[ 41.028979][ T26] audit: type=1800 audit(1570929525.405:25): pid=7137 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 41.048700][ T26] audit: type=1800 audit(1570929525.405:26): pid=7137 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 41.068671][ T26] audit: type=1800 audit(1570929525.405:27): pid=7137 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 41.569902][ T7200] sshd (7200) used greatest stack depth: 10032 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.114' (ECDSA) to the list of known hosts. 2019/10/13 01:18:52 fuzzer started 2019/10/13 01:18:54 dialing manager at 10.128.0.105:43913 2019/10/13 01:18:54 syscalls: 2523 2019/10/13 01:18:54 code coverage: enabled 2019/10/13 01:18:54 comparison tracing: enabled 2019/10/13 01:18:54 extra coverage: extra coverage is not supported by the kernel 2019/10/13 01:18:54 setuid sandbox: enabled 2019/10/13 01:18:54 namespace sandbox: enabled 2019/10/13 01:18:54 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/13 01:18:54 fault injection: enabled 2019/10/13 01:18:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/13 01:18:54 net packet injection: enabled 2019/10/13 01:18:54 net device setup: enabled 2019/10/13 01:18:54 concurrency sanitizer: enabled syzkaller login: [ 50.232531][ C0] ================================================================== [ 50.240653][ C0] BUG: KCSAN: data-race in tick_sched_do_timer / tick_sched_do_timer [ 50.248686][ C0] [ 50.250992][ C0] read to 0xffffffff85caf310 of 4 bytes by interrupt on cpu 1: [ 50.258524][ C0] tick_sched_do_timer+0x33/0xe0 [ 50.263445][ C0] tick_sched_timer+0x43/0xe0 [ 50.268124][ C0] __hrtimer_run_queues+0x288/0x600 [ 50.273301][ C0] hrtimer_interrupt+0x22a/0x480 [ 50.278215][ C0] smp_apic_timer_interrupt+0xdc/0x280 [ 50.283660][ C0] apic_timer_interrupt+0xf/0x20 [ 50.288602][ C0] __kcsan_check_watchpoint+0xa3/0x180 [ 50.294036][ C0] __tsan_read8+0x15/0x30 [ 50.298339][ C0] __copy_skb_header+0xac/0x2c0 [ 50.303166][ C0] __skb_clone+0x79/0x380 [ 50.307470][ C0] skb_clone+0x128/0x280 [ 50.311690][ C0] packet_rcv_spkt+0x2e2/0x350 [ 50.316433][ C0] __netif_receive_skb_core+0xe13/0x1a90 [ 50.322054][ C0] __netif_receive_skb_one_core+0x67/0xe0 [ 50.327754][ C0] [ 50.330061][ C0] write to 0xffffffff85caf310 of 4 bytes by interrupt on cpu 0: [ 50.337684][ C0] tick_sched_do_timer+0xc0/0xe0 [ 50.342610][ C0] tick_sched_timer+0x43/0xe0 [ 50.347264][ C0] __hrtimer_run_queues+0x288/0x600 [ 50.352460][ C0] hrtimer_interrupt+0x22a/0x480 [ 50.357384][ C0] smp_apic_timer_interrupt+0xdc/0x280 [ 50.362842][ C0] apic_timer_interrupt+0xf/0x20 [ 50.367752][ C0] ipv4_mtu+0x1/0x250 [ 50.371713][ C0] ip_finish_output+0x41/0x160 [ 50.376455][ C0] ip_output+0xdf/0x210 [ 50.380590][ C0] ip_local_out+0x74/0x90 [ 50.384895][ C0] __ip_queue_xmit+0x3a8/0xa40 [ 50.389645][ C0] ip_queue_xmit+0x45/0x60 [ 50.394041][ C0] __tcp_transmit_skb+0xdeb/0x1cd0 [ 50.399136][ C0] [ 50.401439][ C0] Reported by Kernel Concurrency Sanitizer on: [ 50.407578][ C0] CPU: 0 PID: 7286 Comm: syz-fuzzer Not tainted 5.3.0+ #0 [ 50.414657][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.424686][ C0] ================================================================== [ 50.432722][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 50.439294][ C0] CPU: 0 PID: 7286 Comm: syz-fuzzer Not tainted 5.3.0+ #0 [ 