[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   35.917068][   T26] audit: type=1800 audit(1571856896.467:25): pid=7106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0
[   35.966244][   T26] audit: type=1800 audit(1571856896.467:26): pid=7106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0
[   35.998612][   T26] audit: type=1800 audit(1571856896.467:27): pid=7106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.19' (ECDSA) to the list of known hosts.
2019/10/23 18:55:08 fuzzer started
2019/10/23 18:55:10 dialing manager at 10.128.0.105:40369
2019/10/23 18:55:19 syscalls: 2524
2019/10/23 18:55:19 code coverage: enabled
2019/10/23 18:55:19 comparison tracing: enabled
2019/10/23 18:55:19 extra coverage: extra coverage is not supported by the kernel
2019/10/23 18:55:19 setuid sandbox: enabled
2019/10/23 18:55:19 namespace sandbox: enabled
2019/10/23 18:55:19 Android sandbox: /sys/fs/selinux/policy does not exist
2019/10/23 18:55:19 fault injection: enabled
2019/10/23 18:55:19 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/10/23 18:55:19 net packet injection: enabled
2019/10/23 18:55:19 net device setup: enabled
2019/10/23 18:55:19 concurrency sanitizer: enabled
syzkaller login: [   70.857753][ T7274] KCSAN: could not find function: 'poll_schedule_timeout'
2019/10/23 18:55:34 adding functions to KCSAN blacklist: 'ext4_free_inodes_count' 'do_syslog' 'list_lru_count_one' '__nf_ct_refresh_acct' 'tcp_poll' 'fanotify_handle_event' 'atime_needs_update' 'generic_fillattr' 'handle_mm_fault' 'tcp_add_backlog' 'ep_poll' 'dd_has_work' '__filemap_fdatawrite_range' 'pipe_wait' 'do_writev' 'pcpu_alloc' 'tick_do_update_jiffies64' 'ext4_writepages' 'kauditd_thread' 'do_wait' 'ns_capable_common' 'tomoyo_supervisor' 'generic_permission' 'ktime_get_real_seconds' 'echo_char' 'find_next_bit' 'ext4_nonda_switch' 'kvm_arch_vcpu_load' '__alloc_file' 'ksys_read' 'enqueue_timer' '__hrtimer_run_queues' 'mm_update_next_owner' 'find_get_pages_range_tag' 'blk_mq_get_request' 'update_defense_level' 'timer_clear_idle' 'balance_dirty_pages' 'blk_mq_run_hw_queue' 'n_tty_receive_buf_common' 'generic_write_end' 'wbt_issue' '__skb_wait_for_more_packets' '__snd_rawmidi_transmit_ack' 'taskstats_exit' 'ext4_free_inode' 'do_nanosleep' 'futex_wait_queue_me' 'shmem_file_read_iter' 'wbc_detach_inode' '__mark_inode_dirty' 'mod_timer' 'ktime_get_seconds' 'snapshot_refaults' 'mem_cgroup_select_victim_node' 'pid_update_inode' 'vm_area_dup' 'tomoyo_domain_quota_is_ok' 'rcu_gp_fqs_check_wake' 'ext4_mb_good_group' 'rcu_gp_fqs_loop' '__writeback_single_inode' 'blk_mq_dispatch_rq_list' 'pipe_poll' 'blk_mq_sched_dispatch_requests' 'perf_event_update_userpage' '__nf_conntrack_find_get' 'ext4_has_free_clusters' 'vti_tunnel_xmit' '__splice_from_pipe' 'poll_schedule_timeout' 'icmp_global_allow' 'xas_find_marked' 'common_perm_cond' 'add_timer' 'tick_nohz_idle_stop_tick' 'page_counter_try_charge' 'tick_sched_do_timer' '__ext4_new_inode' 'copy_process' 'run_timer_softirq' 'handle_userfault' 'sit_tunnel_xmit' 'commit_echoes' '__dentry_kill' 'task_dump_owner' 
[  332.855868][ T7258] ==================================================================
[  332.864138][ T7258] BUG: KCSAN: data-race in hrtimer_wakeup / schedule_hrtimeout_range_clock
[  332.872743][ T7258] 
[  332.875063][ T7258] write to 0xffffc900015c3848 of 8 bytes by interrupt on cpu 0:
[  332.882669][ T7258]  hrtimer_wakeup+0x32/0x60
[  332.887152][ T7258]  __hrtimer_run_queues+0x288/0x600
[  332.892326][ T7258]  hrtimer_interrupt+0x22a/0x480
[  332.897280][ T7258]  smp_apic_timer_interrupt+0xdc/0x280
[  332.902743][ T7258]  apic_timer_interrupt+0xf/0x20
[  332.907693][ T7258]  native_safe_halt+0xe/0x10
[  332.912315][ T7258]  arch_cpu_idle+0x1f/0x30
[  332.916844][ T7258]  default_idle_call+0x1e/0x40
[  332.921611][ T7258]  do_idle+0x1af/0x280
[  332.925671][ T7258]  cpu_startup_entry+0x1b/0x20
[  332.930440][ T7258]  rest_init+0xec/0xf6
[  332.934546][ T7258]  arch_call_rest_init+0x17/0x37
[  332.939495][ T7258]  start_kernel+0x838/0x85e
[  332.944016][ T7258]  x86_64_start_reservations+0x29/0x2b
[  332.949464][ T7258] 
[  332.951817][ T7258] read to 0xffffc900015c3848 of 8 bytes by task 7258 on cpu 1:
[  332.959406][ T7258]  schedule_hrtimeout_range_clock+0x109/0x1e0
[  332.965686][ T7258]  schedule_hrtimeout_range+0x34/0x50
[  332.971091][ T7258]  poll_schedule_timeout.constprop.0+0x75/0xc0
[  332.977239][ T7258]  do_select+0xd7f/0x1020
[  332.981572][ T7258]  core_sys_select+0x381/0x550
[  332.986356][ T7258]  do_pselect.constprop.0+0x11d/0x160
[  332.991734][ T7258]  __x64_sys_pselect6+0x12e/0x170
[  332.996761][ T7258]  do_syscall_64+0xcc/0x370
[  333.001270][ T7258]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  333.007157][ T7258] 
[  333.009504][ T7258] Reported by Kernel Concurrency Sanitizer on:
[  333.015683][ T7258] CPU: 1 PID: 7258 Comm: syz-fuzzer Not tainted 5.4.0-rc3+ #0
[  333.023130][ T7258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  333.033179][ T7258] ==================================================================
[  333.041250][ T7258] Kernel panic - not syncing: panic_on_warn set ...
