[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 34.580239][ T26] audit: type=1800 audit(1571088910.588:25): pid=7137 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 34.607857][ T26] audit: type=1800 audit(1571088910.588:26): pid=7137 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 34.634732][ T26] audit: type=1800 audit(1571088910.588:27): pid=7137 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.17' (ECDSA) to the list of known hosts. 2019/10/14 21:35:22 fuzzer started 2019/10/14 21:35:24 dialing manager at 10.128.0.105:33683 2019/10/14 21:35:24 checking machine... 2019/10/14 21:35:24 checking revisions... 2019/10/14 21:35:24 testing simple program... syzkaller login: [ 48.696999][ T7309] IPVS: ftp: loaded support on port[0] = 21 2019/10/14 21:35:24 building call list... executing program [ 52.528802][ T7293] can: request_module (can-proto-0) failed. [ 52.543345][ T7293] can: request_module (can-proto-0) failed. 2019/10/14 21:35:33 syscalls: 2523 2019/10/14 21:35:33 code coverage: enabled 2019/10/14 21:35:33 comparison tracing: enabled 2019/10/14 21:35:33 extra coverage: extra coverage is not supported by the kernel 2019/10/14 21:35:33 setuid sandbox: enabled 2019/10/14 21:35:33 namespace sandbox: enabled 2019/10/14 21:35:33 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/14 21:35:33 fault injection: enabled 2019/10/14 21:35:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/14 21:35:33 net packet injection: enabled 2019/10/14 21:35:33 net device setup: enabled 2019/10/14 21:35:33 concurrency sanitizer: enabled 21:35:34 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mount(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x80000, 0x0) [ 58.834552][ T7352] IPVS: ftp: loaded support on port[0] = 21 21:35:34 executing program 1: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1000003, 0x31, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x14363, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x400000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000087000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$cgroup_type(r2, &(0x7f0000000200)='threaded\b', 0x175d900f) [ 58.928196][ T7352] chnl_net:caif_netlink_parms(): no params data found [ 58.970558][ T7352] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.977978][ T7352] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.999475][ T7352] device bridge_slave_0 entered promiscuous mode [ 59.019090][ T7352] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.026284][ T7352] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.039459][ T7352] device bridge_slave_1 entered promiscuous mode [ 59.086100][ T7352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.097119][ T7352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.122080][ T7352] team0: Port device team_slave_0 added [ 59.130065][ T7352] team0: Port device team_slave_1 added [ 59.210820][ T7352] device hsr_slave_0 entered promiscuous mode 21:35:35 executing program 2: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000000)={0x20000000000006, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2000020000ee09, 0x10002}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) [ 59.258027][ T7352] device hsr_slave_1 entered promiscuous mode [ 59.311545][ T7352] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.317469][ T7355] IPVS: ftp: loaded support on port[0] = 21 [ 59.318686][ T7352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.331982][ T7352] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.339127][ T7352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.446728][ T7352] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.496056][ T3516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.519038][ T3516] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.538682][ T3516] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.559242][ T3516] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 59.608919][ T7352] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.626532][ T7357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.631806][ T7360] IPVS: ftp: loaded support on port[0] = 21 [ 59.638796][ T7357] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.647504][ T7357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.659676][ T7355] chnl_net:caif_netlink_parms(): no params data found [ 59.696674][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.718744][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.725824][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state 21:35:35 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000001700)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @ipv4, 0x0, 0x0, 0x1ff}) [ 59.786153][ T7355] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.794834][ T7355] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.803248][ T7355] device bridge_slave_0 entered promiscuous mode [ 59.820604][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.842403][ T7355] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.852066][ T7355] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.860603][ T7355] device bridge_slave_1 entered promiscuous mode [ 59.878683][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.889616][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.899152][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.912256][ T7352] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.925597][ T7352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.946954][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.960840][ T7293] ================================================================== [ 59.968971][ T7293] BUG: KCSAN: data-race in __zone_watermark_ok / get_page_from_freelist [ 59.977284][ T7293] [ 59.979616][ T7293] read to 0xffff88812fffce88 of 8 bytes by task 7360 on cpu 0: [ 59.987148][ T7293] __zone_watermark_ok+0x106/0x240 [ 59.992244][ T7293] get_page_from_freelist+0x629/0x2300 [ 59.997688][ T7293] __alloc_pages_nodemask+0x255/0x4d0 [ 60.003221][ T7293] cache_grow_begin+0x76/0x670 [ 60.007975][ T7293] kmem_cache_alloc_node_trace+0x580/0x670 [ 60.013766][ T7293] __kmalloc_node+0x38/0x50 [ 60.018263][ T7293] kvmalloc_node+0xcb/0x100 [ 60.022753][ T7293] alloc_netdev_mqs+0x46c/0x860 [ 60.027674][ T7293] rtnl_create_link+0x181/0x4f0 [ 60.032692][ T7293] __rtnl_newlink+0xbe9/0x1010 [ 60.037449][ T7293] rtnl_newlink+0x63/0x90 [ 60.041762][ T7293] rtnetlink_rcv_msg+0x1d3/0x500 [ 60.046693][ T7293] netlink_rcv_skb+0xb0/0x260 [ 60.051354][ T7293] rtnetlink_rcv+0x26/0x30 [ 60.055745][ T7293] [ 60.058069][ T7293] write to 0xffff88812fffce88 of 8 bytes by task 7293 on cpu 1: [ 60.065687][ T7293] get_page_from_freelist+0x131e/0x2300 [ 60.071486][ T7293] __alloc_pages_nodemask+0x255/0x4d0 [ 60.076845][ T7293] alloc_pages_current+0xd1/0x170 [ 60.081865][ T7293] __page_cache_alloc+0x183/0x1a0 [ 60.086877][ T7293] __do_page_cache_readahead+0x13e/0x390 [ 60.092505][ T7293] ondemand_readahead+0x35d/0x710 [ 60.097515][ T7293] page_cache_async_readahead+0x22c/0x250 [ 60.103221][ T7293] generic_file_read_iter+0xffc/0x1440 [ 60.108668][ T7293] ext4_file_read_iter+0xfa/0x240 [ 60.113680][ T7293] new_sync_read+0x389/0x4f0 [ 60.118361][ T7293] __vfs_read+0xb1/0xc0 [ 60.122515][ T7293] integrity_kernel_read+0xa1/0xe0 [ 60.127631][ T7293] ima_calc_file_hash_tfm+0x1b5/0x260 [ 60.133089][ T7293] [ 60.135504][ T7293] Reported by Kernel Concurrency Sanitizer on: [ 60.141672][ T7293] CPU: 1 PID: 7293 Comm: syz-fuzzer Not tainted 5.3.0+ #0 [ 60.148767][ T7293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.158818][ T7293] ================================================================== [ 60.166861][ T7293] Kernel panic - not syncing: panic_on_warn set ... [ 60.173521][ T7293] CPU: 1 PID: 7293 Comm: syz-fuzzer Not tainted 5.3.0+ #0 [ 60.180608][ T7293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.190833][ T7293] Call Trace: [ 60.194128][ T7293] dump_stack+0xf5/0x159 [ 60.198376][ T7293] panic+0x209/0x639 [ 