[ 57.064078][ T27] audit: type=1800 audit(1579995877.104:28): pid=7916 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 57.618062][ T7981] sshd (7981) used greatest stack depth: 10136 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 57.929212][ T27] audit: type=1800 audit(1579995878.074:29): pid=7916 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 57.949639][ T27] audit: type=1800 audit(1579995878.084:30): pid=7916 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.251' (ECDSA) to the list of known hosts. 2020/01/25 23:44:46 fuzzer started 2020/01/25 23:44:48 dialing manager at 10.128.0.105:37311 2020/01/25 23:44:55 syscalls: 2893 2020/01/25 23:44:55 code coverage: enabled 2020/01/25 23:44:55 comparison tracing: enabled 2020/01/25 23:44:55 extra coverage: enabled 2020/01/25 23:44:55 setuid sandbox: enabled 2020/01/25 23:44:55 namespace sandbox: enabled 2020/01/25 23:44:55 Android sandbox: /sys/fs/selinux/policy does not exist 2020/01/25 23:44:55 fault injection: enabled 2020/01/25 23:44:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/01/25 23:44:55 net packet injection: enabled 2020/01/25 23:44:55 net device setup: enabled 2020/01/25 23:44:55 concurrency sanitizer: enabled 2020/01/25 23:44:55 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/01/25 23:45:01 adding functions to KCSAN blacklist: 'blk_mq_get_request' 'dd_has_work' 'tick_nohz_idle_stop_tick' 'tick_sched_do_timer' 'do_syslog' 'vm_area_dup' 'generic_fillattr' 'copy_process' 'sit_tunnel_xmit' '__hrtimer_run_queues' 'tomoyo_supervisor' 'ext4_nonda_switch' 'xas_clear_mark' 'ktime_get_real_seconds' 'vti_tunnel_xmit' 'blk_mq_run_hw_queue' 'ext4_free_inode' 'mod_timer' 'blk_mq_dispatch_rq_list' 'ext4_free_inodes_count' 'audit_log_start' 'blk_mq_sched_dispatch_requests' 'fsnotify' 'find_next_bit' 'run_timer_softirq' 'do_nanosleep' 'taskstats_exit' 'pcpu_alloc' 'wbt_done' 'tick_do_update_jiffies64' 'ep_poll' 'echo_char' 'rcu_gp_fqs_loop' '__ext4_new_inode' 'unix_release_sock' 'rcu_gp_fqs_check_wake' 'find_get_pages_range_tag' 'kauditd_thread' 'generic_write_end' 'commit_echoes' 'has_bh_in_lru' 23:46:27 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcsa\x00', 0xc0000, 0x0) ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f00000000c0)={0x4, 0x9, 0x4, 0x10, 0x2, {0x0, 0x7530}, {0x0, 0x1, 0x2f, 0x3f, 0xb3, 0x2, "617e8ccb"}, 0xffffffff, 0x2, @fd=r2, 0x80000001, 0x0, 0xffffffffffffffff}) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000001c0)={r3, &(0x7f0000000140)="eea51d90270c47295fb3bdf8e24671f73d63e120f6", &(0x7f0000000180)=""/34}, 0x20) r4 = socket$inet6(0xa, 0x80002, 0x0) sendmmsg$inet6(r4, &(0x7f0000007c40)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=[@rthdr={{0x28, 0x29, 0x39, {0x0, 0x2, 0x2, 0xf401, 0x0, [@loopback]}}}], 0x28}}], 0x1, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='auxv\x00') ioctl$RTC_SET_TIME(r5, 0x4024700a, 0x0) mkdirat$cgroup(r5, &(0x7f0000000000)='syz1\x00', 0x1ff) getsockopt$ARPT_SO_GET_ENTRIES(r5, 0x0, 0x61, &(0x7f0000000740)=ANY=[@ANYBLOB], 0x0) ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000540)={{0x2, 0x4e20, @remote}, {0x7, @local}, 0x46, {0x2, 0x4e20, @empty}, 'caif0\x00'}) preadv(r5, &(0x7f00000017c0), 0x1fe, 0x500) mmap$dsp(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xe902040cb593b1cd, 0x4028011, r5, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r4, 0x8982, &(0x7f0000000000)={0x0, 'xfrm0\x00', {}, 0x2}) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='auxv\x00') ioctl$RTC_SET_TIME(r6, 0x4024700a, 0x0) mkdirat$cgroup(r6, &(0x7f0000000000)='syz1\x00', 0x1ff) getsockopt$ARPT_SO_GET_ENTRIES(r6, 0x0, 0x61, &(0x7f0000000740)=ANY=[@ANYBLOB], 0x0) ioctl$sock_inet_SIOCSARP(r6, 0x8955, &(0x7f0000000540)={{0x2, 0x4e20, @remote}, {0x7, @local}, 0x46, {0x2, 0x4e20, @empty}, 'caif0\x00'}) r7 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r7, 0x40305652, &(0x7f0000000000)={0x0, 0x1, 0x0, 0x0, 0x0, 0x2080, 0x65f40}) ioctl$VIDIOC_QUERYBUF(r7, 