Warning: Permanently added '10.128.1.10' (ECDSA) to the list of known hosts. 2019/10/25 18:37:47 fuzzer started 2019/10/25 18:37:49 dialing manager at 10.128.0.105:33971 2019/10/25 18:37:49 syscalls: 2529 2019/10/25 18:37:49 code coverage: enabled 2019/10/25 18:37:49 comparison tracing: enabled 2019/10/25 18:37:49 extra coverage: extra coverage is not supported by the kernel 2019/10/25 18:37:49 setuid sandbox: enabled 2019/10/25 18:37:49 namespace sandbox: enabled 2019/10/25 18:37:49 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/25 18:37:49 fault injection: enabled 2019/10/25 18:37:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/25 18:37:49 net packet injection: enabled 2019/10/25 18:37:49 net device setup: enabled 2019/10/25 18:37:49 concurrency sanitizer: enabled [ 64.311420][ T7290] KCSAN: could not find function: 'poll_schedule_timeout' 2019/10/25 18:38:13 adding functions to KCSAN blacklist: 'ktime_get_real_seconds' 'queue_access_lock' 'ext4_mb_good_group' 'ext4_mark_iloc_dirty' 'n_tty_receive_buf_common' 'generic_permission' 'tick_do_update_jiffies64' 'wbt_done' 'rcu_gp_fqs_loop' 'add_timer' 'getboottime64' 'echo_char' 'ext4_free_inode' 'ext4_ext_insert_extent' 'list_lru_count_one' 'exit_signals' 'osq_lock' 'inode_permission' 'tcp_poll' 'task_dump_owner' '__filemap_fdatawrite_range' 'shmem_add_to_page_cache' 'mm_update_next_owner' 'sbitmap_queue_clear' 'process_srcu' 'run_timer_softirq' 'ext4_free_inodes_count' 'tcp_add_backlog' 'pipe_wait' '__add_to_page_cache_locked' 'do_syslog' '__tcp_select_window' 'generic_write_end' '__writeback_single_inode' 'find_next_bit' 'find_alive_thread' 'mod_timer' '__dev_queue_xmit' 'p9_poll_workfn' 'timer_clear_idle' '__nf_ct_refresh_acct' 'blk_mq_dispatch_rq_list' 'snapshot_refaults' 'sit_tunnel_xmit' 'snd_seq_check_queue' 'generic_fillattr' 'poll_schedule_timeout' 'ktime_get_seconds' 'tomoyo_supervisor' 'blk_mq_get_request' 'shmem_file_read_iter' '__mark_inode_dirty' '__skb_wait_for_more_packets' 'atime_needs_update' 'blk_mq_run_hw_queue' 'hrtimer_wakeup' 'find_get_pages_range_tag' 'ext4_nonda_switch' 'mem_cgroup_protected' 'pid_update_inode' 'taskstats_exit' 'xas_find_marked' 'virtqueue_get_buf_ctx' 'ext4_writepages' 'audit_log_start' 'tick_nohz_idle_stop_tick' 'do_exit' '__skb_try_recv_from_queue' 'kauditd_thread' '__alloc_file' 'futex_wait_queue_me' 'icmp_global_allow' 'ext4_setattr' 'mem_cgroup_select_victim_node' 'sk_wait_data' 'ip_finish_output2' 'evict' 'vti_tunnel_xmit' 'alloc_empty_file' '__hrtimer_run_queues' 'ext4_has_free_clusters' 'vm_area_dup' 'unix_notinflight' '__ext4_new_inode' 'page_counter_try_charge' 'pipe_poll' 'af_alg_sendmsg' 'shmem_getpage_gfp' 'packet_do_bind' 'tick_sched_do_timer' 'sk_stream_wait_memory' 'skb_queue_tail' 'rcu_gp_fqs_check_wake' 'update_defense_level' 'copy_process' 'commit_echoes' 'do_nanosleep' 'dd_has_work' 'pcpu_alloc' 'wbt_issue' 'mousedev_read' 'blk_mq_sched_dispatch_requests' 'ep_poll' 'datagram_poll' 'ipip_tunnel_xmit' 'kvm_arch_vcpu_load' 'bio_endio' '__snd_rawmidi_transmit_ack' 'padata_find_next' 18:42:45 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x20) syz_mount_image$nfs4(&(0x7f0000000040)='nfs4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x5, &(0x7f0000000380)=[{&(0x7f00000000c0)="24cbe20e957598675a33007ecd16e25ade40da810a10429ff8f280d7269a04936ff1a951e9efd4b103df04e5eb76b835cb39917533b6dd2d6c64a455d16071ef0c82db96f6cbadaca2eb30b5298b969a597a91bbd295a14e1d5896a46783ef5bf9f4aad3c5824d378d429e86ce9e2b060beb63d6990c601c5d16241cbb321d5748faf510be647b74e6456e161fba5df881535f97f2144e407b5e470cc53b50f1877385f934", 0xa5, 0x6}, {&(0x7f0000000180)="325b88f3eb26546b460ccaac46d57d04e329442f2814f14d44ad55e0c2592f3f6445", 0x22, 