[info] Using makefile-style concurrent boot in runlevel 2. [ 66.170842][ T27] audit: type=1800 audit(1580602306.093:21): pid=7791 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 66.228547][ T27] audit: type=1800 audit(1580602306.093:22): pid=7791 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.15' (ECDSA) to the list of known hosts. 2020/02/02 00:11:57 fuzzer started 2020/02/02 00:11:59 dialing manager at 10.128.0.105:42903 2020/02/02 00:11:59 syscalls: 2904 2020/02/02 00:11:59 code coverage: enabled 2020/02/02 00:11:59 comparison tracing: enabled 2020/02/02 00:11:59 extra coverage: enabled 2020/02/02 00:11:59 setuid sandbox: enabled 2020/02/02 00:11:59 namespace sandbox: enabled 2020/02/02 00:11:59 Android sandbox: /sys/fs/selinux/policy does not exist 2020/02/02 00:11:59 fault injection: enabled 2020/02/02 00:11:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/02/02 00:11:59 net packet injection: enabled 2020/02/02 00:11:59 net device setup: enabled 2020/02/02 00:11:59 concurrency sanitizer: enabled 2020/02/02 00:11:59 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 80.281482][ T7961] KCSAN: could not find function: 'poll_schedule_timeout' 2020/02/02 00:12:05 adding functions to KCSAN blacklist: 'common_perm_cond' 'run_timer_softirq' 'ext4_nonda_switch' 'poll_schedule_timeout' 'del_timer' 'find_next_bit' 'taskstats_exit' 'blk_mq_run_hw_queue' 'add_timer' 'mod_timer' 'dd_has_work' 'tomoyo_supervisor' 'ep_poll' '__ext4_new_inode' 'blk_mq_get_request' '__hrtimer_run_queues' 'futex_wait_queue_me' 'pcpu_alloc' 'wbt_issue' 'ktime_get_real_seconds' 'rcu_gp_fqs_check_wake' 'generic_write_end' 'page_counter_try_charge' 'xas_clear_mark' 'filemap_fault' 'ext4_has_free_clusters' 'wbt_done' '__rb_insert_augmented' 'copy_process' 'do_nanosleep' 'ext4_free_inode' 'blk_mq_dispatch_rq_list' 'do_exit' 'enqueue_timer' 'audit_log_start' 'dput' 'find_get_pages_range_tag' 'process_srcu' 'tick_nohz_idle_stop_tick' 'ext4_free_inodes_count' 'tick_do_update_jiffies64' 'kauditd_thread' 'tick_sched_do_timer' 'blk_mq_sched_dispatch_requests' 'do_syslog' 'ext4_handle_inode_extension' '__delete_from_page_cache' 'n_tty_receive_buf_common' 'vm_area_dup' 'generic_fillattr' 00:13:32 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$alg(0x26, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000), 0x111}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0x6000000, 0x0, 0x81, @empty}, {0xa, 0x0, 0x3, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x3}, r1}}, 0x48) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x7ff, 0x5}, 0x0) r3 = socket(0x0, 0x0, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb), 0x0) setresuid(0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000200)={0x3, 0xfffffffffffffd8f, 0xfa00, {{0x6000000, 0x0, 0x0, @empty}, {0xa, 0xfffe, 0x0, @rand_addr="fe800000000000ae7a29e5e36fc3e001"}}}, 0x48) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xba, 0xfa00, {0x0, &(0x7f0000000f80)}}, 0xffffffffffffff40) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000), 0x111}}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000300)={@mcast2}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) ioctl$DRM_IOCTL_SET_UNIQUE(0xffffffffffffffff, 0x40106410, 0x0) 00:13:32 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x208102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000002800000028000000020000000000000f01000000000000000000000000000000f3000000000000000f030000007794b90000"], &(0x7f0000000380)=""/249, 0x42, 0xf9, 0x8}, 