[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 35.006683][ T26] audit: type=1800 audit(1570605732.814:25): pid=7066 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 35.026490][ T26] audit: type=1800 audit(1570605732.814:26): pid=7066 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 35.048316][ T26] audit: type=1800 audit(1570605732.814:27): pid=7066 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.24' (ECDSA) to the list of known hosts. 2019/10/09 07:22:20 fuzzer started 2019/10/09 07:22:21 dialing manager at 10.128.0.105:43333 2019/10/09 07:22:21 checking machine... 2019/10/09 07:22:21 checking revisions... 2019/10/09 07:22:21 testing simple program... syzkaller login: [ 43.737754][ T7233] IPVS: ftp: loaded support on port[0] = 21 2019/10/09 07:22:21 building call list... executing program [ 47.516001][ T7228] can: request_module (can-proto-0) failed. [ 47.528622][ T7228] can: request_module (can-proto-0) failed. 2019/10/09 07:22:26 syscalls: 2523 2019/10/09 07:22:26 code coverage: enabled 2019/10/09 07:22:26 comparison tracing: enabled 2019/10/09 07:22:26 extra coverage: extra coverage is not supported by the kernel 2019/10/09 07:22:26 setuid sandbox: enabled 2019/10/09 07:22:26 namespace sandbox: enabled 2019/10/09 07:22:26 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/09 07:22:26 fault injection: enabled 2019/10/09 07:22:26 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/09 07:22:26 net packet injection: enabled 2019/10/09 07:22:26 net device setup: enabled 2019/10/09 07:22:26 concurrency sanitizer: enabled 07:22:27 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000140)=ANY=[@ANYBLOB="1f00000000000000000000400500010000e4e6fc4be790f80a00000000b7871001000000002300002560b700eff0ffff0403ff03000001000a00000006868e4896beffbecb6cc58029"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x2, [{0x38f}]}) [ 49.866433][ T7276] IPVS: ftp: loaded support on port[0] = 21 07:22:27 executing program 1: sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r0 = socket(0x10, 0x10000000080002, 0x0) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000080)="290000001800190000003fffffffda0602007a00fde80001084000040d0005000005000000060000ff", 0x29}], 0x1) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) [ 49.957935][ T7276] chnl_net:caif_netlink_parms(): no params data found [ 50.019566][ T7276] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.035609][ T7276] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.055759][ T7276] device bridge_slave_0 entered promiscuous mode [ 50.066196][ T7276] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.085046][ T7276] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.093147][ T7276] device bridge_slave_1 entered promiscuous mode [ 50.146609][ T7276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.167211][ T7276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.222119][ T7276] team0: Port device team_slave_0 added [ 50.237359][ T7276] team0: Port device team_slave_1 added 07:22:28 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000000)={'raw\x00'}, &(0x7f0000000100)=0x54) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) bind$bt_hci(r1, &(0x7f0000000040), 0xc) [ 50.338564][ T7276] device hsr_slave_0 entered promiscuous mode [ 50.375492][ T7276] device hsr_slave_1 entered promiscuous mode [ 50.423012][ T7276] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.423290][ T7279] IPVS: ftp: loaded support on port[0] = 21 [ 50.430172][ T7276] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.430331][ T7276] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.450493][ T7276] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.594841][ T7281] IPVS: ftp: loaded support on port[0] = 21 [ 50.614141][ T7276] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.665322][ T7276] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.676732][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.686048][ T44] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.705619][ T44] bridge0: port 2(bridge_slave_1) entered disabled state 07:22:28 executing program 3: accept$nfc_llcp(0xffffffffffffffff, 0x0, 0x0) r0 = shmget(0x3, 0x1000, 0x200, &(0x7f0000fff000/0x1000)=nil) shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000140)=""/74) shmat(0x0, &(0x7f0000ffe000/0x2000)=nil, 0x4000) setsockopt$netlink_NETLINK_CAP_ACK(0xffffffffffffffff, 0x10e, 0xa, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x4c000) setsockopt$inet6_dccp_buf(0xffffffffffffffff, 