[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   47.574253][   T27] audit: type=1800 audit(1581929022.099:21): pid=7807 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0
[   47.625453][   T27] audit: type=1800 audit(1581929022.109:22): pid=7807 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts.
2020/02/17 08:43:53 fuzzer started
2020/02/17 08:43:55 dialing manager at 10.128.0.105:44155
2020/02/17 08:43:55 syscalls: 2909
2020/02/17 08:43:55 code coverage: enabled
2020/02/17 08:43:55 comparison tracing: enabled
2020/02/17 08:43:55 extra coverage: enabled
2020/02/17 08:43:55 setuid sandbox: enabled
2020/02/17 08:43:55 namespace sandbox: enabled
2020/02/17 08:43:55 Android sandbox: /sys/fs/selinux/policy does not exist
2020/02/17 08:43:55 fault injection: enabled
2020/02/17 08:43:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/02/17 08:43:55 net packet injection: enabled
2020/02/17 08:43:55 net device setup: enabled
2020/02/17 08:43:55 concurrency sanitizer: enabled
2020/02/17 08:43:55 devlink PCI setup: PCI device 0000:00:10.0 is not available
syzkaller login: [   66.409069][ T7975] KCSAN: could not find function: 'poll_schedule_timeout'
[   67.405018][ T7975] KCSAN: could not find function: '_find_next_bit'
2020/02/17 08:44:02 adding functions to KCSAN blacklist: 'blk_mq_sched_dispatch_requests' 'echo_char' 'ext4_nonda_switch' 'audit_log_start' 'do_exit' 'shmem_add_to_page_cache' 'exit_signals' '__rb_rotate_set_parents' 'blk_mq_dispatch_rq_list' 'tick_nohz_idle_stop_tick' 'ext4_free_inodes_count' '__find_get_block' 'yama_ptracer_del' 'generic_fillattr' 'n_tty_receive_buf_common' 'ep_poll' 'wbt_inflight_cb' 'ext4_mark_iloc_dirty' 'xas_clear_mark' 'tick_sched_do_timer' 'xas_find_marked' 'ext4_writepages' 'generic_write_end' 'vm_area_dup' 'sit_tunnel_xmit' 'blk_mq_get_request' '__add_to_page_cache_locked' 'pcpu_alloc' 'wbt_done' 'copy_process' 'ext4_has_free_clusters' 'attach_to_pi_owner' 'dd_has_work' 'ktime_get_real_seconds' 'kcm_rfree' 'ktime_get_seconds' '__filemap_fdatawrite_range' 'do_nanosleep' 'poll_schedule_timeout' '__ext4_new_inode' 'atime_needs_update' 'mod_timer' 'find_get_pages_range_tag' 'add_timer' '__delete_from_page_cache' 'shmem_getpage_gfp' 'generic_file_read_iter' 'do_syslog' 'run_timer_softirq' '_find_next_bit' 'kauditd_thread' 'pipe_double_lock' 'wbt_issue' 
08:47:39 executing program 0:
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c)
sendmsg(r0, &(0x7f0000000a40)={0x0, 0xffffff88, &(0x7f0000000380)=[{&(0x7f00000003c0)="339a", 0x5ac}], 0x1}, 0x350c)

08:47:39 executing program 1:
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)="2e000000120081aee4050cecff0e00fa378b5bdb4cb904e473630e55cff26d1b0e001d800d00000f5e510befccd7", 0x2e}], 0x1, 0x0, 0x0, 0x88a8ffff00000000}, 0x0)
recvmsg$kcm(r0, &(0x7f0000004e40)={0x0, 0xffffffffffffffd5, &(0x7f0000000540)=[{0x0, 0x6558}, {0x0, 0x68}, {0x0}, {0x0, 0x569}, {0x0}, {0x0, 0x13a}, {0x0, 0x10b}, {0x0, 0x32c}, {0x0}, {&(0x7f00000004c0)=""/107}], 0x9, 0x0, 0xb5}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
recvmsg$kcm(r0, &(0x7f0000001440)={0x0, 0x0, 0x0}, 0x0)

[  285.302175][ T7979] IPVS: ftp: loaded support on port[0] = 21
[  285.418029][ T7979] chnl_net:caif_netlink_parms(): no params data found
[  285.514022][ T7979] bridge0: port 1(bridge_slave_0) entered blocking state
[  285.521224][ T7979] bridge0: port 1(bridge_slave_0) entered disabled state
[  285.529571][ T7979] device bridge_slave_0 entered promiscuous mode
[  285.542340][ T7984] IPVS: ftp: loaded support on port[0] = 21
[  285.550619][ T7979] bridge0: port 2(bridge_slave_1) entered blocking state
08:47:40 executing program 2:
r0 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="080db5055e0bcfe8479071")
bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x2000000000012, 0x7, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffff9c}, 0x3c)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)

