[ 44.133507][ T26] audit: type=1800 audit(1573858518.986:21): pid=7446 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 44.182222][ T26] audit: type=1800 audit(1573858518.986:22): pid=7446 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 45.304977][ T7509] sshd (7509) used greatest stack depth: 10128 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.85' (ECDSA) to the list of known hosts. 2019/11/15 22:55:28 fuzzer started 2019/11/15 22:55:30 dialing manager at 10.128.0.105:44219 2019/11/15 22:55:30 syscalls: 2566 2019/11/15 22:55:30 code coverage: enabled 2019/11/15 22:55:30 comparison tracing: enabled 2019/11/15 22:55:30 extra coverage: extra coverage is not supported by the kernel 2019/11/15 22:55:30 setuid sandbox: enabled 2019/11/15 22:55:30 namespace sandbox: enabled 2019/11/15 22:55:30 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/15 22:55:30 fault injection: enabled 2019/11/15 22:55:30 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/15 22:55:30 net packet injection: enabled 2019/11/15 22:55:30 net device setup: enabled 2019/11/15 22:55:30 concurrency sanitizer: enabled 2019/11/15 22:55:30 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/11/15 22:55:34 adding functions to KCSAN blacklist: 'find_next_bit' '__rb_rotate_set_parents' 'pcpu_alloc' 'common_perm_cond' '__hrtimer_run_queues' 'ep_insert' 'pipe_poll' 'del_timer' 'mod_timer' 'run_timer_softirq' '__rb_insert_augmented' 'generic_fillattr' 'generic_permission' 'rcu_gp_fqs_check_wake' 'add_timer' 'pipe_wait' '__ext4_new_inode' 'tomoyo_supervisor' 'pid_update_inode' 'vm_area_dup' 'do_syslog' 'timer_clear_idle' 'ep_poll' '__d_lookup' '__rcu_read_unlock' 'tick_do_update_jiffies64' 'tcp_add_backlog' 'alloc_empty_file' 'tick_sched_do_timer' 'tick_nohz_idle_stop_tick' 22:55:35 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) preadv(r3, &(0x7f0000000c40)=[{0x0}, {&(0x7f0000000b40)=""/195, 0xc3}], 0x2, 0x0) syzkaller login: [ 60.387446][ T7618] IPVS: ftp: loaded support on port[0] = 21 22:55:35 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000100)=0x1, 0xfe00) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080)='sit0\x00', 0x1cb) sendmmsg$inet(r2, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001940)="a5", 0xc01}], 0x1}}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000600)="da", 0x1}], 0x1}}], 0x4000000000001cc, 0x4000000) [ 60.456117][ T7618] chnl_net:caif_netlink_parms(): no params data found [ 60.519118][ T7618] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.532855][ T7618] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.552681][ T7618] device bridge_slave_0 entered promiscuous mode [ 60.572867][ T7618] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.579984][ T7618] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.587800][ T7618] device bridge_slave_1 entered promiscuous mode [ 60.605373][ T7618] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.615983][ T7618] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.629773][ T7621] IPVS: ftp: loaded support on port[0] = 21 [ 60.654054][ T7618] team0: Port device team_slave_0 added [ 60.661590][ T7618] team0: Port device team_slave_1 added 22:55:35 executing program 2: syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0) r0 = syz_open_dev$sndtimer(0x0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000000)=0x1) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f000001cfb0)={0x4, 0x2}) [ 60.735258][ T7618] device hsr_slave_0 entered promiscuous mode [ 60.802910][ T7618] device hsr_slave_1 entered promiscuous mode [ 60.879936][ T7624] IPVS: ftp: loaded support on port[0] = 21 [ 60.989915][ T7621] chnl_net:caif_netlink_parms(): no params data found [ 61.124860][ T7621] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.132599][ T7621] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.152417][ T7621] device bridge_slave_0 