[ 43.400264][ T27] audit: type=1800 audit(1586538654.337:21): pid=7506 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 43.435014][ T27] audit: type=1800 audit(1586538654.337:22): pid=7506 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [ 43.469534][ T27] audit: type=1800 audit(1586538654.337:23): pid=7506 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rsyslog" dev="sda1" ino=2475 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts. 2020/04/10 17:11:06 fuzzer started 2020/04/10 17:11:07 dialing manager at 10.128.0.105:35101 2020/04/10 17:11:08 syscalls: 2955 2020/04/10 17:11:08 code coverage: enabled 2020/04/10 17:11:08 comparison tracing: enabled 2020/04/10 17:11:08 extra coverage: enabled 2020/04/10 17:11:08 setuid sandbox: enabled 2020/04/10 17:11:08 namespace sandbox: enabled 2020/04/10 17:11:08 Android sandbox: /sys/fs/selinux/policy does not exist 2020/04/10 17:11:08 fault injection: enabled 2020/04/10 17:11:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/04/10 17:11:08 net packet injection: enabled 2020/04/10 17:11:08 net device setup: enabled 2020/04/10 17:11:08 concurrency sanitizer: enabled 2020/04/10 17:11:08 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/04/10 17:11:08 USB emulation: /dev/raw-gadget does not exist syzkaller login: [ 62.068583][ T7676] KCSAN: could not find function: 'poll_schedule_timeout' [ 64.348420][ T7676] KCSAN: could not find function: '_find_next_bit' [ 65.778541][ T7676] KCSAN: could not find function: '__follow_mount_rcu' 2020/04/10 17:11:17 adding functions to KCSAN blacklist: 'wbt_done' 'blk_mq_dispatch_rq_list' 'dd_has_work' 'timer_clear_idle' 'ext4_mb_good_group' 'ext4_setattr' 'lookup_fast' 'ext4_mark_iloc_dirty' 'ext4_free_inodes_count' 'complete_signal' 'xas_clear_mark' 'mod_timer' 'yama_ptracer_del' 'shmem_file_read_iter' 'd_alloc_parallel' 'fasync_remove_entry' 'alloc_pid' 'ext4_has_free_clusters' 'pcpu_alloc' 'ext4_nonda_switch' 'generic_fillattr' 'n_tty_receive_buf_common' 'add_timer' '__add_to_page_cache_locked' 'snd_seq_check_queue' '__get_user_pages' 'ep_poll' 'run_timer_softirq' 'kauditd_thread' '__splice_from_pipe' 'unix_release_sock' 'atime_needs_update' '__filemap_fdatawrite_range' '__mark_inode_dirty' 'audit_log_start' 'wbt_wait' 'dput' 'do_nanosleep' 'futex_wait_queue_me' 'padata_find_next' 'ktime_get_real_seconds' 'ext4_writepages' 'page_counter_try_charge' 'page_counter_charge' 'find_get_pages_range_tag' 'tick_nohz_next_event' 'list_lru_count_one' 'poll_schedule_timeout' 'do_exit' 'commit_echoes' 'echo_char' 'tick_nohz_idle_stop_tick' '__find_get_block' 'ext4_sync_file' 'wbt_issue' '__dev_queue_xmit' 'blk_mq_get_request' 'kcm_rfree' 'ext4_ext_try_to_merge_right' 'tick_sched_do_timer' '__lru_cache_add' 'ksys_write' 'do_signal_stop' '_find_next_bit' 'copy_process' 'alloc_empty_file' 'activate_page' 'exit_signals' 'lruvec_lru_size' '__snd_rawmidi_transmit_ack' 'xas_find_marked' '__follow_mount_rcu' 'do_syslog' 'iput' '__delete_from_page_cache' 'generic_write_end' 'file_remove_privs' 'snd_seq_prioq_cell_out' 'blk_mq_sched_dispatch_requests' 'pipe_double_lock' 'tomoyo_domain_quota_is_ok' '__ext4_new_inode' 17:14:37 executing program 0: setxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@random={'user.', '/.vmnet0\x00'}, &(0x7f0000000080)='%\x00', 0x2, 0x2) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x40, 0x0) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f00000001c0)={0xb, 0x10, 0xfa00, {&(0x7f0000000100), 0xffffffffffffffff, 0x4}}, 0x18) recvmmsg(0xffffffffffffffff, &(0x7f00000003c0)=[{{&(0x7f0000000200)=@can, 0x80, &(0x7f0000000300)=[{&(0x7f0000000280)=""/112, 0x70}], 0x1, &(0x7f0000000340)=""/68, 0x44}, 0x5}], 0x1, 0x3, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000400)='/dev/input/mouse#\x00', 0x2, 0x2000) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000440)={0xffffffffffffffff}, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f00000004c0)={0x15, 