50.446371][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.456413][ C0] Call Trace: [ 50.459674][ C0] [ 50.462520][ C0] dump_stack+0xf5/0x159 [ 50.466743][ C0] panic+0x209/0x639 [ 50.470615][ C0] ? ip_output+0xdf/0x210 [ 50.474937][ C0] ? vprintk_func+0x8d/0x140 [ 50.479507][ C0] kcsan_report.cold+0xc/0x1b [ 50.484162][ C0] __kcsan_setup_watchpoint+0x3ee/0x510 [ 50.489684][ C0] __tsan_write4+0x32/0x40 [ 50.494084][ C0] tick_sched_do_timer+0xc0/0xe0 [ 50.499015][ C0] tick_sched_timer+0x43/0xe0 [ 50.503688][ C0] __hrtimer_run_queues+0x288/0x600 [ 50.508874][ C0] ? tick_sched_do_timer+0xe0/0xe0 [ 50.513973][ C0] hrtimer_interrupt+0x22a/0x480 [ 50.518919][ C0] smp_apic_timer_interrupt+0xdc/0x280 [ 50.524400][ C0] apic_timer_interrupt+0xf/0x20 [ 50.529308][ C0] [ 50.532228][ C0] RIP: 0010:ipv4_mtu+0x1/0x250 [ 50.536985][ C0] Code: 00 00 4c 89 e7 e8 7f f8 68 fd 45 0f b6 2c 24 41 83 e5 0f e9 1e ff ff ff e8 0c 19 44 fd 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 <48> 89 e5 41 56 41 55 41 54 53 48 89 fb 4c 8d b3 90 00 00 00 48 83 [ 50.556563][ C0] RSP: 0018:ffffc90001a73790 EFLAGS: 00000296 ORIG_RAX: ffffffffffffff13 [ 50.564962][ C0] RAX: f5c28f5c28f5cdc6 RBX: ffffffff85c0a5c0 RCX: 0000000000000785 [ 50.572929][ C0] RDX: 000000000009b460 RSI: 020c49ba5e353f7d RDI: ffff88812a881f00 [ 50.580896][ C0] RBP: ffffc90001a737e0 R08: 0000000000000000 R09: 0000ffff85c0a5e7 [ 50.588845][ C0] R10: 00000000aaaaaaab R11: ffffffff86042c68 R12: ffff888124e71500 [ 50.596796][ C0] R13: ffff88812a881f00 R14: ffff88811e964040 R15: ffffffff85bf8040 [ 50.604787][ C0] ? __ip_finish_output+0x2da/0x490 [ 50.609975][ C0] ip_finish_output+0x41/0x160 [ 50.614720][ C0] ip_output+0xdf/0x210 [ 50.618859][ C0] ? __ip_finish_output+0x490/0x490 [ 50.624036][ C0] ip_local_out+0x74/0x90 [ 50.628358][ C0] __ip_queue_xmit+0x3a8/0xa40 [ 50.633102][ C0] ip_queue_xmit+0x45/0x60 [ 50.637512][ C0] __tcp_transmit_skb+0xdeb/0x1cd0 [ 50.642611][ C0] __tcp_send_ack+0x246/0x300 [ 50.647270][ C0] tcp_send_ack+0x34/0x40 [ 50.651576][ C0] tcp_cleanup_rbuf+0x130/0x360 [ 50.656404][ C0] tcp_recvmsg+0x633/0x1a30 [ 50.660912][ C0] ? preempt_schedule_common+0x37/0x90 [ 50.666355][ C0] inet_recvmsg+0xbb/0x250 [ 50.670748][ C0] ? __tsan_read8+0x2c/0x30 [ 50.675232][ C0] ? inet_sendpage+0x100/0x100 [ 50.679972][ C0] sock_recvmsg+0x92/0xb0 [ 50.684282][ C0] sock_read_iter+0x15f/0x1e0 [ 50.688942][ C0] new_sync_read+0x389/0x4f0 [ 50.693530][ C0] __vfs_read+0xb1/0xc0 [ 50.697663][ C0] vfs_read+0x143/0x2c0 [ 50.701800][ C0] ksys_read+0xd5/0x1b0 [ 50.705935][ C0] __x64_sys_read+0x4c/0x60 [ 50.710432][ C0] do_syscall_64+0xcf/0x2f0 [ 50.714928][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 50.720808][ C0] RIP: 0033:0x47c530 [ 50.724681][ C0] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 50.744264][ C0] RSP: 002b:000000c4204f1810 EFLAGS: 00000202 ORIG_RAX: 0000000000000000 [ 50.752648][ C0] RAX: ffffffffffffffda RBX: 000000c420040800 RCX: 000000000047c530 [ 50.760606][ C0] RDX: 0000000000001000 RSI: 000000c42031e000 RDI: 0000000000000003 [ 50.768554][ C0] RBP: 000000c4204f1868 R08: 0000000000000000 R09: 0000000000000000 [ 50.776506][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 50.784470][ C0] R13: ffffffffffffffff R14: 0000000000000002 R15: ffffffffffffffff [ 50.793171][ C0] Kernel Offset: disabled [ 50.797492][ C0] Rebooting in 86400 seconds..