I0814 21:07:00.349910   40661 x:0] ***************************
I0814 21:07:00.350161   40661 x:0] Args: [/syzkaller/managers/ptrace-proxy-sandbox-race/current/image -root /syzkaller/managers/ptrace-proxy-sandbox-race/workdir/gvisor_root -watchdog-action=panic -network=none -platform=ptrace -file-access=proxy -network=sandbox exec -user=0:0 -cap CAP_CHOWN -cap CAP_DAC_OVERRIDE -cap CAP_DAC_READ_SEARCH -cap CAP_FOWNER -cap CAP_FSETID -cap CAP_KILL -cap CAP_SETGID -cap CAP_SETUID -cap CAP_SETPCAP -cap CAP_LINUX_IMMUTABLE -cap CAP_NET_BIND_SERVICE -cap CAP_NET_BROADCAST -cap CAP_NET_ADMIN -cap CAP_NET_RAW -cap CAP_IPC_LOCK -cap CAP_IPC_OWNER -cap CAP_SYS_MODULE -cap CAP_SYS_RAWIO -cap CAP_SYS_CHROOT -cap CAP_SYS_PTRACE -cap CAP_SYS_PACCT -cap CAP_SYS_ADMIN -cap CAP_SYS_BOOT -cap CAP_SYS_NICE -cap CAP_SYS_RESOURCE -cap CAP_SYS_TIME -cap CAP_SYS_TTY_CONFIG -cap CAP_MKNOD -cap CAP_LEASE -cap CAP_AUDIT_WRITE -cap CAP_AUDIT_CONTROL -cap CAP_SETFCAP -cap CAP_MAC_OVERRIDE -cap CAP_MAC_ADMIN -cap CAP_SYSLOG -cap CAP_WAKE_ALARM -cap CAP_BLOCK_SUSPEND -cap CAP_AUDIT_READ ci-gvisor-ptrace-proxy-sandbox-race-1 /syz-fuzzer -executor=/syz-executor -name=vm-1 -arch=amd64 -manager=stdin -sandbox=none -procs=4 -v=0 -cover=false -debug=false -test=false -runtest=false]
I0814 21:07:00.350538   40661 x:0] Git Revision: e4ce26c8b9b168294179f1873e710123bd7e7827
I0814 21:07:00.350654   40661 x:0] PID: 40661
I0814 21:07:00.350750   40661 x:0] UID: 0, GID: 0
I0814 21:07:00.350827   40661 x:0] Configuration:
I0814 21:07:00.350889   40661 x:0] 		RootDir: /syzkaller/managers/ptrace-proxy-sandbox-race/workdir/gvisor_root
I0814 21:07:00.350969   40661 x:0] 		Platform: ptrace
I0814 21:07:00.351094   40661 x:0] 		FileAccess: proxy, overlay: false
I0814 21:07:00.351227   40661 x:0] 		Network: sandbox, logging: false
I0814 21:07:00.351345   40661 x:0] 		Strace: false, max size: 1024, syscalls: []
I0814 21:07:00.351461   40661 x:0] ***************************
I0814 21:07:00.378216   40460 x:0] EXEC: [/syz-fuzzer -executor=/syz-executor -name=vm-1 -arch=amd64 -manager=stdin -sandbox=none -procs=4 -v=0 -cover=false -debug=false -test=false -runtest=false]
2018/08/14 21:07:00 fuzzer started
2018/08/14 21:07:03 dialing manager at stdin
2018/08/14 21:07:04 syscalls: 1
2018/08/14 21:07:04 code coverage: debugfs is not enabled or not mounted
2018/08/14 21:07:04 comparison tracing: debugfs is not enabled or not mounted
2018/08/14 21:07:04 setuid sandbox: enabled
2018/08/14 21:07:04 namespace sandbox: enabled
2018/08/14 21:07:04 fault injection: CONFIG_FAULT_INJECTION is not enabled
2018/08/14 21:07:04 leak checking: debugfs is not enabled or not mounted
2018/08/14 21:07:04 net packed injection: /dev/net/tun does not exist
2018/08/14 21:07:04 net device setup: ip command is not found
I0814 21:07:44.233405   40460 x:0] Watchdog starting loop, tasks: 89, discount: 0s
I0814 21:08:29.234699   40460 x:0] Watchdog starting loop, tasks: 92, discount: 0s
21:09:03 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
sendto$inet(r0, &(0x7f0000000000)='m', 0x1, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6)

21:09:03 executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
r1 = socket$inet6(0xa, 0x801, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6)

21:09:03 executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000000)={'syzkaller1\x00', {0x2, 0x0, @loopback}})
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6)

21:09:03 executing program 3:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net\x00', 0x200002, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0)
ftruncate(r1, 0x2008200)
lseek(r1, 0x0, 0x4)