0x20) [ 172.631790][ T7964] IPVS: ftp: loaded support on port[0] = 21 [ 172.746366][ T7964] chnl_net:caif_netlink_parms(): no params data found [ 172.846883][ T7964] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.854082][ T7964] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.867802][ T7964] device bridge_slave_0 entered promiscuous mode [ 172.880223][ T7969] IPVS: ftp: loaded support on port[0] = 21 [ 172.886364][ T7964] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.896092][ T7964] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.903742][ T7964] device bridge_slave_1 entered promiscuous mode 00:13:32 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='auxv\x00') r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0) inotify_init() [ 172.939718][ T7964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 172.953851][ T7964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 173.000082][ T7964] team0: Port device team_slave_0 added [ 173.018835][ T7964] team0: Port device team_slave_1 added [ 173.059322][ T7964] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 173.075447][ T7964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 173.125463][ T7964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 173.146573][ T7964] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 173.153679][ T7964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 173.185114][ T7964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 173.204369][ T7972] IPVS: ftp: loaded support on port[0] = 21 00:13:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe8478071") sendmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="5500000018007f5300fe01b2a4a280930a600200ffa84308910000003900080008000800010000000000156f757284366a660006000000000000dc1338d54400009b84136ef75afb83de448daa7227c43ab8220000", 0x55}], 0x1}, 0x0) [ 173.286216][ T7950] ================================================================== [ 173.294352][ T7950] BUG: KCSAN: data-race in tomoyo_domain_quota_is_ok / tomoyo_merge_path_acl [ 173.303172][ T7950] [ 173.305503][ T7950] read to 0xffff8880bafde25a of 2 bytes by task 7949 on cpu 0: [ 173.313042][ T7950] tomoyo_domain_quota_is_ok+0x29c/0x2b0 [ 173.318795][ T7950] tomoyo_supervisor+0x22b/0xd20 [ 173.323777][ T7950] tomoyo_path_number_perm+0x323/0x3c0 [ 173.329331][ T7950] tomoyo_path_chmod+0x2f/0x40 [ 173.334139][ T7950] security_path_chmod+0xac/0xe0 [ 173.339060][ T7950] chmod_common+0xe0/0x2d0 [ 173.343528][ T7950] do_fchmodat+0x7a/0x100 [ 173.347901][ T7950] __x64_sys_fchmodat+0x4d/0x60 [ 173.352742][ T7950] do_syscall_64+0xcc/0x3a0 [ 173.357245][ T7950] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 173.363118][ T7950] [ 173.365464][ T7950] write to 0xffff8880bafde25a of 2 bytes by task 7950 on cpu 1: [ 173.373111][ T7950] tomoyo_merge_path_acl+0x6c/0xa0 [ 173.378369][ T7950] tomoyo_update_domain+0x323/0x450 [ 173.383563][ T7950] tomoyo_write_file+0x34e/0x580 [ 173.388573][ T7950] tomoyo_write_domain2+0xad/0x120 [ 173.393676][ T7950] tomoyo_supervisor+0xad7/0xd20 [ 173.398619][ T7950] tomoyo_path_permission+0x121/0x160 [ 173.403991][ T7950] tomoyo_check_open_permission+0x2b9/0x320 [ 173.409899][ T7950] tomoyo_file_open+0x75/0x90 [ 173.414576][ T7950] security_file_open+0x69/0x210 [ 173.419521][ T7950] do_dentry_open+0x211/0x970 [ 173.424185][ T7950] vfs_open+0x62/0x80 [ 173.428151][ T7950] path_openat+0xf9f/0x3580 [ 173.432935][ T7950] do_filp_open+0x11e/0x1b0 [ 173.437433][ T7950] do_sys_open+0x3b3/0x4f0 [ 173.441838][ T7950] __x64_sys_openat+0x62/0x80 [ 173.446847][ T7950] do_syscall_64+0xcc/0x3a0 [ 173.451357][ T7950] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 173.457231][ T7950] [ 173.459543][ T7950] Reported by Kernel Concurrency Sanitizer on: [ 173.465688][ T7950] CPU: 1 PID: 7950 Comm: syz-fuzzer Not tainted 5.5.0-rc1-syzkaller #0 [ 173.473907][ T7950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.484194][ T7950] ================================================================== [ 173.492411][ T7950] Kernel panic - not syncing: panic_on_warn set ... [ 173.498994][ T7950] CPU: 1 PID: 7950 Comm: syz-fuzzer Not tainted 5.5.0-rc1-syzkaller #0 [ 173.507350][ T7950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.517394][ T7950] Call Trace: [ 173.520762][ T7950] dump_stack+0x11d/0x181 [ 173.525089][ T7950] panic+0x210/0x640 [ 173.528986][ T7950] ? vprintk_func+0x8d/0x140 [ 173.533576][ T7950] kcsan_report.cold+0xc/0xd [ 173.538164][ T7950] kcsan_setup_watchpoint+0x3fe/0x460 [ 173.543655][ T7950] __tsan_unaligned_write2+0xc7/0x110 [ 173.549028][ T7950] tomoyo_merge_path_acl+0x6c/0xa0 [ 173.554137][ T7950] ? tomoyo_same_path_acl+0x80/0x80 [ 173.559336][ T7950] tomoyo_update_domain+0x323/0x450 [ 173.564538][ T7950] ? tomoyo_same_path_acl+0x80/0x80 [ 173.569789][ T7950] ? tomoyo_write_misc+0x190/0x190 [ 173.574902][ T7950] tomoyo_write_file+0x34e/0x580 [ 173.579839][ T7950] ? __tsan_read1+0xc2/0x100 [ 173.584435][ T7950] ? strncmp+0x66/0x80 [ 173.588510][ T7950] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 173.594742][ T7950] tomoyo_write_domain2+0xad/0x120 [ 173.599938][ T7950] tomoyo_supervisor+0xad7/0xd20 [ 173.604870][ T7950] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 173.610590][ T7950] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 173.616935][ T7950] ? __read_once_size.constprop.0+0x12/0x20 [ 173.623129][ T7950] tomoyo_path_permission+0x121/0x160 [ 173.628563][ T7950] tomoyo_check_open_permission+0x2b9/0x320 [ 173.634495][ T7950] tomoyo_file_open+0x75/0x90 [ 173.639255][ T7950] security_file_open+0x69/0x210 [ 173.644186][ T7950] do_dentry_open+0x211/0x970 [ 173.649067][ T7950] ? security_inode_permission+0xa5/0xc0 [ 173.654966][ T7950] vfs_open+0x62/0x80 [ 173.658991][ T7950] path_openat+0xf9f/0x3580 [ 173.663512][ T7950] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 173.669407][ T7950] do_filp_open+0x11e/0x1b0 [ 173.673913][ T7950] ? _raw_spin_unlock+0x4b/0x60 [ 173.678762][ T7950] ? __alloc_fd+0x2ef/0x3b0 [ 173.683266][ T7950] ? get_unused_fd_flags+0x93/0xc0 [ 173.688394][ T7950] do_sys_open+0x3b3/0x4f0 [ 173.692819][ T7950] __x64_sys_openat+0x62/0x80 [ 173.697492][ T7950] do_syscall_64+0xcc/0x3a0 [ 173.701985][ T7950] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 173.707866][ T7950] RIP: 0033:0x47c5aa [ 173.711776][ T7950] Code: e8 7b 6b fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 173.731568][ T7950] RSP: 002b:000000c4202db7c0 EFLAGS: 00000206 ORIG_RAX: 0000000000000101 [ 173.740157][ T7950] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047c5aa [ 173.748350][ T7950] RDX: 00000000000800c2 RSI: 000000c42c2a6a80 RDI: ffffffffffffff9c [ 173.756366][ T7950] RBP: 000000c4202db840 R08: 0000000000000000 R09: 0000000000000000 [ 173.764334][ T7950] R10: 0000000000000180 R11: 0000000000000206 R12: ffffffffffffffff [ 173.772346][ T7950] R13: 0000000000000055 R14: 0000000000000054 R15: 0000000000000100 [ 173.781751][ T7950] Kernel Offset: disabled [ 173.786102][ T7950] Rebooting in 86400 seconds..