Warning: Permanently added '10.128.1.18' (ECDSA) to the list of known hosts. 2021/05/07 08:30:15 fuzzer started 2021/05/07 08:30:15 dialing manager at 10.128.0.163:44311 2021/05/07 08:30:16 syscalls: 1982 2021/05/07 08:30:16 code coverage: enabled 2021/05/07 08:30:16 comparison tracing: enabled 2021/05/07 08:30:16 extra coverage: enabled 2021/05/07 08:30:16 setuid sandbox: enabled 2021/05/07 08:30:16 namespace sandbox: enabled 2021/05/07 08:30:16 Android sandbox: enabled 2021/05/07 08:30:16 fault injection: enabled 2021/05/07 08:30:16 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/05/07 08:30:16 net packet injection: /dev/net/tun does not exist 2021/05/07 08:30:16 net device setup: enabled 2021/05/07 08:30:16 concurrency sanitizer: enabled 2021/05/07 08:30:16 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/05/07 08:30:16 USB emulation: /dev/raw-gadget does not exist 2021/05/07 08:30:16 hci packet injection: /dev/vhci does not exist 2021/05/07 08:30:16 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 2021/05/07 08:30:16 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 2021/05/07 08:30:16 suppressing KCSAN reports in functions: 'step_into' 'ext4_mark_iloc_dirty' 'do_signal_stop' 'blk_mq_sched_dispatch_requests' 'ext4_free_inodes_count' '__ext4_new_inode' 'generic_write_end' 'ext4_free_inode' 'blk_mq_dispatch_rq_list' 'blk_mq_rq_ctx_init' 'do_nanosleep' '__xa_clear_mark' 2021/05/07 08:30:16 fetching corpus: 0, signal 0/2000 (executing program) 2021/05/07 08:30:16 fetching corpus: 50, signal 11304/14950 (executing program) 2021/05/07 08:30:16 fetching corpus: 100, signal 25955/30805 (executing program) 2021/05/07 08:30:16 fetching corpus: 150, signal 34717/40660 (executing program) syzkaller login: [ 18.926306][ T1744] ================================================================== [ 18.927897][ T1744] BUG: KCSAN: data-race in futex_wait_queue_me / prepare_signal [ 18.929110][ T1744] [ 18.929477][ T1744] write to 0xffff888103fa40ac of 4 bytes by task 1746 on cpu 0: [ 18.930973][ T1744] futex_wait_queue_me+0x198/0x260 [ 18.931675][ T1744] futex_wait+0x143/0x430 [ 18.932310][ T1744] do_futex+0x9e8/0x1ee0 [ 18.932986][ T1744] __se_sys_futex+0x2a8/0x390 [ 18.933631][ T1744] __x64_sys_futex+0x74/0x80 [ 18.934379][ T1744] do_syscall_64+0x4a/0x90 [ 18.935099][ T1744] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 18.936289][ T1744] [ 18.936631][ T1744] read to 0xffff888103fa40ac of 4 bytes by task 1744 on cpu 1: [ 18.937842][ T1744] prepare_signal+0x952/0xeb0 [ 18.938653][ T1744] __send_signal+0x64/0x760 [ 18.939507][ T1744] send_signal+0x281/0x390 [ 18.940303][ T1744] do_send_specific+0x13d/0x1c0 [ 18.941215][ T1744] __x64_sys_tgkill+0x108/0x140 [ 18.942114][ T1744] do_syscall_64+0x4a/0x90 [ 18.942989][ T1744] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 18.943895][ T1744] [ 18.944260][ T1744] Reported by Kernel Concurrency Sanitizer on: [ 18.945139][ T1744] CPU: 1 PID: 1744 Comm: syz-fuzzer Not tainted 5.12.0-syzkaller #0 [ 18.946844][ T1744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.957052][ T1744] ================================================================== 2021/05/07 08:30:16 fetching corpus: 200, signal 40431/47471 (executing program) 2021/05/07 08:30:17 fetching corpus: 250, signal 44249/52390 (executing program) 2021/05/07 08:30:17 fetching corpus: 300, signal 49487/58369 (executing program) 2021/05/07 08:30:17 fetching corpus: 350, signal 51895/61787 (executing program) 2021/05/07 08:30:17 fetching corpus: 400, signal 54040/64915 (executing program) 2021/05/07 08:30:17 fetching corpus: 450, signal 56393/68131 (executing program) 2021/05/07 08:30:17 fetching corpus: 500, signal 58768/71337 (executing program) 2021/05/07 08:30:17 fetching corpus: 550, signal 60390/73801 (executing program) 2021/05/07 08:30:17 fetching corpus: 600, signal 62717/76838 (executing program) 