entered promiscuous mode [ 61.206629][ T7624] chnl_net:caif_netlink_parms(): no params data found [ 61.247391][ T7621] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.265485][ T7621] bridge0: port 2(bridge_slave_1) entered disabled state 22:55:36 executing program 3: r0 = socket(0x22, 0x2, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket(0x22, 0x2, 0x4) dup2(r0, r3) [ 61.287975][ T7621] device bridge_slave_1 entered promiscuous mode [ 61.386096][ T7621] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.463838][ T7624] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.471203][ T7624] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.513233][ T7624] device bridge_slave_0 entered promiscuous mode [ 61.542835][ T7624] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.550094][ T7624] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.593212][ T7624] device bridge_slave_1 entered promiscuous mode [ 61.643539][ T7621] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.679882][ T7624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.743208][ T7651] IPVS: ftp: loaded support on port[0] = 21 [ 61.751026][ T7621] team0: Port device team_slave_0 added [ 61.758351][ T7624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.792926][ T7621] team0: Port device team_slave_1 added [ 61.884521][ T7621] device hsr_slave_0 entered promiscuous mode [ 61.914049][ T7621] device hsr_slave_1 entered promiscuous mode [ 61.962305][ T7621] debugfs: Directory 'hsr0' with parent '/' already present! [ 61.973627][ T7624] team0: Port device team_slave_0 added [ 61.994420][ T7624] team0: Port device team_slave_1 added 22:55:36 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = gettid() sendmsg$unix(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000180)="df", 0x1}], 0x1, &(0x7f0000000780)=[@cred={{0x1c, 0x1, 0x2, {r1}}}], 0x20}, 0x0) [ 62.244620][ T7624] device hsr_slave_0 entered promiscuous mode [ 62.322519][ T7624] device hsr_slave_1 entered promiscuous mode [ 62.352302][ T7624] debugfs: Directory 'hsr0' with parent '/' already present! [ 62.408544][ T28] device bridge_slave_1 left promiscuous mode [ 62.414929][ T28] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.492924][ T28] device bridge_slave_0 left promiscuous mode [ 62.499215][ T28] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.652557][ T28] device hsr_slave_0 left promiscuous mode [ 62.692222][ T28] device hsr_slave_1 left promiscuous mode [ 62.732435][ T28] team0 (unregistering): Port device team_slave_1 removed [ 62.780905][ T28] team0 (unregistering): Port device team_slave_0 removed [ 62.824754][ T28] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 62.904718][ T28] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 62.989774][ T28] bond0 (unregistering): Released all slaves [ 63.094564][ T7651] chnl_net:caif_netlink_parms(): no params data found [ 63.172605][ T7686] IPVS: ftp: loaded support on port[0] = 21 [ 63.187609][ T7680] IPVS: ftp: loaded support on port[0] = 21 22:55:38 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="2e0000001d00810ee00f80ecdb4cb9f207c804a004000000000005000a0002000e0ada1b40d805000600c5c685b8", 0x2e}], 0x1}, 0x0) [ 63.281143][ T7651] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.388446][ T7651] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.464032][ T7651] device bridge_slave_0 entered promiscuous mode [ 63.525552][ T7651] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.572684][ T7651] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.583876][ T7651] device bridge_slave_1 entered promiscuous mode [ 63.805573][ T7651] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.893135][ T7651] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.008939][ T7651] team0: Port device team_slave_0 added [ 64.077349][ T7708] IPVS: ftp: loaded support on port[0] = 21 [ 64.085513][ T7651] team0: