[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 48.099838][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 48.099856][ T26] audit: type=1800 audit(1573050846.404:29): pid=7595 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 48.136741][ T26] audit: type=1800 audit(1573050846.404:30): pid=7595 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.126' (ECDSA) to the list of known hosts. 2019/11/06 14:34:17 fuzzer started 2019/11/06 14:34:19 dialing manager at 10.128.0.105:44951 2019/11/06 14:34:19 syscalls: 2553 2019/11/06 14:34:19 code coverage: enabled 2019/11/06 14:34:19 comparison tracing: enabled 2019/11/06 14:34:19 extra coverage: extra coverage is not supported by the kernel 2019/11/06 14:34:19 setuid sandbox: enabled 2019/11/06 14:34:19 namespace sandbox: enabled 2019/11/06 14:34:19 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/06 14:34:19 fault injection: enabled 2019/11/06 14:34:19 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/06 14:34:19 net packet injection: enabled 2019/11/06 14:34:19 net device setup: enabled 2019/11/06 14:34:19 concurrency sanitizer: enabled 2019/11/06 14:34:19 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/11/06 14:34:20 adding functions to KCSAN blacklist: 'ep_poll' '__hrtimer_run_queues' 'echo_char' 'find_next_bit' 'pid_update_inode' 14:34:21 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@filestreams='filestreams'}, {@swalloc='swalloc'}]}) 14:34:21 executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000040)={0x1, 0x0, 0x0, &(0x7f0000000180)=""/109, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000100)={0x0, 0x0, 0x0, &(0x7f0000000080)=""/97, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000480)=ANY=[]) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000006c0)=0x5) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4008af10, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syzkaller login: [ 63.247332][ T7765] IPVS: ftp: loaded support on port[0] = 21 [ 63.378130][ T7765] chnl_net:caif_netlink_parms(): no params data found [ 63.402569][ T7768] IPVS: ftp: loaded support on port[0] = 21 [ 63.446364][ T7765] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.453465][ T7765] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.461095][ T7765] device bridge_slave_0 entered promiscuous mode [ 63.480424][ T7765] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.488174][ T7765] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.496104][ T7765] device bridge_slave_1 entered promiscuous mode [ 63.528031][ T7765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 14:34:21 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sysfs$2(0x2, 0x9, &(0x7f0000000240)=""/176) [ 63.538809][ T7765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.580910][ T7765] team0: Port device team_slave_0 added [ 63.612672][ T7765] team0: Port device team_slave_1 added [ 63.634755][ T7768] chnl_net:caif_netlink_parms(): no params data found 14:34:22 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x211, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000000c0)='nv\x00\xa0\x16\x06\x88\x04$\xb2\x85\xaeq%\xa6\xa7\x05mk\x9e\x96\xc0\x11W\x81\x06\x00\x00\x00V\x8ekw\x0f\x9b\xa6\x14\xab\xa70\x0e\xb7\xfeOW\x9a+\x01\x01\x82Y\x93\xb6\xb0\x97\xa5ul\xbc\x01f\a\xfd\x16\xbdg\xeca~u\f\xa6\xfb\"\b\x81\xd6\v\n\xaeaZ_\xff\x9c;mh\xc2\xf0\x8d\xacw\xf0\xd2\x18\b\xfc\x1d)\xec', 0x65) r3 = socket$inet(0x10, 0x3, 0x4) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 63.703919][ T7765] device hsr_slave_0 entered promiscuous mode [ 63.741620][ T7765] device hsr_slave_1 entered promiscuous mode [ 63.813413][ T7768] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.820478][ T7768] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.842122][ T7768] device bridge_slave_0 entered promiscuous mode [ 63.849329][ T7768] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.861410][ T7768] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.868988][ T7768] device bridge_slave_1 entered promiscuous mode [ 63.923441][ T7768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.926663][ T7771] IPVS: ftp: loaded support on port[0] = 21 [ 63.961138][ T7768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.039946][ T7774] IPVS: ftp: loaded support on port[0] = 21 [ 64.052351][ T7765] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.059437][ T7765] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.066790][ T7765] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.073822][ T7765] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.196097][ T7768] team0: Port device team_slave_0 added [ 64.202832][ T7768] team0: Port device team_slave_1 added 14:34:22 executing program 4: r0 = userfaultfd(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000007, 0x4031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc028aa03, &(0x7f0000000080)={{&(0x7f00005e3000/0x800000)=nil, 0x760000}, 0x200000}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) [ 64.333630][ T7768] device hsr_slave_0 entered promiscuous mode [ 64.361613][ T7768] device hsr_slave_1 entered promiscuous mode [ 64.421399][ T7768] debugfs: Directory 'hsr0' with parent '/' already present! [ 64.435367][ T3007] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.462173][ T3007] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.605604][ T7765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.722346][ T7765] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.755064][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.782761][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.841660][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.850457][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.971829][ T3007] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.978920][ T3007] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.032040][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.040528][ T3007] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.131753][ T3007] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.138890][ T3007] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.191850][ T7771] chnl_net:caif_netlink_parms(): no params data found [ 65.304698][ T7812] IPVS: ftp: loaded support on port[0] = 21 [ 65.313552][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.332724][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 65.394213][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 65.432017][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.460018][ T7789] ================================================================== [ 65.468131][ T7789] BUG: KCSAN: data-race in tomoyo_supervisor / tomoyo_supervisor [ 65.475828][ T7789] [ 65.478154][ T7789] write to 0xffffffff86148088 of 8 bytes by task 7791 on cpu 0: [ 65.481971][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 65.485837][ T7789] tomoyo_supervisor+0x1ec/0xd20 [ 65.498613][ T7789] tomoyo_path_permission+0x121/0x160 [ 65.503976][ T7789] tomoyo_check_open_permission+0x2fd/0x320 [ 65.509856][ T7789] tomoyo_file_open+0x75/0x90 [ 65.514530][ T7789] security_file_open+0x69/0x210 [ 65.519470][ T7789] do_dentry_open+0x20a/0x8f0 [ 65.524236][ T7789] vfs_open+0x62/0x80 [ 65.528216][ T7789] path_openat+0xf73/0x36e0 [ 65.532710][ T7789] do_filp_open+0x11e/0x1b0 [ 65.537218][ T7789] do_sys_open+0x3b3/0x4f0 [ 65.541626][ T7789] __x64_sys_open+0x55/0x70 [ 65.542063][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.546142][ T7789] do_syscall_64+0xcc/0x370 [ 65.546176][ T7789] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.564273][ T7789] [ 65.566601][ T7789] write to 0xffffffff86148088 of 8 bytes by task 7789 on cpu 1: [ 65.574230][ T7789] tomoyo_supervisor+0x1ec/0xd20 [ 65.579158][ T7789] tomoyo_path_permission+0x121/0x160 [ 65.584523][ T7789] tomoyo_check_open_permission+0x2fd/0x320 [ 65.590405][ T7789] tomoyo_file_open+0x75/0x90 [ 65.595080][ T7789] security_file_open+0x69/0x210 [ 65.600019][ T7789] do_dentry_open+0x20a/0x8f0 [ 65.602608][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.604712][ T7789] vfs_open+0x62/0x80 [ 65.615836][ T7789] path_openat+0xf73/0x36e0 [ 65.620341][ T7789] do_filp_open+0x11e/0x1b0 [ 65.624839][ T7789] do_sys_open+0x3b3/0x4f0 [ 65.629244][ T7789] __x64_sys_open+0x55/0x70 [ 65.633745][ T7789] do_syscall_64+0xcc/0x370 [ 65.638249][ T7789] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.644131][ T7789] [ 65.646446][ T7789] Reported by Kernel Concurrency Sanitizer on: [ 65.652597][ T7789] CPU: 1 PID: 7789 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 65.659339][ T7789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.669395][ T7789] ================================================================== [ 65.677458][ T7789] Kernel panic - not syncing: panic_on_warn set ... [ 65.684032][ T7789] CPU: 1 PID: 7789 Comm: ps Not tainted 5.4.0-rc6+ #0 [ 65.690779][ T7789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.700816][ T7789] Call Trace: [ 65.704115][ T7789] dump_stack+0xf5/0x159 [ 65.708360][ T7789] panic+0x210/0x640 [ 65.712288][ T7789] ? vprintk_func+0x8d/0x140 [ 65.716992][ T7789] kcsan_report.cold+0xc/0xe [ 65.721607][ T7789] kcsan_setup_watchpoint+0x3fe/0x410 [ 65.726988][ T7789] __tsan_unaligned_write8+0x143/0x1f0 [ 65.732455][ T7789] tomoyo_supervisor+0x1ec/0xd20 [ 65.737394][ T7789] ? tomoyo_path_matches_pattern+0xa1/0x160 [ 65.743300][ T7789] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 65.749538][ T7789] ? tomoyo_compare_name_union+0x4c/0xa0 [ 65.755174][ T7789] ? __read_once_size.constprop.0+0x12/0x20 [ 65.761072][ T7789] ? tomoyo_compare_name_union+0xa0/0xa0 [ 65.766705][ T7789] tomoyo_path_permission+0x121/0x160 [ 65.772082][ T7789] tomoyo_check_open_permission+0x2fd/0x320 [ 65.778003][ T7789] tomoyo_file_open+0x75/0x90 [ 65.782682][ T7789] security_file_open+0x69/0x210 [ 65.787623][ T7789] do_dentry_open+0x20a/0x8f0 [ 65.792296][ T7789] ? security_inode_permission+0xa5/0xc0 [ 65.797928][ T7789] vfs_open+0x62/0x80 [ 65.801915][ T7789] path_openat+0xf73/0x36e0 [ 65.806442][ T7789] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 65.812343][ T7789] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 65.818234][ T7789] ? __read_once_size+0x41/0xe0 [ 65.823094][ T7789] do_filp_open+0x11e/0x1b0 [ 65.827612][ T7789] ? __alloc_fd+0x2ef/0x3b0 [ 65.832123][ T7789] do_sys_open+0x3b3/0x4f0 [ 65.836553][ T7789] __x64_sys_open+0x55/0x70 [ 65.841059][ T7789] do_syscall_64+0xcc/0x370 [ 65.845564][ T7789] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.851442][ T7789] RIP: 0033:0x7f7c38a8d120 [ 65.855853][ T7789] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 65.877276][ T7789] RSP: 002b:00007fff970c5208 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 65.885702][ T7789] RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f7c38a8d120 [ 65.893662][ T7789] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f7c38f5bd00 [ 65.901626][ T7789] RBP: 0000000000001000 R08: 0000000000000000 R09: 00007f7c38d55a10 [ 65.909597][ T7789] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c38f5ad00 [ 65.917560][ T7789] R13: 0000000001c911c0 R14: 0000000000000005 R15: 0000000000000000 [ 65.926770][ T7789] Kernel Offset: disabled [ 65.931104][ T7789] Rebooting in 86400 seconds..