0x4}, {&(0x7f00000001c0)="de394aca0635096e3da09ea04a8cb8dbb3719ae29fc2cdfff5fca776ea8a4240627ec2dd5cc50ef7ddc430329b00529a72b5d10e46aee1bd24dbb918f864a5524c519c296a5e9313683575740e0aefaecc687693d98c3179df503af1d6bc1ede7c2f4d52e5f94e7b4c424f7ff2780ebc30e492a48bb0241292ac00c934e3dfe5df8ddbe8f7991f1f6cb011e699d9bead5677f7cfd013c50b3f84d63d77baf898516249cbd9744dcd5d0c759bb4a0bcca0c64be236ea8f1b53c4ab8be2ac52a504bbc957a766d", 0xc6, 0x1}, {&(0x7f00000002c0)="c5c3f2c555adad8edc205781a2f3744811834be1fe35a6e464ad9f5dbef78d1e243291f8483f07cc73ef3a3d8972fdc49b78f1ca408f269580b266", 0x3b, 0xabc}, {&(0x7f0000000300)="1586212c2ceb05ebefed5ba13feec33c6022df6d6ea8aee4462cbea2d6ad55962391956782ced79eb8bca7db18a386961def104e9f286cbdbba79c7cefd67dfeead20121203e4fa51056f3220417a95b8cb3793943a23a49a3221293b632a37662b96c1faae1b9", 0x67, 0x9}], 0x4000, &(0x7f0000000400)='usertrusted@vboxnet0cpuset^userwlan0\x00') poll(&(0x7f0000000440), 0x0, 0x3ff) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = syz_open_dev$mouse(&(0x7f0000000480)='/dev/input/mouse#\x00', 0x7fff, 0x200000) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000004c0)=r1, 0x4) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x62cc) r2 = accept4$netrom(r1, &(0x7f0000000500)={{}, [@netrom, @bcast, @netrom, @bcast, @remote, @bcast, @bcast, @bcast]}, &(0x7f0000000580)=0x48, 0x80000) getsockopt$netrom_NETROM_T1(r2, 0x103, 0x1, &(0x7f00000005c0), &(0x7f0000000600)=0x4) r3 = syz_open_dev$dmmidi(&(0x7f0000000640)='/dev/dmmidi#\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000680)={0x0}, &(0x7f00000006c0)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000700)={r4, 0x800}, &(0x7f0000000740)=0xc) r5 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000780)='/proc/capi/capi20\x00', 0xc1, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f00000007c0)={0x0, @in6={{0xa, 0x4e23, 0x7f, @rand_addr="30f966dfc65c535563468b0854836d7b", 0xffff}}, [0x6, 0x5, 0x8, 0xffffffffffff3d17, 0x9, 0x0, 0x20, 0x10000, 0x7ff, 0x4, 0x103, 0x748d, 0xffffffff, 0xffff, 0xa2f0]}, &(0x7f00000008c0)=0x100) setsockopt$inet_sctp_SCTP_ASSOCINFO(r5, 0x84, 0x1, &(0x7f0000000900)={r6, 0x5, 0x2, 0x9, 0x8, 0x101}, 0x14) setsockopt$inet_sctp_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000940)={r4, 0x100, 0xfff, 0xb639}, 0x10) syz_genetlink_get_family_id$fou(&(0x7f0000000980)='fou\x00') r7 = syz_open_dev$midi(&(0x7f00000009c0)='/dev/midi#\x00', 0x8a, 0x400) ioctl$KVM_PPC_GET_SMMU_INFO(r7, 0x8250aea6, &(0x7f0000000a00)=""/114) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x30, r5, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(r7, 0x541b, &(0x7f0000000a80)) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000ac0)={0x0, 0x80000}) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000b00)={0x0, 0x0}) ioctl$DRM_IOCTL_GEM_FLINK(r5, 0xc008640a, &(0x7f0000000b40)={r8, r9}) ioctl$EVIOCSKEYCODE(r7, 0x40084504, &(0x7f0000000b80)=[0x9, 0x7f]) keyctl$set_reqkey_keyring(0xe, 0x880c5c912988fe7e) r10 = syz_open_dev$audion(&(0x7f0000000bc0)='/dev/audio#\x00', 0x4, 0x10c00) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r10, 0x6, 0x1d, &(0x7f0000000c00), &(0x7f0000000c40)=0x14) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/ptmx\x00', 0x20040, 0x0) pipe2(&(0x7f0000000cc0)={0xffffffffffffffff}, 0xa800) ioctl$UI_SET_PROPBIT(r11, 0x4004556e, 0x7) [ 350.580816][ T7278] ================================================================== [ 350.589038][ T7278] BUG: KCSAN: data-race in tomoyo_check_acl / tomoyo_update_domain [ 350.596899][ T7278] [ 350.599203][ T7278] read to 0xffff88812b3bfad8 of 1 bytes by task 7276 on cpu 1: [ 350.606714][ T7278] tomoyo_check_acl+0x98/0x270 [ 350.611468][ T7278] tomoyo_path_number_perm+0x272/0x3c0 [ 350.616910][ T7278] tomoyo_path_mkdir+0x6e/0xa0 [ 350.621661][ T7278] security_path_mkdir+0xb8/0xf0 [ 