[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   38.579470][   T25] audit: type=1800 audit(1571051275.338:25): pid=6963 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0
[   38.599529][   T25] audit: type=1800 audit(1571051275.338:26): pid=6963 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0
[   38.599544][   T25] audit: type=1800 audit(1571051275.338:27): pid=6963 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.254' (ECDSA) to the list of known hosts.
2019/10/14 11:08:02 fuzzer started
2019/10/14 11:08:03 dialing manager at 10.128.0.105:43961
2019/10/14 11:08:03 syscalls: 2523
2019/10/14 11:08:03 code coverage: enabled
2019/10/14 11:08:03 comparison tracing: enabled
2019/10/14 11:08:03 extra coverage: extra coverage is not supported by the kernel
2019/10/14 11:08:03 setuid sandbox: enabled
2019/10/14 11:08:03 namespace sandbox: enabled
2019/10/14 11:08:03 Android sandbox: /sys/fs/selinux/policy does not exist
2019/10/14 11:08:03 fault injection: enabled
2019/10/14 11:08:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/10/14 11:08:03 net packet injection: enabled
2019/10/14 11:08:03 net device setup: enabled
2019/10/14 11:08:03 concurrency sanitizer: enabled
syzkaller login: [   49.028764][    C1] ==================================================================
[   49.036901][    C1] BUG: KCSAN: data-race in tick_sched_do_timer / tick_sched_do_timer
[   49.045033][    C1] 
[   49.047347][    C1] write to 0xffffffff85caf310 of 4 bytes by interrupt on cpu 0:
[   49.054962][    C1]  tick_sched_do_timer+0xc0/0xe0
[   49.059876][    C1]  tick_sched_timer+0x43/0xe0
[   49.064543][    C1]  __hrtimer_run_queues+0x288/0x600
[   49.069747][    C1]  hrtimer_interrupt+0x22a/0x480
[   49.074665][    C1]  smp_apic_timer_interrupt+0xdc/0x280
[   49.080101][    C1]  apic_timer_interrupt+0xf/0x20
[   49.085024][    C1]  __kcsan_check_watchpoint+0x95/0x180
[   49.091670][    C1]  __tsan_read8+0x15/0x30
[   49.095995][    C1]  __nf_conntrack_find_get+0x166/0x870
[   49.101437][    C1]  nf_conntrack_in+0x2ef/0xaa0
[   49.106186][    C1]  ipv4_conntrack_local+0xbe/0x130
[   49.111277][    C1]  nf_hook_slow+0x83/0x160
[   49.115845][    C1]  __ip_local_out+0x1f7/0x2b0
[   49.120513][    C1]  ip_local_out+0x31/0x90
[   49.124830][    C1] 
[   49.127138][    C1] read to 0xffffffff85caf310 of 4 bytes by interrupt on cpu 1:
[   49.134659][    C1]  tick_sched_do_timer+0x33/0xe0
[   49.139660][    C1]  tick_sched_timer+0x43/0xe0
[   49.144324][    C1]  __hrtimer_run_queues+0x288/0x600
[   49.149517][    C1]  hrtimer_interrupt+0x22a/0x480
[   49.154517][    C1]  smp_apic_timer_interrupt+0xdc/0x280
[   49.160038][    C1]  apic_timer_interrupt+0xf/0x20
[   49.164970][    C1]  __sanitizer_cov_trace_const_cmp8+0x7/0x20
[   49.171943][    C1]  select_estimate_accuracy+0x71/0x200
[   49.177382][    C1]  do_select+0xad7/0x1020
[   49.181688][    C1]  core_sys_select+0x38b/0x520
[   49.186431][    C1]  __x64_sys_pselect6+0x22a/0x280
[   49.191451][    C1]  do_syscall_64+0xcf/0x2f0
[   49.195943][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   49.202070][    C1] 
[   49.204721][    C1] Reported by Kernel Concurrency Sanitizer on:
[   49.210852][    C1] CPU: 1 PID: 7111 Comm: syz-fuzzer Not tainted 5.3.0+ #0
[   49.217931][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.227963][    C1] ==================================================================
[   49.236007][    C1] Kernel panic - not syncing: panic_on_warn set ...