60.202265][ T7293] ? ext4_file_read_iter+0xfa/0x240 [ 60.207456][ T7293] ? vprintk_func+0x8d/0x140 [ 60.212124][ T7293] kcsan_report.cold+0xc/0x1b [ 60.216803][ T7293] __kcsan_setup_watchpoint+0x3ee/0x510 [ 60.222454][ T7293] __tsan_write8+0x32/0x40 [ 60.226867][ T7293] get_page_from_freelist+0x131e/0x2300 [ 60.232429][ T7293] __alloc_pages_nodemask+0x255/0x4d0 [ 60.238403][ T7293] alloc_pages_current+0xd1/0x170 [ 60.243596][ T7293] __page_cache_alloc+0x183/0x1a0 [ 60.248610][ T7293] __do_page_cache_readahead+0x13e/0x390 [ 60.254235][ T7293] ondemand_readahead+0x35d/0x710 [ 60.259252][ T7293] page_cache_async_readahead+0x22c/0x250 [ 60.264973][ T7293] generic_file_read_iter+0xffc/0x1440 [ 60.270434][ T7293] ext4_file_read_iter+0xfa/0x240 [ 60.275455][ T7293] new_sync_read+0x389/0x4f0 [ 60.280110][ T7293] __vfs_read+0xb1/0xc0 [ 60.284257][ T7293] integrity_kernel_read+0xa1/0xe0 [ 60.289359][ T7293] ima_calc_file_hash_tfm+0x1b5/0x260 [ 60.294729][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.300348][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.306836][ T7293] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 60.312543][ T7293] ? widen_string+0x4a/0x1a0 [ 60.317117][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.322738][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.328362][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.333981][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.339595][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.345212][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.350833][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.356543][ T7293] ? __tsan_read4+0x2c/0x30 [ 60.361034][ T7293] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.367277][ T7293] ? refcount_sub_and_test_checked+0xc8/0x190 [ 60.373341][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.378963][ T7293] ? __tsan_read4+0x2c/0x30 [ 60.383471][ T7293] ima_calc_file_hash+0x158/0xf10 [ 60.388490][ T7293] ? __tsan_write8+0x32/0x40 [ 60.393073][ T7293] ? ext4_xattr_get+0x10b/0x5c0 [ 60.397908][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.403661][ T7293] ima_collect_measurement+0x384/0x3b0 [ 60.409123][ T7293] process_measurement+0x980/0xff0 [ 60.414227][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.419843][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.425463][ T7293] ? __tsan_read4+0x2c/0x30 [ 60.429959][ T7293] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.436187][ T7293] ? refcount_sub_and_test_checked+0xc8/0x190 [ 60.442243][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.447862][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.453485][ T7293] ima_file_check+0x7e/0xb0 [ 60.457976][ T7293] path_openat+0xfb1/0x3530 [ 60.462465][ T7293] ? __kcsan_setup_watchpoint+0x96/0x510 [ 60.468103][ T7293] do_filp_open+0x11e/0x1b0 [ 60.472598][ T7293] ? _raw_spin_unlock+0x4b/0x60 [ 60.477438][ T7293] ? __alloc_fd+0x316/0x4c0 [ 60.481955][ T7293] ? get_unused_fd_flags+0x93/0xc0 [ 60.487051][ T7293] do_sys_open+0x3b3/0x4f0 [ 60.491458][ T7293] __x64_sys_openat+0x62/0x80 [ 60.496231][ T7293] do_syscall_64+0xcf/0x2f0 [ 60.500726][ T7293] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.506603][ T7293] RIP: 0033:0x47c5aa [ 60.510490][ T7293] Code: e8 7b 6b fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 60.531139][ T7293] RSP: 002b:000000c42047f850 EFLAGS: 00000206 ORIG_RAX: 0000000000000101 [ 60.539532][ T7293] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047c5aa [ 60.547491][ T7293] RDX: 0000000000080002 RSI: 000000c4201733c0 RDI: ffffffffffffff9c [ 60.555550][ T7293] RBP: 000000c42047f8d0 R08: 0000000000000000 R09: 0000000000000000 [ 60.563507][ T7293] R10: 00000000000001a4 R11: 0000000000000206 R12: ffffffffffffffff [ 60.571462][ T7293] R13: 000000000000009f R14: 000000000000009e R15: 0000000000000100 [ 61.724091][ T7293] Shutting down cpus with NMI [ 61.730458][ T7293] Kernel Offset: disabled [ 61.734791][ T7293] Rebooting in 86400 seconds..