[   54.379248][   T26] audit: type=1800 audit(1572879484.434:28): pid=7779 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   54.890694][ T7846] sshd (7846) used greatest stack depth: 10128 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   55.173978][   T26] audit: type=1800 audit(1572879485.354:29): pid=7779 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   55.194138][   T26] audit: type=1800 audit(1572879485.354:30): pid=7779 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.193' (ECDSA) to the list of known hosts.
2019/11/04 14:58:14 fuzzer started
2019/11/04 14:58:16 dialing manager at 10.128.0.105:42499
2019/11/04 14:58:16 syscalls: 2553
2019/11/04 14:58:16 code coverage: enabled
2019/11/04 14:58:16 comparison tracing: enabled
2019/11/04 14:58:16 extra coverage: extra coverage is not supported by the kernel
2019/11/04 14:58:16 setuid sandbox: enabled
2019/11/04 14:58:16 namespace sandbox: enabled
2019/11/04 14:58:16 Android sandbox: /sys/fs/selinux/policy does not exist
2019/11/04 14:58:16 fault injection: enabled
2019/11/04 14:58:16 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/11/04 14:58:16 net packet injection: enabled
2019/11/04 14:58:16 net device setup: enabled
2019/11/04 14:58:16 concurrency sanitizer: enabled
2019/11/04 14:58:16 devlink PCI setup: PCI device 0000:00:10.0 is not available
2019/11/04 14:58:17 adding functions to KCSAN blacklist: 'tcp_add_backlog' 'ktime_get_real_seconds' 'find_next_bit' 'generic_permission' 'tomoyo_supervisor' '__hrtimer_run_queues' 
syzkaller login: [   68.290194][    C0] ==================================================================
[   68.298338][    C0] BUG: KCSAN: data-race in tick_sched_do_timer / tick_sched_do_timer
[   68.306386][    C0] 
[   68.308712][    C0] read to 0xffffffff85cb26d0 of 4 bytes by interrupt on cpu 1:
[   68.316254][    C0]  tick_sched_do_timer+0x33/0xe0
[   68.321290][    C0]  tick_sched_timer+0x43/0xe0
[   68.325967][    C0]  __hrtimer_run_queues+0x274/0x5f0
[   68.331235][    C0]  hrtimer_interrupt+0x22a/0x480
[   68.336167][    C0]  smp_apic_timer_interrupt+0xdc/0x280
[   68.341620][    C0]  apic_timer_interrupt+0xf/0x20
[   68.346545][    C0]  __tsan_read4+0x64/0x1f0
[   68.350957][    C0]  iptable_mangle_hook+0x32/0x260
[   68.355973][    C0]  nf_hook_slow+0x83/0x160
[   68.360379][    C0]  ip_rcv+0x12f/0x1a0
[   68.364497][    C0]  __netif_receive_skb_one_core+0xa7/0xe0
[   68.370209][    C0]  __netif_receive_skb+0x37/0xf0
[   68.375150][    C0]  netif_receive_skb_internal+0x59/0x190
[   68.380780][    C0]  napi_gro_receive+0x28f/0x330
[   68.385618][    C0]  receive_buf+0x284/0x30b0
[   68.390121][    C0]  virtnet_poll+0x436/0x7d0
[   68.394647][    C0]  net_rx_action+0x3ae/0xa90
[   68.399291][    C0]  __do_softirq+0x115/0x33f
[   68.403784][    C0]  irq_exit+0xbb/0xe0
[   68.407842][    C0]  do_IRQ+0xa6/0x180
[   68.411728][    C0]  ret_from_intr+0x0/0x19
[   68.416046][    C0]  native_safe_halt+0xe/0x10
[   68.420633][    C0]  arch_cpu_idle+0x1f/0x30
[   68.425037][    C0]  default_idle_call+0x1e/0x40
[   68.429795][    C0]  do_idle+0x1af/0x280
[   68.434098][    C0]  cpu_startup_entry+0x1b/0x20
[   68.438863][    C0]  start_secondary+0x208/0x260
[   68.443692][    C0]  secondary_startup_64+0xa4/0xb0
[   68.448702][    C0] 
[   68.451030][    C0] write to 0xffffffff85cb26d0 of 4 bytes by interrupt on cpu 0:
[   68.458660][    C0]  tick_sched_do_timer+0xc0/0xe0
[   68.463588][    C0]  tick_sched_timer+0x43/0xe0
[   68.468259][    C0]  __hrtimer_run_queues+0x274/0x5f0
[   68.473712][    C0]  hrtimer_interrupt+0x22a/0x480
[   68.478645][    C0]  smp_apic_timer_interrupt+0xdc/0x280
[   68.484119][    C0]  apic_timer_interrupt+0xf/0x20
[   68.489207][    C0]  fput+0x0/0x30
[   68.492755][    C0]  __x64_sys_epoll_pwait+0xcd/0x180
[   68.497943][    C0]  do_syscall_64+0xcc/0x370
[   68.502436][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   68.508315][    C0] 
[   68.510636][    C0] Reported by Kernel Concurrency Sanitizer on:
[   68.516779][    C0] CPU: 0 PID: 7938 Comm: syz-fuzzer Not tainted 5.4.0-rc6+ #0
[   68.524234][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.534368][    C0] ==================================================================
[   68.542419][    C0] Kernel panic - not syncing: panic_on_warn set ...