[  285.561648][ T7979] bridge0: port 2(bridge_slave_1) entered disabled state
[  285.570254][ T7979] device bridge_slave_1 entered promiscuous mode
[  285.597267][ T7977] ==================================================================
[  285.605450][ T7977] BUG: KCSAN: data-race in tomoyo_domain_quota_is_ok / tomoyo_merge_path_acl
[  285.614202][ T7977] 
[  285.616753][ T7977] write to 0xffff8880aab7f5da of 2 bytes by task 7961 on cpu 0:
[  285.621061][ T7979] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  285.624386][ T7977]  tomoyo_merge_path_acl+0x6c/0xa0
[  285.624418][ T7977]  tomoyo_update_domain+0x323/0x450
[  285.643724][ T7977]  tomoyo_write_file+0x34e/0x580
[  285.648666][ T7977]  tomoyo_write_domain2+0xad/0x120
[  285.653782][ T7977]  tomoyo_supervisor+0xa85/0xc90
[  285.658806][ T7977]  tomoyo_path_permission+0x121/0x160
[  285.664280][ T7977]  tomoyo_check_open_permission+0x2b9/0x320
[  285.669512][ T7979] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  285.670181][ T7977]  tomoyo_file_open+0x75/0x90
[  285.683934][ T7977]  security_file_open+0x69/0x210
[  285.688878][ T7977]  do_dentry_open+0x211/0x970
[  285.693566][ T7977]  vfs_open+0x62/0x80
[  285.697560][ T7977]  path_openat+0xe32/0x3150
[  285.702063][ T7977]  do_filp_open+0x11e/0x1b0
[  285.706569][ T7977]  do_sys_openat2+0x4f5/0x620
[  285.711249][ T7977]  do_sys_open+0xa3/0x110
[  285.715591][ T7977]  __x64_sys_openat+0x62/0x80
[  285.720362][ T7977]  do_syscall_64+0xcc/0x3a0
[  285.724870][ T7977]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  285.730785][ T7977] 
[  285.733241][ T7977] read to 0xffff8880aab7f5da of 2 bytes by task 7977 on cpu 1:
[  285.740913][ T7977]  tomoyo_domain_quota_is_ok+0x29c/0x2b0
[  285.746569][ T7977]  tomoyo_supervisor+0x1d9/0xc90
[  285.751513][ T7977]  tomoyo_path_number_perm+0x323/0x3c0
[  285.756976][ T7977]  tomoyo_path_chmod+0x2f/0x40
[  285.761752][ T7977]  security_path_chmod+0xac/0xe0
[  285.766703][ T7977]  chmod_common+0xe0/0x2d0
[  285.771120][ T7977]  do_fchmodat+0x7a/0x100
[  285.775449][ T7977]  __x64_sys_fchmodat+0x4d/0x60
[  285.780308][ T7977]  do_syscall_64+0xcc/0x3a0
[  285.784826][ T7977]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  285.790715][ T7977] 
[  285.793040][ T7977] Reported by Kernel Concurrency Sanitizer on:
[  285.799201][ T7977] CPU: 1 PID: 7977 Comm: syz-fuzzer Not tainted 5.6.0-rc1-syzkaller #0
[  285.807436][ T7977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  285.817490][ T7977] ==================================================================
[  285.825556][ T7977] Kernel panic - not syncing: panic_on_warn set ...
[  285.832149][ T7977] CPU: 1 PID: 7977 Comm: syz-fuzzer Not tainted 5.6.0-rc1-syzkaller #0
[  285.840387][ T7977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  285.850447][ T7977] Call Trace:
[  285.853758][ T7977]  dump_stack+0x11d/0x181
[  285.858107][ T7977]  panic+0x210/0x640
[  285.862021][ T7977]  ? vprintk_func+0x8d/0x140
[  285.866634][ T7977]  kcsan_report.cold+0xc/0x1a
[  285.871443][ T7977]  kcsan_setup_watchpoint+0x3a3/0x3e0
[  285.876829][ T7977]  __tsan_read2+0xc6/0x100
[  285.881373][ T7977]  tomoyo_domain_quota_is_ok+0x29c/0x2b0
[  285.887156][ T7977]  tomoyo_supervisor+0x1d9/0xc90
[  285.892256][ T7977]  tomoyo_path_number_perm+0x323/0x3c0
[  285.897762][ T7977]  ? __sanitizer_cov_trace_switch+0x49/0x80
[  285.903666][ T7977]  ? __read_once_size+0x5a/0xe0
[  285.908539][ T7977]  tomoyo_path_chmod+0x2f/0x40
[  285.913316][ T7977]  security_path_chmod+0xac/0xe0
[  285.918268][ T7977]  chmod_common+0xe0/0x2d0
[  285.922803][ T7977]  ? getname_flags+0x1a4/0x380
[  285.927585][ T7977]  do_fchmodat+0x7a/0x100
[  285.931924][ T7977]  __x64_sys_fchmodat+0x4d/0x60
[  285.936783][ T7977]  do_syscall_64+0xcc/0x3a0
[  285.941301][ T7977]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  285.947302][ T7977] RIP: 0033:0x47c5aa
[  285.951212][ T7977] Code: e8 7b 6b fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48
[  285.971012][ T7977] RSP: 002b:000000c4405c19e0 EFLAGS: 00000206 ORIG_RAX: 000000000000010c
[  285.979434][ T7977] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047c5aa
[  285.987409][ T7977] RDX: 00000000000001ff RSI: 000000c43f7e0000 RDI: ffffffffffffff9c
[  285.995383][ T7977] RBP: 000000c4405c1a58 R08: 0000000000000000 R09: 0000000000000000
[  286.003372][ T7977] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000040
[  286.011347][ T7977] R13: 0000000000000040 R14: 0000000000000011 R15: 0000000000000002
[  286.020680][ T7977] Kernel Offset: disabled
[  286.025104][ T7977] Rebooting in 86400 seconds..