[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.146' (ECDSA) to the list of known hosts. 2020/11/15 03:16:39 fuzzer started 2020/11/15 03:16:40 dialing manager at 10.128.0.105:35027 2020/11/15 03:16:40 syscalls: 3448 2020/11/15 03:16:40 code coverage: enabled 2020/11/15 03:16:40 comparison tracing: enabled 2020/11/15 03:16:40 extra coverage: enabled 2020/11/15 03:16:40 setuid sandbox: enabled 2020/11/15 03:16:40 namespace sandbox: enabled 2020/11/15 03:16:40 Android sandbox: /sys/fs/selinux/policy does not exist 2020/11/15 03:16:40 fault injection: enabled 2020/11/15 03:16:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/11/15 03:16:40 net packet injection: enabled 2020/11/15 03:16:40 net device setup: enabled 2020/11/15 03:16:40 concurrency sanitizer: enabled 2020/11/15 03:16:40 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/11/15 03:16:40 USB emulation: enabled 2020/11/15 03:16:40 hci packet injection: enabled 2020/11/15 03:16:40 wifi device emulation: enabled 2020/11/15 03:16:43 suppressing KCSAN reports in functions: 'ext4_free_inode' 'kauditd_thread' 'ext4_free_inodes_count' 'blk_mq_dispatch_rq_list' 'snd_rawmidi_poll' 'generic_write_end' 'dd_has_work' 'snd_rawmidi_kernel_write1' 'ext4_writepages' 'n_tty_receive_buf_common' 'do_nanosleep' 'ext4_mb_good_group' 'expire_timers' 'wbt_issue' 'blk_mq_sched_dispatch_requests' '__ext4_new_inode' 'futex_wait_queue_me' 'blk_mq_rq_ctx_init' '__xa_clear_mark' 'do_select' 'pcpu_alloc' '__io_cqring_fill_event' 03:17:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, 0x0}], 0x1, 0x18, 0x0, 0x0) recvfrom$llc(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x0, 0xfa, 0x0, @local}, 0x10) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:17:02 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000004f80)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x40, r1, 0x121, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MEASUREMENT_DURATION={0x6}, @NL80211_ATTR_SCAN_SSIDS={0x1c, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}, {0x2, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) 03:17:02 executing program 2: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xb6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040)='/dev/snd/midiC#D#\x00', 0x2, 0x141001) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syzkaller login: [ 51.810984][ T8459] ================================================================== [ 51.819132][ T8459] BUG: KCSAN: data-race in tomoyo_check_path_acl / tomoyo_merge_path_acl [ 51.827529][ T8459] [ 51.829851][ T8459] write to 0xffff88810c95929a of 2 bytes by task 8435 on cpu 1: [ 51.837480][ T8459] tomoyo_merge_path_acl+0x4c/0x70 [ 51.842580][ T8459] tomoyo_update_domain+0x337/0x3a0 [ 51.849078][ T8459] tomoyo_write_file+0x210/0x910 [ 51.854005][ T8459] tomoyo_supervisor+0xaad/0xb20 [ 51.858938][ T8459] tomoyo_path_perm+0x261/0x330 [ 51.863955][ T8459] tomoyo_path_truncate+0x18/0x20 [ 51.868972][ T8459] security_path_truncate+0x7f/0xd0 [ 51.874177][ T8459] do_sys_ftruncate+0x38d/0x530 [ 51.879016][ T8459] __x64_sys_ftruncate+0x2f/0x40 [ 51.883947][ T8459] do_syscall_64+0x39/0x80 [ 51.888355][ T8459] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 51.894236][ T8459] [ 51.896559][ T8459] read to 0xffff88810c95929a of 2 bytes by task 8459 on cpu 0: [ 51.904110][ T8459] tomoyo_check_path_acl+0x1e/0xe0 [ 51.909300][ T8459] tomoyo_check_acl+0xcc/0x200 [ 51.914058][ T8459] tomoyo_execute_permission+0xa1/0x190 [ 51.919591][ T8459] tomoyo_find_next_domain+0x213/0x10a0 [ 51.925131][ T8459] tomoyo_bprm_check_security+0x96/0xd0 [ 51.930667][ T8459] security_bprm_check+0x3f/0x90 [ 51.935594][ T8459] exec_binprm+0x143/0x720 [ 51.940023][ T8459] bprm_execve+0x435/0x610 [ 51.944427][ T8459] do_execveat_common+0x60c/0x6c0 [ 51.949441][ T8459] __x64_sys_execve+0x56/0x70 [ 51.954111][ T8459] do_syscall_64+0x39/0x80 [ 51.958513][ T8459] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 51.964380][ T8459] [ 51.966692][ T8459] Reported by Kernel Concurrency Sanitizer on: [ 51.972859][ T8459] CPU: 0 PID: 8459 Comm: syz-fuzzer Not tainted 5.10.0-rc3-syzkaller #0 [ 51.981170][ T8459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.991230][ T8459] ================================================================== [ 51.999281][ T8459] Kernel panic - not syncing: panic_on_warn set ... [ 52.005878][ T8459] CPU: 0 PID: 8459 Comm: syz-fuzzer Not tainted 5.10.0-rc3-syzkaller #0 [ 52.014182][ T8459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.024221][ T8459] Call Trace: [ 52.027504][ T8459] dump_stack+0x116/0x15d [ 52.031835][ T8459] panic+0x1e7/0x5fa [ 52.035724][ T8459] ? vprintk_emit+0x2f2/0x370 [ 52.040391][ T8459] kcsan_report+0x67b/0x680 [ 52.044889][ T8459] ? kcsan_setup_watchpoint+0x46a/0x4d0 [ 52.050430][ T8459] ? tomoyo_check_path_acl+0x1e/0xe0 [ 52.055717][ T8459] ? tomoyo_check_acl+0xcc/0x200 [ 52.060655][ T8459] ? tomoyo_execute_permission+0xa1/0x190 [ 52.066359][ T8459] ? tomoyo_find_next_domain+0x213/0x10a0 [ 52.072070][ T8459] ? tomoyo_bprm_check_security+0x96/0xd0 [ 52.077780][ T8459] ? security_bprm_check+0x3f/0x90 [ 52.082880][ T8459] ? exec_binprm+0x143/0x720 [ 52.087460][ T8459] ? bprm_execve+0x435/0x610 [ 52.092035][ T8459] ? do_execveat_common+0x60c/0x6c0 [ 52.097222][ T8459] ? __x64_sys_execve+0x56/0x70 [ 52.102075][ T8459] ? do_syscall_64+0x39/0x80 [ 52.106741][ T8459] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 52.112901][ T8459] ? should_fail+0x2a/0x240 [ 52.117403][ T8459] ? __should_failslab+0x81/0x90 [ 52.122332][ T8459] ? should_failslab+0x5/0x20 [ 52.127003][ T8459] kcsan_setup_watchpoint+0x46a/0x4d0 [ 52.132368][ T8459] ? tomoyo_path_matches_pattern+0xf9/0x120 [ 52.138254][ T8459] tomoyo_check_path_acl+0x1e/0xe0 [ 52.143355][ T8459] tomoyo_check_acl+0xcc/0x200 [ 52.148217][ T8459] ? tomoyo_execute_permission+0x190/0x190 [ 52.154047][ T8459] tomoyo_execute_permission+0xa1/0x190 [ 52.159589][ T8459] tomoyo_find_next_domain+0x213/0x10a0 [ 52.165130][ T8459] tomoyo_bprm_check_security+0x96/0xd0 [ 52.170772][ T8459] security_bprm_check+0x3f/0x90 [ 52.175698][ T8459] exec_binprm+0x143/0x720 [ 52.180106][ T8459] bprm_execve+0x435/0x610 [ 52.184508][ T8459] do_execveat_common+0x60c/0x6c0 [ 52.189608][ T8459] __x64_sys_execve+0x56/0x70 [ 52.194280][ T8459] do_syscall_64+0x39/0x80 [ 52.198692][ T8459] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 52.204590][ T8459] RIP: 0033:0x4b3da6 [ 52.208476][ T8459] Code: 48 c7 44 24 50 00 00 00 00 e8 d6 a4 f8 ff c3 cc cc cc cc cc 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 1b 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 52.228162][ T8459] RSP: 002b:000000c00014d380 EFLAGS: 00000202 ORIG_RAX: 000000000000003b [ 52.236566][ T8459] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004b3da6 [ 52.244545][ T8459] RDX: 000000c003ee9d50 RSI: 000000c004b4a3b0 RDI: 000000c00445a9a0 [ 52.252506][ T8459] RBP: 000000c00014d520 R08: 0000000000000010 R09: 0000000000000000 [ 52.260476][ T8459] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000004ab5d7 [ 52.268446][ T8459] R13: 000000000000000f R14: 000000000000000e R15: 00000000000000aa [ 52.277253][ T8459] Kernel Offset: disabled [ 52.281567][ T8459] Rebooting in 86400 seconds..