[ 45.767081][ T26] audit: type=1800 audit(1586478343.438:21): pid=7636 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 45.818843][ T26] audit: type=1800 audit(1586478343.448:22): pid=7636 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 47.153429][ T7703] sshd (7703) used greatest stack depth: 10384 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts. 2020/04/10 00:25:56 fuzzer started 2020/04/10 00:25:57 dialing manager at 10.128.0.105:35101 2020/04/10 00:25:58 syscalls: 2955 2020/04/10 00:25:58 code coverage: enabled 2020/04/10 00:25:58 comparison tracing: enabled 2020/04/10 00:25:58 extra coverage: enabled 2020/04/10 00:25:58 setuid sandbox: enabled 2020/04/10 00:25:58 namespace sandbox: enabled 2020/04/10 00:25:58 Android sandbox: /sys/fs/selinux/policy does not exist 2020/04/10 00:25:58 fault injection: enabled 2020/04/10 00:25:58 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/04/10 00:25:58 net packet injection: enabled 2020/04/10 00:25:58 net device setup: enabled 2020/04/10 00:25:58 concurrency sanitizer: enabled 2020/04/10 00:25:58 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/04/10 00:25:58 USB emulation: /dev/raw-gadget does not exist syzkaller login: [ 61.747715][ T7802] KCSAN: could not find function: '_find_next_bit' [ 63.458394][ T7802] KCSAN: could not find function: '__follow_mount_rcu' 2020/04/10 00:26:06 adding functions to KCSAN blacklist: 'blk_mq_get_request' '__find_get_block' 'ext4_sync_file' 'wbt_issue' 'kcm_rfree' '_find_next_bit' 'ext4_ext_try_to_merge_right' 'tick_sched_do_timer' 'exit_signals' 'copy_process' 'alloc_empty_file' 'activate_page' 'do_syslog' 'iput' 'generic_write_end' 'lruvec_lru_size' '__snd_rawmidi_transmit_ack' 'xas_find_marked' '__follow_mount_rcu' '__ext4_new_inode' 'blk_mq_sched_dispatch_requests' 'pipe_double_lock' 'blk_mq_dispatch_rq_list' 'wbt_done' 'ext4_mark_iloc_dirty' 'dd_has_work' 'timer_clear_idle' 'ext4_mb_good_group' 'xas_clear_mark' 'ext4_free_inodes_count' 'complete_signal' 'fasync_remove_entry' 'mod_timer' 'yama_ptracer_del' 'shmem_file_read_iter' 'generic_fillattr' 'alloc_pid' 'ext4_has_free_clusters' 'pcpu_alloc' 'ext4_nonda_switch' 'ep_poll' 'n_tty_receive_buf_common' 'add_timer' '__add_to_page_cache_locked' 'snd_seq_check_queue' 'atime_needs_update' '__filemap_fdatawrite_range' '__mark_inode_dirty' 'audit_log_start' 'run_timer_softirq' 'kauditd_thread' '__splice_from_pipe' 'unix_release_sock' 'dput' 'ktime_get_real_seconds' 'do_nanosleep' 'futex_wait_queue_me' 'padata_find_next' 'find_get_pages_range_tag' 'ext4_writepages' 'page_counter_try_charge' 'page_counter_charge' 'commit_echoes' 'echo_char' 'tick_nohz_idle_stop_tick' 'tick_nohz_next_event' 'list_lru_count_one' 'poll_schedule_timeout' 'do_exit' [ 68.680741][ T7802] KCSAN: could not find function: 'poll_schedule_timeout' 00:28:37 executing program 0: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x3, 0xc) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="24000000040607031dfffd946fa2830020200a0009000100061d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) [ 219.622632][ T7793] ================================================================== [ 219.630828][ T7793] BUG: KCSAN: data-race in tomoyo_domain_quota_is_ok / tomoyo_merge_path_acl [ 219.639581][ T7793] [ 219.641917][ T7793] write to 0xffff8881252af51a of 2 bytes by task 7787 on cpu 0: [ 219.649567][ T7793] tomoyo_merge_path_acl+0x65/0x90 [ 219.654719][ T7793] tomoyo_update_domain+0x320/0x440 [ 219.659932][ T7793] tomoyo_write_file+0x333/0x540 [ 219.664882][ T7793] tomoyo_write_domain2+0xab/0x120 [ 219.670000][ T7793] tomoyo_supervisor+0xa85/0xc90 [ 219.674949][ T7793] tomoyo_path_permission+0x118/0x150 [ 219.680315][ T7793] tomoyo_check_open_permission+0x273/0x2d0 [ 219.686203][ T7793] tomoyo_file_open+0x6c/0x90 [ 219.690872][ T7793] security_file_open+0x5f/0x1f0 [ 219.695796][ T7793] do_dentry_open+0x212/0x970 [ 219.700554][ T7793] vfs_open+0x62/0x80 [ 219.704520][ T7793] path_openat+0xdbf/0x2f70 [ 219.709001][ T7793] do_filp_open+0x11e/0x1b0 [ 219.713488][ T7793] do_sys_openat2+0x4f5/0x620 [ 219.718168][ T7793] do_sys_open+0xa2/0x110 [ 219.722485][ T7793] __x64_sys_openat+0x5d/0x70 [ 219.727170][ T7793] do_syscall_64+0xc7/0x390 [ 219.731663][ T7793] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 219.737678][ T7793] [ 219.739993][ T7793] read to 0xffff8881252af51a of 2 bytes by task 7793 on cpu 1: [ 219.747538][ T7793] tomoyo_domain_quota_is_ok+0x29b/0x2b0 [ 219.753179][ T7793] tomoyo_supervisor+0x1d9/0xc90 [ 219.758123][ T7793] tomoyo_path_number_perm+0x2d7/0x360 [ 219.763576][ T7793] tomoyo_path_mkdir+0x6b/0xa0 [ 219.768451][ T7793] security_path_mkdir+0xb0/0xe0 [ 219.773768][ T7793] do_mkdirat+0xf3/0x200 [ 219.777996][ T7793] __x64_sys_mkdirat+0x49/0x60 [ 219.782789][ T7793] do_syscall_64+0xc7/0x390 [ 219.787293][ T7793] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 219.793167][ T7793] [ 219.795489][ T7793] Reported by Kernel Concurrency Sanitizer on: [ 219.801625][ T7793] CPU: 1 PID: 7793 Comm: syz-fuzzer Not tainted 5.6.0-rc1-syzkaller #0 [ 219.809841][ T7793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.819878][ T7793] ================================================================== [ 219.827919][ T7793] Kernel panic - not syncing: panic_on_warn set ... [ 219.834505][ T7793] CPU: 1 PID: 7793 Comm: syz-fuzzer Not tainted 5.6.0-rc1-syzkaller #0 [ 219.842720][ T7793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.853277][ T7793] Call Trace: [ 219.856558][ T7793] dump_stack+0x11d/0x187 [ 219.860896][ T7793] panic+0x210/0x640 [ 219.864795][ T7793] ? vprintk_func+0x89/0x13a [ 219.869383][ T7793] kcsan_report.cold+0xc/0xf [ 219.874427][ T7793] kcsan_setup_watchpoint+0x3fb/0x440 [ 219.879791][ T7793] tomoyo_domain_quota_is_ok+0x29b/0x2b0 [ 219.885412][ T7793] tomoyo_supervisor+0x1d9/0xc90 [ 219.890335][ T7793] ? vsnprintf+0x1b0/0xb60 [ 219.894807][ T7793] ? tomoyo_check_acl+0x16b/0x280 [ 219.899828][ T7793] tomoyo_path_number_perm+0x2d7/0x360 [ 219.905550][ T7793] ? putname+0xbd/0xe0 [ 219.909625][ T7793] tomoyo_path_mkdir+0x6b/0xa0 [ 219.914384][ T7793] security_path_mkdir+0xb0/0xe0 [ 219.919311][ T7793] do_mkdirat+0xf3/0x200 [ 219.923540][ T7793] __x64_sys_mkdirat+0x49/0x60 [ 219.928310][ T7793] do_syscall_64+0xc7/0x390 [ 219.932808][ T7793] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 219.938703][ T7793] RIP: 0033:0x47c530 [ 219.942610][ T7793] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 219.962215][ T7793] RSP: 002b:000000c43aa39990 EFLAGS: 00000206 ORIG_RAX: 0000000000000102 [ 219.970648][ T7793] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047c530 [ 219.978603][ T7793] RDX: 00000000000001c0 RSI: 000000c43b1d60c0 RDI: ffffffffffffff9c [ 219.986570][ T7793] RBP: 000000c43aa399f0 R08: 0000000000000000 R09: 0000000000000000 [ 219.994609][ T7793] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffffff [ 220.002710][ T7793] R13: 0000000000000007 R14: 0000000000000006 R15: 0000000000000100 [ 220.012242][ T7793] Kernel Offset: disabled [ 220.016584][ T7793] Rebooting in 86400 seconds..