21:09:04 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
r1 = socket(0x40000000015, 0x805, 0x0)
getsockopt(r1, 0x114, 0x2718, &(0x7f0000af0fe7)=""/13, &(0x7f0000000340)=0x4c)

21:09:04 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070")
set_mempolicy(0x0, &(0x7f0000000040), 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')

21:09:04 executing program 2:
r0 = socket(0x11, 0x803, 0x300)
recvmmsg(0xffffffffffffffff, &(0x7f0000005540)=[{{&(0x7f0000003ac0)=@hci, 0x80, &(0x7f0000004fc0)=[{&(0x7f0000003b40)=""/108, 0x6c}, {&(0x7f0000004f40)=""/83, 0x53}], 0x2, &(0x7f0000005040)=""/30, 0x1e}}], 0x1, 0x0, &(0x7f0000005740))
r1 = socket$inet(0x2, 0x80003, 0x2000000080)
sendto$inet(r1, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000080), 0x10)
recvmmsg(r0, &(0x7f0000002e00), 0x40000000000014d, 0x22, 0x0)

21:09:04 executing program 3:
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x40002, 0x0)
write$binfmt_elf32(r0, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x58)
write$P9_RUNLINKAT(r0, &(0x7f0000000140)={0x7}, 0xfea8)

21:09:05 executing program 0:
r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xe78f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
read(r0, &(0x7f0000000040)=""/214, 0xd6)

21:09:05 executing program 1:
perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x857, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f000000d000)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, 0x1c)
r1 = socket(0x10, 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/udp6\x00')
sendfile(r1, r2, &(0x7f0000000040), 0x80000002)

21:09:05 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x100008912, &(0x7f0000000100)="025cc80700145f8f764070")
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000700), &(0x7f0000000740)=0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={"76657468300000000000000000000001"})
sendmsg$nl_route(r1, &(0x7f0000000580)={&(0x7f0000000500), 0xc, &(0x7f0000000540)={&(0x7f00000015c0)=@ipv4_newroute={0x2c, 0x18, 0x331, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x2}, [@RTA_OIF={0x8}, @RTA_PREFSRC={0x8, 0x7, @dev}]}, 0x2c}}, 0x0)
ftruncate(0xffffffffffffffff, 0x0)

21:09:05 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x8000080101, 0x0)
write$binfmt_aout(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="04"], 0x1)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
r1 = syz_open_pts(r0, 0x0)
read(r1, &(0x7f0000000100)=""/19, 0x13)

21:09:06 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000008880)={&(0x7f00000088c0), 0xc, &(0x7f0000001880)={&(0x7f00000004c0)=@setlink={0x30, 0x13, 0x105, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_XDP={0x10, 0x2b, [@nested={0xc, 0x1, [@typed={0x8, 0xffffff7f, @fd}]}]}]}, 0x30}}, 0x0)

21:09:06 executing program 1:
clone(0x200, &(0x7f00000000c0), &(0x7f0000000000), &(0x7f0000fef000), &(0x7f0000000000))
mknod(&(0x7f0000001380)='./file0\x00', 0x1040, 0x0)
execve(&(0x7f0000ee6ff8)='./file0\x00', &(0x7f00000000c0), &(0x7f0000775000))
pipe(&(0x7f0000000240))
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='io\x00')
pread64(r0, &(0x7f00009f3000), 0x0, 0x0)
lseek(r0, 0x0, 0x0)
open$dir(&(0x7f00000001c0)='./file0\x00', 0x27e, 0x0)

21:09:06 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000001c0)="637075263f0399ffd300000000000000000000000000000016c9edb2e4395a70419cc9adffacc4891b70ede1421eb97662076695e9e6a7d2747fed5c2d37319104b1bb2c6ecf22b41f6ea555f383e0f198c966853c33154ae7fc2bec1ca828fbab2415c41bd949388fae77558325738e1d0f429e1c7002f24c170eca5bb7828b0af333f5ecf1510c361226be4752e956be2449379533632ff0cf47025af78b9580e4a384b96ad6bf94292d94fda0a086ed82d5ff19cf115c6e0d235ad1ab62d0")

