[info] Using makefile-style concurrent boot in runlevel 2. [ 47.314803][ T27] audit: type=1800 audit(1576961178.361:21): pid=7795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 47.359746][ T27] audit: type=1800 audit(1576961178.361:22): pid=7795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.186' (ECDSA) to the list of known hosts. 2019/12/21 20:46:32 fuzzer started 2019/12/21 20:46:34 dialing manager at 10.128.0.105:34305 2019/12/21 20:46:34 syscalls: 2690 2019/12/21 20:46:34 code coverage: enabled 2019/12/21 20:46:34 comparison tracing: enabled 2019/12/21 20:46:34 extra coverage: enabled 2019/12/21 20:46:34 setuid sandbox: enabled 2019/12/21 20:46:34 namespace sandbox: enabled 2019/12/21 20:46:34 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/21 20:46:34 fault injection: enabled 2019/12/21 20:46:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/21 20:46:34 net packet injection: enabled 2019/12/21 20:46:34 net device setup: enabled 2019/12/21 20:46:34 concurrency sanitizer: enabled 2019/12/21 20:46:34 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 64.880696][ T7959] KCSAN: could not find function: 'poll_schedule_timeout' 2019/12/21 20:46:48 adding functions to KCSAN blacklist: 'tick_nohz_idle_stop_tick' 'ext4_da_write_end' '__rcu_read_unlock' '__tty_hangup' 'alloc_empty_file' 'ktime_get_seconds' 'pipe_wait' 'poll_schedule_timeout' 'ns_capable_common' 'fasync_remove_entry' 'list_lru_count_one' 'tick_sched_do_timer' '__snd_rawmidi_transmit_ack' 'snd_seq_check_queue' 'generic_fillattr' 'page_counter_try_charge' 'fprop_fraction_percpu' 'add_timer' 'blk_mq_run_hw_queue' 'ext4_free_inode' 'sit_tunnel_xmit' 'clear_inode' 'balance_pgdat' 'do_wait' 'do_readlinkat' 'mod_timer' 'taskstats_exit' 'ext4_free_inodes_count' 'mm_update_next_owner' 'pid_update_inode' 'do_syslog' 'wbt_issue' 'lruvec_lru_size' 'xas_clear_mark' 'find_next_bit' 'rcu_gp_fqs_check_wake' 'tomoyo_supervisor' 'generic_write_end' 'futex_wait_queue_me' 'ext4_has_free_clusters' 'n_tty_receive_buf_common' 'ktime_get_real_seconds' 'relay_switch_subbuf' 'snd_seq_prioq_cell_out' 'do_nanosleep' 'netlink_deliver_tap' 'echo_char' 'exit_signals' 'virtqueue_enable_cb_delayed' 'ext4_nonda_switch' 'blk_mq_get_request' 'ext4_alloc_da_blocks' 'audit_log_start' 'virtqueue_disable_cb' 'del_timer' 'vti_tunnel_xmit' '__ext4_new_inode' 'skb_dequeue' 'blk_mq_dispatch_rq_list' 'vm_area_dup' 'copy_process' 'generic_update_time' 'pcpu_alloc' 'do_try_to_free_pages' 'tick_do_update_jiffies64' '__mark_inode_dirty' 'kauditd_thread' 'kvm_mmu_notifier_invalidate_range_end' 'queue_access_lock' 'has_bh_in_lru' 'xas_find_marked' 'ext4_mb_good_group' 'do_signal_stop' 'd_instantiate_new' 'find_get_pages_range_tag' 'balance_dirty_pages' 'iput' 'ep_poll' 'wbt_done' 'timer_clear_idle' 'generic_file_read_iter' 'ext4_sync_file' 'run_timer_softirq' 'blk_mq_sched_dispatch_requests' '__perf_event_overflow' 'ext4_mb_find_by_goal' 'kcm_rcv_strparser' 'ext4_mark_iloc_dirty' '__add_to_page_cache_locked' '__hrtimer_run_queues' 'dd_has_work' 'iomap_dio_bio_actor' 'list_lru_add' 'tomoyo_check_path_acl' 'process_srcu' 'rcu_gp_fqs_loop' 20:50:03 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r4, 0x8040ae9f, &(0x7f0000000040)) [ 272.538461][ T7963] IPVS: ftp: loaded