0x110, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000380)={0x0, 0x2, 0x0, 0x8}, 0x10) bind$llc(0xffffffffffffffff, &(0x7f0000000040)={0x1a, 0x1, 0x1f, 0x0, 0x0, 0x0, @local}, 0x10) connect$llc(0xffffffffffffffff, &(0x7f0000000100)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) pipe(0x0) r1 = syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') sendfile(0xffffffffffffffff, r1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, 0x0) accept4$tipc(0xffffffffffffffff, &(0x7f0000000700), 0x0, 0x800) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000940)) lstat(&(0x7f00000009c0)='./file0\x00', &(0x7f0000000c00)) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000c80), &(0x7f0000000cc0)=0xc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001840), 0x0) getgid() socket$can_bcm(0x1d, 0x2, 0x2) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') sendfile(r3, r4, 0x0, 0x320f) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x320f) [ 50.715327][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 50.769591][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.786197][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.793284][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.815800][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.835382][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.842768][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.910347][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.926814][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.948952][ T7279] chnl_net:caif_netlink_parms(): no params data found [ 50.975894][ T2854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.002699][ T7276] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 51.034995][ T7276] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 51.092633][ T7283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.111984][ T7283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.121199][ T7283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.130193][ T7283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.140657][ T7283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 07:22:29 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x200004) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x4, 0x1}, 0x10) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendfile(r4, r3, 0x0, 0x80001d00c0d0) [ 51.166360][ T7276] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.221112][ T7228] ================================================================== [ 51.229277][ T7228] BUG: KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent [ 51.237688][ T7228] [ 51.240140][ T7228] read to 0xffff888218663c28 of 8 bytes by task 7288 on cpu 0: [ 51.247878][ T7228] ext4_es_lookup_extent+0x3ba/0x510 [ 51.253178][ T7228] ext4_map_blocks+0xc2/0xf70 [ 51.257874][ T7228] ext4_getblk+0x30b/0x380 [ 51.262297][ T7228] ext4_bread+0x4a/0x190 [ 51.266550][ T7228] __ext4_read_dirblock+0x3e/0x700 [ 51.271827][ T7228] htree_dirblock_to_tree+0x8c/0x560 [ 51.277206][ T7228] ext4_htree_fill_tree+0x179/0x6b0 [ 51.282718][ T7228] ext4_readdir+0x54d/0x1e30 [ 51.287332][ T7228] iterate_dir+0x312/0x380 [ 51.292034][ T7228] __x64_sys_getdents+0x14b/0x280 [ 51.297080][ T7228] do_syscall_64+0xcf/0x2f0 [ 51.301614][ T7228] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 51.307537][ T7228] [ 51.310186][ T7228] write to 0xffff888218663c28 of 8 bytes by task 7228 on cpu 1: [ 51.317831][ T7228] ext4_es_lookup_extent+0x3d3/0x510 [ 51.323265][ T7228] ext4_map_blocks+0xc2/0xf70 [ 51.328039][ T7228] ext4_mpage_readpages+0x92b/0x1270 [ 51.333414][ T7228] ext4_readpages+0x92/0xc0 [ 51.337927][ T7228] read_pages+0xa2/0x2d0 [ 51.342173][ T7228] __do_page_cache_readahead+0x353/0x390 [ 51.347932][ T7228] ondemand_readahead+0x35d/0x710 [ 51.353033][ T7228] page_cache_async_readahead+0x22c/0x250 [ 51.358765][ T7228] generic_file_read_iter+0xffc/0x1440 [ 51.364238][ T7228] ext4_file_read_iter+0xfa/0x240 [ 51.369272][ T7228] new_sync_read+0x389/0x4f0 [ 51.373868][ T7228] __vfs_read+0xb1/0xc0 [ 51.378028][ T7228] integrity_kernel_read+0xa1/0xe0 [ 51.383361][ T7228] [ 51.385697][ T7228] Reported by Kernel Concurrency Sanitizer on: [ 51.391882][ T7228] CPU: 1 PID: 7228 Comm: syz-fuzzer Not tainted 5.3.0+ #0 [ 51.399079][ T7228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.409420][ T7228] ================================================================== [ 51.417579][ T7228] Kernel panic - not syncing: panic_on_warn set ... [ 51.425523][ T7228] CPU: 1 PID: 7228 Comm: syz-fuzzer Not