[   54.866805][   T25] audit: type=1800 audit(1575645062.818:27): pid=7481 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0
[   54.866823][   T25] audit: type=1800 audit(1575645062.818:28): pid=7481 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   55.893687][   T25] audit: type=1800 audit(1575645063.868:29): pid=7481 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   55.922536][   T25] audit: type=1800 audit(1575645063.868:30): pid=7481 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.138' (ECDSA) to the list of known hosts.
2019/12/06 15:11:13 fuzzer started
2019/12/06 15:11:14 dialing manager at 10.128.0.105:36601
2019/12/06 15:11:15 syscalls: 2684
2019/12/06 15:11:15 code coverage: enabled
2019/12/06 15:11:15 comparison tracing: enabled
2019/12/06 15:11:15 extra coverage: extra coverage is not supported by the kernel
2019/12/06 15:11:15 setuid sandbox: enabled
2019/12/06 15:11:15 namespace sandbox: enabled
2019/12/06 15:11:15 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/06 15:11:15 fault injection: enabled
2019/12/06 15:11:15 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/06 15:11:15 net packet injection: enabled
2019/12/06 15:11:15 net device setup: enabled
2019/12/06 15:11:15 concurrency sanitizer: enabled
2019/12/06 15:11:15 devlink PCI setup: PCI device 0000:00:10.0 is not available
syzkaller login: [   70.582651][ T7652] KCSAN: could not find function: 'poll_schedule_timeout'
2019/12/06 15:11:23 adding functions to KCSAN blacklist: '__fsnotify_parent' 'tick_nohz_idle_stop_tick' 'kauditd_thread' '__add_to_page_cache_locked' 'queue_access_lock' 'n_tty_receive_buf_common' 'mem_cgroup_select_victim_node' '__ext4_new_inode' 'dd_has_work' 'wbt_done' 'pid_update_inode' '__get_user_pages' 'taskstats_exit' 'xas_clear_mark' 'tcp_add_backlog' 'lruvec_lru_size' 'process_srcu' 'mod_timer' 'balance_dirty_pages' 'list_lru_count_one' '__hrtimer_run_queues' 'poll_schedule_timeout' 'do_nanosleep' 'calc_timer_values' 'futex_wait_queue_me' 'echo_char' 'tick_do_update_jiffies64' 'ext4_mb_good_group' 'tomoyo_check_acl' 'generic_fillattr' 'flush_workqueue' 'rcu_gp_fqs_check_wake' 'ext4_free_inodes_count' 'ktime_get_real_seconds' 'blk_mq_dispatch_rq_list' 'ext4_has_free_clusters' 'pipe_wait' 'xas_find_marked' 'blk_mq_run_hw_queue' 'wbt_issue' 'pipe_poll' '__mark_inode_dirty' 'fuse_get_req' 'ext4_free_inode' 'run_timer_softirq' 'fasync_remove_entry' 'ext4_mark_iloc_dirty' 'find_next_bit' 'audit_log_start' 'pcpu_alloc' '__snd_rawmidi_transmit_ack' 'do_syslog' 'add_timer' 'vm_area_dup' 'ext4_nonda_switch' 'blk_mq_get_request' 'find_get_pages_range_tag' 'blk_mq_sched_dispatch_requests' 'tick_sched_do_timer' 'ep_poll' 'do_signal_stop' 'lookup_fast' 'generic_write_end' 'copy_process' 'tomoyo_supervisor' 
[  235.826414][ T7637] ==================================================================
[  235.835116][ T7637] BUG: KCSAN: data-race in hrtimer_wakeup / schedule_hrtimeout_range_clock
[  235.843683][ T7637] 
[  235.846011][ T7637] write to 0xffffc9000162b848 of 8 bytes by interrupt on cpu 1:
[  235.854954][ T7637]  hrtimer_wakeup+0x32/0x60
[  235.859451][ T7637]  __hrtimer_run_queues+0x274/0x5f0
[  235.864831][ T7637]  hrtimer_interrupt+0x22a/0x480
[  235.869777][ T7637]  smp_apic_timer_interrupt+0xdc/0x280
[  235.875236][ T7637]  apic_timer_interrupt+0xf/0x20
[  235.880178][ T7637]  native_safe_halt+0xe/0x10
[  235.884780][ T7637]  arch_cpu_idle+0xa/0x10
[  235.889110][ T7637]  default_idle_call+0x1e/0x40
[  235.893958][ T7637]  do_idle+0x1af/0x280
[  235.898103][ T7637]  cpu_startup_entry+0x1b/0x20
[  235.902855][ T7637]  start_secondary+0x168/0x1b0
[  235.907609][ T7637]  secondary_startup_64+0xa4/0xb0
[  235.912700][ T7637] 
[  235.915167][ T7637] read to 0xffffc9000162b848 of 8 bytes by task 7637 on cpu 0:
[  235.922869][ T7637]  schedule_hrtimeout_range_clock+0x109/0x1e0
[  235.928954][ T7637]  schedule_hrtimeout_range+0x34/0x50
[  235.934346][ T7637]  poll_schedule_timeout.constprop.0+0x75/0xc0
[  235.940771][ T7637]  do_select+0xd7f/0x1020
[  235.945182][ T7637]  core_sys_select+0x381/0x550
[  235.949980][ T7637]  do_pselect.constprop.0+0x11d/0x160
[  235.955431][ T7637]  __x64_sys_pselect6+0x12e/0x170
[  235.960466][ T7637]  do_syscall_64+0xcc/0x370
[  235.965521][ T7637]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  235.971401][ T7637] 
[  235.973718][ T7637] Reported by Kernel Concurrency Sanitizer on:
[  235.979864][ T7637] CPU: 0 PID: 7637 Comm: syz-fuzzer Not tainted 5.4.0-syzkaller #0
[  235.987741][ T7637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  235.998156][ T7637] ==================================================================
[  236.006279][ T7637] Kernel panic - not syncing: panic_on_warn set ...
