[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 40.960920][ T25] audit: type=1800 audit(1570544979.784:25): pid=7188 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 41.001003][ T25] audit: type=1800 audit(1570544979.794:26): pid=7188 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 41.021838][ T25] audit: type=1800 audit(1570544979.794:27): pid=7188 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.104' (ECDSA) to the list of known hosts. 2019/10/08 14:29:47 fuzzer started 2019/10/08 14:29:49 dialing manager at 10.128.0.105:44253 2019/10/08 14:29:49 syscalls: 2523 2019/10/08 14:29:49 code coverage: enabled 2019/10/08 14:29:49 comparison tracing: enabled 2019/10/08 14:29:49 extra coverage: extra coverage is not supported by the kernel 2019/10/08 14:29:49 setuid sandbox: enabled 2019/10/08 14:29:49 namespace sandbox: enabled 2019/10/08 14:29:49 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/08 14:29:49 fault injection: enabled 2019/10/08 14:29:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/08 14:29:49 net packet injection: enabled 2019/10/08 14:29:49 net device setup: enabled 2019/10/08 14:29:49 concurrency sanitizer: enabled 14:29:52 executing program 0: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) write$P9_RREAD(r0, &(0x7f0000000200)=ANY=[], 0x5aa78d33) ioctl$UI_DEV_DESTROY(r0, 0x5502) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x10, 0x0, 0x10fffe) syzkaller login: [ 53.530811][ T7358] IPVS: ftp: loaded support on port[0] = 21 [ 53.625379][ T7358] chnl_net:caif_netlink_parms(): no params data found 14:29:52 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x3800) r1 = socket$caif_stream(0x25, 0x1, 0x0) sendmmsg(r1, &(0x7f0000005c00), 0x4000000000002aa, 0x0) [ 53.665806][ T7358] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.673779][ T7358] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.683166][ T7358] device bridge_slave_0 entered promiscuous mode [ 53.692872][ T7358] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.700008][ T7358] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.722565][ T7358] device bridge_slave_1 entered promiscuous mode [ 53.765612][ T7358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.777533][ T7358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.803249][ T7358] team0: Port device team_slave_0 added [ 53.810411][ T7358] team0: Port device team_slave_1 added [ 53.894811][ T7358] device hsr_slave_0 entered promiscuous mode [ 53.942730][ T7358] device hsr_slave_1 entered promiscuous mode 14:29:52 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x216, 0x210007fd, &(0x7f0000000380)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='veno\x00', 0xde4c) sendto$inet(r0, &(0x7f0000000540)="03268a927f1f6587b967480b41ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba", 0x8200, 0x2, 0x0, 0x204) [ 54.009588][ T7358] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.016719][ T7358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.024211][ T7358] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.031307][ T7358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.095687][ T7361] IPVS: ftp: loaded support on port[0] = 21 [ 54.160793][ T7358] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.190650][ T7358] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.199066][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.208684][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.227332][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.244503][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 54.299807][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.309947][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.317048][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.326894][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.335790][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.342877][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.353290][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.371238][ T7365] IPVS: ftp: loaded support on port[0] = 21 [ 54.379091][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 14:29:53 executing program 3: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) connect$l2tp(r0, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x3}}, 0x26) [ 54.447381][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.468212][ T7361] chnl_net:caif_netlink_parms(): no params data found [ 54.494355][ T7358] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.505111][ T7358] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.520710][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.530804][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.565116][ T3022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.580041][ T7358] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.640886][ T7361] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.661938][ T7361] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.669823][ T7361] device bridge_slave_0 entered promiscuous mode [ 54.702325][ T7361] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.713049][ T7361] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.733836][ T7361] device bridge_slave_1 entered promiscuous mode [ 54.776929][ T7361] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.873406][ T7361] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.885645][ T7373] IPVS: ftp: loaded support on port[0] = 21 [ 54.935027][ T7365] chnl_net:caif_netlink_parms(): no params data found [ 54.966140][ T7361] team0: Port device team_slave_0 added [ 54.982953][ C1] hrtimer: interrupt took 42152 ns 14:29:53 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r1, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) [ 55.009053][ T7361] team0: Port device team_slave_1 added [ 55.134724][ T7361] device hsr_slave_0 entered promiscuous mode [ 55.191803][ T7361] device hsr_slave_1 entered promiscuous mode [ 55.231798][ T7361] debugfs: Directory 'hsr0' with parent '/' already present! [ 55.239363][ T7365] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.247001][ T7365] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.256795][ T7365] device bridge_slave_0 entered promiscuous mode [ 55.287536][ T7361] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.294788][ T7361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.324584][ T7365] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.345144][ T7365] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.364664][ T7365] device bridge_slave_1 entered promiscuous mode [ 55.379356][ T7340] ================================================================== [ 55.387467][ T7340] BUG: KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent [ 55.395862][ T7340] [ 55.398196][ T7340] write to 0xffff888126b70c28 of 8 bytes by task 7377 on cpu 1: [ 55.405847][ T7340] ext4_es_lookup_extent+0x3d3/0x510 [ 55.411130][ T7340] ext4_da_get_block_prep+0x159/0xa60 [ 55.416500][ T7340] ext4_block_write_begin+0x33e/0xb90 [ 55.417645][ T7365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.421865][ T7340] ext4_da_write_begin+0x1da/0x7e0 [ 55.421884][ T7340] generic_perform_write+0x136/0x320 [ 55.421899][ T7340] __generic_file_write_iter+0x251/0x380 [ 55.421915][ T7340] ext4_file_write_iter+0x1fc/0xa40 [ 55.421942][ T7340] new_sync_write+0x388/0x4a0 [ 55.440417][ T7365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.441341][ T7340] __vfs_write+0xb1/0xc0 [ 55.470124][ T7340] vfs_write+0x18a/0x390 [ 55.474354][ T7340] ksys_write+0xd5/0x1b0 [ 55.478598][ T7340] __x64_sys_write+0x4c/0x60 [ 55.483192][ T7340] do_syscall_64+0xcf/0x2f0 [ 55.487700][ T7340] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.487960][ T7365] team0: Port device team_slave_0 added [ 55.493573][ T7340] [ 55.493587][ T7340] read to 0xffff888126b70c28 of 8 bytes by task 7340 on cpu 0: [ 55.493605][ T7340] ext4_es_lookup_extent+0x3ba/0x510 [ 55.493617][ T7340] ext4_map_blocks+0xc2/0xf70 [ 55.493636][ T7340] ext4_mpage_readpages+0x92b/0x1270 [ 55.493649][ T7340] ext4_readpages+0x92/0xc0 [ 55.493661][ T7340] read_pages+0xa2/0x2d0 [ 55.493674][ T7340] __do_page_cache_readahead+0x353/0x390 [ 55.493685][ T7340] ondemand_readahead+0x35d/0x710 [ 55.493696][ T7340] page_cache_async_readahead+0x22c/0x250 [ 55.493722][ T7340] generic_file_read_iter+0xffc/0x1440 [ 55.517729][ T7365] team0: Port device team_slave_1 added [ 55.519015][ T7340] ext4_file_read_iter+0xfa/0x240 [ 55.565277][ T7340] new_sync_read+0x389/0x4f0 [ 55.569867][ T7340] __vfs_read+0xb1/0xc0 [ 55.574019][ T7340] integrity_kernel_read+0xa1/0xe0 [ 55.579115][ T7340] [ 55.581435][ T7340] Reported by Kernel Concurrency Sanitizer on: [ 55.587584][ T7340] CPU: 0 PID: 7340 Comm: syz-fuzzer Not tainted 5.3.0+ #0 [ 55.594678][ T7340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.604723][ T7340] ================================================================== [ 55.612776][ T7340] Kernel panic - not syncing: panic_on_warn set ... [ 55.619356][ T7340] CPU: 0 PID: 7340 Comm: syz-fuzzer Not tainted 5.3.0+ #0 [ 55.626448][ T7340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.636492][ T7340] Call Trace: [ 55.639784][ T7340] dump_stack+0xf5/0x159 [ 55.644028][ T7340] panic+0x209/0x639 [ 55.647919][ T7340] ? generic_file_read_iter+0xffc/0x1440 [ 55.653539][ T7340] ? vprintk_func+0x8d/0x140 [ 55.658124][ T7340] kcsan_report.cold+0xc/0x1b [ 55.662804][ T7340] __kcsan_setup_watchpoint+0x3ee/0x510 [ 55.668350][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.674003][ T7340] __tsan_read8+0x2c/0x30 [ 55.678335][ T7340] ext4_es_lookup_extent+0x3ba/0x510 [ 55.683626][ T7340] ext4_map_blocks+0xc2/0xf70 [ 55.688313][ T7340] ext4_mpage_readpages+0x92b/0x1270 [ 55.693602][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.699227][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.704859][ T7340] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 55.710761][ T7340] ? ext4_invalidatepage+0x1e0/0x1e0 [ 55.716045][ T7340] ext4_readpages+0x92/0xc0 [ 55.720538][ T7340] ? ext4_invalidatepage+0x1e0/0x1e0 [ 55.725818][ T7340] read_pages+0xa2/0x2d0 [ 55.730066][ T7340] __do_page_cache_readahead+0x353/0x390 [ 55.735707][ T7340] ondemand_readahead+0x35d/0x710 [ 55.740748][ T7340] page_cache_async_readahead+0x22c/0x250 [ 55.746464][ T7340] generic_file_read_iter+0xffc/0x1440 [ 55.751929][ T7340] ext4_file_read_iter+0xfa/0x240 [ 55.756946][ T7340] new_sync_read+0x389/0x4f0 [ 55.761532][ T7340] __vfs_read+0xb1/0xc0 [ 55.765694][ T7340] integrity_kernel_read+0xa1/0xe0 [ 55.770805][ T7340] ima_calc_file_hash_tfm+0x1b5/0x260 [ 55.776173][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.781798][ T7340] ? should_fail+0xd4/0x45d [ 55.786300][ T7340] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 55.792012][ T7340] ? widen_string+0x4a/0x1a0 [ 55.796594][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.802220][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.807847][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.813473][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.819099][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.824722][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.830532][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.836159][ T7340] ? __tsan_read4+0x2c/0x30 [ 55.840659][ T7340] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.846899][ T7340] ? refcount_sub_and_test_checked+0xc8/0x190 [ 55.852959][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.858591][ T7340] ? __tsan_read4+0x2c/0x30 [ 55.863093][ T7340] ima_calc_file_hash+0x158/0xf10 [ 55.868110][ T7340] ? __tsan_write8+0x32/0x40 [ 55.872693][ T7340] ? ext4_xattr_get+0x10b/0x5c0 [ 55.877540][ T7340] ? __rcu_read_unlock+0x62/0xe0 [ 55.882476][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.888098][ T7340] ima_collect_measurement+0x384/0x3b0 [ 55.893583][ T7340] process_measurement+0x980/0xff0 [ 55.898677][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.904287][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.909902][ T7340] ? __tsan_read4+0x2c/0x30 [ 55.914383][ T7340] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.920598][ T7340] ? refcount_sub_and_test_checked+0xc8/0x190 [ 55.926653][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.932265][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.937897][ T7340] ima_file_check+0x7e/0xb0 [ 55.942377][ T7340] path_openat+0xfb1/0x3530 [ 55.946854][ T7340] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.952492][ T7340] do_filp_open+0x11e/0x1b0 [ 55.956988][ T7340] ? _raw_spin_unlock+0x4b/0x60 [ 55.961834][ T7340] ? __alloc_fd+0x316/0x4c0 [ 55.966328][ T7340] ? get_unused_fd_flags+0x93/0xc0 [ 55.971424][ T7340] do_sys_open+0x3b3/0x4f0 [ 55.975831][ T7340] __x64_sys_openat+0x62/0x80 [ 55.980494][ T7340] do_syscall_64+0xcf/0x2f0 [ 55.984991][ T7340] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.990868][ T7340] RIP: 0033:0x47c5aa [ 55.994743][ T7340] Code: e8 7b 6b fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 56.014320][ T7340] RSP: 002b:000000c420325850 EFLAGS: 00000206 ORIG_RAX: 0000000000000101 [ 56.022704][ T7340] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047c5aa [ 56.030654][ T7340] RDX: 0000000000080002 RSI: 000000c420023480 RDI: ffffffffffffff9c [ 56.038611][ T7340] RBP: 000000c4203258d0 R08: 0000000000000000 R09: 0000000000000000 [ 56.046570][ T7340] R10: 00000000000001a4 R11: 0000000000000206 R12: ffffffffffffffff [ 56.054518][ T7340] R13: 00000000000000a5 R14: 00000000000000a4 R15: 0000000000000100 [ 56.063777][ T7340] Kernel Offset: disabled [ 56.068091][ T7340] Rebooting in 86400 seconds..