[   49.242579][    C1] CPU: 1 PID: 7111 Comm: syz-fuzzer Not tainted 5.3.0+ #0
[   49.249928][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.259965][    C1] Call Trace:
[   49.263225][    C1]  <IRQ>
[   49.266063][    C1]  dump_stack+0xf5/0x159
[   49.270287][    C1]  panic+0x209/0x639
[   49.274188][    C1]  ? do_select+0xad7/0x1020
[   49.278682][    C1]  ? vprintk_func+0x8d/0x140
[   49.283272][    C1]  kcsan_report.cold+0xc/0x1b
[   49.287987][    C1]  __kcsan_setup_watchpoint+0x3ee/0x510
[   49.294672][    C1]  __tsan_read4+0x2c/0x30
[   49.299030][    C1]  tick_sched_do_timer+0x33/0xe0
[   49.303947][    C1]  tick_sched_timer+0x43/0xe0
[   49.308605][    C1]  __hrtimer_run_queues+0x288/0x600
[   49.314852][    C1]  ? tick_sched_do_timer+0xe0/0xe0
[   49.319947][    C1]  hrtimer_interrupt+0x22a/0x480
[   49.325583][    C1]  smp_apic_timer_interrupt+0xdc/0x280
[   49.331020][    C1]  ? smp_reschedule_interrupt+0x71/0x1d0
[   49.336720][    C1]  apic_timer_interrupt+0xf/0x20
[   49.341631][    C1]  </IRQ>
[   49.344552][    C1] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x7/0x20
[   49.351297][    C1] Code: 44 00 00 55 89 f2 89 fe bf 05 00 00 00 48 89 e5 48 8b 4d 08 e8 ba fe ff ff 5d c3 0f 1f 84 00 00 00 00 00 55 48 89 f2 48 89 fe <bf> 07 00 00 00 48 89 e5 48 8b 4d 08 e8 98 fe ff ff 5d c3 66 0f 1f
[   49.370893][    C1] RSP: 0018:ffffc9000167f858 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   49.379284][    C1] RAX: ffff888121d9f000 RBX: 000000000241e1ba RCX: 00000000000003e3
[   49.387333][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   49.395300][    C1] RBP: ffffc9000167f8b8 R08: 0000000000000000 R09: 0000ffff8603db1f
[   49.403408][    C1] R10: 00000000aaaaaaab R11: ffffffff86042e00 R12: 0000000000002330
[   49.411902][    C1] R13: ffffc9000167f8d0 R14: 0000000000000000 R15: 0000000000000000
[   49.419979][    C1]  ? ktime_get_ts64+0xf9/0x2b0
[   49.425206][    C1]  ? hrtimer_active+0x1a0/0x1a0
[   49.430083][    C1]  select_estimate_accuracy+0x71/0x200
[   49.435574][    C1]  ? __tsan_write4+0x32/0x40
[   49.440158][    C1]  do_select+0xad7/0x1020
[   49.444903][    C1]  ? __kcsan_setup_watchpoint+0x96/0x510
[   49.450511][    C1]  ? __tsan_read1+0x2c/0x30
[   49.454995][    C1]  ? __kcsan_setup_watchpoint+0x96/0x510
[   49.460703][    C1]  ? poll_initwait+0xa0/0xa0
[   49.465271][    C1]  ? __tsan_write8+0x32/0x40
[   49.469854][    C1]  ? rb_erase+0x2aa/0x990
[   49.474164][    C1]  ? __tsan_read8+0x2c/0x30
[   49.478645][    C1]  ? timerqueue_del+0x82/0xc0
[   49.483302][    C1]  ? __tsan_read8+0x2c/0x30
[   49.487786][    C1]  ? _raw_spin_unlock_irqrestore+0x70/0x80
[   49.493574][    C1]  ? hrtimer_try_to_cancel+0x57/0x260
[   49.498926][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.505147][    C1]  ? hrtimer_cancel+0x44/0x50
[   49.509806][    C1]  ? futex_wait+0x350/0x400
[   49.514303][    C1]  ? __kcsan_setup_watchpoint+0x96/0x510
[   49.519921][    C1]  ? __kcsan_setup_watchpoint+0x96/0x510
[   49.525620][    C1]  ? __kcsan_setup_watchpoint+0x96/0x510
[   49.531229][    C1]  ? __tsan_write4+0x32/0x40
[   49.536851][    C1]  core_sys_select+0x38b/0x520
[   49.541620][    C1]  ? __tsan_read8+0x2c/0x30
[   49.546797][    C1]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   49.552491][    C1]  ? __kcsan_setup_watchpoint+0x96/0x510
[   49.558209][    C1]  ? _copy_to_user+0x84/0xb0
[   49.562794][    C1]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   49.570603][    C1]  ? __tsan_write8+0x32/0x40
[   49.575298][    C1]  ? ktime_get_ts64+0x286/0x2b0
[   49.580252][    C1]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   49.585970][    C1]  ? timespec64_add_safe+0xae/0xd0
[   49.591201][    C1]  __x64_sys_pselect6+0x22a/0x280
[   49.596263][    C1]  do_syscall_64+0xcf/0x2f0
[   49.600761][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   49.607062][    C1] RIP: 0033:0x45ac23
[   49.610955][    C1] Code: 48 89 44 24 08 bf 00 00 00 00 be 00 00 00 00 ba 00 00 00 00 41 ba 00 00 00 00 49 89 e0 41 b9 00 00 00 00 b8 0e 01 00 00 0f 05 <48> 8b 6c 24 10 48 83 c4 18 c3 cc cc cc b8 ba 00 00 00 0f 05 89 44
[   49.632705][    C1] RSP: 002b:000000c42004ff08 EFLAGS: 00000202 ORIG_RAX: 000000000000010e
[   49.642134][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045ac23
[   49.650342][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   49.658391][    C1] RBP: 000000c42004ff18 R08: 000000c42004ff08 R09: 0000000000000000
[   49.666474][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000042f0a0
[   49.675634][    C1] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000000
[   49.685255][    C1] Kernel Offset: disabled
[   49.689692][    C1] Rebooting in 86400 seconds..