[ 37.942009][ T25] audit: type=1800 audit(1570610226.249:24): pid=7112 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="sudo" dev="sda1" ino=2487 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.406797][ T25] audit: type=1800 audit(1570610226.789:25): pid=7112 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 38.457161][ T25] audit: type=1800 audit(1570610226.789:26): pid=7112 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.0' (ECDSA) to the list of known hosts. 2019/10/09 08:37:18 fuzzer started 2019/10/09 08:37:19 dialing manager at 10.128.0.105:43333 2019/10/09 08:37:19 syscalls: 2523 2019/10/09 08:37:19 code coverage: enabled 2019/10/09 08:37:19 comparison tracing: enabled 2019/10/09 08:37:19 extra coverage: extra coverage is not supported by the kernel 2019/10/09 08:37:19 setuid sandbox: enabled 2019/10/09 08:37:19 namespace sandbox: enabled 2019/10/09 08:37:19 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/09 08:37:19 fault injection: enabled 2019/10/09 08:37:19 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/09 08:37:19 net packet injection: enabled 2019/10/09 08:37:19 net device setup: enabled 2019/10/09 08:37:19 concurrency sanitizer: enabled 08:37:23 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000640)=""/246) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0x4004743d, &(0x7f0000001080)=""/246) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/net/pfkey\x00', 0x0, 0x0) pipe(&(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) syzkaller login: [ 54.883225][ T7268] ================================================================== [ 54.891505][ T7268] BUG: KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent [ 54.899907][ T7268] [ 54.902249][ T7268] write to 0xffff88821867a428 of 8 bytes by task 7281 on cpu 1: [ 54.909872][ T7268] ext4_es_lookup_extent+0x3d3/0x510 [ 54.915150][ T7268] ext4_map_blocks+0xc2/0xf70 [ 54.919810][ T7268] ext4_getblk+0x30b/0x380 [ 54.924211][ T7268] ext4_bread_batch+0x8a/0x2e0 [ 54.928959][ T7268] __ext4_find_entry+0x32f/0x970 [ 54.933885][ T7268] ext4_lookup+0x35f/0x4f0 [ 54.938286][ T7268] __lookup_hash+0xcb/0x110 [ 54.942773][ T7268] filename_create+0x102/0x2d0 [ 54.947519][ T7268] do_mkdirat+0x65/0x1f0 [ 54.951744][ T7268] __x64_sys_mkdir+0x40/0x50 [ 54.956423][ T7268] do_syscall_64+0xcf/0x2f0 [ 54.960916][ T7268] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 54.966792][ T7268] [ 54.969199][ T7268] read to 0xffff88821867a428 of 8 bytes by task 7268 on cpu 0: [ 54.976730][ T7268] ext4_es_lookup_extent+0x3ba/0x510 [ 54.981999][ T7268] ext4_map_blocks+0xc2/0xf70 [ 54.986663][ T7268] ext4_mpage_readpages+0x92b/0x1270 [ 54.991930][ T7268] ext4_readpages+0x92/0xc0 [ 54.996417][ T7268] read_pages+0xa2/0x2d0 [ 55.000643][ T7268] __do_page_cache_readahead+0x353/0x390 [ 55.006261][ T7268] ondemand_readahead+0x35d/0x710 [ 55.011269][ T7268] page_cache_async_readahead+0x22c/0x250 [ 55.016976][ T7268] generic_file_read_iter+0xffc/0x1440 [ 55.022420][ T7268] ext4_file_read_iter+0xfa/0x240 [ 55.027451][ T7268] new_sync_read+0x389/0x4f0 [ 55.032030][ T7268] __vfs_read+0xb1/0xc0 [ 55.036178][ T7268] integrity_kernel_read+0xa1/0xe0 [ 55.041263][ T7268] [ 55.043572][ T7268] Reported by Kernel Concurrency Sanitizer on: [ 55.049863][ T7268] CPU: 0 PID: 7268 Comm: syz-fuzzer Not tainted 5.3.0+ #0 [ 55.056967][ T7268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.067012][ T7268] ================================================================== [ 55.075059][ T7268] Kernel panic - not syncing: panic_on_warn set ... [ 55.081754][ T7268] CPU: 0 PID: 7268 Comm: syz-fuzzer Not tainted 5.3.0+ #0 [ 55.088842][ T7268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.099413][ T7268] Call Trace: [ 55.102702][ T7268] dump_stack+0xf5/0x159 [ 55.106939][ T7268] panic+0x209/0x639 [ 55.110839][ T7268] ? generic_file_read_iter+0xffc/0x1440 [ 55.116460][ T7268] ? vprintk_func+0x8d/0x140 [ 55.121039][ T7268] kcsan_report.cold+0xc/0x1b [ 55.125709][ T7268] __kcsan_setup_watchpoint+0x3ee/0x510 [ 55.131240][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.136863][ T7268] __tsan_read8+0x2c/0x30 [ 55.141185][ T7268] ext4_es_lookup_extent+0x3ba/0x510 [ 55.146465][ T7268] ext4_map_blocks+0xc2/0xf70 [ 55.151148][ T7268] ext4_mpage_readpages+0x92b/0x1270 [ 55.156431][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.162049][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.167671][ T7268] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 55.174074][ T7268] ? ext4_invalidatepage+0x1e0/0x1e0 [ 55.179351][ T7268] ext4_readpages+0x92/0xc0 [ 55.183842][ T7268] ? ext4_invalidatepage+0x1e0/0x1e0 [ 55.189112][ T7268] read_pages+0xa2/0x2d0 [ 55.193354][ T7268] __do_page_cache_readahead+0x353/0x390 [ 55.198980][ T7268] ondemand_readahead+0x35d/0x710 [ 55.204001][ T7268] page_cache_async_readahead+0x22c/0x250 [ 55.209714][ T7268] generic_file_read_iter+0xffc/0x1440 [ 55.215180][ T7268] ext4_file_read_iter+0xfa/0x240 [ 55.220194][ T7268] new_sync_read+0x389/0x4f0 [ 55.224779][ T7268] __vfs_read+0xb1/0xc0 [ 55.228928][ T7268] integrity_kernel_read+0xa1/0xe0 [ 55.234037][ T7268] ima_calc_file_hash_tfm+0x1b5/0x260 [ 55.239401][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.245035][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.250656][ T7268] ? __kcsan_setup_watchpoint+0x63/0x510 [ 55.256276][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.261903][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.267522][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.273142][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.278776][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.284413][ T7268] ? __tsan_read4+0x2c/0x30 [ 55.288915][ T7268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.295161][ T7268] ? refcount_sub_and_test_checked+0xc8/0x190 [ 55.301235][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.306878][ T7268] ? __tsan_read4+0x2c/0x30 [ 55.311395][ T7268] ima_calc_file_hash+0x158/0xf10 [ 55.316414][ T7268] ? __tsan_write8+0x32/0x40 [ 55.321001][ T7268] ? ext4_xattr_get+0x10b/0x5c0 [ 55.325845][ T7268] ? __rcu_read_unlock+0x62/0xe0 [ 55.330770][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.336396][ T7268] ima_collect_measurement+0x384/0x3b0 [ 55.341856][ T7268] process_measurement+0x980/0xff0 [ 55.346960][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.352580][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.358201][ T7268] ? __tsan_read4+0x2c/0x30 [ 55.362697][ T7268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.368926][ T7268] ? refcount_sub_and_test_checked+0xc8/0x190 [ 55.374995][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.380706][ T7268] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.386348][ T7268] ima_file_check+0x7e/0xb0 [ 55.390863][ T7268] path_openat+0xfb1/0x3530 [ 55.395361][ T7268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.401600][ T7268] do_filp_open+0x11e/0x1b0 [ 55.406112][ T7268] ? _raw_spin_unlock+0x4b/0x60 [ 55.410964][ T7268] ? __alloc_fd+0x316/0x4c0 [ 55.415468][ T7268] ? get_unused_fd_flags+0x93/0xc0 [ 55.420582][ T7268] do_sys_open+0x3b3/0x4f0 [ 55.424990][ T7268] __x64_sys_openat+0x62/0x80 [ 55.429662][ T7268] do_syscall_64+0xcf/0x2f0 [ 55.434158][ T7268] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.440213][ T7268] RIP: 0033:0x47c5aa [ 55.444101][ T7268] Code: e8 7b 6b fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 55.464137][ T7268] RSP: 002b:000000c4203a9850 EFLAGS: 00000206 ORIG_RAX: 0000000000000101 [ 55.472534][ T7268] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047c5aa [ 55.480492][ T7268] RDX: 0000000000080002 RSI: 000000c4200971a0 RDI: ffffffffffffff9c [ 55.488450][ T7268] RBP: 000000c4203a98d0 R08: 0000000000000000 R09: 0000000000000000 [ 55.496421][ T7268] R10: 00000000000001a4 R11: 0000000000000206 R12: ffffffffffffffff [ 55.504378][ T7268] R13: 000000000000008e R14: 000000000000008d R15: 0000000000000100 [ 55.513791][ T7268] Kernel Offset: disabled [ 55.518117][ T7268] Rebooting in 86400 seconds..