[ 46.042022][ T27] audit: type=1800 audit(1577095810.886:21): pid=7795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 46.091157][ T27] audit: type=1800 audit(1577095810.896:22): pid=7795 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[ 46.728220][ T7825] rsyslogd (7825) used greatest stack depth: 10136 bytes left [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. 2019/12/23 10:10:23 fuzzer started 2019/12/23 10:10:25 dialing manager at 10.128.0.105:38197 2019/12/23 10:10:25 syscalls: 2692 2019/12/23 10:10:25 code coverage: enabled 2019/12/23 10:10:25 comparison tracing: enabled 2019/12/23 10:10:25 extra coverage: enabled 2019/12/23 10:10:25 setuid sandbox: enabled 2019/12/23 10:10:25 namespace sandbox: enabled 2019/12/23 10:10:25 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/23 10:10:25 fault injection: enabled 2019/12/23 10:10:25 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/23 10:10:25 net packet injection: enabled 2019/12/23 10:10:25 net device setup: enabled 2019/12/23 10:10:25 concurrency sanitizer: enabled 2019/12/23 10:10:25 devlink PCI setup: PCI device 0000:00:10.0 is not available 2019/12/23 10:10:25 adding functions to KCSAN blacklist: '__hrtimer_run_queues' 'ep_poll' 'kauditd_thread' 10:10:27 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000000)='xfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={[{@inode64='inode64'}]}) 10:10:27 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf02, 0x0) syzkaller login: [ 62.738654][ T7966] IPVS: ftp: loaded support on port[0] = 21 [ 62.826489][ T7966] chnl_net:caif_netlink_parms(): no params data found [ 62.886577][ T7966] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.893928][ T7966] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.901827][ T7966] device bridge_slave_0 entered promiscuous mode [ 62.909731][ T7966] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.916868][ T7966] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.925150][ T7966] device bridge_slave_1 entered promiscuous mode [ 62.942459][ T7966] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.953443][ T7966] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.973144][ T7966] team0: Port device team_slave_0 added [ 62.980652][ T7966] team0: Port device team_slave_1 added 10:10:27 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x30, 0x32, 0x119, 0x0, 0x0, {0x2}, [@nested={0x4}, @nested={0x18, 0x1, [@typed={0x14, 0x10, @ipv6=@empty={[0x8, 0x0, 0xb]}}]}]}, 0x30}}, 0x0) [ 63.104413][ T7966] device hsr_slave_0 entered promiscuous mode [ 63.192572][ T7966] device hsr_slave_1 entered promiscuous mode 10:10:28 executing program 3: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000140)='./file0\x00', 0x0) write$P9_RREAD(r2, &(0x7f0000000180)=ANY=[], 0x0) fallocate(r2, 0x0, 0x40000, 0x4) fallocate(r1, 0x0, 0x0, 0x10fffe) fdatasync(r2) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xd000000, r2}) ioctl$KVM_GET_REGS(r2, 0x8090ae81, &(0x7f0000000000)) fcntl$setstatus(r0, 0x4, 0x2000) socket(0x5, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, 0x0, 0x103) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, 0x0) prctl$PR_GET_TSC(0x19, 0x0) [ 63.299203][ T7972] IPVS: ftp: loaded support on port[0] = 21 [ 63.309808][ T7970] IPVS: ftp: loaded support on port[0] = 21 [ 63.344137][ T7966] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.408916][ T7966] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.461142][ T7966] netdevsim netdevsim0 netdevsim2: renamed from eth2 10:10:28 executing program 4: r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000180), 0xc) [ 