[info] Using makefile-style concurrent boot in runlevel 2. [ 48.255891][ T27] audit: type=1800 audit(1578653136.820:21): pid=7845 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 48.316420][ T27] audit: type=1800 audit(1578653136.830:22): pid=7845 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.18' (ECDSA) to the list of known hosts. 2020/01/10 10:45:50 fuzzer started 2020/01/10 10:45:52 dialing manager at 10.128.0.105:46059 2020/01/10 10:45:52 syscalls: 2812 2020/01/10 10:45:52 code coverage: enabled 2020/01/10 10:45:52 comparison tracing: enabled 2020/01/10 10:45:52 extra coverage: enabled 2020/01/10 10:45:52 setuid sandbox: enabled 2020/01/10 10:45:52 namespace sandbox: enabled 2020/01/10 10:45:52 Android sandbox: /sys/fs/selinux/policy does not exist 2020/01/10 10:45:52 fault injection: enabled 2020/01/10 10:45:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/01/10 10:45:52 net packet injection: enabled 2020/01/10 10:45:52 net device setup: enabled 2020/01/10 10:45:52 concurrency sanitizer: enabled 2020/01/10 10:45:52 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 65.358786][ T8014] KCSAN: could not find function: 'decode_data' [ 65.984187][ T8014] KCSAN: could not find function: 'calc_wb_limits' [ 71.593451][ T8014] KCSAN: could not find function: 'poll_schedule_timeout' 2020/01/10 10:46:08 adding functions to KCSAN blacklist: 'tomoyo_supervisor' '__ext4_new_inode' 'atime_needs_update' 'snd_rawmidi_kernel_write1' 'shmem_add_to_page_cache' 'page_counter_charge' 'decode_data' 'calc_wb_limits' 'ion_page_pool_free' 'kernfs_refresh_inode' 'find_alive_thread' 'alloc_empty_file' 'xas_clear_mark' 'tick_nohz_idle_stop_tick' 'iput' 'page_counter_try_charge' 'lruvec_lru_size' 'ns_capable_common' 'd_instantiate_new' '__skb_try_recv_from_queue' 'mod_timer' '__mark_inode_dirty' 'rcu_gp_fqs_loop' 'ip_tunnel_xmit' 'ktime_get_seconds' 'common_perm_cond' 'clear_inode' 'yama_ptracer_del' 'unix_release_sock' 'commit_echoes' 'do_exit' 'ext4_mb_good_group' 'ext4_free_inode' 'blk_mq_dispatch_rq_list' 'handle_mm_fault' '__find_get_block' 'ext4_da_write_end' 'mm_update_next_owner' 'wbt_done' 'ext4_free_inodes_count' 'taskstats_exit' 'ext4_has_free_clusters' 'poll_schedule_timeout' 'generic_permission' '__blk_queue_split' 'file_update_time' 'futex_wait_queue_me' 'run_timer_softirq' 'generic_write_end' 'process_srcu' 'pid_update_inode' 'vm_area_dup' '__lru_cache_add' 'echo_char' 'generic_fillattr' 'blk_mq_run_hw_queue' 'snd_seq_prioq_cell_out' 'find_next_bit' 'copy_process' 'pcpu_alloc' 'tick_sched_do_timer' '__put_unused_fd' 'do_nanosleep' 'audit_log_start' '__d_lookup_done' 'evict' 'del_timer' 'do_wait' 'timer_clear_idle' 'ktime_get_real_seconds' '__snd_rawmidi_transmit_ack' 'virtqueue_disable_cb' 'fasync_remove_entry' 'lookup_fast' '__add_to_page_cache_locked' 'filemap_fault' 'n_tty_receive_buf_common' 'ep_poll' '__send_signal' 'blk_mq_get_request' 'blk_mq_sched_dispatch_requests' 'kauditd_thread' 'xas_find_marked' '__rcu_read_unlock' '__delete_from_page_cache' '__hrtimer_run_queues' 'blk_stat_add' 'tick_do_update_jiffies64' 'rcu_gp_fqs_check_wake' 'snd_seq_check_queue' 'wbt_issue' 'enqueue_timer' 'do_signal_stop' 'find_get_pages_range_tag' 'sit_tunnel_xmit' 'ext4_mark_iloc_dirty' 'iomap_dio_bio_actor' 'smpboot_thread_fn' 'ext4_nonda_switch' 'dd_has_work' 'can_receive' 'ext4_mb_find_by_goal' 'do_syslog' 'padata_find_next' 10:49:36 executing program 0: ptrace$getregset(0x4204, 0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=""/72, 0xffffffffffffffb3}) clone(0x49b96b00, 0x0, 0x0, 0x0, &(0x7f0000000300)) ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)="0272aae16e010f05dfd5d71cc8bab91d6d936cf44cd317b97f2a55de2da11f6e18b9d00ffc2ffadbfb9717eba42e7fe4a15cb583ea3eda7784d6295485da75d990180231f59ebe181b0c1efb0834ccb53d1cec4a6f2a239e64b7933129033faecb8a1ba890153d6c7b44e714cda28b4f3fcba183aa4829e8639470759738801af931737681657f6decd5d726312531bc25ba09f691da2205000001ad6958f651438f5aec2b0a627181f982be1b312614ee1fb7ead43f88c89ac6fef1ea610820076a16019cc346d8884480145ebb4503000000c73822fd33b7f22ff104ad68db421422335d97ce336d513503de9d4a62d3d7b29b2f969add4af8c0b339ff750804c0a0f91011c34854d5e076ed75929c914d44eee8e0080e510b224edcb1aacefd47a6eb51627a52fac53eed4cc9a20246a637eb5e95ce9028da700daf4089a89ca94c84c37738754288f1aa22eaa4ba6cdda04b3b1fb846c65802809bd2a65a6f7919847b65956fb34a9ee698c8057c7ee6f33c20e4b96ebdca22a4dc6d1a61df20edd8205cc448ed6b846ff0b6c35a4963e48427c098a542f36a05012161f74ad26a867740f64ed44aed19a4d5582b0a99f8c8a5781c91477302cf5e929bbec534eb4fc6b62b203bcc627913d817f57db502d57be3205727e2c6e47d2d201885eb6455273276e3a35a80d5aedbbac70a1b0a9173c797608479a7631eb8b63195efe23f354a7615900b191ed2e0053cebd06218df7fccf1717434a11c812057f083431a22cbacd089927d7c1509b0e94624b130b8aadd0af89eb4b6bfcc4cf67db95bd731892be3f1a2bf17917f4525f6e3463f331378f7ee7a872721adfea62c16bf0e4c4a25971c9e64ca3a55ef13eddc6d6557931f149a0929cb87b8371e354ef6f06b1abfb506d5b6c7d35b51dabd94a4d816fbd3491e17c0094a659053724b94da23e5d9b4d260ef723929d79f14361ddab19bde5a05677c161ce38324c9264288db8a67b79598ef0c00000000000000f21026f12c843afb510d2dff09f709aee946d38fe1f5304a11185bdf08e92ea42cfd576508359bd538195a0737c29445cda5504ddab67ebd1310dc8efc0380db010da701d2ffdc26575535f289535d625debc3492f7b3c20ff63c3b984813d7de5f0fd69580ec787de4a5c2ea293530a2f1fce30558b6dcb6776dcb256f817078849e597dd5651f65bcccccff1749cb46a79f37005a8ef555976a33eec417ce523ec5a94c8bfc8d2e61adad9f7759529bb7dc46d3954853aabe78f77e365075c04ee83091967504f7116d10fc2e3f3ef1ffc311397cffadb2ca0fcd4e18b44e08346192dbab940470b92a5a44d15df225f020abc62636c97509063f8d3633d8c0bc1fc783fd8f15d388dfa391c31b176ee3c730b765345d3a19300980567196ba63300"}) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0406618, &(0x7f0000000080)={{0x0, 0x0, @identifier="96d65374c30660a7d16c8c9f1fe1b60c"}}) recvmsg(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0xfffffffffffffd74, 0x0, 0xfffffffffffffd22}, 0x0) 10:49:36 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff07000100956fa283b724a600800000000000f4ff673540150024002e", 0x23}], 0x1}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket(0x10, 0x80002, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ff60, 0x0) recvmmsg(r3, &(0x7f0000001d80)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) recvmmsg(r3, &(0x7f0000006240)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) [ 287.864084][ T8019] IPVS: ftp: loaded support on port[0] = 21 [ 287.999227][ T8019] chnl_net:caif_netlink_parms(): no params data found 10:49:36 executing program 2: r0 = socket(0x10, 0x80002, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe8696071") pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x100000000011, 0x2, 0x0) bind(r4, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r4, &(0x7f0000000240)={0x11, 0x0, 0x0}, &(0x7f00000002c0)=0xfeeb) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001a40)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2400000064006f9700"/20, @ANYRES32=r5, @ANYBLOB='\x00\x00\x00\x00g'], 0x3}}, 0x0) write$binfmt_misc(r2, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r1, 0x0, r3, 0x0, 0x4ffe0, 0x0) [ 288.057741][ T8022] IPVS: ftp: loaded support on port[0] = 21 [ 288.064183][ T8019] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.088737][ T8019] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.102411][ T8019] device bridge_slave_0 entered promiscuous mode [ 288.120698][ T8019] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.127833][ T8019] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.136252][ T8019] device bridge_slave_1 entered promiscuous mode [ 288.170388][ T8019] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 288.181661][ T8019] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 288.202943][ T8019] team0: Port device team_slave_0 added [ 288.210722][ T8019] team0: Port device team_slave_1 added [ 288.291500][ T8019] device hsr_slave_0 entered promiscuous mode 10:49:36 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c560284ed7a80ffe00600000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1) recvmmsg(r1, &(0x7f0000000040), 0x40000000000031f, 0x0, 0x0) r2 = socket(0x10, 0x80002, 0x0) ioctl(r2, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe8696071") [ 288.369166][ T8019] device hsr_slave_1 entered promiscuous mode [ 288.445047][ T8025] IPVS: ftp: loaded support on port[0] = 21 [ 288.455527][ T8022] chnl_net:caif_netlink_parms(): no params data found [ 288.561359][ T8022] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.569377][ T8022] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.577061][ T8022] device bridge_slave_0 entered promiscuous mode [ 288.594389][ T8027] IPVS: ftp: loaded support on port[0] = 21 10:49:37 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c560284ed7a80ffe00600000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1) recvmmsg(r1, &(0x7f0000001680)=[{{0x0, 0x1e, &(0x7f0000000000)=[{&(0x7f0000000380)=""/151, 0x20000608}, {&(0x7f00000016c0)=""/4107, 0x100b}, {&(0x7f0000001580)=""/208, 0xd0}], 0x2}}], 0x400000000000004, 0x0, 0x0) [ 288.620304][ T8019] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 288.655737][ T8003] ================================================================== [ 288.664250][ T8003] BUG: KCSAN: data-race in tomoyo_domain_quota_is_ok / tomoyo_merge_path_acl [ 288.673006][ T8003] [ 288.675354][ T8003] read to 0xffff8880a7a3cc1a of 2 bytes by task 8002 on cpu 0: [ 288.682892][ T8003] tomoyo_domain_quota_is_ok+0x29c/0x2b0 [ 288.688509][ T8003] tomoyo_supervisor+0x22b/0xd20 [ 288.693430][ T8003] tomoyo_path_number_perm+0x323/0x3c0 [ 288.698877][ T8003] tomoyo_path_chmod+0x2f/0x40 [ 288.703636][ T8003] security_path_chmod+0xac/0xe0 [ 288.708660][ T8003] chmod_common+0xe0/0x2d0 [ 288.713110][ T8003] do_fchmodat+0x7a/0x100 [ 288.717428][ T8003] __x64_sys_fchmodat+0x4d/0x60 [ 288.722362][ T8003] do_syscall_64+0xcc/0x3a0 [ 288.726905][ T8003] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 288.732799][ T8003] [ 288.735122][ T8003] write to 0xffff8880a7a3cc1a of 2 bytes by task 8003 on cpu 1: [ 288.742749][ T8003] tomoyo_merge_path_acl+0x6c/0xa0 [ 288.747856][ T8003] tomoyo_update_domain+0x323/0x450 [ 288.753054][ T8003] tomoyo_write_file+0x34e/0x580 [ 288.761464][ T8003] tomoyo_write_domain2+0xad/0x120 [ 288.766703][ T8003] tomoyo_supervisor+0xad7/0xd20 [ 288.771727][ T8003] tomoyo_path_permission+0x121/0x160 [ 288.777087][ T8003] tomoyo_check_open_permission+0x2b9/0x320 [ 288.783092][ T8003] tomoyo_file_open+0x75/0x90 [ 288.787771][ T8003] security_file_open+0x69/0x210 [ 288.792702][ T8003] do_dentry_open+0x211/0x970 [ 288.797381][ T8003] vfs_open+0x62/0x80 [ 288.801350][ T8003] path_openat+0xf9f/0x3580 [ 288.805848][ T8003] do_filp_open+0x11e/0x1b0 [ 288.810447][ T8003] do_sys_open+0x3b3/0x4f0 [ 288.814913][ T8003] __x64_sys_openat+0x62/0x80 [ 288.819594][ T8003] do_syscall_64+0xcc/0x3a0 [ 288.824448][ T8003] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 288.830323][ T8003] [ 288.832634][ T8003] Reported by Kernel Concurrency Sanitizer on: [ 288.838788][ T8003] CPU: 1 PID: 8003 Comm: syz-fuzzer Not tainted 5.5.0-rc1-syzkaller #0 [ 288.847105][ T8003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.858214][ T8003] ================================================================== [ 288.866356][ T8003] Kernel panic - not syncing: panic_on_warn set ... [ 288.872938][ T8003] CPU: 1 PID: 8003 Comm: syz-fuzzer Not tainted 5.5.0-rc1-syzkaller #0 [ 288.881202][ T8003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.891345][ T8003] Call Trace: [ 288.894637][ T8003] dump_stack+0x11d/0x181 [ 288.899006][ T8003] panic+0x210/0x640 [ 288.902892][ T8003] ? vprintk_func+0x8d/0x140 [ 288.907499][ T8003] kcsan_report.cold+0xc/0xd [ 288.912083][ T8003] kcsan_setup_watchpoint+0x3fe/0x460 [ 288.917469][ T8003] __tsan_unaligned_write2+0xc7/0x110 [ 288.922841][ T8003] tomoyo_merge_path_acl+0x6c/0xa0 [ 288.927941][ T8003] ? tomoyo_same_path_acl+0x80/0x80 [ 288.933140][ T8003] tomoyo_update_domain+0x323/0x450 [ 288.938341][ T8003] ? tomoyo_same_path_acl+0x80/0x80 [ 288.943628][ T8003] ? tomoyo_write_misc+0x190/0x190 [ 288.948736][ T8003] tomoyo_write_file+0x34e/0x580 [ 288.953793][ T8003] ? vsnprintf+0x1a7/0xb40 [ 288.958216][ T8003] ? strncmp+0x66/0x80 [ 288.962275][ T8003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 288.968525][ T8003] tomoyo_write_domain2+0xad/0x120 [ 288.973643][ T8003] tomoyo_supervisor+0xad7/0xd20 [ 288.978591][ T8003] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 288.984301][ T8003] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 288.990530][ T8003] ? __read_once_size.constprop.0+0x12/0x20 [ 288.996413][ T8003] tomoyo_path_permission+0x121/0x160 [ 289.001772][ T8003] tomoyo_check_open_permission+0x2b9/0x320 [ 289.007673][ T8003] tomoyo_file_open+0x75/0x90 [ 289.012350][ T8003] security_file_open+0x69/0x210 [ 289.017287][ T8003] do_dentry_open+0x211/0x970 [ 289.022015][ T8003] ? security_inode_permission+0xa5/0xc0 [ 289.028427][ T8003] vfs_open+0x62/0x80 [ 289.032422][ T8003] path_openat+0xf9f/0x3580 [ 289.036915][ T8003] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 289.042791][ T8003] do_filp_open+0x11e/0x1b0 [ 289.047283][ T8003] ? _raw_spin_unlock+0x4b/0x60 [ 289.052139][ T8003] ? __alloc_fd+0x2ef/0x3b0 [ 289.056647][ T8003] ? get_unused_fd_flags+0x93/0xc0 [ 289.061762][ T8003] do_sys_open+0x3b3/0x4f0 [ 289.067142][ T8003] __x64_sys_openat+0x62/0x80 [ 289.071817][ T8003] do_syscall_64+0xcc/0x3a0 [ 289.076307][ T8003] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 289.082199][ T8003] RIP: 0033:0x47c5aa [ 289.086096][ T8003] Code: e8 7b 6b fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 289.105684][ T8003] RSP: 002b:000000c4202857c0 EFLAGS: 00000206 ORIG_RAX: 0000000000000101 [ 289.114859][ T8003] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047c5aa [ 289.122813][ T8003] RDX: 00000000000800c2 RSI: 000000c43c62ae80 RDI: ffffffffffffff9c [ 289.130777][ T8003] RBP: 000000c420285840 R08: 0000000000000000 R09: 0000000000000000 [ 289.138747][ T8003] R10: 0000000000000180 R11: 0000000000000206 R12: ffffffffffffffff [ 289.146702][ T8003] R13: 0000000000000075 R14: 0000000000000074 R15: 0000000000000100 [ 289.156249][ T8003] Kernel Offset: disabled [ 289.160605][ T8003] Rebooting in 86400 seconds..