I0814 21:09:06.846530   40460 x:0] [ 163] ./file0 is not regular: {pipe 9 81 4096 0 0}
I0814 21:09:06.846692   40460 x:0] [ 163] Error opening ./file0: permission denied
I0814 21:09:06.846759   40460 x:0] [ 163] Failed to load ./file0: permission denied
==================
WARNING: DATA RACE
Read at 0x00c4202756b8 by goroutine 430:
  gvisor.googlesource.com/gvisor/pkg/waiter.(*Entry).Prev()
      bazel-out/k8-fastbuild/bin/pkg/ilist/interface_list.go:159 +0x4c
  gvisor.googlesource.com/gvisor/pkg/ilist.(*List).Remove()
      bazel-out/k8-fastbuild/bin/pkg/ilist/interface_list.go:126 +0x42
  gvisor.googlesource.com/gvisor/pkg/waiter.(*Queue).EventUnregister()
      pkg/waiter/waiter.go:179 +0x67
  gvisor.googlesource.com/gvisor/pkg/sentry/fs/tty.(*slaveFileOperations).EventUnregister()
      pkg/sentry/fs/tty/slave.go:118 +0x96
  gvisor.googlesource.com/gvisor/pkg/sentry/fs.(*File).EventUnregister()
      pkg/sentry/fs/file.go:182 +0x60
  gvisor.googlesource.com/gvisor/pkg/sentry/syscalls/linux.readv()
      pkg/sentry/syscalls/linux/sys_read.go:223 +0x5e1
  gvisor.googlesource.com/gvisor/pkg/sentry/syscalls/linux.Read()
      pkg/sentry/syscalls/linux/sys_read.go:67 +0x295
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:162 +0x14e
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:280 +0x7d
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:241 +0xc3
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:216 +0x19e
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:219 +0x1501
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:95 +0x264

Previous write at 0x00c4202756b8 by goroutine 488:
  gvisor.googlesource.com/gvisor/pkg/waiter.(*Entry).SetPrev()
      bazel-out/k8-fastbuild/bin/pkg/ilist/interface_list.go:169 +0x50
  gvisor.googlesource.com/gvisor/pkg/ilist.(*List).Remove()
      bazel-out/k8-fastbuild/bin/pkg/ilist/interface_list.go:136 +0xc8
  gvisor.googlesource.com/gvisor/pkg/waiter.(*Queue).EventUnregister()
      pkg/waiter/waiter.go:179 +0x67
  gvisor.googlesource.com/gvisor/pkg/sentry/fs/tty.(*slaveFileOperations).EventUnregister()
      pkg/sentry/fs/tty/slave.go:119 +0xfb
  gvisor.googlesource.com/gvisor/pkg/sentry/fs.(*File).EventUnregister()
      pkg/sentry/fs/file.go:182 +0x60
  gvisor.googlesource.com/gvisor/pkg/sentry/syscalls/linux.readv()
      pkg/sentry/syscalls/linux/sys_read.go:223 +0x5e1
  gvisor.googlesource.com/gvisor/pkg/sentry/syscalls/linux.Read()
      pkg/sentry/syscalls/linux/sys_read.go:67 +0x295
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:162 +0x14e
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:280 +0x7d
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:241 +0xc3
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:216 +0x19e
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:219 +0x1501
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:95 +0x264

Goroutine 430 (running) created at:
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).Start()
      pkg/sentry/kernel/task_start.go:258 +0x193
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).Clone()
      pkg/sentry/kernel/task_clone.go:319 +0x10f1
  gvisor.googlesource.com/gvisor/pkg/sentry/syscalls/linux.clone()
      pkg/sentry/syscalls/linux/sys_thread.go:157 +0x22e
  gvisor.googlesource.com/gvisor/pkg/sentry/syscalls/linux.Clone()
      pkg/sentry/syscalls/linux/sys_thread.go:171 +0x80
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:162 +0x14e
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:280 +0x7d
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:241 +0xc3
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:216 +0x19e
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:219 +0x1501
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:95 +0x264

Goroutine 488 (running) created at:
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).Start()
      pkg/sentry/kernel/task_start.go:258 +0x193
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).Clone()
      pkg/sentry/kernel/task_clone.go:319 +0x10f1
  gvisor.googlesource.com/gvisor/pkg/sentry/syscalls/linux.clone()
      pkg/sentry/syscalls/linux/sys_thread.go:157 +0x22e
  gvisor.googlesource.com/gvisor/pkg/sentry/syscalls/linux.Clone()
      pkg/sentry/syscalls/linux/sys_thread.go:171 +0x80
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).executeSyscall()
      pkg/sentry/kernel/task_syscall.go:162 +0x14e
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscallInvoke()
      pkg/sentry/kernel/task_syscall.go:280 +0x7d
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscallEnter()
      pkg/sentry/kernel/task_syscall.go:241 +0xc3
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).doSyscall()
      pkg/sentry/kernel/task_syscall.go:216 +0x19e
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*runApp).execute()
      pkg/sentry/kernel/task_run.go:219 +0x1501
  gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).run()
      pkg/sentry/kernel/task_run.go:95 +0x264
==================
W0814 21:09:07.057484   40661 x:0] FATAL ERROR: error getting processes for container: error executing in sandbox: urpc method "containerManager.Execute" failed: EOF
error getting processes for container: error executing in sandbox: urpc method "containerManager.Execute" failed: EOF
W0814 21:09:07.063882   40453 x:0] FATAL ERROR: error running container: error waiting on container "ci-gvisor-ptrace-proxy-sandbox-race-1": urpc method "containerManager.Wait" failed: EOF
error running container: error waiting on container "ci-gvisor-ptrace-proxy-sandbox-race-1": urpc method "containerManager.Wait" failed: EOF