Warning: Permanently added '10.128.0.235' (ECDSA) to the list of known hosts. 2020/07/23 19:51:10 fuzzer started 2020/07/23 19:51:10 dialing manager at 10.128.0.105:44987 2020/07/23 19:51:10 syscalls: 3213 2020/07/23 19:51:10 code coverage: enabled 2020/07/23 19:51:10 comparison tracing: enabled 2020/07/23 19:51:10 extra coverage: enabled 2020/07/23 19:51:10 setuid sandbox: enabled 2020/07/23 19:51:10 namespace sandbox: enabled 2020/07/23 19:51:10 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/23 19:51:10 fault injection: enabled 2020/07/23 19:51:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/23 19:51:10 net packet injection: enabled 2020/07/23 19:51:10 net device setup: enabled 2020/07/23 19:51:10 concurrency sanitizer: enabled 2020/07/23 19:51:10 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/23 19:51:10 USB emulation: enabled 2020/07/23 19:51:14 suppressing KCSAN reports in functions: '__mnt_want_write_file' 'ext4_mb_regular_allocator' 'io_sq_thread' 'ext4_mb_good_group' 'unix_dgram_connect' 'do_epoll_wait' 'blk_mq_rq_ctx_init' '__mark_inode_dirty' '__blkdev_put' 'complete_signal' 'pcpu_alloc' '__delayacct_blkio_end' 'wbt_issue' 'ext4_writepages' 'generic_file_buffered_read' 'snd_rawmidi_transmit' 'n_tty_receive_buf_common' 'futex_wait_queue_me' 'ext4_free_inode' 'do_sys_poll' 'find_get_pages_range_tag' 'blk_mq_sched_dispatch_requests' 'generic_write_end' 'xas_clear_mark' 'fasync_remove_entry' 'exit_mm' 'expire_timers' '__xa_clear_mark' 'blk_mq_dispatch_rq_list' 'alloc_pid' 'ext4_free_inodes_count' 'do_nanosleep' 'ext4_mark_iloc_dirty' 'wbt_wait' 'dd_has_work' '__ext4_new_inode' 'kauditd_thread' 'snd_rawmidi_poll' 'do_select' 'ext4_mb_find_by_goal' 'xas_find_marked' 'padata_reorder' 'vfs_readlink' 'page_counter_charge' 'do_syslog' 19:52:34 executing program 0: acct(&(0x7f0000000000)='./file0\x00') write$RDMA_USER_CM_CMD_BIND(0xffffffffffffffff, &(0x7f0000000040)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x1c, 0x0, @in6={0xa, 0x4e21, 0x2, @loopback, 0xba5}}}, 0x90) unlink(&(0x7f0000000100)='./file0\x00') r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000280)={0x5, 0xc4, &(0x7f0000000180)="6d24a129a716c70e082003d2c40e604956703b54a2fe1d0a8ca5cf5dd4745476f07cb2eaeb125e16c0e545e1af6a44a322a7a0dccfa91ab40532d41665e8f2753f9e08e8a54ec43d788ae06b222c39c0fd1ea178b79ee3d056a4e6f74160cbcb44030bab8a8f63e7c3d9f76691003eb854d307d253f16a91f670df61342f61f728a93437ef12f0e8e28c58c8dcf5c14f238d981664c8f1f87574872785ce20ae93e10fb55f63d565c78e0f5b966a0d6878bd7c7500584fa86eb51a588a2443f7987deafb"}) unlink(&(0x7f00000002c0)='./file0\x00') openat$vimc0(0xffffffffffffff9c, &(0x7f0000000300)='/dev/video0\x00', 0x2, 0x0) r1 = shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x6000) shmdt(r1) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000340)='/proc/capi/capi20ncci\x00', 0x1000, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f0000000380), &(0x7f00000003c0)=0x4) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) sendmsg(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000400)="39b7", 0x2}, {&(0x7f0000000440)="b16c7a19013fa1fe2499891cd289a5f1c04275a1228fa06456f1f277f95078a7458f910b256d937a8be0dc15333935ad1c53483966b0514cff7cb53e53df7835505d3491ed1ac131b461dd66a00f5a20b9b11444459c9d1f0c9996f2dcdf644d65d5516d08d4bd2870e71518a38173043e18d507e35d773052a5498910afa52c162b11542d90e54c638b0fa91ebd400c7857e58da0521a209954a4a80d7e5a549a4bad45bffd105b301057c735560bf56a767ae752d1cbe5fec85a5e87558d3f89cb55bcb1561039c4b0cfb492458b86fa52c3562d9b749b22dbe4936bb7b3697a83962fe4b42cd58f2c3cdf573774", 0xef}, {&(0x7f0000000540)="c583037756a3ebb347ad064822e96b076258665ebf860b1863a065f4af1fba66c02aabdc565a24cc4e8b217ef28846f97aeb47606e118b49c5a5d1eb3bda43432f01dcb712acd44ebf", 0x49}, {&(0x7f00000005c0)="657012ac53b33a2b1d75ee2924cb0562e89938232242f23671326d0803db84ab9c00ef17858899bc8c19d2f685a851f39f4a924685bcb1acf665c84db6bf335886a5d8547dbdfa589d15393b4b974e4d27300d824d3e8dee8e03eedb43ae8def14e5f3709845586c971d2c44de34", 0x6e}], 0x4}, 0x9000) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f0000000700)={0x0, 