[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.780916][ T26] audit: type=1800 audit(1570552846.526:25): pid=7077 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 37.824515][ T26] audit: type=1800 audit(1570552846.526:26): pid=7077 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 37.853641][ T26] audit: type=1800 audit(1570552846.526:27): pid=7077 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.53' (ECDSA) to the list of known hosts. 2019/10/08 16:40:58 fuzzer started 2019/10/08 16:40:59 dialing manager at 10.128.0.105:44253 2019/10/08 16:40:59 syscalls: 2523 2019/10/08 16:40:59 code coverage: enabled 2019/10/08 16:40:59 comparison tracing: enabled 2019/10/08 16:40:59 extra coverage: extra coverage is not supported by the kernel 2019/10/08 16:40:59 setuid sandbox: enabled 2019/10/08 16:40:59 namespace sandbox: enabled 2019/10/08 16:40:59 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/08 16:40:59 fault injection: enabled 2019/10/08 16:40:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/08 16:40:59 net packet injection: enabled 2019/10/08 16:40:59 net device setup: enabled 2019/10/08 16:40:59 concurrency sanitizer: enabled 16:41:03 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) move_mount(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$RNDADDTOENTCNT(0xffffffffffffffff, 0x40045201, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x466, &(0x7f0000000080)=ANY=[@ANYBLOB="646174613d6a6f75726e616c2c006ee0fecd1039bf4878ad0871ad"]) syzkaller login: [ 55.199645][ T7253] IPVS: ftp: loaded support on port[0] = 21 16:41:04 executing program 1: set_mempolicy(0x2, &(0x7f00000000c0)=0x2, 0x8) clone(0x808e87782a1100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 55.296253][ T7253] chnl_net:caif_netlink_parms(): no params data found [ 55.369618][ T7253] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.393349][ T7253] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.414900][ T7253] device bridge_slave_0 entered promiscuous mode [ 55.423630][ T7253] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.431176][ T7253] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.440411][ T7253] device bridge_slave_1 entered promiscuous mode [ 55.464667][ T7253] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.476311][ T7253] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.500812][ T7253] team0: Port device team_slave_0 added [ 55.509034][ T7253] team0: Port device team_slave_1 added [ 55.585665][ T7253] device hsr_slave_0 entered promiscuous mode [ 55.622871][ T7253] device hsr_slave_1 entered promiscuous mode 16:41:04 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = getpgrp(0x0) r2 = gettid() rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xffffffffffffff7f}, 0x0, 0x8) rt_tgsigqueueinfo(r1, r2, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x6}) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000ff8)={0xfffffffffffffdb0}, 0x8, 0x0) read(r3, &(0x7f0000481000)=""/128, 0x80) [ 55.685151][ T7257] ================================================================== [ 55.693303][ T7257] BUG: KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent [ 55.701715][ T7257] [ 55.704069][ T7257] write to 0xffff88812647cc28 of 8 bytes by task 7238 on cpu 1: [ 55.711803][ T7257] ext4_es_lookup_extent+0x3d3/0x510 [ 55.717189][ T7257] ext4_map_blocks+0xc2/0xf70 [ 55.722171][ T7257] ext4_mpage_readpages+0x92b/0x1270 [ 55.728254][ T7257] ext4_readpages+0x92/0xc0 [ 55.732958][ T7257] read_pages+0xa2/0x2d0 [ 55.737299][ T7257] __do_page_cache_readahead+0x353/0x390 [ 55.743081][ T7257] ondemand_readahead+0x35d/0x710 [ 55.748110][ T7257] page_cache_async_readahead+0x22c/0x250 [ 55.753930][ T7257] generic_file_read_iter+0xffc/0x1440 [ 55.759493][ T7257] ext4_file_read_iter+0xfa/0x240 [ 55.764618][ T7257] new_sync_read+0x389/0x4f0 [ 55.769328][ T7257] __vfs_read+0xb1/0xc0 [ 55.773494][ T7257] integrity_kernel_read+0xa1/0xe0 [ 55.778631][ T7257] ima_calc_file_hash_tfm+0x1b5/0x260 [ 55.784009][ T7257] [ 55.786349][ T7257] read to 0xffff88812647cc28 of 8 bytes by task 7257 on cpu 0: [ 55.793914][ T7257] ext4_es_lookup_extent+0x3ba/0x510 [ 55.799360][ T7257] ext4_map_blocks+0xc2/0xf70 [ 55.804125][ T7257] ext4_getblk+0x30b/0x380 [ 55.808546][ T7257] ext4_bread+0x4a/0x190 [ 55.812966][ T7257] __ext4_read_dirblock+0x3e/0x700 [ 55.818086][ T7257] ext4_add_entry+0x46b/0x8e0 [ 55.822817][ T7257] ext4_mkdir+0x515/0x820 [ 55.827157][ T7257] vfs_mkdir+0x283/0x390 [ 55.831405][ T7257] do_mkdirat+0x1ac/0x1f0 [ 55.835741][ T7257] __x64_sys_mkdir+0x40/0x50 [ 55.840519][ T7257] do_syscall_64+0xcf/0x2f0 [ 55.845029][ T7257] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.851094][ T7257] [ 55.853513][ T7257] Reported by Kernel Concurrency Sanitizer on: [ 55.859767][ T7257] CPU: 0 PID: 7257 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 55.867458][ T7257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.877791][ T7257] ================================================================== [ 55.885966][ T7257] Kernel panic - not syncing: panic_on_warn set ... [ 55.892575][ T7257] CPU: 0 PID: 7257 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 55.900644][ T7257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.910840][ T7257] Call Trace: [ 55.914241][ T7257] dump_stack+0xf5/0x159 [ 55.918496][ T7257] panic+0x209/0x639 [ 55.922860][ T7257] ? do_mkdirat+0x1ac/0x1f0 [ 55.927589][ T7257] ? vprintk_func+0x8d/0x140 [ 55.932267][ T7257] kcsan_report.cold+0xc/0x1b [ 55.936958][ T7257] __kcsan_setup_watchpoint+0x3ee/0x510 [ 55.942509][ T7257] __tsan_read8+0x2c/0x30 [ 55.946943][ T7257] ext4_es_lookup_extent+0x3ba/0x510 [ 55.952371][ T7257] ext4_map_blocks+0xc2/0xf70 [ 55.957150][ T7257] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.963327][ T7257] ext4_getblk+0x30b/0x380 [ 55.967940][ T7257] ? fscrypt_setup_filename+0x310/0x710 [ 55.973592][ T7257] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.979336][ T7257] ext4_bread+0x4a/0x190 16:41:04 executing program 3: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhci\x00', 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) [ 55.983691][ T7257] __ext4_read_dirblock+0x3e/0x700 [ 55.988838][ T7257] ext4_add_entry+0x46b/0x8e0 [ 55.993668][ T7257] ext4_mkdir+0x515/0x820 [ 55.998371][ T7257] vfs_mkdir+0x283/0x390 [ 56.002749][ T7257] do_mkdirat+0x1ac/0x1f0 [ 56.007311][ T7257] __x64_sys_mkdir+0x40/0x50 [ 56.011920][ T7257] do_syscall_64+0xcf/0x2f0 [ 56.016443][ T7257] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.022430][ T7257] RIP: 0033:0x458e77 [ 56.026363][ T7257] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.047643][ T7257] RSP: 002b:00007ffe2cdcca58 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 56.056070][ T7257] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 0000000000458e77 [ 56.064179][ T7257] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffe2cdccc30 [ 56.072158][ T7257] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002c40 [ 56.080350][ T7257] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 56.088457][ T7257] R13: 00007ffe2cdccc30 R14: 8421084210842109 R15: 00007ffe2cdccc3c [ 56.098276][ T7257] Kernel Offset: disabled [ 56.103047][ T7257] Rebooting in 86400 seconds..