63.526109][ T7964] ================================================================== [ 63.534274][ T7964] BUG: KCSAN: data-race in tomoyo_supervisor / tomoyo_supervisor [ 63.541980][ T7964] [ 63.544319][ T7964] read to 0xffffffff863559a4 of 4 bytes by task 7953 on cpu 1: [ 63.551882][ T7964] tomoyo_supervisor+0x1b0/0xd20 [ 63.556835][ T7964] tomoyo_path_permission+0x121/0x160 [ 63.562220][ T7964] tomoyo_path_perm+0x23e/0x390 [ 63.567077][ T7964] tomoyo_path_truncate+0x26/0x40 [ 63.572115][ T7964] security_path_truncate+0x9b/0xd0 [ 63.577332][ T7964] do_sys_ftruncate+0x27d/0x340 [ 63.582204][ T7964] __x64_sys_ftruncate+0x3f/0x50 [ 63.587160][ T7964] do_syscall_64+0xcc/0x3a0 [ 63.591681][ T7964] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.597666][ T7964] [ 63.600011][ T7964] write to 0xffffffff863559a4 of 4 bytes by task 7964 on cpu 0: [ 63.607776][ T7964] tomoyo_supervisor+0x1c9/0xd20 [ 63.612732][ T7964] tomoyo_path_number_perm+0x323/0x3c0 [ 63.618189][ T7964] tomoyo_path_chmod+0x2f/0x40 [ 63.622966][ T7964] security_path_chmod+0xac/0xe0 [ 63.627904][ T7964] chmod_common+0xe0/0x2d0 [ 63.632325][ T7964] do_fchmodat+0x7a/0x100 [ 63.636656][ T7964] __x64_sys_fchmodat+0x4d/0x60 [ 63.641519][ T7964] do_syscall_64+0xcc/0x3a0 [ 63.646033][ T7964] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.651910][ T7964] [ 63.654243][ T7964] Reported by Kernel Concurrency Sanitizer on: [ 63.660407][ T7964] CPU: 0 PID: 7964 Comm: syz-fuzzer Not tainted 5.5.0-rc1-syzkaller #0 [ 63.668641][ T7964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.678694][ T7964] ================================================================== [ 63.686755][ T7964] Kernel panic - not syncing: panic_on_warn set ... [ 63.693368][ T7964] CPU: 0 PID: 7964 Comm: syz-fuzzer Not tainted 5.5.0-rc1-syzkaller #0 [ 63.701599][ T7964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.711873][ T7964] Call Trace: [ 63.715190][ T7964] dump_stack+0x11d/0x181 [ 63.719534][ T7964] panic+0x210/0x640 10:10:28 executing program 5: r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0x1279, &(0x7f0000000080)) [ 63.723439][ T7964] ? vprintk_func+0x8d/0x140 [ 63.728038][ T7964] kcsan_report.cold+0xc/0xd [ 63.732637][ T7964] kcsan_setup_watchpoint+0x3fe/0x460 [ 63.738017][ T7964] __tsan_unaligned_write4+0xc7/0x110 [ 63.743399][ T7964] tomoyo_supervisor+0x1c9/0xd20 [ 63.748368][ T7964] tomoyo_path_number_perm+0x323/0x3c0 [ 63.753852][ T7964] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 63.759853][ T7964] ? __read_once_size+0x5a/0xe0 [ 63.765062][ T7964] tomoyo_path_chmod+0x2f/0x40 [ 63.769825][ T7964] security_path_chmod+0xac/0xe0 [ 63.774773][ T7964] chmod_common+0xe0/0x2d0 [ 63.779204][ T7964] do_fchmodat+0x7a/0x100 [ 63.783546][ T7964] __x64_sys_fchmodat+0x4d/0x60 [ 63.788409][ T7964] do_syscall_64+0xcc/0x3a0 [ 63.792923][ T7964] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.798809][ T7964] RIP: 0033:0x47c5aa [ 63.802704][ T7964] Code: e8 7b 6b fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 63.822492][ T7964] RSP: 002b:000000c426ab79e0 EFLAGS: 00000206 ORIG_RAX: 000000000000010c [ 63.830924][ T7964] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047c5aa [ 63.838898][ T7964] RDX: 00000000000001ff RSI: 000000c420160600 RDI: ffffffffffffff9c [ 63.846868][ T7964] RBP: 000000c426ab7a58 R08: 0000000000000000 R09: 0000000000000000 [ 63.854924][ T7964] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffffff [ 63.862887][ T7964] R13: 0000000000000021 R14: 0000000000000020 R15: 00000000000000aa [ 63.872139][ T7964] Kernel Offset: disabled [ 63.876487][ T7964] Rebooting in 86400 seconds..