[info] Using makefile-style concurrent boot in runlevel 2. [ 42.487165][ T26] audit: type=1800 audit(1574373515.048:21): pid=7456 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 42.518489][ T26] audit: type=1800 audit(1574373515.048:22): pid=7456 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.126' (ECDSA) to the list of known hosts. 2019/11/21 21:58:45 fuzzer started 2019/11/21 21:58:47 dialing manager at 10.128.0.105:37585 2019/11/21 21:58:47 syscalls: 2566 2019/11/21 21:58:47 code coverage: enabled 2019/11/21 21:58:47 comparison tracing: enabled 2019/11/21 21:58:47 extra coverage: extra coverage is not supported by the kernel 2019/11/21 21:58:47 setuid sandbox: enabled 2019/11/21 21:58:47 namespace sandbox: enabled 2019/11/21 21:58:47 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/21 21:58:47 fault injection: enabled 2019/11/21 21:58:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/21 21:58:47 net packet injection: enabled 2019/11/21 21:58:47 net device setup: enabled 2019/11/21 21:58:47 concurrency sanitizer: enabled 2019/11/21 21:58:47 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 65.222941][ T7627] KCSAN: could not find function: 'poll_schedule_timeout' 2019/11/21 21:59:03 adding functions to KCSAN blacklist: 'tick_do_update_jiffies64' 'ext4_has_free_clusters' 'wbt_done' '__delete_from_page_cache' 'dd_has_work' 'kauditd_thread' 'vm_area_dup' '__get_user_pages' 'filemap_map_pages' 'd_alloc_parallel' 'lookup_fast' '__dentry_kill' 'pid_update_inode' 'xas_clear_mark' 'pipe_poll' 'ext4_nonda_switch' 'timer_clear_idle' 'list_lru_count_one' 'do_readlinkat' 'mem_cgroup_select_victim_node' 'bio_endio' 'ep_poll' 'lruvec_lru_size' 'shmem_file_read_iter' 'alloc_pid' 'lru_add_drain_all' 'find_get_pages_range_tag' 'taskstats_exit' 'blk_stat_add' 'tick_nohz_idle_stop_tick' '__dev_queue_xmit' 'wbt_issue' 'p9_poll_workfn' 'kcm_rcv_strparser' 'writeback_sb_inodes' '__add_to_page_cache_locked' 'generic_fillattr' 'do_nanosleep' 'xas_find_marked' 'echo_char' 'process_srcu' 'copy_process' 'ext4_mb_find_by_goal' 'do_exit' '__rb_rotate_set_parents' 'snd_seq_prioq_cell_out' 'evict' 'n_tty_receive_buf_common' 'percpu_counter_add_batch' 'tomoyo_supervisor' 'run_timer_softirq' 'ext4_mb_good_group' 'smpboot_thread_fn' 'tcp_add_backlog' 'ext4_mark_iloc_dirty' '__skb_try_recv_from_queue' 'ext4_da_write_end' '__hrtimer_run_queues' 'dput' 'yama_ptracer_del' 'generic_write_end' 'do_syslog' 'generic_permission' 'poll_schedule_timeout' 'ktime_get_real_seconds' 'add_timer' 'sit_tunnel_xmit' 'blk_mq_run_hw_queue' 'page_counter_try_charge' 'shmem_add_to_page_cache' 'snd_seq_check_queue' 'ktime_get_seconds' '__ext4_new_inode' 'ext4_free_inode' 'ext4_free_inodes_count' 'mm_update_next_owner' 'futex_wait_queue_me' 'find_next_bit' 'watchdog' 'pipe_wait' 'af_alg_sendmsg' 'mark_buffer_dirty_inode' 'del_timer' 'padata_find_next' 'audit_log_start' 'rcu_gp_fqs_loop' 'blk_mq_free_request' 'rcu_gp_fqs_check_wake' 'common_perm_cond' 'xprt_connect' 'blk_mq_sched_dispatch_requests' '__mark_inode_dirty' 'generic_file_read_iter' 'relay_switch_subbuf' 'atime_needs_update' 'blk_mq_dispatch_rq_list' 'tick_sched_do_timer' 'pcpu_alloc' '__snd_rawmidi_transmit_ack' 'sctp_assoc_migrate' 'blk_mq_get_request' 'mod_timer' 'balance_dirty_pages' 'find_alive_thread' 'kvm_mmu_notifier_invalidate_range_end' 22:03:34 executing program 0: ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000, 0x77a0100]}, @rand_addr="58c4c4a733d993a894f49491b9d6d13e", @loopback}) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xd3d, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xf5, 0x400}], 0x40, 0x0) 22:03:35 executing program 1: clone(0x3106001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) wait4(0x0, 0x0, 0x40000000, 0x0) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000600)='ns/uts\x00') r3 = gettid() r4 