0xffff, 0xff, 0x4}, 0x10) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000740)='/dev/vcs\x00', 0x180, 0x0) ioctl$USBDEVFS_BULK(r5, 0xc0185502, &(0x7f0000000800)={{{0xd, 0x1}}, 0x5e, 0x5, &(0x7f0000000780)="b4d3e9c7fb0fd48de64a9a0d70edf61f642d001bb6cb34a071008e24d995802ea268820054f7fa292b42d84380751ec41024529c94ba926407364da7817b47c01b1537852176b265fabb5a941299516ecfae6fd64a3d0d48f062db306d51"}) ioctl$IMHOLD_L1(r5, 0x80044948, &(0x7f0000000840)=0x9) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x3c, 0x0, 0x0, 0x70bd25, 0x25dfdbfd, {}, [@ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x2}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x7fff}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x200}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0xfff}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000004}, 0x8800) socket$inet6_icmp(0xa, 0x2, 0x3a) [ 115.121526][ T8662] IPVS: ftp: loaded support on port[0] = 21 [ 115.175981][ T8662] chnl_net:caif_netlink_parms(): no params data found [ 115.207021][ T8662] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.214227][ T8662] bridge0: port 1(bridge_slave_0) entered disabled state 19:52:35 executing program 1: ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, &(0x7f0000000000)) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080)='l2tp\x00') sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r1, 0x4, 0x70bd28, 0x25dfdbfc, {}, [@L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @mcast1}]}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x4810) r2 = dup2(r0, r0) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x1, 0x0) ioctl$TIOCSERGETLSR(r3, 0x5459, &(0x7f00000001c0)) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000200)='/dev/udmabuf\x00', 0x2) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r4, 0xc0406619, &(0x7f0000000240)={{0x2, 0x0, @identifier="3b4f435dc5786ea9ded313267f2c54a1"}}) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000280)='/dev/null\x00', 0x400000, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r5, 0x810c5701, &(0x7f00000002c0)) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000400)='/dev/zero\x00', 0x0, 0x0) ioctl$TIOCMBIS(r6, 0x5416, &(0x7f0000000440)=0x1) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000480)='net/bnep\x00') bind$xdp(r7, &(0x7f00000004c0)={0x2c, 0x9, 0x0, 0x3, r2}, 0x10) r8 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$VIDIOC_SUBDEV_G_SELECTION(r8, 0xc040563d, &(0x7f0000000500)={0x0, 0x0, 0x2, 0x7, {0x1, 0x5, 0x9, 0x4}}) ioctl$FIOCLEX(r5, 0x5451) openat$autofs(0xffffffffffffff9c, &(0x7f0000000540)='/dev/autofs\x00', 0x8000, 0x0) connect$can_j1939(0xffffffffffffffff, &(0x7f00000006c0)={0x1d, 0x0, 0x2, {0x1, 0x0, 0x2}, 0xfd}, 0x18) [ 115.221906][ T8662] device bridge_slave_0 entered promiscuous mode [ 115.229430][ T8662] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.236539][ T8662] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.244214][ T8662] device bridge_slave_1 entered promiscuous mode [ 115.261685][ T8662] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 115.272201][ T8662] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 115.287913][ T8662] team0: Port device team_slave_0 added [ 115.294988][ T8662] team0: Port device team_slave_1 added [ 115.307818][ T8662] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.315048][ T8662] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.340978][ T8662] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 115.352658][ T8662] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 115.359618][ T8662] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.393612][ T8662] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 115.409079][ T8816] IPVS: ftp: loaded support on port[0] = 21 [ 115.462969][ T8662] device hsr_slave_0 entered promiscuous mode [ 115.494655][ T8639] ================================================================== [ 115.502762][ T8639] BUG: KCSAN: data-race in tomoyo_domain_quota_is_ok / tomoyo_merge_path_acl [ 115.511525][ T8639] [ 115.513839][ T8639] write