave_1 added [ 70.175314][ T7961] device hsr_slave_0 entered promiscuous mode [ 70.203304][ T7961] device hsr_slave_1 entered promiscuous mode [ 70.355060][ T7961] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.362244][ T7961] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.369620][ T7961] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.376710][ T7961] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.447538][ T7967] IPVS: ftp: loaded support on port[0] = 21 [ 70.471741][ T7964] chnl_net:caif_netlink_parms(): no params data found [ 70.558663][ T7983] ================================================================== [ 70.566852][ T7983] BUG: KCSAN: data-race in pid_update_inode / pid_update_inode [ 70.574387][ T7983] [ 70.576734][ T7983] read to 0xffff8881256212e8 of 2 bytes by task 7980 on cpu 0: [ 70.584298][ T7983] pid_update_inode+0x25/0x70 [ 70.589579][ T7983] pid_revalidate+0x91/0xd0 [ 70.594081][ T7983] lookup_fast+0x6f2/0x700 [ 70.598500][ T7983] walk_component+0x6d/0xe70 [ 70.603087][ T7983] path_lookupat.isra.0+0x13a/0x5a0 [ 70.608274][ T7983] filename_lookup+0x145/0x2b0 [ 70.613038][ T7983] user_path_at_empty+0x4c/0x70 [ 70.617880][ T7983] vfs_statx+0xd9/0x190 [ 70.622031][ T7983] __do_sys_newstat+0x51/0xb0 [ 70.626702][ T7983] __x64_sys_newstat+0x3a/0x50 [ 70.631567][ T7983] do_syscall_64+0xcc/0x370 [ 70.636078][ T7983] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 70.641955][ T7983] [ 70.644295][ T7983] write to 0xffff8881256212e8 of 2 bytes by task 7983 on cpu 1: [ 70.651920][ T7983] pid_update_inode+0x51/0x70 [ 70.656603][ T7983] pid_revalidate+0x91/0xd0 [ 70.661100][ T7983] lookup_fast+0x6f2/0x700 [ 70.665520][ T7983] walk_component+0x6d/0xe70 [ 70.670113][ T7983] link_path_walk.part.0+0x5d3/0xa90 [ 70.675397][ T7983] path_openat+0x14f/0x36e0 [ 70.679912][ T7983] do_filp_open+0x11e/0x1b0 [ 70.684408][ T7983] do_sys_open+0x3b3/0x4f0 [ 70.688819][ T7983] __x64_sys_open+0x55/0x70 [ 70.693329][ T7983] do_syscall_64+0xcc/0x370 [ 70.697833][ T7983] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 70.703708][ T7983] [ 70.706023][ T7983] Reported by Kernel Concurrency Sanitizer on: [ 70.712170][ T7983] CPU: 1 PID: 7983 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 70.718917][ T7983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.729047][ T7983] ================================================================== [ 70.737099][ T7983] Kernel panic - not syncing: panic_on_warn set ... [ 70.743685][ T7983] CPU: 1 PID: 7983 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 70.750445][ T7983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.761009][ T7983] Call Trace: [ 70.764309][ T7983] dump_stack+0xf5/0x159 [ 70.768550][ T7983] panic+0x210/0x640 [ 70.772481][ T7983] ? vprintk_func+0x8d/0x140 [ 70.777076][ T7983] kcsan_report.cold+0xc/0xe [ 70.781668][ T7983] kcsan_setup_watchpoint+0x3fe/0x410 [ 70.787131][ T7983] __tsan_unaligned_write2+0x143/0x1f0 [ 70.792614][ T7983] pid_update_inode+0x51/0x70 [ 70.797382][ T7983] pid_revalidate+0x91/0xd0 [ 70.801889][ T7983] lookup_fast+0x6f2/0x700 [ 70.806322][ T7983] walk_component+0x6d/0xe70 [ 70.810919][ T7983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 70.817163][ T7983] ? security_inode_permission+0xa5/0xc0 [ 70.822799][ T7983] ? inode_permission+0xa0/0x3c0 [ 70.827743][ T7983] link_path_walk.part.0+0x5d3/0xa90 [ 70.833051][ T7983] path_openat+0x14f/0x36e0 [ 70.837556][ T7983] ? proc_pid_status+0xee1/0x1000 [ 70.842593][ T7983] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 70.848833][ T7983] ? __virt_addr_valid+0x163/0x1e0 [ 70.853966][ T7983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 70.860222][ T7983] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 70.866124][ T7983] ? __read_once_size+0x41/0xe0 [ 70.870975][ T7983] do_filp_open+0x11e/0x1b0 [ 70.875485][ T7983] ? __alloc_fd+0x2ef/0x3b0 [ 70.880009][ T7983] do_sys_open+0x3b3/0x4f0 [ 70.884433][ T7983] __x64_sys_open+0x55/0x70 [ 70.888939][ T7983] do_syscall_64+0xcc/0x370 [ 70.893446][ T7983] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 70.899331][ T7983] RIP: 0033:0x7fb782edd120 [ 70.903758][ T7983] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 70.923358][ T7983] RSP: 002b:00007fff431cbab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 70.931768][ T7983] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007fb782edd120 [ 70.939737][ T7983] RDX: 00007fff431cbaf2 RSI: 0000000000000000 RDI: 00007fff431cbae0 [ 70.947705][ T7983] RBP: 0000000000020000 R08: 0000000000000000 R09: 00007fb7831a555f [ 70.955675][ T7983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001796220 [ 70.963643][ T7983] R13: 0000000000000020 R14: 00007fb783592010 R15: 0000000000000000 [ 70.972950][ T7983] Kernel Offset: disabled [ 70.977283][ T7983] Rebooting in 86400 seconds..