tainted 5.3.0+ #0 [ 51.433753][ T7228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.444167][ T7228] Call Trace: [ 51.448069][ T7228] dump_stack+0xf5/0x159 [ 51.452365][ T7228] panic+0x209/0x639 [ 51.456267][ T7228] ? generic_file_read_iter+0xffc/0x1440 [ 51.462199][ T7228] ? vprintk_func+0x8d/0x140 [ 51.467000][ T7228] kcsan_report.cold+0xc/0x1b [ 51.471674][ T7228] __kcsan_setup_watchpoint+0x3ee/0x510 [ 51.477453][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.483118][ T7228] __tsan_write8+0x32/0x40 [ 51.488149][ T7228] ext4_es_lookup_extent+0x3d3/0x510 [ 51.494994][ T7228] ext4_map_blocks+0xc2/0xf70 [ 51.499695][ T7228] ext4_mpage_readpages+0x92b/0x1270 [ 51.504994][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.510973][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.516602][ T7228] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 51.522493][ T7228] ? ext4_invalidatepage+0x1e0/0x1e0 [ 51.527772][ T7228] ext4_readpages+0x92/0xc0 [ 51.532302][ T7228] ? ext4_invalidatepage+0x1e0/0x1e0 [ 51.538271][ T7228] read_pages+0xa2/0x2d0 [ 51.542739][ T7228] __do_page_cache_readahead+0x353/0x390 [ 51.549013][ T7228] ondemand_readahead+0x35d/0x710 [ 51.554043][ T7228] page_cache_async_readahead+0x22c/0x250 [ 51.559945][ T7228] generic_file_read_iter+0xffc/0x1440 [ 51.565410][ T7228] ext4_file_read_iter+0xfa/0x240 [ 51.570436][ T7228] new_sync_read+0x389/0x4f0 [ 51.575059][ T7228] __vfs_read+0xb1/0xc0 [ 51.579217][ T7228] integrity_kernel_read+0xa1/0xe0 [ 51.584410][ T7228] ima_calc_file_hash_tfm+0x1b5/0x260 [ 51.589842][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.595469][ T7228] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 51.601303][ T7228] ? widen_string+0x4a/0x1a0 [ 51.605935][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.611788][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.617505][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.623173][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.628856][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.634487][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.640458][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.646085][ T7228] ? __tsan_read4+0x2c/0x30 [ 51.650585][ T7228] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.656823][ T7228] ? refcount_sub_and_test_checked+0xc8/0x190 [ 51.662882][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.668771][ T7228] ? __tsan_read4+0x2c/0x30 [ 51.673268][ T7228] ima_calc_file_hash+0x158/0xf10 [ 51.678284][ T7228] ? __tsan_write8+0x32/0x40 [ 51.682867][ T7228] ? ext4_xattr_get+0x10b/0x5c0 [ 51.687710][ T7228] ? __rcu_read_unlock+0x62/0xe0 [ 51.692639][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.698353][ T7228] ima_collect_measurement+0x384/0x3b0 [ 51.703810][ T7228] process_measurement+0x980/0xff0 [ 51.708917][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.714778][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.720640][ T7228] ? __tsan_read4+0x2c/0x30 [ 51.725471][ T7228] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.731922][ T7228] ? refcount_sub_and_test_checked+0xc8/0x190 [ 51.738119][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.744046][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.749764][ T7228] ima_file_check+0x7e/0xb0 [ 51.754268][ T7228] path_openat+0xfb1/0x3530 [ 51.758790][ T7228] ? __kcsan_setup_watchpoint+0x96/0x510 [ 51.765823][ T7228] do_filp_open+0x11e/0x1b0 [ 51.770329][ T7228] ? _raw_spin_unlock+0x4b/0x60 [ 51.775258][ T7228] ? __alloc_fd+0x316/0x4c0 [ 51.779849][ T7228] ? get_unused_fd_flags+0x93/0xc0 [ 51.785044][ T7228] do_sys_open+0x3b3/0x4f0 [ 51.789456][ T7228] __x64_sys_openat+0x62/0x80 [ 51.794204][ T7228] do_syscall_64+0xcf/0x2f0 [ 51.798741][ T7228] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 51.804797][ T7228] RIP: 0033:0x47c5aa [ 51.809043][ T7228] Code: e8 7b 6b fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 51.829067][ T7228] RSP: 002b:000000c420147850 EFLAGS: 00000206 ORIG_RAX: 0000000000000101 [ 51.837842][ T7228] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047c5aa [ 51.845858][ T7228] RDX: 0000000000080002 RSI: 000000c420154c20 RDI: ffffffffffffff9c [ 51.854886][ T7228] RBP: 000000c4201478d0 R08: 0000000000000000 R09: 0000000000000000 [ 51.863225][ T7228] R10: 00000000000001a4 R11: 0000000000000206 R12: ffffffffffffffff [ 51.871283][ T7228] R13: 0000000000000062 R14: 0000000000000061 R15: 0000000000000100 [ 51.881159][ T7228] Kernel Offset: disabled [ 51.885624][ T7228] Rebooting in 86400 seconds..