[   68.549132][    C0] CPU: 0 PID: 7938 Comm: syz-fuzzer Not tainted 5.4.0-rc6+ #0
[   68.556575][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.566733][    C0] Call Trace:
[   68.570007][    C0]  <IRQ>
[   68.572982][    C0]  dump_stack+0xf5/0x159
[   68.577306][    C0]  panic+0x210/0x640
[   68.581194][    C0]  ? vprintk_func+0x8d/0x140
[   68.585776][    C0]  kcsan_report.cold+0xc/0xe
[   68.590370][    C0]  kcsan_setup_watchpoint+0x3fe/0x410
[   68.595749][    C0]  __tsan_unaligned_write4+0x143/0x1f0
[   68.601204][    C0]  tick_sched_do_timer+0xc0/0xe0
[   68.606145][    C0]  tick_sched_timer+0x43/0xe0
[   68.610815][    C0]  __hrtimer_run_queues+0x274/0x5f0
[   68.616026][    C0]  ? tick_sched_handle+0x100/0x100
[   68.621131][    C0]  hrtimer_interrupt+0x22a/0x480
[   68.626072][    C0]  smp_apic_timer_interrupt+0xdc/0x280
[   68.631527][    C0]  ? smp_reschedule_interrupt+0x71/0x1d0
[   68.637154][    C0]  apic_timer_interrupt+0xf/0x20
[   68.642072][    C0]  </IRQ>
[   68.645011][    C0] RIP: 0010:fput+0x0/0x30
[   68.649339][    C0] Code: 00 00 00 bf 40 00 00 00 48 8b 35 93 73 5d 04 48 c7 c2 00 f4 a9 85 e8 7f 23 c4 ff eb bf 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 <55> 48 89 e5 41 54 49 89 fc 48 8b 7d 08 e8 ce e8 e4 ff e8 99 ea d7
[   68.674929][    C0] RSP: 0018:ffffc900015f3e80 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[   68.683333][    C0] RAX: ffff88812095f000 RBX: 0000000000000001 RCX: ffffffff8179cee9
[   68.691301][    C0] RDX: 0000000000000000 RSI: ffffffff8179cf0e RDI: ffff888121feee00
[   68.699301][    C0] RBP: ffffc900015f3ec0 R08: ffff88812095f000 R09: 00000000aaaaaaab
[   68.707299][    C0] R10: 0000ffff85a56377 R11: 0000000000000000 R12: ffff888121feee00
[   68.715265][    C0] R13: 0000000000000080 R14: 0000000000000000 R15: 0000000000000001
[   68.723243][    C0]  ? do_epoll_wait+0x109/0x180
[   68.728015][    C0]  ? do_epoll_wait+0x12e/0x180
[   68.732778][    C0]  ? do_epoll_wait+0x136/0x180
[   68.737536][    C0]  ? debug_smp_processor_id+0x4c/0x172
[   68.743194][    C0]  __x64_sys_epoll_pwait+0xcd/0x180
[   68.748537][    C0]  do_syscall_64+0xcc/0x370
[   68.753043][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   68.758923][    C0] RIP: 0033:0x45b300
[   68.762812][    C0] Code: 0f 05 89 44 24 20 c3 cc cc cc 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 44 8b 54 24 1c 49 c7 c0 00 00 00 00 b8 19 01 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc cc cc cc cc cc cc cc 8b 7c 24 08 48 c7
[   68.782545][    C0] RSP: 002b:000000c420161860 EFLAGS: 00000246 ORIG_RAX: 0000000000000119
[   68.791034][    C0] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 000000000045b300
[   68.798998][    C0] RDX: 0000000000000080 RSI: 000000c4201618a0 RDI: 0000000000000004
[   68.806988][    C0] RBP: 000000c420161ea0 R08: 0000000000000000 R09: 000000c420001500
[   68.814957][    C0] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000380
[   68.822937][    C0] R13: 00000000000000ff R14: 00007f05dc1f5000 R15: 0000000000000080
[   68.832248][    C0] Kernel Offset: disabled
[   68.836582][    C0] Rebooting in 86400 seconds..