[  333.047850][ T7258] CPU: 1 PID: 7258 Comm: syz-fuzzer Not tainted 5.4.0-rc3+ #0
[  333.055393][ T7258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  333.065447][ T7258] Call Trace:
[  333.068753][ T7258]  dump_stack+0xf5/0x159
[  333.073011][ T7258]  panic+0x210/0x640
[  333.076932][ T7258]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  333.083020][ T7258]  ? vprintk_func+0x8d/0x140
[  333.087644][ T7258]  kcsan_report.cold+0xc/0x10
[  333.092346][ T7258]  __kcsan_setup_watchpoint+0x32e/0x4a0
[  333.097919][ T7258]  __tsan_read8+0x2c/0x30
[  333.102272][ T7258]  schedule_hrtimeout_range_clock+0x109/0x1e0
[  333.108356][ T7258]  ? hrtimer_active+0x1a0/0x1a0
[  333.113227][ T7258]  schedule_hrtimeout_range+0x34/0x50
[  333.122696][ T7258]  poll_schedule_timeout.constprop.0+0x75/0xc0
[  333.128864][ T7258]  do_select+0xd7f/0x1020
[  333.133233][ T7258]  ? __kcsan_setup_watchpoint+0x6b/0x4a0
[  333.138874][ T7258]  ? __kcsan_setup_watchpoint+0x6b/0x4a0
[  333.144517][ T7258]  ? pvclock_clocksource_read+0x178/0x1e0
[  333.150250][ T7258]  ? __kcsan_setup_watchpoint+0x6b/0x4a0
[  333.155905][ T7258]  ? __tsan_write8+0x32/0x40
[  333.160518][ T7258]  ? rb_erase+0x2aa/0x990
[  333.164874][ T7258]  ? __tsan_read8+0x2c/0x30
[  333.169406][ T7258]  ? __tsan_read8+0x2c/0x30
[  333.173927][ T7258]  ? _raw_spin_unlock_irqrestore+0x70/0x80
[  333.179746][ T7258]  ? hrtimer_try_to_cancel+0x57/0x260
[  333.185137][ T7258]  ? __kcsan_setup_watchpoint+0x6b/0x4a0
[  333.190787][ T7258]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  333.197074][ T7258]  ? hrtimer_cancel+0x3b/0x50
[  333.201761][ T7258]  ? __tsan_write4+0x32/0x40
[  333.206354][ T7258]  ? __kcsan_setup_watchpoint+0x6b/0x4a0
[  333.212012][ T7258]  ? __rcu_read_unlock+0x66/0x3c0
[  333.217059][ T7258]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  333.222972][ T7258]  core_sys_select+0x381/0x550
[  333.227780][ T7258]  ? __tsan_read8+0x2c/0x30
[  333.232292][ T7258]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  333.238007][ T7258]  ? __kcsan_setup_watchpoint+0x6b/0x4a0
[  333.243666][ T7258]  ? _copy_to_user+0x84/0xb0
[  333.248275][ T7258]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  333.254177][ T7258]  ? __tsan_write8+0x32/0x40
[  333.258770][ T7258]  ? ktime_get_ts64+0x286/0x2c0
[  333.263636][ T7258]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  333.269371][ T7258]  ? timespec64_add_safe+0xae/0xd0
[  333.274498][ T7258]  do_pselect.constprop.0+0x11d/0x160
[  333.279895][ T7258]  __x64_sys_pselect6+0x12e/0x170
[  333.284949][ T7258]  ? switch_fpu_return+0x11f/0x250
[  333.290074][ T7258]  do_syscall_64+0xcc/0x370
[  333.294601][ T7258]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  333.300537][ T7258] RIP: 0033:0x45ac23
[  333.304461][ T7258] Code: 48 89 44 24 08 bf 00 00 00 00 be 00 00 00 00 ba 00 00 00 00 41 ba 00 00 00 00 49 89 e0 41 b9 00 00 00 00 b8 0e 01 00 00 0f 05 <48> 8b 6c 24 10 48 83 c4 18 c3 cc cc cc b8 ba 00 00 00 0f 05 89 44
[  333.324257][ T7258] RSP: 002b:000000c42004ff08 EFLAGS: 00000202 ORIG_RAX: 000000000000010e
[  333.332668][ T7258] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045ac23
[  333.340821][ T7258] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  333.348796][ T7258] RBP: 000000c42004ff18 R08: 000000c42004ff08 R09: 0000000000000000
[  333.356798][ T7258] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000042f0a0
[  333.364783][ T7258] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000000
[  333.374292][ T7258] Kernel Offset: disabled
[  333.378622][ T7258] Rebooting in 86400 seconds..