[  236.013160][ T7637] CPU: 0 PID: 7637 Comm: syz-fuzzer Not tainted 5.4.0-syzkaller #0
[  236.021141][ T7637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  236.031513][ T7637] Call Trace:
[  236.034812][ T7637]  dump_stack+0x11d/0x181
[  236.039267][ T7637]  panic+0x210/0x640
[  236.043157][ T7637]  ? vprintk_func+0x8d/0x140
[  236.047898][ T7637]  kcsan_report.cold+0xc/0xd
[  236.052678][ T7637]  kcsan_setup_watchpoint+0x3fe/0x460
[  236.058058][ T7637]  __tsan_read8+0xc6/0x100
[  236.062470][ T7637]  schedule_hrtimeout_range_clock+0x109/0x1e0
[  236.069577][ T7637]  ? hrtimer_active+0x1a0/0x1a0
[  236.074454][ T7637]  schedule_hrtimeout_range+0x34/0x50
[  236.079852][ T7637]  poll_schedule_timeout.constprop.0+0x75/0xc0
[  236.086030][ T7637]  do_select+0xd7f/0x1020
[  236.090482][ T7637]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  236.096223][ T7637]  ? gup_pgd_range+0x5cb/0x1990
[  236.101082][ T7637]  ? __rcu_read_unlock+0x66/0x3c0
[  236.106128][ T7637]  ? __rcu_read_unlock+0x66/0x3c0
[  236.111155][ T7637]  ? find_next_bit+0xcb/0xe0
[  236.115754][ T7637]  ? rb_erase+0x2aa/0x990
[  236.120106][ T7637]  ? __read_once_size.constprop.0+0x12/0x20
[  236.126002][ T7637]  ? timerqueue_del+0xa1/0x100
[  236.130781][ T7637]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  236.137052][ T7637]  ? __remove_hrtimer+0x7a/0x130
[  236.141986][ T7637]  ? _raw_spin_unlock_irqrestore+0x70/0x80
[  236.147820][ T7637]  ? hrtimer_try_to_cancel+0x57/0x260
[  236.153206][ T7637]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  236.159717][ T7637]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  236.166050][ T7637]  ? hrtimer_cancel+0x3b/0x50
[  236.170739][ T7637]  ? futex_wait+0x33f/0x3f0
[  236.175390][ T7637]  ? __rcu_read_unlock+0x66/0x3c0
[  236.180956][ T7637]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  236.187324][ T7637]  core_sys_select+0x381/0x550
[  236.192292][ T7637]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  236.198189][ T7637]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  236.204243][ T7637]  ? _copy_to_user+0x84/0xb0
[  236.208840][ T7637]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  236.214768][ T7637]  ? __read_once_size+0x5a/0xe0
[  236.219656][ T7637]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  236.225918][ T7637]  ? ktime_get_ts64+0x286/0x2c0
[  236.230872][ T7637]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  236.236618][ T7637]  ? timespec64_add_safe+0xae/0xd0
[  236.241853][ T7637]  do_pselect.constprop.0+0x11d/0x160
[  236.247247][ T7637]  __x64_sys_pselect6+0x12e/0x170
[  236.252460][ T7637]  ? switch_fpu_return+0x11f/0x250
[  236.257600][ T7637]  do_syscall_64+0xcc/0x370
[  236.262119][ T7637]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  236.268025][ T7637] RIP: 0033:0x45ac23
[  236.271946][ T7637] Code: 48 89 44 24 08 bf 00 00 00 00 be 00 00 00 00 ba 00 00 00 00 41 ba 00 00 00 00 49 89 e0 41 b9 00 00 00 00 b8 0e 01 00 00 0f 05 <48> 8b 6c 24 10 48 83 c4 18 c3 cc cc cc b8 ba 00 00 00 0f 05 89 44
[  236.291657][ T7637] RSP: 002b:000000c42004ff08 EFLAGS: 00000202 ORIG_RAX: 000000000000010e
[  236.300307][ T7637] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045ac23
[  236.308655][ T7637] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  236.316647][ T7637] RBP: 000000c42004ff18 R08: 000000c42004ff08 R09: 0000000000000000
[  236.324629][ T7637] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000042f0a0
[  236.333036][ T7637] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000000
[  236.342576][ T7637] Kernel Offset: disabled
[  236.346925][ T7637] Rebooting in 86400 seconds..