[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 33.206016][ T26] audit: type=1800 audit(1572046548.786:25): pid=7043 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 33.242785][ T26] audit: type=1800 audit(1572046548.786:26): pid=7043 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 33.271465][ T26] audit: type=1800 audit(1572046548.786:27): pid=7043 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.221' (ECDSA) to the list of known hosts. 2019/10/25 23:36:56 fuzzer started 2019/10/25 23:36:57 dialing manager at 10.128.0.105:32811 2019/10/25 23:36:57 checking machine... 2019/10/25 23:36:57 checking revisions... 2019/10/25 23:36:57 testing simple program... syzkaller login: [ 102.599218][ T7212] IPVS: ftp: loaded support on port[0] = 21 2019/10/25 23:36:58 building call list... executing program [ 106.374551][ T7196] can: request_module (can-proto-0) failed. [ 106.387734][ T7196] can: request_module (can-proto-0) failed. 2019/10/25 23:37:02 syscalls: 2533 2019/10/25 23:37:02 code coverage: enabled 2019/10/25 23:37:02 comparison tracing: enabled 2019/10/25 23:37:02 extra coverage: extra coverage is not supported by the kernel 2019/10/25 23:37:02 setuid sandbox: enabled 2019/10/25 23:37:02 namespace sandbox: enabled 2019/10/25 23:37:02 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/25 23:37:02 fault injection: enabled 2019/10/25 23:37:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/25 23:37:02 net packet injection: enabled 2019/10/25 23:37:02 net device setup: enabled 2019/10/25 23:37:02 concurrency sanitizer: enabled 23:37:03 executing program 0: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='tmpfs\x00', 0x886, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) chdir(&(0x7f0000000040)='./file0\x00') symlink(&(0x7f0000000500)='.\x00', &(0x7f0000000280)='./file0\x00') umount2(&(0x7f0000000080)='./file0/../file0/file0\x00', 0x80000000002) [ 108.379795][ T7255] IPVS: ftp: loaded support on port[0] = 21 23:37:04 executing program 1: pipe2$9p(0x0, 0x0) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_genetlink_get_family_id$net_dm(0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f00000002c0)=ANY=[@ANYBLOB="c2ce5ae97063760372c94358fdc64bfae298ebce26eb4c6d46317912391ac4a4df01348eda8c"]) r1 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r1, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="34e7000000f8340000007f12b579fb64a18c15eeb87600b1cd06000000e20093750ecb8a56df78a949b7d0e21210ec7f906a6ebe5733da5a4d9f4391a8188b39771c4d9ece60d122c6491f4c34982098116ea91a378e3dcf1e167eb8fbfe2ba6212b43b90d1f1014c4e826ea1f4b95d3dfb4d47394562d56ac48dc41e26bc1050f844e67aa6bac83578c181ee410130211c827155c5e2b029233e451876d8137c7aba835a7a2f39f15c900042dc7fe9fc815c254850000000000000000"], 0xe) sendfile(r1, r1, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r1, 0x0) pwritev(r0, &(0x7f0000000140)=[{&(0x7f0000000200)="4f42d915df6e7ad5978d522767cbd40d692e4aa37f2a7850d633d466f83ea061af5bfd46119f38017bccd2132839cbba4b089ea3b21e5e089f8d111e0591927188f48e801ad552bac8af2b48e30e3a1c94fc3a0d8d73f9f9c5fbb124855da923beadef012086017d1f3c0356758be2d3e8e692a4230e7471eb38658be79a7b109335f42cb8725f6244e67812e0afcad9b94cdc68b29ed0a2f2041b9f79c5dfb43a73e296a2a706c7a61ad9f67897", 0xae}, {&(0x7f0000000080)}], 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) creat(&(0x7f00000000c0)='./file0\x00', 0x0) symlinkat(0x0, 0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00') setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f000002eff0)={0x32b, &(0x7f0000000000)=[{}]}, 0x10) [ 108.485657][ T7255] chnl_net:caif_netlink_parms(): no params data found [ 108.585373][ T7255] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.592550][ T7255] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.614118][ T7255] device bridge_slave_0 entered promiscuous mode [ 108.633873][ T7255] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.640945][ T7255] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.664171][ T7255] device bridge_slave_1 entered promiscuous mode [ 108.682291][ T7258] IPVS: ftp: loaded support on port[0] = 21 [ 108.711094][ T7255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.738269][ T7255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 23:37:04 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x7f, 0x3, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x10000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x0, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in6=@loopback}, 0x0, @in6=@remote}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') socket(0x10, 0x5, 0x8) [ 108.783507][ T7255] team0: Port device team_slave_0 added [ 108.790491][ T7255] team0: Port device team_slave_1 added [ 108.886596][ T7255] device hsr_slave_0 entered promiscuous mode [ 108.933572][ T7255] device hsr_slave_1 entered promiscuous mode [ 109.057560][ T7262] ================================================================== [ 109.065703][ T7262] BUG: KCSAN: data-race in tomoyo_supervisor / tomoyo_supervisor [ 109.073403][ T7262] [ 109.075728][ T7262] write to 0xffffffff86146f08 of 8 bytes by task 7261 on cpu 0: [ 109.082061][ T7260] IPVS: ftp: loaded support on port[0] = 21 [ 109.083351][ T7262] tomoyo_supervisor+0x1ec/0xd20 [ 109.083365][ T7262] tomoyo_path_permission+0x121/0x160 [ 109.083377][ T7262] tomoyo_path_perm+0x23e/0x390 [ 109.083452][ T7262] tomoyo_inode_getattr+0x26/0x40 [ 109.108205][ T7255] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.109442][ T7262] security_inode_getattr+0x9b/0xd0 [ 109.116620][ T7255] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.121775][ T7262] vfs_getattr+0x2e/0x70 [ 109.129127][ T7255] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.133174][ T7262] vfs_statx+0x102/0x190 [ 109.133186][ T7262] __do_sys_newlstat+0x51/0xb0 [ 109.133211][ T7262] __x64_sys_newlstat+0x3a/0x50 [ 109.140223][ T7255] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.144434][ T7262] do_syscall_64+0xcc/0x370 [ 109.144449][ T7262] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 109.144453][ T7262] [ 109.144478][ T7262] write to 0xffffffff86146f08 of 8 bytes by task 7262 on cpu 1: [ 109.181495][ T7262] tomoyo_supervisor+0x1ec/0xd20 [ 109.186455][ T7262] tomoyo_path_permission+0x121/0x160 [ 109.191838][ T7262] tomoyo_path_perm+0x23e/0x390 [ 109.196687][ T7262] tomoyo_inode_getattr+0x26/0x40 [ 109.201709][ T7262] security_inode_getattr+0x9b/0xd0 [ 109.206899][ T7262] vfs_getattr+0x2e/0x70 [ 109.211136][ T7262] vfs_statx_fd+0x7a/0xd0 [ 109.215459][ T7262] __do_sys_newfstat+0x49/0xa0 [ 109.220217][ T7262] __x64_sys_newfstat+0x3a/0x50 [ 109.225064][ T7262] do_syscall_64+0xcc/0x370 [ 109.229561][ T7262] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 109.235435][ T7262] [ 109.237751][ T7262] Reported by Kernel Concurrency Sanitizer on: [ 109.243899][ T7262] CPU: 1 PID: 7262 Comm: udevd Not tainted 5.4.0-rc3+ #0 [ 109.250911][ T7262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 109.257417][ T7258] chnl_net:caif_netlink_parms(): no params data found [ 109.260969][ T7262] ================================================================== [ 109.275760][ T7262] Kernel panic - not syncing: panic_on_warn set ... [ 109.282345][ T7262] CPU: 1 PID: 7262 Comm: udevd Not tainted 5.4.0-rc3+ #0 [ 109.289357][ T7262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 109.299398][ T7262] Call Trace: [ 109.302695][ T7262] dump_stack+0xf5/0x159 [ 109.306945][ T7262] panic+0x210/0x640 [ 109.310841][ T7262] ? __x64_sys_newfstat+0x3a/0x50 [ 109.315863][ T7262] ? vprintk_func+0x8d/0x140 [ 109.320456][ T7262] kcsan_report.cold+0xc/0x10 [ 109.325139][ T7262] __kcsan_setup_watchpoint+0x32e/0x4a0 [ 109.330682][ T7262] __tsan_write8+0x32/0x40 [ 109.335107][ T7262] tomoyo_supervisor+0x1ec/0xd20 [ 109.340068][ T7262] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 109.345699][ T7262] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 109.351444][ T7262] ? __tsan_write1+0x32/0x40 [ 109.356036][ T7262] ? tomoyo_compare_name_union+0xa0/0xa0 [ 109.361663][ T7262] tomoyo_path_permission+0x121/0x160 [ 109.367031][ T7262] tomoyo_path_perm+0x23e/0x390 [ 109.371907][ T7262] tomoyo_inode_getattr+0x26/0x40 [ 109.376943][ T7262] security_inode_getattr+0x9b/0xd0 [ 109.382147][ T7262] vfs_getattr+0x2e/0x70 [ 109.386392][ T7262] vfs_statx_fd+0x7a/0xd0 [ 109.390720][ T7262] __do_sys_newfstat+0x49/0xa0 [ 109.395477][ T7262] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 109.401099][ T7262] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 109.407065][ T7262] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 109.412852][ T7262] ? __tsan_read8+0x2c/0x30 [ 109.417354][ T7262] __x64_sys_newfstat+0x3a/0x50 [ 109.422196][ T7262] do_syscall_64+0xcc/0x370 [ 109.426688][ T7262] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 109.432569][ T7262] RIP: 0033:0x7f28ce413cb4 [ 109.436978][ T7262] Code: 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 90 90 83 ff 01 89 f0 77 19 48 63 f8 48 89 d6 b8 05 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 18 f3 c3 66 90 48 8b 05 51 51 2b 00 64 c7 00 [ 109.456661][ T7262] RSP: 002b:00007ffc07b339c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000005 [ 109.465058][ T7262] RAX: ffffffffffffffda RBX: 0000000001e5d450 RCX: 00007f28ce413cb4 [ 109.473012][ T7262] RDX: 00007ffc07b339d0 RSI: 00007ffc07b339d0 RDI: 0000000000000005 [ 109.481057][ T7262] RBP: 0000000000003fff R08: 0000000000000001 R09: 0000000000000000 [ 109.489012][ T7262] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 109.496968][ T7262] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc07b33f60 [ 109.506507][ T7262] Kernel Offset: disabled [ 109.511007][ T7262] Rebooting in 86400 seconds..