support on port[0] = 21 20:50:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000002840)={0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000004c0)=""/151, 0x97}, {0x0}, {0x0}], 0x3}, 0x2) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r2, 0x0, 0x73a0b1b, 0x0, 0x0, 0x800e00549) shutdown(r1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000040)=""/138, 0x8a}, {0x0}], 0x2}, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r4, 0x0, 0xccf3, 0x0, 0x0, 0x800e0053d) shutdown(r3, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r5, &(0x7f0000000440)=[{&(0x7f0000000000)=""/58, 0x3a}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5) shutdown(r4, 0x0) shutdown(r2, 0x0) [ 272.617472][ T7963] chnl_net:caif_netlink_parms(): no params data found [ 272.645877][ T7963] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.653002][ T7963] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.660594][ T7963] device bridge_slave_0 entered promiscuous mode [ 272.668372][ T7963] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.675838][ T7963] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.683838][ T7963] device bridge_slave_1 entered promiscuous mode [ 272.701148][ T7963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 272.711541][ T7963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 272.732382][ T7963] team0: Port device team_slave_0 added [ 272.739172][ T7963] team0: Port device team_slave_1 added [ 272.793928][ T7963] device hsr_slave_0 entered promiscuous mode 20:50:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f00000002c0)=""/4096, 0x1000}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5}, 0x0) recvfrom$inet(r2, 0x0, 0xdeae, 0x0, 0x0, 0x800e00505) shutdown(r1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) readv(r3, &(0x7f0000001680)=[{&(0x7f00000001c0)=""/250, 0xfa}], 0x1) r4 = dup(r3) r5 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r5, 0x0, 0xccf3, 0x0, 0x0, 0x800e0050e) shutdown(r4, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) shutdown(r5, 0x0) shutdown(r2, 0x0) [ 272.862034][ T7963] device hsr_slave_1 entered promiscuous mode [ 272.946031][ T7966] IPVS: ftp: loaded support on port[0] = 21 [ 272.965181][ T7963] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 273.024145][ T7963] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 273.072299][ T7963] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 273.119379][ T7961] ================================================================== [ 273.127629][ T7961] BUG: KCSAN: data-race in tomoyo_domain_quota_is_ok / tomoyo_merge_path_acl [ 273.136567][ T7961] [ 273.138906][ T7961] write to 0xffff8880b4e0121a of 2 bytes by task 7948 on cpu 0: [ 273.146557][ T7961] tomoyo_merge_path_acl+0x6c/0xa0 [ 273.151679][ T7961] tomoyo_update_domain+0x323/0x450 [ 273.156891][ T7961] tomoyo_write_file+0x34e/0x580 [ 273.161838][ T7961] tomoyo_write_domain2+0xad/0x120 [ 273.166982][ T7961] tomoyo_supervisor+0xad7/0xd20 [ 273.172017][ T7961] tomoyo_path_permission+0x121/0x160 [ 273.177417][ T7961] tomoyo_check_open_permission+0x2b9/0x320 [ 273.183316][ T7961] tomoyo_file_open+0x75/0x90 [ 273.187999][ T7961] security_file_open+0x69/0x210 [ 273.192952][ T7961] do_dentry_open+0x211/0x970 [ 273.197659][ T7961] vfs_open+0x62/0x80 [ 273.201641][ T7961] path_openat+0xf9f/0x3580 [ 273.206144][ T7961] do_filp_open+0x11e/0x1b0 [ 273.210658][ T7961] do_sys_open+0x3b3/0x4f0 [ 273.215080][ T7961] __x64_sys_openat+0x62/0x80 [ 273.219763][ T7961] do_syscall_64+0xcc/0x3a0 [ 273.224286][ T7961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 273.230166][ T7961] [ 273.232512][ T7961] read to 0xffff8880b4e0121a of 2 bytes by task 7961 on cpu 1: [ 273.240063][ T7961] tomoyo_domain_quota_is_ok+0x29c/0x2b0 [ 273.245725][ T7961] tomoyo_supervisor+0x22b/0xd20 [ 273.250667][ T7961] tomoyo_path_number_perm+0x323/0x3c0 [ 273.256128][ T7961] tomoyo_path_chmod+0x2f/0x40 [ 273.260904][ T7961] security_path_chmod+0xac/0xe0 [ 273.265854][ T7961] chmod_common+0xe0/0x2d0 [ 273.270274][ T7961] do_fchmodat+0x7a/0x100 [ 273.274630][ T7961] __x64_sys_fchmodat+0x4d/0x60 [ 273.279496][ T7961] do_syscall_64+0xcc/0x3a0 [ 273.284033][ T7961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 273.289922][ T7961] [ 273.292253][ T7961] Reported by Kernel Concurrency Sanitizer on: [ 273.298418][ T7961] CPU: 1 PID: 7961 Comm: syz-fuzzer Not tainted 5.5.0-rc1-syzkaller #0 [ 273.306665][ T7961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 273.316731][ T7961] ================================================================== [ 273.324797][ T7961] Kernel panic - not syncing: panic_on_warn set ... [ 273.331402][ T7961] CPU: 1 PID: 7961 Comm: syz-fuzzer Not tainted 5.5.0-rc1-syzkaller #0 [ 273.339665][ T7961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 273.349807][ T7961] Call Trace: [ 273.353121][ T7961] dump_stack+0x11d/0x181 [ 273.357498][ T7961] panic+0x210/0x640 [ 273.361428][ T7961] ? vprintk_func+0x8d/0x140 [ 273.366124][ T7961] kcsan_report.cold+0xc/0xd [ 273.370730][ T7961] kcsan_setup_watchpoint+0x3fe/0x460 [ 273.376120][ T7961] __tsan_read2+0xc6/0x100 [ 273.380545][ T7961] tomoyo_domain_quota_is_ok+0x29c/0x2b0 [ 273.386202][ T7961] tomoyo_supervisor+0x22b/0xd20 [ 273.391800][ T7961] tomoyo_path_number_perm+0x323/0x3c0 [ 273.397497][ T7961] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 273.403402][ T7961] ? __read_once_size+0x5a/0xe0 [ 273.408269][ T7961] tomoyo_path_chmod+0x2f/0x40 [ 273.413048][ T7961] security_path_chmod+0xac/0xe0 [ 273.418028][ T7961] chmod_common+0xe0/0x2d0 [ 273.422560][ T7961] do_fchmodat+0x7a/0x100 [ 273.426912][ T7961] __x64_sys_fchmodat+0x4d/0x60 [ 273.431786][ T7961] do_syscall_64+0xcc/0x3a0 [ 273.436312][ T7961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 273.442222][ T7961] RIP: 0033:0x47c5aa [ 273.446126][ T7961] Code: e8 7b 6b fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 273.465827][ T7961] RSP: 002b:000000c43f99f9e0 EFLAGS: 00000206 ORIG_RAX: 000000000000010c [ 273.474232][ T7961] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047c5aa [ 273.482217][ T7961] RDX: 00000000000001ff RSI: 000000c437cc23c0 RDI: ffffffffffffff9c [ 273.490236][ T7961] RBP: 000000c43f99fa58 R08: 0000000000000000 R09: 0000000000000000 [ 273.498203][ T7961] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffffff [ 273.506188][ T7961] R13: 0000000000000015 R14: 0000000000000014 R15: 00000000000000aa [ 273.515604][ T7961] Kernel Offset: disabled [ 273.520041][ T7961] Rebooting in 86400 seconds..