[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.74' (ECDSA) to the list of known hosts. 2020/11/21 11:01:35 fuzzer started 2020/11/21 11:01:35 dialing manager at 10.128.0.105:42233 2020/11/21 11:01:35 syscalls: 3448 2020/11/21 11:01:35 code coverage: enabled 2020/11/21 11:01:35 comparison tracing: enabled 2020/11/21 11:01:35 extra coverage: enabled 2020/11/21 11:01:35 setuid sandbox: enabled 2020/11/21 11:01:35 namespace sandbox: enabled 2020/11/21 11:01:35 Android sandbox: /sys/fs/selinux/policy does not exist 2020/11/21 11:01:35 fault injection: enabled 2020/11/21 11:01:35 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/11/21 11:01:35 net packet injection: enabled 2020/11/21 11:01:35 net device setup: enabled 2020/11/21 11:01:35 concurrency sanitizer: enabled 2020/11/21 11:01:35 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/11/21 11:01:35 USB emulation: enabled 2020/11/21 11:01:35 hci packet injection: enabled 2020/11/21 11:01:35 wifi device emulation: enabled 2020/11/21 11:01:36 suppressing KCSAN reports in functions: '__xa_clear_mark' 'ext4_writepages' '__mark_inode_dirty' 'generic_write_end' 'futex_wait_queue_me' 'alloc_pid' 'ext4_free_inodes_count' '__ext4_new_inode' 'do_sys_poll' 'exit_mm' 'ext4_mb_find_by_goal' '__io_cqring_fill_event' 'ext4_free_inode' '__mod_timer' 11:01:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000ff0100000000", @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x52) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1, 'vlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x44}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb, 0x1, 'ipvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x44}}, 0x0) 11:01:51 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$ENABLE_STATS(0x20, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7ffffff7}]}) prlimit64(0x0, 0x0, 0x0, 0x0) 11:01:51 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@ipv4_newrule={0x2c, 0x20, 0x1, 0x0, 0x0, {0x2, 0x0, 0x20}, [@FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x33}, @FRA_SRC={0x8, 0x2, @multicast1}]}, 0x2c}}, 0x0) 11:01:51 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000b40)='/dev/fuse\x00', 0x42, 0x0) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x8040, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f00000000c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000200)={0x29, 0x3, 0x0, {0x1, 0x8, 0x0, 'group_id'}}, 0x29) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) syzkaller login: [ 47.571319][ T8454] ================================================================== [ 47.579712][ T8454] BUG: KCSAN: data-race in tomoyo_domain_quota_is_ok / tomoyo_merge_path_acl [ 47.588522][ T8454] [ 47.590916][ T8454] write to 0xffff88812b6f4fda of 2 bytes by task 8456 on cpu 1: [ 47.598599][ T8454] tomoyo_merge_path_acl+0x4c/0x70 [ 47.603800][ T8454] tomoyo_update_domain+0x337/0x3a0 [ 47.609057][ T8454] tomoyo_write_file+0x210/0x910 [ 47.614050][ T8454] tomoyo_supervisor+0xaad/0xb20 [ 47.619057][ T8454] tomoyo_check_open_permission+0x2d0/0x370 [ 47.625364][ T8454] tomoyo_file_open+0xd3/0xf0 [ 47.630129][ T8454] security_file_open+0x3f/0x90 [ 47.635158][ T8454] do_dentry_open+0x22d/0x870 [ 47.639913][ T8454] vfs_open+0x43/0x50 [ 47.644072][ T8454] path_openat+0x1844/0x20a0 [ 47.648733][ T8454] do_filp_open+0xbd/0x1d0 [ 47.653231][ T8454] do_sys_openat2+0xa3/0x240 [ 47.657920][ T8454] __x64_sys_openat+0xef/0x110 [ 47.662732][ T8454] do_syscall_64+0x39/0x80 [ 47.667203][ T8454] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.673118][ T8454] [ 47.675494][ T8454] read to 0xffff88812b6f4fda of 2 bytes by task 8454 on cpu 0: [ 47.683119][ T8454] tomoyo_domain_quota_is_ok+0xd7/0x2d0 [ 47.688800][ T8454] tomoyo_supervisor+0x1f4/0xb20 [ 47.693844][ T8454] tomoyo_path_number_perm+0x227/0x2d0 [ 47.699344][ T8454] tomoyo_path_chmod+0x23/0x30 [ 47.704160][ T8454] security_path_chmod+0x92/0xe0 [ 47.709165][ T8454] chmod_common+0xe6/0x280 [ 47.713644][ T8454] __x64_sys_fchmodat+0x9b/0x120 [ 47.718637][ T8454] do_syscall_64+0x39/0x80 [ 47.723095][ T8454] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.728995][ T8454] [ 47.731326][ T8454] Reported by Kernel Concurrency Sanitizer on: [ 47.737522][ T8454] CPU: 0 PID: 8454 Comm: syz-fuzzer Not tainted 5.10.0-rc4-syzkaller #0 [ 47.745871][ T8454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.755970][ T8454] ================================================================== [ 47.764054][ T8454] Kernel panic - not syncing: panic_on_warn set ... 11:01:52 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c0000005e002b"], 0x1c}}, 0x0) recvmmsg(r0, &(0x7f0000000400)=[{{&(0x7f00000045c0)=@l2={0x1f, 0x0, @none}, 0x80, 0x0}}, {{&(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)}, {&(0x7f0000000180)=""/254, 0xfe}, {&(0x7f0000000280)=""/72, 0x48}, {&(0x7f0000000300)=""/83, 0x53}], 0xe1, &(0x7f00000003c0)=""/11, 0xb}}], 0x2, 0x0, 0x0) pselect6(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000200)={0x8}, &(0x7f0000000140)={0x0, 0x989680}, 0x0) 11:01:52 executing program 5: r0 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$inet(r0, &(0x7f0000000b00)={&(0x7f00000004c0)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000980)=[{0x0}, {&(0x7f00000005c0)="a0", 0x1}], 0x2}, 0x0) [ 47.770717][ T8454] CPU: 0 PID: 8454 Comm: syz-fuzzer Not tainted 5.10.0-rc4-syzkaller #0 [ 47.779049][ T8454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.789113][ T8454] Call Trace: [ 47.792425][ T8454] dump_stack+0x116/0x15d [ 47.796778][ T8454] panic+0x1e7/0x5fa [ 47.800691][ T8454] ? vprintk_emit+0x2f2/0x370 [ 47.805379][ T8454] kcsan_report+0x67b/0x680 [ 47.809901][ T8454] ? kcsan_setup_watchpoint+0x46a/0x4d0 [ 47.815469][ T8454] ? tomoyo_domain_quota_is_ok+0xd7/0x2d0 [ 47.850611][ T8454] ? tomoyo_supervisor+0x1f4/0xb20 [ 47.855766][ T8454] ? tomoyo_path_number_perm+0x227/0x2d0 [ 47.861523][ T8454] ? tomoyo_path_chmod+0x23/0x30 [ 47.866475][ T8454] ? security_path_chmod+0x92/0xe0 [ 47.871600][ T8454] ? chmod_common+0xe6/0x280 [ 47.876238][ T8454] ? __x64_sys_fchmodat+0x9b/0x120 [ 47.881364][ T8454] ? do_syscall_64+0x39/0x80 [ 47.885970][ T8454] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.892057][ T8454] ? string+0x1f9/0x210 [ 47.896231][ T8454] ? vsnprintf+0xe3f/0xe80 [ 47.900659][ T8454] ? widen_string+0x3a/0x280 [ 47.905262][ T8454] kcsan_setup_watchpoint+0x46a/0x4d0 [ 47.910633][ T8454] ? tomoyo_profile+0x17/0x30 [ 47.915339][ T8454] tomoyo_domain_quota_is_ok+0xd7/0x2d0 [ 47.920917][ T8454] tomoyo_supervisor+0x1f4/0xb20 [ 47.925896][ T8454] ? snprintf+0x6f/0x90 [ 47.930056][ T8454] tomoyo_path_number_perm+0x227/0x2d0 [ 47.935514][ T8454] ? filename_lookup+0x2b6/0x380 [ 47.940445][ T8454] tomoyo_path_chmod+0x23/0x30 [ 47.945205][ T8454] security_path_chmod+0x92/0xe0 [ 47.950152][ T8454] chmod_common+0xe6/0x280 [ 47.954583][ T8454] __x64_sys_fchmodat+0x9b/0x120 [ 47.959516][ T8454] do_syscall_64+0x39/0x80 [ 47.963929][ T8454] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.969816][ T8454] RIP: 0033:0x4b3cdb [ 47.975724][ T8454] Code: ff e9 69 ff ff ff cc cc cc cc cc cc cc cc cc e8 bb a1 f8 ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 47.995430][ T8454] RSP: 002b:000000c00a2c1888 EFLAGS: 00000212 ORIG_RAX: 000000000000010c [ 48.003850][ T8454] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b3cdb [ 48.011815][ T8454] RDX: 00000000000001ff RSI: 000000c001eba4b0 RDI: ffffffffffffff9c [ 48.019792][ T8454] RBP: 000000c00a2c18e0 R08: 00000000008ce901 R09: 0000000000000001 [ 48.027767][ T8454] R10: 000000c001eba4b0 R11: 0000000000000212 R12: ffffffffffffffff [ 48.036622][ T8454] R13: 000000000000001a R14: 0000000000000019 R15: 00000000000000aa [ 48.045052][ T8454] Kernel Offset: disabled [ 48.049397][ T8454] Rebooting in 86400 seconds..