Port device team_slave_1 added [ 64.334892][ T7651] device hsr_slave_0 entered promiscuous mode [ 64.372607][ T7651] device hsr_slave_1 entered promiscuous mode [ 64.441293][ T7680] chnl_net:caif_netlink_parms(): no params data found [ 64.497685][ T7686] chnl_net:caif_netlink_parms(): no params data found [ 64.754274][ T7680] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.780675][ T7736] ================================================================== [ 64.788784][ T7736] BUG: KCSAN: data-race in d_alloc_parallel / d_set_d_op [ 64.795838][ T7736] [ 64.798172][ T7736] write to 0xffff8881251d03c0 of 4 bytes by task 7738 on cpu 0: [ 64.805802][ T7736] d_set_d_op+0x10c/0x230 [ 64.810120][ T7736] proc_pid_instantiate+0xdc/0x110 [ 64.815211][ T7736] proc_fill_cache+0x1db/0x290 [ 64.819954][ T7736] proc_pid_readdir+0x1c4/0x3ce [ 64.824789][ T7736] proc_root_readdir+0x8f/0xb0 [ 64.829534][ T7736] iterate_dir+0x312/0x380 [ 64.833935][ T7736] __x64_sys_getdents+0x14b/0x280 [ 64.838948][ T7736] do_syscall_64+0xcc/0x370 [ 64.847426][ T7736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.853301][ T7736] [ 64.855618][ T7736] read to 0xffff8881251d03c0 of 4 bytes by task 7736 on cpu 1: [ 64.863155][ T7736] d_alloc_parallel+0x884/0xe00 [ 64.867991][ T7736] proc_fill_cache+0x182/0x290 [ 64.872739][ T7736] proc_pid_readdir+0x1c4/0x3ce [ 64.877589][ T7736] proc_root_readdir+0x8f/0xb0 [ 64.882345][ T7736] iterate_dir+0x312/0x380 [ 64.886847][ T7736] __x64_sys_getdents+0x14b/0x280 [ 64.891860][ T7736] do_syscall_64+0xcc/0x370 [ 64.896449][ T7736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.902316][ T7736] [ 64.904634][ T7736] Reported by Kernel Concurrency Sanitizer on: [ 64.910818][ T7736] CPU: 1 PID: 7736 Comm: ps Not tainted 5.4.0-rc7+ #0 [ 64.917597][ T7736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.927659][ T7736] ================================================================== [ 64.935706][ T7736] Kernel panic - not syncing: panic_on_warn set ... [ 64.942316][ T7736] CPU: 1 PID: 7736 Comm: ps Not tainted 5.4.0-rc7+ #0 [ 64.949169][ T7736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.959210][ T7736] Call Trace: [ 64.962504][ T7736] dump_stack+0x11d/0x181 [ 64.966825][ T7736] panic+0x210/0x640 [ 64.970718][ T7736] ? vprintk_func+0x8d/0x140 [ 64.975298][ T7736] kcsan_report.cold+0xc/0xd [ 64.979875][ T7736] kcsan_setup_watchpoint+0x3fe/0x460 [ 64.985238][ T7736] __tsan_read4+0xc6/0x100 [ 64.989656][ T7736] d_alloc_parallel+0x884/0xe00 [ 64.994503][ T7736] ? d_lookup+0xf8/0x120 [ 64.998829][ T7736] proc_fill_cache+0x182/0x290 [ 65.003581][ T7736] ? proc_task_lookup+0x1a0/0x1a0 [ 65.008594][ T7736] proc_pid_readdir+0x1c4/0x3ce [ 65.013443][ T7736] proc_root_readdir+0x8f/0xb0 [ 65.018195][ T7736] iterate_dir+0x312/0x380 [ 65.022602][ T7736] __x64_sys_getdents+0x14b/0x280 [ 65.027625][ T7736] ? filldir64+0x340/0x340 [ 65.032050][ T7736] do_syscall_64+0xcc/0x370 [ 65.036590][ T7736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.042468][ T7736] RIP: 0033:0x7f404597c575 [ 65.046875][ T7736] Code: 83 c7 13 e9 ed 53 fd ff 90 90 90 90 90 90 90 90 90 90 90 90 90 41 56 49 89 f0 48 63 ff b8 4e 00 00 00 41 55 41 54 55 53 0f 05 <48> 3d 00 f0 ff ff 77 58 4d 8d 24 00 49 89 c5 4d 39 e0 73 40 4c 89 [ 65.066473][ T7736] RSP: 002b:00007ffc00fa8c10 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 65.075138][ T7736] RAX: ffffffffffffffda RBX: 0000000002137270 RCX: 00007f404597c575 [ 65.083093][ T7736] RDX: 0000000000008000 RSI: 00000000021372a0 RDI: 0000000000000005 [ 65.091148][ T7736] RBP: ffffffffffffffa8 R08: 00000000021372a0 R09: 0000000000000000 [ 65.099189][ T7736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000019 [ 65.107144][ T7736] R13: 00000000021372a0 R14: 0000000000000005 R15: 0000000000000000 [ 65.116492][ T7736] Kernel Offset: disabled [ 65.120823][ T7736] Rebooting in 86400 seconds..