[ 43.529867][ T26] audit: type=1800 audit(1572322480.349:24): pid=7182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="sudo" dev="sda1" ino=2487 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 44.368900][ T26] audit: type=1800 audit(1572322481.279:25): pid=7182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 44.391026][ T26] audit: type=1800 audit(1572322481.279:26): pid=7182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts. 2019/10/29 04:14:51 fuzzer started 2019/10/29 04:14:53 dialing manager at 10.128.0.105:40771 2019/10/29 04:14:53 syscalls: 2540 2019/10/29 04:14:53 code coverage: enabled 2019/10/29 04:14:53 comparison tracing: enabled 2019/10/29 04:14:53 extra coverage: extra coverage is not supported by the kernel 2019/10/29 04:14:53 setuid sandbox: enabled 2019/10/29 04:14:53 namespace sandbox: enabled 2019/10/29 04:14:53 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/29 04:14:53 fault injection: enabled 2019/10/29 04:14:53 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/29 04:14:53 net packet injection: enabled 2019/10/29 04:14:53 net device setup: enabled 2019/10/29 04:14:53 concurrency sanitizer: enabled 2019/10/29 04:14:56 adding functions to KCSAN blacklist: 'task_dump_owner' 'generic_permission' 'do_nanosleep' '__hrtimer_run_queues' 'tomoyo_supervisor' 'pid_update_inode' 'alloc_pid' 'do_exit' '__nf_conntrack_find_get' 'tcp_add_backlog' 'page_counter_try_charge' 'ktime_get_real_seconds' 'ep_poll' syzkaller login: [ 60.366584][ T7338] ================================================================== [ 60.376448][ T7338] BUG: KCSAN: data-race in tcp_poll / tcp_queue_rcv [ 60.385668][ T7338] [ 60.388892][ T7338] write to 0xffff88811e51ce78 of 4 bytes by interrupt on cpu 1: [ 60.396784][ T7338] tcp_queue_rcv+0x338/0x380 [ 60.401537][ T7338] tcp_rcv_established+0xbf1/0xf50 [ 60.411762][ T7338] tcp_v4_do_rcv+0x381/0x4e0 [ 60.416531][ T7338] tcp_v4_rcv+0x19dc/0x1bb0 [ 60.421285][ T7338] ip_protocol_deliver_rcu+0x4d/0x420 [ 60.426674][ T7338] ip_local_deliver_finish+0x110/0x140 [ 60.433487][ T7338] ip_local_deliver+0x133/0x210 [ 60.438608][ T7338] ip_rcv_finish+0x121/0x160 [ 60.443361][ T7338] ip_rcv+0x18f/0x1a0 [ 60.447427][ T7338] __netif_receive_skb_one_core+0xa7/0xe0 [ 60.454094][ T7338] __netif_receive_skb+0x37/0xf0 [ 60.459454][ T7338] netif_receive_skb_internal+0x59/0x190 [ 60.465440][ T7338] napi_gro_receive+0x28f/0x330 [ 60.470284][ T7338] receive_buf+0x284/0x30b0 [ 60.474989][ T7338] [ 60.477323][ T7338] read to 0xffff88811e51ce78 of 4 bytes by task 7338 on cpu 0: [ 60.485373][ T7338] tcp_poll+0x204/0x6b0 [ 60.489611][ T7338] sock_poll+0xed/0x250 [ 60.494212][ T7338] ep_item_poll.isra.0+0x90/0x190 [ 60.499258][ T7338] ep_send_events_proc+0x113/0x590 [ 60.504462][ T7338] ep_scan_ready_list.constprop.0+0x189/0x500 [ 60.513728][ T7338] ep_poll+0xe3/0x900 [ 60.517698][ T7338] do_epoll_wait+0x162/0x180 [ 60.522273][ T7338] __x64_sys_epoll_pwait+0xcd/0x180 [ 60.527458][ T7338] do_syscall_64+0xcc/0x370 [ 60.532092][ T7338] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.538055][ T7338] [ 60.540367][ T7338] Reported by Kernel Concurrency Sanitizer on: [ 60.546607][ T7338] CPU: 0 PID: 7338 Comm: syz-fuzzer Not tainted 5.4.0-rc3+ #0 [ 60.554058][ T7338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.564097][ T7338] ================================================================== [ 60.572322][ T7338] Kernel panic - not syncing: panic_on_warn set ... [ 60.581481][ T7338] CPU: 0 PID: 7338 Comm: syz-fuzzer Not tainted 5.4.0-rc3+ #0 [ 60.588933][ T7338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.599681][ T7338] Call Trace: [ 60.602966][ T7338] dump_stack+0xf5/0x159 [ 60.607240][ T7338] panic+0x210/0x640 [ 60.611574][ T7338] ? do_syscall_64+0xcc/0x370 [ 60.617121][ T7338] ? vprintk_func+0x8d/0x140 [ 60.621792][ T7338] kcsan_report.cold+0xc/0x10 [ 60.626475][ T7338] __kcsan_setup_watchpoint+0x32e/0x4a0 [ 60.632012][ T7338] __tsan_read4+0x2c/0x30 [ 60.636343][ T7338] tcp_poll+0x204/0x6b0 [ 60.640488][ T7338] ? tcp_alloc_md5sig_pool+0x320/0x320 [ 60.645939][ T7338] sock_poll+0xed/0x250 [ 60.650284][ T7338] ? sock_read_iter+0x1e0/0x1e0 [ 60.655126][ T7338] ep_item_poll.isra.0+0x90/0x190 [ 60.660931][ T7338] ep_send_events_proc+0x113/0x590 [ 60.666032][ T7338] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 60.671675][ T7338] ep_scan_ready_list.constprop.0+0x189/0x500 [ 60.677750][ T7338] ? ep_loop_check_proc+0x2f0/0x2f0 [ 60.682951][ T7338] ep_poll+0xe3/0x900 [ 60.686928][ T7338] ? __fget+0xb8/0x1d0 [ 60.691164][ T7338] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 60.697330][ T7338] ? __fget_light+0xaf/0x190 [ 60.702273][ T7338] do_epoll_wait+0x162/0x180 [ 60.706861][ T7338] __x64_sys_epoll_pwait+0xcd/0x180 [ 60.712402][ T7338] do_syscall_64+0xcc/0x370 [ 60.716899][ T7338] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.722778][ T7338] RIP: 0033:0x45b300 [ 60.726679][ T7338] Code: 0f 05 89 44 24 20 c3 cc cc cc 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 44 8b 54 24 1c 49 c7 c0 00 00 00 00 b8 19 01 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc cc cc cc cc cc cc cc 8b 7c 24 08 48 c7 [ 60.746367][ T7338] RSP: 002b:000000c42004f8d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000119 [ 60.754773][ T7338] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045b300 [ 60.762741][ T7338] RDX: 0000000000000080 RSI: 000000c42004f918 RDI: 0000000000000004 [ 60.770700][ T7338] RBP: 000000c42004ff18 R08: 0000000000000000 R09: 0000000000002a6a [ 60.778742][ T7338] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000042f0a0 [ 60.786698][ T7338] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000000 [ 60.795939][ T7338] Kernel Offset: disabled [ 60.800310][ T7338] Rebooting in 86400 seconds..