[ 53.110094][ T26] audit: type=1800 audit(1575899030.444:27): pid=7477 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 53.134391][ T26] audit: type=1800 audit(1575899030.444:28): pid=7477 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 53.742408][ T26] audit: type=1800 audit(1575899031.144:29): pid=7477 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 53.763589][ T26] audit: type=1800 audit(1575899031.144:30): pid=7477 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. 2019/12/09 13:44:00 fuzzer started 2019/12/09 13:44:02 dialing manager at 10.128.0.105:38603 2019/12/09 13:44:02 syscalls: 2689 2019/12/09 13:44:02 code coverage: enabled 2019/12/09 13:44:02 comparison tracing: enabled 2019/12/09 13:44:02 extra coverage: extra coverage is not supported by the kernel 2019/12/09 13:44:02 setuid sandbox: enabled 2019/12/09 13:44:02 namespace sandbox: enabled 2019/12/09 13:44:02 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/09 13:44:02 fault injection: enabled 2019/12/09 13:44:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/09 13:44:02 net packet injection: enabled 2019/12/09 13:44:02 net device setup: enabled 2019/12/09 13:44:02 concurrency sanitizer: enabled 2019/12/09 13:44:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/12/09 13:44:04 adding functions to KCSAN blacklist: 'xas_clear_mark' 'add_timer' 'tcp_add_backlog' 'ep_poll' 'pipe_poll' '__hrtimer_run_queues' 'tomoyo_supervisor' 'dd_has_work' 'common_perm_cond' 'tick_nohz_idle_stop_tick' 'find_next_bit' 13:44:10 executing program 0: pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) fstat(r0, &(0x7f0000000fbc)) sigaltstack(&(0x7f0000001000/0x2000)=nil, &(0x7f0000000000)) sigaltstack(&(0x7f0000000000/0x1000)=nil, 0x0) 13:44:10 executing program 1: r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x3, 0x2) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000000c0)={0x98f90a}) syzkaller login: [ 73.480912][ T7644] IPVS: ftp: loaded support on port[0] = 21 [ 73.584985][ T7644] chnl_net:caif_netlink_parms(): no params data found [ 73.647109][ T7644] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.654391][ T7644] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.662708][ T7644] device bridge_slave_0 entered promiscuous mode [ 73.674798][ T7647] IPVS: ftp: loaded support on port[0] = 21 [ 73.681856][ T7644] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.693083][ T7644] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.702209][ T7644] device bridge_slave_1 entered promiscuous mode 13:44:11 executing program 2: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r1) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f00000006c0)=ANY=[@ANYBLOB="b700000000ffffffbfa30000000000000703000028feffff720af0fff8ffffff71a4f0ff0000000047040000000000007d400300000000006504000001ed00007c000000000000006c44000000000000630a00fe000000001f00000000000000b7000000000000009500000000000000023bc065b7a379d17cf9333379fc9e94af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50becb19bc461e91a7168c5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b5e4fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc64ee4d3b7611d97b2af503adc20e5d1f626cb7798b3e6440c2fbdb00a3e3527b6b1d4fd67c90cdc710e4cdbf4fc41fbba4f94329e646b8ee6de2109fbe4ef154400e2438ec649dc74a1a610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda8a3658d42ecbf28bf7076c15b463b7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008c89a5923906f88b53987f013c12dc78b83142a06c128b5f88d28e59d2409cd367e0c33d39000d06ad99edc3a6138d5fcfba53f8d0c67ffaa6236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdf01000000f523d228a40f9411fe7226a4040996e37c4f46756d3bcd507ed3dddf79f6cd3b8537d89431bd20f146ac1800d7982148681042fc3198ebca5ea67e07e0774392a0a158dd2b3f21cf23397e724419"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) [ 73.739461][ T7644] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.759730][ T7644] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.829600][ T7644] team0: Port device team_slave_0 added [ 73.848480][ T7644] team0: Port device team_slave_1 added [ 73.854411][ T7647] chnl_net:caif_netlink_parms(): no params data found [ 73.908819][ T7651] IPVS: ftp: loaded support on port[0] = 21 [ 73.967983][ T7644] device hsr_slave_0 entered promiscuous mode 13:44:11 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="0d00000000003639408fa3a3ba27660199159dff5112fbcce9a6981a14a3e260c650b5edacdec6fdb69d5a415918beba0c51a72f0100d9441e2173a65a48530607c748dc7fc4f4b52b07155fcb2aa544534d14dc0acc24d6c010628ab7073496678d306bed51636cabc3de2e36ff47694d24ec89f61c738002fcf0cf3ace8350410df57c2938a70b0c56bb5bf8b6eff51a32ed5abe14bfd774aefac8668051a8dfaca5d2412b6827f4bbea342ffdb88978ebef12a1bd1d979d6ea7c3ecb0ed0ec4ce10816dcd91d6f51245eae70605ec5641f4aca2a2528b05cca3b47d0b38347eb6a14ff6d78558932ecdef8d0e5e807d2e828489327f255f11fd26612882d525dbacae08d9e32cfe21e766f197fad6f038817231e2786ad2d729702024fe52249856d7b8f3faddd760", 