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) tkill(r3, 0xc) dup2(r4, r2) [ 342.648299][ T7629] IPVS: ftp: loaded support on port[0] = 21 [ 342.739238][ T7629] chnl_net:caif_netlink_parms(): no params data found [ 342.769335][ T7629] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.776661][ T7629] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.785051][ T7629] device bridge_slave_0 entered promiscuous mode [ 342.792591][ T7629] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.810068][ T7629] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.817995][ T7629] device bridge_slave_1 entered promiscuous mode [ 342.835455][ T7629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 342.846574][ T7629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 342.867252][ T7629] team0: Port device team_slave_0 added [ 342.870445][ T7633] IPVS: ftp: loaded support on port[0] = 21 [ 342.874114][ T7629] team0: Port device team_slave_1 added 22:03:35 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000071, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007bd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_script(r0, &(0x7f00000009c0)=ANY=[], 0x378) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000540)='highspeed\x00\xcb\xa0I\fQt\x83\b\xf6Q\x92\tD\x9f\xfb\xcd<\x96lY\xe5\xa3C\x00\x98\xf8\xc4\'\xa9\xb8\xb6U3=J+|\xe4U\xec#z5\xce\xdf\xdf\xda\xdc\x02\xb3\x8dn\x82\x00\xf7\xa9\xc9\xc7\x04O\xabT\x94\x8c\x8d\x06\xc34\xf8\xd3*\\\x9f\xd6\x8e\\\xdeu\xba\xa5\xe7\xb1\xb4#\xee\x82\xbd\x15\x9b>z\xfc\xee\x87\xc9al\xbe\x03\xa7\xe6\x8aY\xfc\xb5I\x8a\xc3\xd3v\xd0\xcc\x02\xf5\xc8\x84n\xdbF\xe4\xde\x9eF\x98[X>\xfee\xf1?\xea2@\x9e\xdaqi\xec/\xf3V\xa9\xed\xfc\f\xdf{\xa8\x98\xb3\xa6\xca\xf2f\x13\xed\xd0&\x1f\x89\\\x18O\xd1\xec\xa2#N\x83uD\"\xa5|\\!\xe4\x11ie\xd7\xccw\xaa\xea\xee\xdc\x84\xc8Z\xd1\xae\xd5PH\xc5X', 0x40) readv(r0, &(0x7f0000000740)=[{&(0x7f0000000180)=""/226, 0xe2}], 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$inet(0x2, 0x801, 0x0) dup3(r2, r1, 0x0) sendto$inet(r0, &(0x7f0000000300)='\f', 0xc3f2, 0x11, 0x0, 0x0) [ 342.944972][ T7629] device hsr_slave_0 entered promiscuous mode [ 343.003199][ T7629] device hsr_slave_1 entered promiscuous mode [ 343.129126][ T7635] IPVS: ftp: loaded support on port[0] = 21 22:03:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)) [ 343.281217][ T7629] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.288325][ T7629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 343.295777][ T7629] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.302842][ T7629] bridge0: port 1(bridge_slave_0) entered forwarding state [ 343.315952][ T7625] ================================================================== [ 343.324085][ T7625] BUG: KCSAN: data-race in tomoyo_domain_quota_is_ok / tomoyo_merge_path_acl [ 343.332854][ T7625] [ 343.335187][ T7625] read to 0xffff8880aa702b5a of 2 bytes by task 7616 on cpu 1: [ 343.342731][ T7625] tomoyo_domain_quota_is_ok+0x29c/0x2b0 [ 343.348362][ T7625] tomoyo_supervisor+0x22b/0xd20 [ 343.353302][ T7625] tomoyo_path_number_perm+0x323/0x3c0 [ 343.358761][ T7625] tomoyo_path_chmod+0x2f/0x40 [ 343.363627][ T7625] security_path_chmod+0xac/0xe0 [ 343.368571][ T7625] chmod_common+0xe0/0x2d0 [ 343.373019][ T7625] do_fchmodat+0x7a/0x100 [ 343.377460][ T7625] __x64_sys_fchmodat+0x4d/0x60 [ 343.382338][ T7625] do_syscall_64+0xcc/0x370 [ 343.386848][ T7625] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 343.392729][ T7625] [ 343.395177][ T7625] write to 0xffff8880aa702b5a of 2 bytes by task 7625 on cpu 0: [ 343.402811][ T7625] tomoyo_merge_path_acl+0x6c/0xa0 [ 343.408458][ T7625] tomoyo_update_domain+0x323/0x450 [ 343.413658][ T7625] tomoyo_write_file+0x34e/0x580 [ 343.418586][ T7625] tomoyo_write_domain2+0xad/0x120 [ 343.423688][ T7625] tomoyo_supervisor+0xad7/0xd20 [ 343.428617][ T7625] tomoyo_path_permission+0x121/0x160 [ 343.433979][ T7625] tomoyo_check_open_permission+0x2b9/0x320 [ 343.439861][ T7625] tomoyo_file_open+0x75/0x90 [ 343.444546][ T7625] security_file_open+0x69/0x210 [ 343.449477][ T7625] do_dentry_open+0x211/0x970 [ 343.454145][ T7625] vfs_open+0x62/0x80 [ 343.458120][ T7625] path_openat+0xf73/0x36e0 [ 343.462651][ T7625] do_filp_open+0x11e/0x1b0 [ 343.467145][ T7625] do_sys_open+0x3b3/0x4f0 [ 343.471554][ T7625] __x64_sys_openat+0x62/0x80 [ 343.476227][ T7625] do_syscall_64+0xcc/0x370 [ 343.480822][ T7625] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 343.486799][ T7625] [ 343.489142][ T7625] Reported by Kernel Concurrency Sanitizer on: [ 343.495495][ T7625] CPU: 0 PID: 7625 Comm: syz-fuzzer Not tainted 5.4.0-rc7+ #0 [ 343.502934][ T7625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 343.512990][ T7625] ================================================================== [ 343.521042][ T7625] Kernel panic - not syncing: panic_on_warn set ... [ 343.527627][ T7625] CPU: 0 PID: 7625 Comm: syz-fuzzer Not tainted 5.4.0-rc7+ #0 [ 343.535427][ T7625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 343.545987][ T7625] Call Trace: [ 343.549277][ T7625] dump_stack+0x11d/0x181 [ 343.553603][ T7625] panic+0x210/0x640 [ 343.557492][ T7625] ? vprintk_func+0x8d/0x140 [ 343.562258][ T7625] kcsan_report.cold+0xc/0xd [ 343.566855][ T7625] kcsan_setup_watchpoint+0x3fe/0x460 [ 343.572229][ T7625] __tsan_unaligned_write2+0xc4/0x100 [ 343.577683][ T7625] tomoyo_merge_path_acl+0x6c/0xa0 [ 343.582789][ T7625] ? tomoyo_same_path_acl+0x80/0x80 [ 343.587999][ T7625] tomoyo_update_domain+0x323/0x450 [ 343.593209][ T7625] ? tomoyo_same_path_acl+0x80/0x80 [ 343.598422][ T7625] ? tomoyo_write_misc+0x190/0x190 [ 343.603541][ T7625] tomoyo_write_file+0x34e/0x580 [ 343.608494][ T7625] ? vsnprintf+0x1a7/0xb40 [ 343.612920][ T7625] ? strncmp+0x66/0x80 [ 343.617020][ T7625] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 343.623452][ T7625] tomoyo_write_domain2+0xad/0x120 [ 343.629364][ T7625] tomoyo_supervisor+0xad7/0xd20 [ 343.634299][ T7625] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 343.640027][ T7625] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 343.646268][ T7625] ? __read_once_size.constprop.0+0x12/0x20 [ 343.652164][ T7625] tomoyo_path_permission+0x121/0x160 [ 343.657568][ T7625] tomoyo_check_open_permission+0x2b9/0x320 [ 343.663487][ T7625] tomoyo_file_open+0x75/0x90 [ 343.668159][ T7625] security_file_open+0x69/0x210 [ 343.673107][ T7625] do_dentry_open+0x211/0x970 [ 343.677804][ T7625] ? security_inode_permission+0xa5/0xc0 [ 343.683437][ T7625] vfs_open+0x62/0x80 [ 343.687414][ T7625] path_openat+0xf73/0x36e0 [ 343.691934][ T7625] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 343.697910][ T7625] do_filp_open+0x11e/0x1b0 [ 343.702587][ T7625] ? _raw_spin_unlock+0x4b/0x60 [ 343.707533][ T7625] ? __alloc_fd+0x2ef/0x3b0 [ 343.712030][ T7625] ? get_unused_fd_flags+0x93/0xc0 [ 343.717145][ T7625] do_sys_open+0x3b3/0x4f0 [ 343.721560][ T7625] __x64_sys_openat+0x62/0x80 [ 343.726247][ T7625] do_syscall_64+0xcc/0x370 [ 343.730745][ T7625] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 343.737499][ T7625] RIP: 0033:0x47c5aa [ 343.741394][ T7625] Code: e8 7b 6b fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 343.760985][ T7625] RSP: 002b:000000c4200517c0 EFLAGS: 00000206 ORIG_RAX: 0000000000000101 [ 343.770343][ T7625] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047c5aa [ 343.778315][ T7625] RDX: 00000000000800c2 RSI: 000000c440b4ec20 RDI: ffffffffffffff9c [ 343.786274][ T7625] RBP: 000000c420051840 R08: 0000000000000000 R09: 0000000000000000 [ 343.794241][ T7625] R10: 0000000000000180 R11: 0000000000000206 R12: ffffffffffffffff [ 343.802201][ T7625] R13: 0000000000000062 R14: 0000000000000061 R15: 0000000000000100 [ 343.811923][ T7625] Kernel Offset: disabled [ 343.816317][ T7625] Rebooting in 86400 seconds..