0xc0585609, &(0x7f0000000300)={0x0, 0x4, 0x4, 0x40, 0x3000, {0x77359400}, {0x3, 0x2, 0x1c, 0x5a, 0x6, 0xe8, "53f69b82"}, 0x9, 0xc00e5a8dc6ddb0e, @planes=&(0x7f0000000280)={0xfffffff7, 0x4, @mem_offset=0x100, 0xffff0000}, 0x4, 0x0, r2}) ioctl$IOC_PR_CLEAR(r8, 0x401070cd, &(0x7f0000000380)={0x2}) preadv(r6, &(0x7f00000017c0), 0x1fe, 0x500) setsockopt$IP_VS_SO_SET_ZERO(r6, 0x0, 0x48f, &(0x7f0000000240)={0x1, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e22, 0x1, 'wrr\x00', 0x20, 0x6, 0x4}, 0x2c) r9 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r10, 0x6, 0x1, 0x0, 0x0) 23:46:28 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') r1 = getpid() open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r2, 0x4, 0x6dd45b3e1950b569) fstat(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = openat$null(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/null\x00', 0xb4000, 0x0) lstat(0x0, 0x0) mount$fuseblk(&(0x7f0000000400)='/dev/loop0\x00', 0x0, &(0x7f0000000480)='fuseblk\x00', 0x8048, &(0x7f0000000680)={{'fd', 0x3d, r4}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}], [{@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@euid_eq={'euid'}}]}}) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000300)={0x78, 0x0, 0x3, {0xff, 0x8, 0x0, {0x2, 0x80, 0x401, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x42, 0x800, 0x4, 0x0, r3, 0x0, 0x0, 0x7}}}, 0x78) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000040)={0xffffffff, 0x7, {r1}, {}, 0x8, 0x5}) lstat(0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000200)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1={0xff, 0x1, [0xe]}, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) syzkaller login: [ 167.996614][ T8089] IPVS: ftp: loaded support on port[0] = 21 [ 168.109950][ T8089] chnl_net:caif_netlink_parms(): no params data found [ 168.204089][ T8089] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.211403][ T8089] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.229841][ T8089] device bridge_slave_0 entered promiscuous mode [ 168.246391][ T8092] IPVS: ftp: loaded support on port[0] = 21 [ 168.250204][ T8089] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.259503][ T8089] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.267776][ T8089] device bridge_slave_1 entered promiscuous mode [ 168.310562][ T8089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.341114][ T8089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 23:46:28 executing program 2: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000001840)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000000)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x1d, 0x0, 0x0, {}, 0xff}, 0x18, &(0x7f0000000100)={0x0}}, 0x0) [ 168.370907][ T8089] team0: Port device team_slave_0 added [ 168.391143][ T8075] ================================================================== [ 168.399304][ T8075] BUG: KCSAN: data-race in tomoyo_domain_quota_is_ok / tomoyo_update_domain [ 168.408386][ T8075] [ 168.410712][ T8075] read to 0xffff888103508e98 of 1 bytes by task 8076 on cpu 1: [ 168.418260][ T8075] tomoyo_domain_quota_is_ok+0xe9/0x2b0 [ 168.423814][ T8075] tomoyo_supervisor+0x22b/0xd20 [ 168.428783][ T8075] tomoyo_path_number_perm+0x323/0x3c0 [ 168.434295][ T8075] tomoyo_path_chmod+0x2f/0x40 [ 168.439064][ T8075] security_path_chmod+0xac/0xe0 [ 168.443998][ T8075] chmod_common+0xe0/0x2d0 [ 168.448666][ T8075] do_fchmodat+0x7a/0x100 [ 168.452991][ T8075] __x64_sys_fchmodat+0x4d/0x60 [ 168.457964][ T8075] do_syscall_64+0xcc/0x3a0 [ 168.462522][ T8075] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 168.468653][ T8075] [ 168.470982][ T8075] write to 0xffff888103508e98 of 1 bytes by task 8075 on cpu 0: [ 168.478730][ T8075] tomoyo_update_domain+0x32f/0x450 [ 168.483926][ T8075] tomoyo_write_file+0x34e/0x580 [ 168.489084][ T8075] tomoyo_write_domain2+0xad/0x120 [ 168.494295][ T8075] tomoyo_supervisor+0xad7/0xd20 [ 