[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.225' (ECDSA) to the list of known hosts. 2020/06/13 05:54:18 fuzzer started 2020/06/13 05:54:19 dialing manager at 10.128.0.105:39701 2020/06/13 05:54:25 syscalls: 3085 2020/06/13 05:54:25 code coverage: enabled 2020/06/13 05:54:25 comparison tracing: enabled 2020/06/13 05:54:25 extra coverage: enabled 2020/06/13 05:54:25 setuid sandbox: enabled 2020/06/13 05:54:25 namespace sandbox: enabled 2020/06/13 05:54:25 Android sandbox: /sys/fs/selinux/policy does not exist 2020/06/13 05:54:25 fault injection: enabled 2020/06/13 05:54:25 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/06/13 05:54:25 net packet injection: enabled 2020/06/13 05:54:25 net device setup: enabled 2020/06/13 05:54:25 concurrency sanitizer: enabled 2020/06/13 05:54:25 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/06/13 05:54:25 USB emulation: enabled syzkaller login: [ 58.771248][ T8911] KCSAN: could not find function: '_find_next_bit' 2020/06/13 05:54:28 adding functions to KCSAN blacklist: 'alloc_pid' 'echo_char' '_find_next_bit' 'xas_clear_mark' 'tick_nohz_idle_stop_tick' '__ext4_new_inode' 'copy_process' 'tick_nohz_next_event' 'generic_write_end' 'ext4_free_inodes_count' 'do_nanosleep' '__snd_rawmidi_transmit_ack' 'page_counter_charge' 'pcpu_alloc' 'generic_fillattr' 'do_syslog' 'find_get_pages_range_tag' '__send_signal' 'blk_mq_sched_dispatch_requests' 'blk_mq_get_request' 'run_timer_softirq' 'futex_wait_queue_me' 'kauditd_thread' 'fasync_remove_entry' 'io_sq_thread' 'file_update_time' 'ep_poll' 'add_timer' [ 131.581965][ C1] ================================================================== [ 131.590083][ C1] BUG: KCSAN: data-race in tick_sched_do_timer / tick_sched_do_timer [ 131.598410][ C1] [ 131.600719][ C1] write to 0xffffffff8764e210 of 4 bytes by interrupt on cpu 0: [ 131.608341][ C1] tick_sched_do_timer+0xb4/0xd0 [ 131.613289][ C1] tick_sched_timer+0x3f/0xd0 [ 131.617954][ C1] __hrtimer_run_queues+0x271/0x600 [ 131.623158][ C1] hrtimer_interrupt+0x226/0x490 [ 131.628102][ C1] smp_apic_timer_interrupt+0xd8/0x270 [ 131.633532][ C1] apic_timer_interrupt+0xf/0x20 [ 131.638440][ C1] _raw_spin_unlock_irq+0x4b/0x80 [ 131.643614][ C1] finish_task_switch+0x7b/0x260 [ 131.648525][ C1] __schedule+0x30f/0x6b0 [ 131.652829][ C1] schedule_idle+0x23/0x30 [ 131.657226][ C1] do_idle+0xc4/0x290 [ 131.661193][ C1] cpu_startup_entry+0x14/0x20 [ 131.665939][ C1] rest_init+0xe4/0xeb [ 131.669993][ C1] arch_call_rest_init+0x13/0x2b [ 131.674914][ C1] start_kernel+0x7fe/0x823 [ 131.679397][ C1] secondary_startup_64+0xa4/0xb0 [ 131.684394][ C1] [ 131.686698][ C1] read to 0xffffffff8764e210 of 4 bytes by interrupt on cpu 1: [ 131.695089][ C1] tick_sched_do_timer+0x2e/0xd0 [ 131.700001][ C1] tick_sched_timer+0x3f/0xd0 [ 131.704650][ C1] __hrtimer_run_queues+0x271/0x600 [ 131.709830][ C1] hrtimer_interrupt+0x226/0x490 [ 131.714754][ C1] smp_apic_timer_interrupt+0xd8/0x270 [ 131.720242][ C1] apic_timer_interrupt+0xf/0x20 [ 131.725172][ C1] __check_object_size+0xf/0x337 [ 131.730187][ C1] simple_copy_to_iter+0x48/0x80 [ 131.735127][ C1] __skb_datagram_iter+0x23f/0x470 [ 131.740217][ C1] skb_copy_datagram_iter+0x65/0x160 [ 131.745502][ C1] tcp_recvmsg+0x109e/0x1ba0 [ 131.750067][ C1] inet_recvmsg+0xc1/0x250 [ 131.754542][ C1] sock_recvmsg+0x8e/0xb0 [ 131.758859][ C1] sock_read_iter+0x185/0x230 [ 131.763524][ C1] new_sync_read+0x416/0x450 [ 131.768135][ C1] __vfs_read+0x9e/0xb0 [ 131.772297][ C1] vfs_read+0x13e/0x2b0 [ 131.776950][ C1] ksys_read+0x16a/0x1a0 [ 131.781169][ C1] __x64_sys_read+0x49/0x60 [ 131.785665][ C1] do_syscall_64+0xc7/0x3b0 [ 131.790151][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 131.796008][ C1] [ 131.798306][ C1] Reported by Kernel Concurrency Sanitizer on: [ 131.804434][ C1] CPU: 1 PID: 8901 Comm: syz-fuzzer Not tainted 5.7.0-rc1-syzkaller #0 [ 131.812642][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 131.822668][ C1] ================================================================== [ 131.830724][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 131.837316][ C1] CPU: 1 PID: 8901 Comm: syz-fuzzer Not tainted 5.7.0-rc1-syzkaller #0 [ 131.845624][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 131.855650][ C1] Call Trace: [ 131.858931][ C1] [ 131.861765][ C1] dump_stack+0x11d/0x187 [ 131.866075][ C1] panic+0x210/0x640 [ 131.869962][ C1] ? vprintk_func+0x89/0x13a [ 131.875060][ C1] kcsan_report.cold+0xc/0x1a [ 131.879739][ C1] kcsan_setup_watchpoint+0x3fb/0x440 [ 131.885092][ C1] tick_sched_do_timer+0x2e/0xd0 [ 131.890006][ C1] tick_sched_timer+0x3f/0xd0 [ 131.895547][ C1] __hrtimer_run_queues+0x271/0x600 [ 131.900747][ C1] ? tick_sched_do_timer+0xd0/0xd0 [ 131.905846][ C1] hrtimer_interrupt+0x226/0x490 [ 131.911086][ C1] ? kvm_clock_read+0x14/0x30 [ 131.916039][ C1] smp_apic_timer_interrupt+0xd8/0x270 [ 131.921588][ C1] apic_timer_interrupt+0xf/0x20 [ 131.926623][ C1] [ 131.929575][ C1] RIP: 0010:__check_object_size+0xf/0x337 [ 131.935296][ C1] Code: e9 34 ff ff ff 48 c7 c5 17 71 fb 86 49 89 ee 49 89 e8 e9 69 ff ff ff 0f 1f 40 00 41 57 41 56 41 55 41 54 49 89 fc 55 89 d5 53 <48> 89 f3 48 83 ec 20 65 48 8b 04 25 28 00 00 00 48 89 44 24 18 31 [ 131.954895][ C1] RSP: 0018:ffffc90000e0ba30 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 [ 131.963288][ C1] RAX: ffff88812af4e040 RBX: 000000000000003e RCX: ffffffff84d9910a [ 131.971326][ C1] RDX: 0000000000000001 RSI: 000000000000003e RDI: ffff88811e6b6882 [ 131.979275][ C1] RBP: 0000000000000001 R08: ffff88812af4e040 R09: 000088811e6b6b0c [ 131.987243][ C1] R10: 000088811e6b6ac2 R11: 000088811e6b6b0f R12: ffff88811e6b6882 [ 131.995289][ C1] R13: ffffc90000e0bd08 R14: 00000000000000f0 R15: 0000000000000001 [ 132.003249][ C1] ? simple_copy_to_iter+0x2a/0x80 [ 132.008351][ C1] simple_copy_to_iter+0x48/0x80 [ 132.013305][ C1] __skb_datagram_iter+0x23f/0x470 [ 132.018397][ C1] ? skb_copy_datagram_iter+0x160/0x160 [ 132.023920][ C1] skb_copy_datagram_iter+0x65/0x160 [ 132.029187][ C1] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 132.035053][ C1] tcp_recvmsg+0x109e/0x1ba0 [ 132.039627][ C1] inet_recvmsg+0xc1/0x250 [ 132.044023][ C1] ? apparmor_socket_recvmsg+0x38/0x40 [ 132.049469][ C1] ? inet_sendpage+0xf0/0xf0 [ 132.054035][ C1] sock_recvmsg+0x8e/0xb0 [ 132.058350][ C1] sock_read_iter+0x185/0x230 [ 132.063183][ C1] new_sync_read+0x416/0x450 [ 132.067757][ C1] __vfs_read+0x9e/0xb0 [ 132.071895][ C1] vfs_read+0x13e/0x2b0 [ 132.076024][ C1] ksys_read+0x16a/0x1a0 [ 132.080253][ C1] __x64_sys_read+0x49/0x60 [ 132.084740][ C1] do_syscall_64+0xc7/0x3b0 [ 132.089219][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 132.095320][ C1] RIP: 0033:0x4b3cdb [ 132.099255][ C1] Code: ff e9 69 ff ff ff cc cc cc cc cc cc cc cc cc e8 bb a1 f8 ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 132.121659][ C1] RSP: 002b:000000c000221880 EFLAGS: 00000206 ORIG_RAX: 0000000000000000 [ 132.130228][ C1] RAX: ffffffffffffffda RBX: 000000c00002e800 RCX: 00000000004b3cdb [ 132.138795][ C1] RDX: 0000000000001000 RSI: 000000c00034c000 RDI: 0000000000000006 [ 132.149709][ C1] RBP: 000000c0002218d0 R08: 0000000000000001 R09: 0000000000000002 [ 132.158194][ C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003 [ 132.166462][ C1] R13: 000000c000001500 R14: 0000000000000008 R15: 0000000000000004 [ 132.176156][ C1] Kernel Offset: disabled [ 132.181805][ C1] Rebooting in 86400 seconds..