0x12a}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') fstat(r1, &(0x7f0000000100)) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 74.015671][ T7644] device hsr_slave_1 entered promiscuous mode [ 74.087372][ T7647] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.109764][ T7647] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.136223][ T7647] device bridge_slave_0 entered promiscuous mode [ 74.184162][ T7647] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.207081][ T7647] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.235489][ T7647] device bridge_slave_1 entered promiscuous mode [ 74.279101][ T7644] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.286276][ T7644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.293625][ T7644] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.300705][ T7644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.389884][ T7675] IPVS: ftp: loaded support on port[0] = 21 [ 74.417131][ T7647] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.505774][ T7647] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.551551][ T7644] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.617165][ T7663] ================================================================== [ 74.625318][ T7663] BUG: KCSAN: data-race in may_open.isra.0 / pid_update_inode [ 74.632764][ T7663] [ 74.635098][ T7663] read to 0xffff88812894aac8 of 2 bytes by task 7673 on cpu 1: [ 74.635520][ T7647] team0: Port device team_slave_0 added [ 74.642733][ T7663] may_open.isra.0+0x4a/0x250 [ 74.652930][ T7663] path_openat+0xf05/0x36e0 [ 74.657448][ T7663] do_filp_open+0x11e/0x1b0 [ 74.661954][ T7663] do_sys_open+0x3b3/0x4f0 [ 74.669414][ T7663] __x64_sys_open+0x55/0x70 [ 74.673946][ T7663] do_syscall_64+0xcc/0x370 [ 74.678451][ T7663] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.685197][ T7663] [ 74.687551][ T7663] write to 0xffff88812894aac8 of 2 bytes by task 7663 on cpu 0: [ 74.695801][ T7663] pid_update_inode+0x51/0x70 [ 74.700483][ T7663] pid_revalidate+0x91/0xd0 [ 74.704988][ T7663] lookup_fast+0x618/0x700 [ 74.709405][ T7663] path_openat+0x2ac/0x36e0 [ 74.713913][ T7663] do_filp_open+0x11e/0x1b0 [ 74.718419][ T7663] do_sys_open+0x3b3/0x4f0 [ 74.722828][ T7663] __x64_sys_open+0x55/0x70 [ 74.727327][ T7663] do_syscall_64+0xcc/0x370 [ 74.731834][ T7663] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.737797][ T7663] [ 74.740107][ T7663] Reported by Kernel Concurrency Sanitizer on: [ 74.746253][ T7663] CPU: 0 PID: 7663 Comm: ps Not tainted 5.4.0-syzkaller #0 [ 74.753446][ T7663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.763503][ T7663] ================================================================== [ 74.772518][ T7663] Kernel panic - not syncing: panic_on_warn set ... [ 74.779224][ T7663] CPU: 0 PID: 7663 Comm: ps Not tainted 5.4.0-syzkaller #0 [ 74.786509][ T7663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.796811][ T7663] Call Trace: [ 74.800394][ T7663] dump_stack+0x11d/0x181 [ 74.804952][ T7663] panic+0x210/0x640 [ 74.809159][ T7663] ? vprintk_func+0x8d/0x140 [ 74.815003][ T7663] kcsan_report.cold+0xc/0xd [ 74.819782][ T7663] kcsan_setup_watchpoint+0x3fe/0x460 [ 74.825170][ T7663] __tsan_unaligned_write2+0xc4/0x100 [ 74.830636][ T7663] pid_update_inode+0x51/0x70 [ 74.835577][ T7663] pid_revalidate+0x91/0xd0 [ 74.840524][ T7663] lookup_fast+0x618/0x700 [ 74.844949][ T7663] path_openat+0x2ac/0x36e0 [ 74.849554][ T7663] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 74.855819][ T7663] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 74.861719][ T7663] ? __read_once_size+0x41/0xe0 [ 74.866581][ T7663] do_filp_open+0x11e/0x1b0 [ 74.871173][ T7663] ? __alloc_fd+0x2ef/0x3b0 [ 74.875693][ T7663] do_sys_open+0x3b3/0x4f0 [ 74.880113][ T7663] __x64_sys_open+0x55/0x70 [ 74.884622][ T7663] do_syscall_64+0xcc/0x370 [ 74.889261][ T7663] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.895617][ T7663] RIP: 0033:0x7fa272404120 [ 74.901188][ T7663] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 74.920997][ T7663] RSP: 002b:00007ffd623cf8a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 74.929430][ T7663] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007fa272404120 [ 74.937418][ T7663] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fa2728d2d00 [ 74.945393][ T7663] RBP: 0000000000001000 R08: 0000000000000000 R09: 00007fa2726cc57b [ 74.953385][ T7663] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2728d1d00 [ 74.961351][ T7663] R13: 0000000000000020 R14: 0000000000000005 R15: 0000000000000000 [ 74.970913][ T7663] Kernel Offset: disabled [ 74.975763][ T7663] Rebooting in 86400 seconds..