168.499236][ T8075] tomoyo_path_permission+0x121/0x160 [ 168.504607][ T8075] tomoyo_check_open_permission+0x2b9/0x320 [ 168.510607][ T8075] tomoyo_file_open+0x75/0x90 [ 168.515283][ T8075] security_file_open+0x69/0x210 [ 168.520216][ T8075] do_dentry_open+0x211/0x970 [ 168.524879][ T8075] vfs_open+0x62/0x80 [ 168.528858][ T8075] path_openat+0xf9f/0x3580 [ 168.533355][ T8075] do_filp_open+0x11e/0x1b0 [ 168.537851][ T8075] do_sys_open+0x3b3/0x4f0 [ 168.542275][ T8075] __x64_sys_openat+0x62/0x80 [ 168.546952][ T8075] do_syscall_64+0xcc/0x3a0 [ 168.551446][ T8075] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 168.557321][ T8075] [ 168.559758][ T8075] Reported by Kernel Concurrency Sanitizer on: [ 168.566226][ T8075] CPU: 0 PID: 8075 Comm: syz-fuzzer Not tainted 5.5.0-rc1-syzkaller #0 [ 168.574577][ T8075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.584627][ T8075] ================================================================== [ 168.592682][ T8075] Kernel panic - not syncing: panic_on_warn set ... [ 168.599496][ T8075] CPU: 0 PID: 8075 Comm: syz-fuzzer Not tainted 5.5.0-rc1-syzkaller #0 [ 168.607718][ T8075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.617877][ T8075] Call Trace: [ 168.621161][ T8075] dump_stack+0x11d/0x181 [ 168.625524][ T8075] panic+0x210/0x640 [ 168.629507][ T8075] ? vprintk_func+0x8d/0x140 [ 168.634182][ T8075] kcsan_report.cold+0xc/0xd [ 168.639339][ T8075] kcsan_setup_watchpoint+0x3fe/0x460 [ 168.644747][ T8075] ? tomoyo_same_path_acl+0x80/0x80 [ 168.650100][ T8075] __tsan_unaligned_write1+0xc3/0x100 [ 168.655466][ T8075] tomoyo_update_domain+0x32f/0x450 [ 168.660889][ T8075] ? tomoyo_same_path_acl+0x80/0x80 [ 168.666157][ T8075] ? tomoyo_write_misc+0x190/0x190 [ 168.671271][ T8075] tomoyo_write_file+0x34e/0x580 [ 168.676206][ T8075] ? vsnprintf+0x1a7/0xb40 [ 168.680637][ T8075] ? strncmp+0x66/0x80 [ 168.684723][ T8075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 168.690962][ T8075] tomoyo_write_domain2+0xad/0x120 [ 168.696109][ T8075] tomoyo_supervisor+0xad7/0xd20 [ 168.701159][ T8075] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 168.706884][ T8075] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 168.713128][ T8075] ? __read_once_size.constprop.0+0x12/0x20 [ 168.719142][ T8075] tomoyo_path_permission+0x121/0x160 [ 168.724522][ T8075] tomoyo_check_open_permission+0x2b9/0x320 [ 168.730697][ T8075] tomoyo_file_open+0x75/0x90 [ 168.735534][ T8075] security_file_open+0x69/0x210 [ 168.740477][ T8075] do_dentry_open+0x211/0x970 [ 168.745143][ T8075] ? security_inode_permission+0xa5/0xc0 [ 168.750825][ T8075] vfs_open+0x62/0x80 [ 168.754796][ T8075] path_openat+0xf9f/0x3580 [ 168.759305][ T8075] ? pipe_read+0x731/0x840 [ 168.763719][ T8075] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 168.770006][ T8075] do_filp_open+0x11e/0x1b0 [ 168.774522][ T8075] ? _raw_spin_unlock+0x4b/0x60 [ 168.779377][ T8075] ? __alloc_fd+0x2ef/0x3b0 [ 168.784001][ T8075] ? get_unused_fd_flags+0x93/0xc0 [ 168.789412][ T8075] do_sys_open+0x3b3/0x4f0 [ 168.793931][ T8075] __x64_sys_openat+0x62/0x80 [ 168.798609][ T8075] do_syscall_64+0xcc/0x3a0 [ 168.803115][ T8075] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 168.809002][ T8075] RIP: 0033:0x47c5aa [ 168.812911][ T8075] Code: e8 7b 6b fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 168.832651][ T8075] RSP: 002b:000000c4202e97c0 EFLAGS: 00000206 ORIG_RAX: 0000000000000101 [ 168.841186][ T8075] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047c5aa [ 168.849164][ T8075] RDX: 00000000000800c2 RSI: 000000c42c258360 RDI: ffffffffffffff9c [ 168.857151][ T8075] RBP: 000000c4202e9840 R08: 0000000000000000 R09: 0000000000000000 [ 168.865261][ T8075] R10: 0000000000000180 R11: 0000000000000206 R12: ffffffffffffffff [ 168.873240][ T8075] R13: 000000000000001c R14: 000000000000001b R15: 0000000000000100 [ 168.882650][ T8075] Kernel Offset: disabled [ 168.886992][ T8075] Rebooting in 86400 seconds..