0x110, 0xfa00, {r2, 0x9, 0x0, 0x0, 0x0, @ib={0x1b, 0xec6d, 0x6, {"2ea4bfc7deb999a876b954e446e49a5c"}, 0xffffffffffff008c, 0x5, 0x1000}, @ib={0x1b, 0x8, 0x79, {"92099db40d12dee768a2d39f925cb883"}, 0x1, 0x3ff, 0x1}}}, 0x118) getsockname$l2tp(r1, &(0x7f0000000600)={0x2, 0x0, @local}, &(0x7f0000000640)=0x10) syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$SIOCRSGL2CALL(r0, 0x89e5, &(0x7f0000000680)) r3 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r3, 0x84, 0x16, &(0x7f00000006c0)={0x3, [0xc8, 0x8, 0x4]}, 0xa) r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000740)='NLBL_MGMT\x00') sendmsg$NLBL_MGMT_C_REMOVE(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x58, r4, 0x800, 0x70bd26, 0x25dfdbfb, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x27}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xb}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @rand_addr="3a2d5636c42ae2804b354faea6988632"}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @empty}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast2}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x4000008) setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000880)=@int=0x9, 0x4) r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/vcsa\x00', 0x440, 0x0) sendmsg$NFT_MSG_GETSET(r5, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000940)={0x5c, 0xa, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_POLICY={0x8}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_SET_GC_INTERVAL={0x8}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x40}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0xe}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4040081}, 0x40) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/zero\x00', 0x410040, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(r6, &(0x7f0000000c00)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b80)={0x1c, 0x1, 0x2, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x1ff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4c005}, 0x800) getpgid(0x0) [ 266.337172][ T1078] ================================================================== [ 266.345380][ T1078] BUG: KCSAN: data-race in watchdog / worker_thread [ 266.352148][ T1078] [ 266.354607][ T1078] write to 0xffff88812b781010 of 8 bytes by task 12 on cpu 0: [ 266.362096][ T1078] worker_thread+0x1c9/0x7e0 [ 266.366820][ T1078] kthread+0x1cb/0x1f0 [ 266.371057][ T1078] ret_from_fork+0x1f/0x30 [ 266.375479][ T1078] [ 266.377821][ T1078] read to 0xffff88812b781010 of 8 bytes by task 1078 on cpu 1: [ 266.385659][ T1078] watchdog+0x2b8/0x960 [ 266.389847][ T1078] kthread+0x1cb/0x1f0 [ 266.395286][ T1078] ret_from_fork+0x1f/0x30 [ 266.399753][ T1078] [ 266.402079][ T1078] Reported by Kernel Concurrency Sanitizer on: [ 266.408240][ T1078] CPU: 1 PID: 1078 Comm: khungtaskd Not tainted 5.6.0-rc1-syzkaller #0 [ 266.416780][ T1078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 266.426967][ T1078] ================================================================== [ 266.435178][ T1078] Kernel panic - not syncing: panic_on_warn set ... [ 266.441905][ T1078] CPU: 1 PID: 1078 Comm: khungtaskd Not tainted 5.6.0-rc1-syzkaller #0 [ 266.450148][ T1078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 266.460501][ T1078] Call Trace: [ 266.463809][ T1078] dump_stack+0x11d/0x187 [ 266.468158][ T1078] panic+0x210/0x640 [ 266.472081][ T1078] ? vprintk_func+0x89/0x13a [ 266.477040][ T1078] kcsan_report.cold+0xc/0xf [ 266.481664][ T1078] kcsan_setup_watchpoint+0x3fb/0x440 [ 266.487156][ T1078] watchdog+0x2b8/0x960 [ 266.491433][ T1078] ? constant_test_bit+0xd/0x30 [ 266.496297][ T1078] ? __read_once_size.constprop.0+0x20/0x20 [ 266.502219][ T1078] kthread+0x1cb/0x1f0 [ 266.506297][ T1078] ? kthread_unpark+0xd0/0xd0 [ 266.510985][ T1078] ret_from_fork+0x1f/0x30 [ 266.517341][ T1078] Kernel Offset: disabled [ 266.521709][ T1078] Rebooting in 86400 seconds..