[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 44.417827][ T8873] sshd (8873) used greatest stack depth: 10888 bytes left Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts. 2020/05/26 19:04:36 fuzzer started 2020/05/26 19:04:37 dialing manager at 10.128.0.105:37123 2020/05/26 19:04:48 syscalls: 3055 2020/05/26 19:04:48 code coverage: enabled 2020/05/26 19:04:48 comparison tracing: enabled 2020/05/26 19:04:48 extra coverage: enabled 2020/05/26 19:04:48 setuid sandbox: enabled 2020/05/26 19:04:48 namespace sandbox: enabled 2020/05/26 19:04:48 Android sandbox: /sys/fs/selinux/policy does not exist 2020/05/26 19:04:48 fault injection: enabled 2020/05/26 19:04:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/05/26 19:04:48 net packet injection: enabled 2020/05/26 19:04:48 net device setup: enabled 2020/05/26 19:04:48 concurrency sanitizer: enabled 2020/05/26 19:04:48 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/05/26 19:04:48 USB emulation: enabled [ 64.293604][ T8918] KCSAN: could not find function: '_find_next_bit' 2020/05/26 19:04:51 adding functions to KCSAN blacklist: 'xas_clear_mark' 'dd_has_work' 'add_timer' 'tick_nohz_idle_stop_tick' 'blk_mq_sched_dispatch_requests' 'atime_needs_update' 'find_get_pages_range_tag' 'blk_mq_dispatch_rq_list' 'generic_write_end' '__mpage_writepage' 'do_nanosleep' 'hrtimer_interrupt' '_find_next_bit' '__add_to_page_cache_locked' 'run_timer_softirq' 'ext4_mark_iloc_dirty' 'page_counter_charge' 'copy_process' 'ep_poll' 'do_signal_stop' 'generic_fillattr' '__ext4_new_inode' 'mod_timer' 'echo_char' 'ext4_free_inodes_count' 'blk_mq_get_request' [ 157.653410][ C1] ================================================================== [ 157.661527][ C1] BUG: KCSAN: data-race in tick_sched_do_timer / tick_sched_do_timer [ 157.669622][ C1] [ 157.671971][ C1] write to 0xffffffff8764e210 of 4 bytes by interrupt on cpu 0: [ 157.679751][ C1] tick_sched_do_timer+0xb4/0xd0 [ 157.684700][ C1] tick_sched_timer+0x3f/0xd0 [ 157.689698][ C1] __hrtimer_run_queues+0x271/0x600 [ 157.694868][ C1] hrtimer_interrupt+0x226/0x490 [ 157.699781][ C1] smp_apic_timer_interrupt+0xd8/0x270 [ 157.705213][ C1] apic_timer_interrupt+0xf/0x20 [ 157.710141][ C1] __sanitizer_cov_trace_pc+0x9/0x50 [ 157.715415][ C1] __netif_receive_skb_list_core+0x2ec/0x5c0 [ 157.721370][ C1] netif_receive_skb_list_internal+0x5c7/0x810 [ 157.727497][ C1] gro_normal_list.part.0+0x37/0xa0 [ 157.732678][ C1] napi_complete_done+0x1d3/0x3a0 [ 157.737693][ C1] virtqueue_napi_complete+0x36/0xa0 [ 157.742963][ C1] virtnet_poll+0x771/0x790 [ 157.747444][ C1] net_rx_action+0x3ad/0xac0 [ 157.752021][ C1] __do_softirq+0x118/0x34a [ 157.757018][ C1] run_ksoftirqd+0x41/0x60 [ 157.761410][ C1] smpboot_thread_fn+0x374/0x4a0 [ 157.766331][ C1] kthread+0x203/0x230 [ 157.770372][ C1] ret_from_fork+0x1f/0x30 [ 157.774761][ C1] [ 157.777072][ C1] read to 0xffffffff8764e210 of 4 bytes by interrupt on cpu 1: [ 157.784596][ C1] tick_sched_do_timer+0x2e/0xd0 [ 157.789562][ C1] tick_sched_timer+0x3f/0xd0 [ 157.794214][ C1] __hrtimer_run_queues+0x271/0x600 [ 157.799397][ C1] hrtimer_interrupt+0x226/0x490 [ 157.806485][ C1] smp_apic_timer_interrupt+0xd8/0x270 [ 157.811937][ C1] apic_timer_interrupt+0xf/0x20 [ 157.816850][ C1] virtqueue_enable_cb_prepare+0x162/0x2a0 [ 157.822663][ C1] virtqueue_napi_complete+0x28/0xa0 [ 157.827921][ C1] virtnet_poll_tx+0x152/0x1c0 [ 157.832660][ C1] net_rx_action+0x3ad/0xac0 [ 157.837224][ C1] __do_softirq+0x118/0x34a [ 157.841700][ C1] irq_exit+0xb5/0xd0 [ 157.845655][ C1] do_IRQ+0x7b/0x120 [ 157.849522][ C1] ret_from_intr+0x0/0x21 [ 157.853817][ C1] [ 157.856129][ C1] Reported by Kernel Concurrency Sanitizer on: [ 157.862965][ C1] CPU: 1 PID: 8908 Comm: syz-fuzzer Not tainted 5.7.0-rc1-syzkaller #0 [ 157.871172][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 157.881200][ C1] ================================================================== [ 157.889233][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 157.895796][ C1] CPU: 1 PID: 8908 Comm: syz-fuzzer Not tainted 5.7.0-rc1-syzkaller #0 [ 157.904001][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 157.914049][ C1] Call Trace: [ 157.917307][ C1] [ 157.920143][ C1] dump_stack+0x11d/0x187 [ 157.924456][ C1] panic+0x210/0x640 [ 157.928339][ C1] ? vprintk_func+0x89/0x13a [ 157.932904][ C1] kcsan_report.cold+0xc/0x1a [ 157.937561][ C1] kcsan_setup_watchpoint+0x3fb/0x440 [ 157.942915][ C1] tick_sched_do_timer+0x2e/0xd0 [ 157.947841][ C1] tick_sched_timer+0x3f/0xd0 [ 157.952493][ C1] __hrtimer_run_queues+0x271/0x600 [ 157.957667][ C1] ? tick_sched_do_timer+0xd0/0xd0 [ 157.962771][ C1] hrtimer_interrupt+0x226/0x490 [ 157.967701][ C1] ? kvm_clock_read+0x14/0x30 [ 157.972370][ C1] smp_apic_timer_interrupt+0xd8/0x270 [ 157.977893][ C1] ? skb_free_head+0x6a/0x80 [ 157.982501][ C1] apic_timer_interrupt+0xf/0x20 [ 157.987460][ C1] RIP: 0010:virtqueue_enable_cb_prepare+0x162/0x2a0 [ 157.994028][ C1] Code: a4 fe 44 0f b7 73 70 4c 89 ff e8 89 60 a4 fe 31 ff 48 8b 6b 60 45 89 f4 41 83 e4 01 44 89 e6 e8 44 38 96 fe 66 45 85 e4 75 4b e9 36 96 fe 48 8d 7b 48 e8 20 5c a4 fe 48 8d 7b 50 44 0f b7 63 [ 158.013615][ C1] RSP: 0000:ffffc90000d08e18 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13 [ 158.022006][ C1] RAX: 0000000080000100 RBX: ffff888128df9540 RCX: ffffffff82b0674b [ 158.029967][ C1] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000001 [ 158.037916][ C1] RBP: ffff88821a090000 R08: ffff888129d22080 R09: 0000888128df95a0 [ 158.045875][ C1] R10: 0000888128df957d R11: 0000888128df95b1 R12: 0000000000000001 [ 158.053905][ C1] R13: ffff888128df95b0 R14: 0000000000000000 R15: ffff888128df95a0 [ 158.061873][ C1] ? apic_timer_interrupt+0xa/0x20 [ 158.066975][ C1] ? virtqueue_enable_cb_prepare+0x1db/0x2a0 [ 158.072931][ C1] ? virtqueue_enable_cb_prepare+0x1db/0x2a0 [ 158.078898][ C1] virtqueue_napi_complete+0x28/0xa0 [ 158.084157][ C1] virtnet_poll_tx+0x152/0x1c0 [ 158.088927][ C1] net_rx_action+0x3ad/0xac0 [ 158.093517][ C1] __do_softirq+0x118/0x34a [ 158.097998][ C1] irq_exit+0xb5/0xd0 [ 158.101969][ C1] do_IRQ+0x7b/0x120 [ 158.105838][ C1] common_interrupt+0xf/0xf [ 158.110307][ C1] [ 158.113220][ C1] RIP: 0033:0x60a32b [ 158.117093][ C1] Code: d3 e9 48 83 f9 20 19 c0 41 21 c1 44 89 4b 18 48 8b 43 20 48 29 c8 48 89 43 20 c1 ef 04 48 89 7c 24 50 0f 57 c0 0f 11 44 24 58 <48> 8b 6c 24 30 48 83 c4 38 c3 41 89 f9 44 89 c7 e9 1f ff ff ff e8 [ 158.136691][ C1] RSP: 002b:000000c4204d9a28 EFLAGS: 00000206 ORIG_RAX: ffffffffffffffd9 [ 158.145084][ C1] RAX: 0000000000000006 RBX: 000000c4203f4000 RCX: 0000000000000001 [ 158.153041][ C1] RDX: 0000000000000001 RSI: 0000000000000007 RDI: 0000000000000009 [ 158.160987][ C1] RBP: 000000c4204d9a58 R08: 0000000000000091 R09: 0000000000000002 [ 158.168983][ C1] R10: 0000000000000127 R11: 0000000000c79d40 R12: 0000000000000080 [ 158.176978][ C1] R13: ffffffffffffffff R14: 0000000000c79d40 R15: 0000000000005b44 [ 158.186212][ C1] Kernel Offset: disabled [ 158.190683][ C1] Rebooting in 86400 seconds..