[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 23.594093][ T8406] bash (8406) used greatest stack depth: 9928 bytes left Warning: Permanently added '10.128.1.17' (ECDSA) to the list of known hosts. 2020/12/08 02:33:48 fuzzer started 2020/12/08 02:33:48 dialing manager at 10.128.0.105:43441 2020/12/08 02:33:48 syscalls: 3456 2020/12/08 02:33:48 code coverage: enabled 2020/12/08 02:33:48 comparison tracing: enabled 2020/12/08 02:33:48 extra coverage: enabled 2020/12/08 02:33:48 setuid sandbox: enabled 2020/12/08 02:33:48 namespace sandbox: enabled 2020/12/08 02:33:48 Android sandbox: /sys/fs/selinux/policy does not exist 2020/12/08 02:33:48 fault injection: enabled 2020/12/08 02:33:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/12/08 02:33:48 net packet injection: enabled 2020/12/08 02:33:48 net device setup: enabled 2020/12/08 02:33:48 concurrency sanitizer: enabled 2020/12/08 02:33:48 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/12/08 02:33:48 USB emulation: enabled 2020/12/08 02:33:48 hci packet injection: enabled 2020/12/08 02:33:48 wifi device emulation: enabled 2020/12/08 02:33:54 suppressing KCSAN reports in functions: 'ext4_mark_iloc_dirty' 'blk_mq_dispatch_rq_list' '__ext4_update_other_inode_time' '__io_cqring_fill_event' 'compaction_alloc' 'audit_log_start' 'sock_alloc_send_pskb' '__filemap_fdatawrite_range' 'mark_buffer_dirty_inode' '__mark_inode_dirty' '__sys_setsockopt' 'shmem_unlink' 'tick_nohz_next_event' 'kauditd_thread' 'pcpu_alloc' 'netlink_insert' 'futex_wait_queue_me' 'shmem_mknod' 'snd_rawmidi_poll' 'n_tty_receive_char_inline' 'find_get_pages_range_tag' 'generic_write_end' 'do_select' 'exit_mm' 'alloc_pid' '_prb_read_valid' 'ext4_free_inodes_count' 'complete_signal' 'isolate_migratepages_block' 'bpf_lru_pop_free' 'ext4_setattr' 'xas_clear_mark' '__find_get_block' 'snd_rawmidi_kernel_write1' 'blk_mq_rq_ctx_init' '__delete_from_page_cache' 'expire_timers' '__add_to_page_cache_locked' 'xas_find_marked' 'wbt_issue' 'ext4_writepages' 'lookup_fast' '__ext4_new_inode' '__xa_clear_mark' 'wg_packet_decrypt_worker' '__mod_timer' 'n_tty_receive_buf_common' 'ext4_free_inode' 'do_nanosleep' 'filemap_map_pages' 'io_sq_thread' 'userfaultfd_ioctl' 'dd_has_work' 'lru_add_drain_all' 'ondemand_readahead' 'do_signal_stop' 'ext4_mb_regular_allocator' 'generic_file_buffered_read' 'exit_signals' 'blk_mq_sched_dispatch_requests' 'do_sys_poll' 'ext4_mb_good_group' '__writeback_single_inode' 'delete_from_page_cache_batch' 02:35:36 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000300)='mounts\x00') preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000280)=""/76, 0xff0d}], 0x1, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x0, &(0x7f0000000280)) 02:35:36 executing program 1: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x0, 0x0) close(r0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x21, 0x0, &(0x7f0000000180)) 02:35:36 executing program 2: add_key$keyring(&(0x7f0000000180)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) request_key(&(0x7f0000000180)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000140)='\x00\x00\x00\x00\x00\xb7\x9d\x00\x00\x00', 0x0) 02:35:37 executing program 3: r0 = socket$netlink(0x10, 0x3, 0xa) sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x24, 0x0, 0x0, 0x0, 0x0, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x4}]}, 0x24}}, 0x0) 02:35:37 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x68, 0x0, 0x1, 0x40b, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_SEQ_ADJ_ORIG={0x4}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x68}}, 0x0) 02:35:37 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setfsuid(0xee00) r2 = openat$procfs(0xffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f0000002100)={0x2020}, 0x2020) [ 140.214508][ T1] ================================================================== [ 140.222625][ T1] BUG: KCSAN: data-race in do_task_stat / handle_mm_fault [ 140.229727][ T1] [ 140.232040][ T1] read-write to 0xffff888023ef8638 of 8 bytes by task 8472 on cpu 0: [ 140.240096][ T1] handle_mm_fault+0x1572/0x1770 [ 140.245016][ T1] do_user_addr_fault+0x33e/0x730 [ 140.250017][ T1] exc_page_fault+0x91/0x290 [ 140.254618][ T1] asm_exc_page_fault+0x1e/0x30 [ 140.259439][ T1] [ 140.261745][ T1] read to 0xffff888023ef8638 of 8 bytes by task 1 on cpu 1: [ 140.269057][ T1] do_task_stat+0x61d/0x1070 [ 140.273641][ T1] proc_tgid_stat+0x2f/0x40 [ 140.278124][ T1] proc_single_show+0x84/0x100 [ 140.282882][ T1] seq_read_iter+0x2ef/0x8e0 [ 140.287447][ T1] seq_read+0x221/0x260 [ 140.291575][ T1] vfs_read+0x154/0x5c0 [ 140.295718][ T1] ksys_read+0xce/0x180 [ 140.299845][ T1] __x64_sys_read+0x3e/0x50 [ 140.304322][ T1] do_syscall_64+0x39/0x80 [ 140.308711][ T1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 140.314570][ T1] [ 140.316870][ T1] Reported by Kernel Concurrency Sanitizer on: [ 140.323013][ T1] CPU: 1 PID: 1 Comm: systemd Not tainted 5.10.0-rc7-syzkaller #0 [ 140.330805][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 140.340847][ T1] ================================================================== [ 140.348883][ T1] Kernel panic - not syncing: panic_on_warn set ... [ 140.355442][ T1] CPU: 1 PID: 1 Comm: systemd Not tainted 5.10.0-rc7-syzkaller #0 [ 140.363229][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 140.373272][ T1] Call Trace: [ 140.376551][ T1] dump_stack+0x116/0x15d [ 140.380890][ T1] panic+0x1e7/0x5fa [ 140.384777][ T1] ? vprintk_emit+0x2f2/0x370 [ 140.389432][ T1] kcsan_report+0x67b/0x680 [ 140.393924][ T1] ? kcsan_setup_watchpoint+0x46a/0x4d0 [ 140.399455][ T1] ? do_task_stat+0x61d/0x1070 [ 140.404205][ T1] ? proc_tgid_stat+0x2f/0x40 [ 140.408855][ T1] ? proc_single_show+0x84/0x100 [ 140.413810][ T1] ? seq_read_iter+0x2ef/0x8e0 [ 140.418565][ T1] ? seq_read+0x221/0x260 [ 140.422892][ T1] ? vfs_read+0x154/0x5c0 [ 140.427202][ T1] ? ksys_read+0xce/0x180 [ 140.431520][ T1] ? __x64_sys_read+0x3e/0x50 [ 140.436174][ T1] ? do_syscall_64+0x39/0x80 [ 140.440766][ T1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 140.446812][ T1] ? rmqueue+0x100c/0x11d0 [ 140.451220][ T1] kcsan_setup_watchpoint+0x46a/0x4d0 [ 140.456596][ T1] do_task_stat+0x61d/0x1070 [ 140.461182][ T1] proc_tgid_stat+0x2f/0x40 [ 140.465660][ T1] proc_single_show+0x84/0x100 [ 140.470418][ T1] seq_read_iter+0x2ef/0x8e0 [ 140.474997][ T1] seq_read+0x221/0x260 [ 140.479131][ T1] ? seq_open+0xe0/0xe0 [ 140.483274][ T1] vfs_read+0x154/0x5c0 [ 140.487410][ T1] ? __fget_light+0xd0/0x260 [ 140.492216][ T1] ksys_read+0xce/0x180 [ 140.496479][ T1] __x64_sys_read+0x3e/0x50 [ 140.500964][ T1] do_syscall_64+0x39/0x80 [ 140.505365][ T1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 140.511234][ T1] RIP: 0033:0x7f9ed029a92d [ 140.515642][ T1] Code: 2d 2c 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 de 9b 01 00 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 27 9c 01 00 48 89 d0 48 83 c4 08 48 3d 01 [ 140.535237][ T1] RSP: 002b:00007ffc5576fa60 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 140.543639][ T1] RAX: ffffffffffffffda RBX: 000055ff65753a10 RCX: 00007f9ed029a92d [ 140.551687][ T1] RDX: 0000000000000400 RSI: 000055ff65754420 RDI: 0000000000000027 [ 140.559814][ T1] RBP: 0000000000000d68 R08: 00007f9ed0558f78 R09: 0000000000000410 [ 140.567768][ T1] R10: 00000000000003a0 R11: 0000000000000293 R12: 00007f9ed0555440 [ 140.575759][ T1] R13: 00007f9ed0554900 R14: 0000000000000143 R15: 000055ff65753a10 [ 141.647383][ T1] Shutting down cpus with NMI [ 141.652890][ T1] Kernel Offset: disabled [ 141.657230][ T1] Rebooting in 86400 seconds..