350.626589][ T7278] do_mkdirat+0xef/0x1f0 [ 350.630801][ T7278] __x64_sys_mkdirat+0x4d/0x60 [ 350.635532][ T7278] do_syscall_64+0xcc/0x370 [ 350.640003][ T7278] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 350.645856][ T7278] [ 350.648157][ T7278] write to 0xffff88812b3bfad8 of 1 bytes by task 7278 on cpu 0: [ 350.655752][ T7278] tomoyo_update_domain+0x32f/0x450 [ 350.660917][ T7278] tomoyo_write_file+0x34e/0x580 [ 350.665819][ T7278] tomoyo_write_domain2+0xad/0x120 [ 350.670898][ T7278] tomoyo_supervisor+0xad7/0xd20 [ 350.675819][ T7278] tomoyo_path_permission+0x121/0x160 [ 350.681156][ T7278] tomoyo_path_perm+0x23e/0x390 [ 350.685985][ T7278] tomoyo_path_truncate+0x26/0x40 [ 350.690982][ T7278] security_path_truncate+0x9b/0xd0 [ 350.696151][ T7278] do_sys_ftruncate+0x27d/0x340 [ 350.700970][ T7278] __x64_sys_ftruncate+0x3f/0x50 [ 350.705895][ T7278] do_syscall_64+0xcc/0x370 [ 350.710364][ T7278] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 350.716217][ T7278] [ 350.718517][ T7278] Reported by Kernel Concurrency Sanitizer on: [ 350.724635][ T7278] CPU: 0 PID: 7278 Comm: syz-fuzzer Not tainted 5.4.0-rc3+ #0 [ 350.732052][ T7278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 350.742079][ T7278] ================================================================== [ 350.750120][ T7278] Kernel panic - not syncing: panic_on_warn set ... [ 350.756687][ T7278] CPU: 0 PID: 7278 Comm: syz-fuzzer Not tainted 5.4.0-rc3+ #0 [ 350.764107][ T7278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 350.774125][ T7278] Call Trace: [ 350.777388][ T7278] dump_stack+0xf5/0x159 [ 350.781600][ T7278] panic+0x210/0x640 [ 350.785464][ T7278] ? do_sys_ftruncate+0x27d/0x340 [ 350.790454][ T7278] ? vprintk_func+0x8d/0x140 [ 350.795013][ T7278] kcsan_report.cold+0xc/0x10 [ 350.799658][ T7278] __kcsan_setup_watchpoint+0x32e/0x4a0 [ 350.805175][ T7278] ? tomoyo_same_path_acl+0x80/0x80 [ 350.810343][ T7278] __tsan_write1+0x32/0x40 [ 350.814728][ T7278] tomoyo_update_domain+0x32f/0x450 [ 350.819896][ T7278] ? tomoyo_same_path_acl+0x80/0x80 [ 350.825072][ T7278] ? tomoyo_write_misc+0x190/0x190 [ 350.830153][ T7278] tomoyo_write_file+0x34e/0x580 [ 350.835064][ T7278] ? __tsan_write8+0x32/0x40 [ 350.839626][ T7278] tomoyo_write_domain2+0xad/0x120 [ 350.844705][ T7278] tomoyo_supervisor+0xad7/0xd20 [ 350.849611][ T7278] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 350.855296][ T7278] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 350.860907][ T7278] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 350.866507][ T7278] tomoyo_path_permission+0x121/0x160 [ 350.871848][ T7278] tomoyo_path_perm+0x23e/0x390 [ 350.876666][ T7278] ? __kcsan_setup_watchpoint+0x6b/0x4a0 [ 350.882299][ T7278] tomoyo_path_truncate+0x26/0x40 [ 350.887300][ T7278] security_path_truncate+0x9b/0xd0 [ 350.892466][ T7278] do_sys_ftruncate+0x27d/0x340 [ 350.897308][ T7278] __x64_sys_ftruncate+0x3f/0x50 [ 350.902236][ T7278] do_syscall_64+0xcc/0x370 [ 350.906720][ T7278] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 350.912587][ T7278] RIP: 0033:0x47c530 [ 350.916454][ T7278] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 350.936031][ T7278] RSP: 002b:000000c429c418f0 EFLAGS: 00000206 ORIG_RAX: 000000000000004d [ 350.944414][ T7278] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047c530 [ 350.952355][ T7278] RDX: 0000000000000000 RSI: 0000000000200000 RDI: 0000000000000007 [ 350.960294][ T7278] RBP: 000000c429c41938 R08: 0000000000000000 R09: 0000000000000000 [ 350.968239][ T7278] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000157 [ 350.976266][ T7278] R13: 0000000000000156 R14: 0000000000000200 R15: 0000000000000001 [ 350.985528][ T7278] Kernel Offset: disabled [ 350.989847][ T7278] Rebooting in 86400 seconds..