[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.043590][ T25] audit: type=1800 audit(1571133429.646:25): pid=6971 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 36.098417][ T25] audit: type=1800 audit(1571133429.646:26): pid=6971 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 36.130260][ T25] audit: type=1800 audit(1571133429.646:27): pid=6971 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.206' (ECDSA) to the list of known hosts. 2019/10/15 09:57:17 fuzzer started 2019/10/15 09:57:18 dialing manager at 10.128.0.105:33637 2019/10/15 09:57:18 syscalls: 2523 2019/10/15 09:57:18 code coverage: enabled 2019/10/15 09:57:18 comparison tracing: enabled 2019/10/15 09:57:18 extra coverage: extra coverage is not supported by the kernel 2019/10/15 09:57:18 setuid sandbox: enabled 2019/10/15 09:57:18 namespace sandbox: enabled 2019/10/15 09:57:18 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/15 09:57:18 fault injection: enabled 2019/10/15 09:57:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/15 09:57:18 net packet injection: enabled 2019/10/15 09:57:18 net device setup: enabled 2019/10/15 09:57:18 concurrency sanitizer: enabled 09:57:21 executing program 0: r0 = socket$inet(0x2, 0x2000080001, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f00000000c0)=@assoc_value={0x0, 0x1ff}, 0x8) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1a000}], 0x1}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\xf6', 0x275a, 0x0) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x80800800}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x14, 0x0, 0x4, 0x70bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x40000) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000004cb]}) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000200)=""/195, 0xff34}, {&(0x7f0000000300)=""/204, 0xcc}], 0x2) syzkaller login: [ 47.856180][ T7139] IPVS: ftp: loaded support on port[0] = 21 09:57:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000100)) [ 47.952056][ T7139] chnl_net:caif_netlink_parms(): no params data found [ 48.014958][ T7139] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.039223][ T7139] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.047346][ T7139] device bridge_slave_0 entered promiscuous mode [ 48.069230][ T7139] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.076395][ T7139] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.088457][ T7139] device bridge_slave_1 entered promiscuous mode [ 48.140328][ T7139] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.151169][ T7139] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.175719][ T7139] team0: Port device team_slave_0 added [ 48.183468][ T7139] team0: Port device team_slave_1 added 09:57:21 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000240)="0900000000003639408fa3a3ba27660199783b0a82f79b32a7c8225086600a38e07d4db88a66596759e95307b680ab73e03753555c97e8e37d01da4d44a994354a9fa3ed7bc02e3af355214eeabd24fd620b2022d5ad63b369aaffe9a6b608a5fece0eca95d71f2d3e60613a027fb50cbcbd92d44076d3b97247e066165ccf1032f51d36ab231f6c20d87e9167edf69776dca67d90a17ccd18fb9c7b21d53478e382dcf296a23a060bfe9ac9d9cd196187d0b64c834783111c7758bf5a62c197735b91d92591d04108e4a92ad8cd3ddf0000000029cb6fc8277e40be030437ff6d23073753f6b418fac8c8145093000000c32f5221dbf42b2b654d5db023d356749fd2de6f3aea7a64516affb5084993c4bf4d6b220942f91b82588afb7964663a900b939f074d9c35497a56973c", 0x12e}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 48.261568][ T7139] device hsr_slave_0 entered promiscuous mode [ 48.329597][ T7139] device hsr_slave_1 entered promiscuous mode [ 48.336994][ T7125] ================================================================== [ 48.345105][ T7125] BUG: KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent [ 48.353496][ T7125] [ 48.355820][ T7125] read to 0xffff888218501c28 of 8 bytes by task 7143 on cpu 1: [ 48.363362][ T7125] ext4_es_lookup_extent+0x3ba/0x510 [ 48.368643][ T7125] ext4_map_blocks+0xc2/0xf70 [ 48.373315][ T7125] ext4_getblk+0x30b/0x380 [ 48.377730][ T7125] ext4_bread+0x4a/0x190 [ 48.381962][ T7125] __ext4_read_dirblock+0x3e/0x700 [ 48.387063][ T7125] ext4_add_entry+0x46b/0x8e0 [ 48.391725][ T7125] ext4_mkdir+0x515/0x820 [ 48.396043][ T7125] vfs_mkdir+0x283/0x390 [ 48.400282][ T7125] do_mkdirat+0x1ac/0x1f0 [ 48.404604][ T7125] __x64_sys_mkdir+0x40/0x50 [ 48.409188][ T7125] do_syscall_64+0xcf/0x2f0 [ 48.413697][ T7125] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 48.419569][ T7125] [ 48.421891][ T7125] write to 0xffff888218501c28 of 8 bytes by task 7125 on cpu 0: [ 48.429516][ T7125] ext4_es_lookup_extent+0x3d3/0x510 [ 48.434791][ T7125] ext4_map_blocks+0xc2/0xf70 [ 48.439462][ T7125] ext4_mpage_readpages+0x92b/0x1270 [ 48.444737][ T7125] ext4_readpages+0x92/0xc0 [ 48.449233][ T7125] read_pages+0xa2/0x2d0 [ 48.453472][ T7125] __do_page_cache_readahead+0x353/0x390 [ 48.459090][ T7125] ondemand_readahead+0x35d/0x710 [ 48.464107][ T7125] page_cache_async_readahead+0x22c/0x250 [ 48.470949][ T7125] generic_file_read_iter+0xffc/0x1440 [ 48.476402][ T7125] ext4_file_read_iter+0xfa/0x240 [ 48.481411][ T7125] new_sync_read+0x389/0x4f0 [ 48.485994][ T7125] __vfs_read+0xb1/0xc0 [ 48.490141][ T7125] integrity_kernel_read+0xa1/0xe0 [ 48.495242][ T7125] [ 48.497554][ T7125] Reported by Kernel Concurrency Sanitizer on: [ 48.503685][ T7125] CPU: 0 PID: 7125 Comm: syz-fuzzer Not tainted 5.3.0+ #0 [ 48.510761][ T7125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.520788][ T7125] ================================================================== [ 48.528824][ T7125] Kernel panic - not syncing: panic_on_warn set ... [ 48.535391][ T7125] CPU: 0 PID: 7125 Comm: syz-fuzzer Not tainted 5.3.0+ #0 [ 48.542470][ T7125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.552498][ T7125] Call Trace: [ 48.555772][ T7125] dump_stack+0xf5/0x159 [ 48.560006][ T7125] panic+0x209/0x639 [ 48.563879][ T7125] ? generic_file_read_iter+0xffc/0x1440 [ 48.569669][ T7125] ? vprintk_func+0x8d/0x140 [ 48.574324][ T7125] kcsan_report.cold+0xc/0x1b [ 48.579019][ T7125] __kcsan_setup_watchpoint+0x3ee/0x510 [ 48.584542][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.590150][ T7125] __tsan_write8+0x32/0x40 [ 48.594569][ T7125] ext4_es_lookup_extent+0x3d3/0x510 [ 48.599846][ T7125] ext4_map_blocks+0xc2/0xf70 [ 48.604515][ T7125] ext4_mpage_readpages+0x92b/0x1270 [ 48.609781][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.615391][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.621001][ T7125] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 48.626882][ T7125] ? ext4_invalidatepage+0x1e0/0x1e0 [ 48.632153][ T7125] ext4_readpages+0x92/0xc0 [ 48.636661][ T7125] ? ext4_invalidatepage+0x1e0/0x1e0 [ 48.641942][ T7125] read_pages+0xa2/0x2d0 [ 48.646176][ T7125] __do_page_cache_readahead+0x353/0x390 [ 48.651815][ T7125] ondemand_readahead+0x35d/0x710 [ 48.656822][ T7125] page_cache_async_readahead+0x22c/0x250 [ 48.662534][ T7125] generic_file_read_iter+0xffc/0x1440 [ 48.668237][ T7125] ext4_file_read_iter+0xfa/0x240 [ 48.673241][ T7125] new_sync_read+0x389/0x4f0 [ 48.677811][ T7125] __vfs_read+0xb1/0xc0 [ 48.681946][ T7125] integrity_kernel_read+0xa1/0xe0 [ 48.687035][ T7125] ima_calc_file_hash_tfm+0x1b5/0x260 [ 48.692390][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.698520][ T7125] ? should_fail+0xd4/0x45d [ 48.703000][ T7125] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 48.708698][ T7125] ? widen_string+0x4a/0x1a0 [ 48.713267][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.718875][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.724486][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.730097][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.735706][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.741325][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.746935][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.752544][ T7125] ? __tsan_read4+0x2c/0x30 [ 48.757036][ T7125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.763261][ T7125] ? refcount_sub_and_test_checked+0xc8/0x190 [ 48.769317][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.774932][ T7125] ? __tsan_read4+0x2c/0x30 [ 48.779416][ T7125] ima_calc_file_hash+0x158/0xf10 [ 48.784422][ T7125] ? __tsan_write8+0x32/0x40 [ 48.788992][ T7125] ? ext4_xattr_get+0x10b/0x5c0 [ 48.793819][ T7125] ? __rcu_read_unlock+0x62/0xe0 [ 48.798733][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.804355][ T7125] ima_collect_measurement+0x384/0x3b0 [ 48.809818][ T7125] process_measurement+0x980/0xff0 [ 48.814940][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.820561][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.826171][ T7125] ? __tsan_read4+0x2c/0x30 [ 48.831014][ T7125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.837239][ T7125] ? refcount_sub_and_test_checked+0xc8/0x190 [ 48.843301][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.848924][ T7125] ? __kcsan_setup_watchpoint+0x96/0x510 [ 48.854614][ T7125] ima_file_check+0x7e/0xb0 [ 48.859242][ T7125] path_openat+0xfb1/0x3530 [ 48.863766][ T7125] do_filp_open+0x11e/0x1b0 [ 48.868270][ T7125] ? _raw_spin_unlock+0x4b/0x60 [ 48.873103][ T7125] ? __alloc_fd+0x316/0x4c0 [ 48.877598][ T7125] ? get_unused_fd_flags+0x93/0xc0 [ 48.882693][ T7125] do_sys_open+0x3b3/0x4f0 [ 48.887098][ T7125] __x64_sys_openat+0x62/0x80 [ 48.891791][ T7125] do_syscall_64+0xcf/0x2f0 [ 48.896287][ T7125] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 48.902159][ T7125] RIP: 0033:0x47c5aa [ 48.906039][ T7125] Code: e8 7b 6b fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 48.925616][ T7125] RSP: 002b:000000c420907850 EFLAGS: 00000206 ORIG_RAX: 0000000000000101 [ 48.934012][ T7125] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047c5aa [ 48.941960][ T7125] RDX: 0000000000080002 RSI: 000000c42062c880 RDI: ffffffffffffff9c [ 48.949909][ T7125] RBP: 000000c4209078d0 R08: 0000000000000000 R09: 0000000000000000 [ 48.957871][ T7125] R10: 00000000000001a4 R11: 0000000000000206 R12: ffffffffffffffff [ 48.965829][ T7125] R13: 0000000000000045 R14: 0000000000000044 R15: 0000000000000100 [ 48.974987][ T7125] Kernel Offset: disabled [ 48.979314][ T7125] Rebooting in 86400 seconds..