to 0xffff8880b337ba1a of 2 bytes by task 8642 on cpu 0: [ 115.521455][ T8639] tomoyo_merge_path_acl+0x4f/0x80 [ 115.526554][ T8639] tomoyo_update_domain+0x337/0x3a0 [ 115.531764][ T8639] tomoyo_write_file+0x210/0x910 [ 115.537298][ T8639] tomoyo_supervisor+0xac5/0xb30 [ 115.542221][ T8639] tomoyo_path_perm+0x261/0x330 [ 115.547053][ T8639] tomoyo_path_truncate+0x18/0x20 [ 115.552068][ T8639] security_path_truncate+0x7f/0xd0 [ 115.557249][ T8639] do_sys_ftruncate+0x2fa/0x3e0 [ 115.562084][ T8639] __x64_sys_ftruncate+0x2f/0x40 [ 115.567001][ T8639] do_syscall_64+0x51/0xb0 [ 115.571405][ T8639] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 115.577271][ T8639] [ 115.579590][ T8639] read to 0xffff8880b337ba1a of 2 bytes by task 8639 on cpu 1: [ 115.587119][ T8639] tomoyo_domain_quota_is_ok+0xd7/0x2d0 [ 115.592654][ T8639] tomoyo_supervisor+0x1f4/0xb30 [ 115.597592][ T8639] tomoyo_path_number_perm+0x227/0x2d0 [ 115.603045][ T8639] tomoyo_path_chmod+0x23/0x30 [ 115.607797][ T8639] security_path_chmod+0x92/0xe0 [ 115.612721][ T8639] chmod_common+0xe6/0x280 [ 115.617380][ T8639] __x64_sys_fchmodat+0x9b/0x120 [ 115.622306][ T8639] do_syscall_64+0x51/0xb0 [ 115.626712][ T8639] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 115.632583][ T8639] [ 115.634892][ T8639] Reported by Kernel Concurrency Sanitizer on: [ 115.641032][ T8639] CPU: 1 PID: 8639 Comm: syz-fuzzer Not tainted 5.8.0-rc6-syzkaller #0 [ 115.649250][ T8639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.659292][ T8639] ================================================================== [ 115.667343][ T8639] Kernel panic - not syncing: panic_on_warn set ... [ 115.673920][ T8639] CPU: 1 PID: 8639 Comm: syz-fuzzer Not tainted 5.8.0-rc6-syzkaller #0 [ 115.682143][ T8639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.692185][ T8639] Call Trace: [ 115.695473][ T8639] dump_stack+0x10f/0x19d [ 115.699789][ T8639] panic+0x207/0x64a [ 115.703675][ T8639] ? vprintk_emit+0x44a/0x4f0 [ 115.708345][ T8639] kcsan_report+0x684/0x690 [ 115.712837][ T8639] ? kcsan_setup_watchpoint+0x453/0x4d0 [ 115.718365][ T8639] ? tomoyo_domain_quota_is_ok+0xd7/0x2d0 [ 115.724073][ T8639] ? tomoyo_supervisor+0x1f4/0xb30 [ 115.729176][ T8639] ? tomoyo_path_number_perm+0x227/0x2d0 [ 115.734793][ T8639] ? tomoyo_path_chmod+0x23/0x30 [ 115.739720][ T8639] ? security_path_chmod+0x92/0xe0 [ 115.744812][ T8639] ? chmod_common+0xe6/0x280 [ 115.749386][ T8639] ? __x64_sys_fchmodat+0x9b/0x120 [ 115.754484][ T8639] ? do_syscall_64+0x51/0xb0 [ 115.759059][ T8639] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 115.765126][ T8639] ? tomoyo_profile+0x17/0x30 [ 115.769797][ T8639] ? tomoyo_profile+0x17/0x30 [ 115.774459][ T8639] kcsan_setup_watchpoint+0x453/0x4d0 [ 115.779817][ T8639] ? tomoyo_profile+0x17/0x30 [ 115.784479][ T8639] tomoyo_domain_quota_is_ok+0xd7/0x2d0 [ 115.790019][ T8639] tomoyo_supervisor+0x1f4/0xb30 [ 115.794954][ T8639] ? snprintf+0x6f/0x90 [ 115.799104][ T8639] tomoyo_path_number_perm+0x227/0x2d0 [ 115.804559][ T8639] ? filename_lookup+0x2b6/0x380 [ 115.809489][ T8639] tomoyo_path_chmod+0x23/0x30 [ 115.814240][ T8639] security_path_chmod+0x92/0xe0 [ 115.819174][ T8639] chmod_common+0xe6/0x280 [ 115.823594][ T8639] __x64_sys_fchmodat+0x9b/0x120 [ 115.828526][ T8639] do_syscall_64+0x51/0xb0 [ 115.832945][ T8639] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 115.838827][ T8639] RIP: 0033:0x4b3cdb [ 115.842700][ T8639] Code: Bad RIP value. [ 115.846752][ T8639] RSP: 002b:000000c0001f1878 EFLAGS: 00000212 ORIG_RAX: 000000000000010c [ 115.855234][ T8639] RAX: ffffffffffffffda RBX: 000000c00002e800 RCX: 00000000004b3cdb [ 115.863195][ T8639] RDX: 00000000000001ff RSI: 000000c00864e300 RDI: ffffffffffffff9c [ 115.871155][ T8639] RBP: 000000c0001f18d0 R08: 0000000000871a01 R09: 0000000000000001 [ 115.879116][ T8639] R10: 000000c00864e300 R11: 0000000000000212 R12: ffffffffffffffff [ 115.887078][ T8639] R13: 0000000000000011 R14: 0000000000000010 R15: 00000000000000aa [ 115.896311][ T8639] Kernel Offset: disabled [ 115.900680][ T8639] Rebooting in 86400 seconds..