2021/05/07 08:30:17 fetching corpus: 650, signal 65392/80097 (executing program) 2021/05/07 08:30:17 fetching corpus: 700, signal 67737/82934 (executing program) 2021/05/07 08:30:17 fetching corpus: 750, signal 70299/85943 (executing program) 2021/05/07 08:30:17 fetching corpus: 800, signal 72528/88553 (executing program) 2021/05/07 08:30:17 fetching corpus: 850, signal 74295/90806 (executing program) 2021/05/07 08:30:17 fetching corpus: 899, signal 77771/94242 (executing program) 2021/05/07 08:30:17 fetching corpus: 949, signal 79687/96502 (executing program) 2021/05/07 08:30:17 fetching corpus: 999, signal 81733/98759 (executing program) 2021/05/07 08:30:17 fetching corpus: 1049, signal 82730/100235 (executing program) 2021/05/07 08:30:17 fetching corpus: 1099, signal 84387/102129 (executing program) 2021/05/07 08:30:17 fetching corpus: 1149, signal 86422/104201 (executing program) 2021/05/07 08:30:17 fetching corpus: 1199, signal 88279/106119 (executing program) 2021/05/07 08:30:18 fetching corpus: 1249, signal 89744/107778 (executing program) 2021/05/07 08:30:18 fetching corpus: 1299, signal 91118/109341 (executing program) 2021/05/07 08:30:18 fetching corpus: 1349, signal 92270/110707 (executing program) 2021/05/07 08:30:18 fetching corpus: 1399, signal 93640/112161 (executing program) 2021/05/07 08:30:18 fetching corpus: 1449, signal 95148/113643 (executing program) 2021/05/07 08:30:18 fetching corpus: 1499, signal 96208/114837 (executing program) 2021/05/07 08:30:18 fetching corpus: 1549, signal 97082/115885 (executing program) 2021/05/07 08:30:18 fetching corpus: 1599, signal 98081/117014 (executing program) 2021/05/07 08:30:18 fetching corpus: 1649, signal 98829/117947 (executing program) 2021/05/07 08:30:18 fetching corpus: 1699, signal 100212/119239 (executing program) 2021/05/07 08:30:18 fetching corpus: 1749, signal 101636/120412 (executing program) 2021/05/07 08:30:18 fetching corpus: 1799, signal 102416/121293 (executing program) 2021/05/07 08:30:18 fetching corpus: 1849, signal 104505/122743 (executing program) 2021/05/07 08:30:18 fetching corpus: 1899, signal 106007/123903 (executing program) 2021/05/07 08:30:18 fetching corpus: 1949, signal 107536/124971 (executing program) 2021/05/07 08:30:18 fetching corpus: 1999, signal 108339/125743 (executing program) 2021/05/07 08:30:18 fetching corpus: 2049, signal 109193/126494 (executing program) 2021/05/07 08:30:18 fetching corpus: 2099, signal 110353/127360 (executing program) 2021/05/07 08:30:18 fetching corpus: 2148, signal 111237/128116 (executing program) 2021/05/07 08:30:19 fetching corpus: 2198, signal 112060/128776 (executing program) 2021/05/07 08:30:19 fetching corpus: 2248, signal 112748/129433 (executing program) 2021/05/07 08:30:19 fetching corpus: 2297, signal 113630/130067 (executing program) 2021/05/07 08:30:19 fetching corpus: 2347, signal 114346/130626 (executing program) 2021/05/07 08:30:19 fetching corpus: 2397, signal 115326/131253 (executing program) 2021/05/07 08:30:19 fetching corpus: 2447, signal 116689/131968 (executing program) 2021/05/07 08:30:19 fetching corpus: 2497, signal 117871/132580 (executing program) 2021/05/07 08:30:19 fetching corpus: 2547, signal 118419/133035 (executing program) 2021/05/07 08:30:19 fetching corpus: 2597, signal 119205/133504 (executing program) 2021/05/07 08:30:19 fetching corpus: 2647, signal 120040/133955 (executing program) 2021/05/07 08:30:19 fetching corpus: 2697, signal 120767/134352 (executing program) 2021/05/07 08:30:19 fetching corpus: 2747, signal 121569/134724 (executing program) 2021/05/07 08:30:19 fetching corpus: 2797, signal 122623/135115 (executing program) 2021/05/07 08:30:19 fetching corpus: 2847, signal 123541/135458 (executing program) 2021/05/07 08:30:20 fetching corpus: 2897, signal 124393/135796 (executing program) 2021/05/07 08:30:20 fetching corpus: 2947, signal 125288/136113 (executing program) 2021/05/07 08:30:20 fetching corpus: 2997, signal 125797/136328 (executing program) 2021/05/07 08:30:20 fetching corpus: 3047, signal 126580/136577 (executing program) 2021/05/07 08:30:20 fetching corpus: 3097, signal 127941/136849 (executing program) 2021/05/07 08:30:20 fetching corpus: 3147, signal 128750/137051 (executing program) 2021/05/07 08:30:20 fetching corpus: 3197, signal 130026/137245 (executing program) 2021/05/07 08:30:20 fetching corpus: 3246, signal 130441/137356 (executing program) 2021/05/07 08:30:20 fetching corpus: 3296, signal 131298/137481 (executing program) 2021/05/07 08:30:20 fetching corpus: 3346, signal 132218/137596 (executing program) 2021/05/07 08:30:20 fetching corpus: 3395, signal 133330/137658 (executing program) 2021/05/07 08:30:21 fetching corpus: 3445, signal 133816/137658 (executing program) 2021/05/07 08:30:21 fetching corpus: 3495, signal 134722/137711 (executing program) 2021/05/07 08:30:21 fetching corpus: 3545, signal 135305/137711 (executing program) 2021/05/07 08:30:21 fetching corpus: 3595, signal 135842/137711 (executing program) 2021/05/07 08:30:21 fetching corpus: 3627, signal 136264/137711 (executing program) 2021/05/07 08:30:21 fetching corpus: 3627, signal 136264/137711 (executing program) 2021/05/07 08:30:22 starting 6 fuzzer processes 08:30:22 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000940)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000300)='./file0\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) creat(&(0x7f00000000c0)='./bus/file1\x00', 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) link(&(0x7f0000000200)='./bus/file1\x00', &(0x7f00000002c0)='./bus/file0\x00') unlink(&(0x7f0000000280)='./bus/file0\x00') 08:30:22 executing program 1: clone(0x2102010ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) futex(&(0x7f0000000080)=0x1, 0x9, 0x1, &(0x7f00000000c0)={0x77359400}, 0x0, 0x3) 08:30:22 executing program 5: rseq(&(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x20200001}}, 0x20, 0x0, 0x0) 08:30:22 executing program 2: r0 = syz_io_uring_setup(0x87, &(0x7f0000000080), &(0x7f0000ee6000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r5 = mmap$IORING_OFF_SQES(&(0x7f00006d8000/0x3000)=nil, 0x3000, 0x0, 0x13, r4, 0x10000000) syz_io_uring_setup(0x7eec, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d7000/0x4000)=nil, &(0x7f0000000000), 0x0) syz_io_uring_submit(r1, r5, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index}, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0) preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0) io_uring_enter(r0, 0x4510, 0x0, 0x0, 0x0, 0xf0ffffff) 08:30:22 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCGPTPEER(r0, 0x5401, 0x7ffffffff000) 08:30:22 executing program 4: timer_create(0x3, 0x0, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x3, 0x0, &(0x7f0000000280)=0x0) timer_settime(0x0, 0x0, &(0x7f0000001540)={{}, {0x77359400}}, 0x0) clock_gettime(0x0, &(0x7f00000016c0)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f0000001700)={{0x0, 0x3938700}, {0x0, r1+60000000}}, 0x0) [ 24.850760][ T25] audit: type=1400 audit(1620376222.804:8): avc: denied { execmem } for pid=1754 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 24.965366][ T1762] cgroup: Unknown subsys name 'perf_event' [ 24.971806][ T1763] cgroup: Unknown subsys name 'perf_event' [ 24.976035][ T1764] cgroup: Unknown subsys name 'perf_event' [ 24.978177][ T1763] cgroup: Unknown subsys name 'net_cls' [ 24.987978][ T1764] cgroup: Unknown subsys name 'net_cls' [ 24.995512][ T1762] cgroup: Unknown subsys name 'net_cls' [ 24.995931][ T1765] cgroup: Unknown subsys name 'perf_event' [ 25.010844][ T1765] cgroup: Unknown subsys name 'net_cls' [ 25.019845][ T1766] cgroup: Unknown subsys name 'perf_event' [ 25.030848][ T1766] cgroup: Unknown subsys name 'net_cls' [ 25.061504][ T1785] cgroup: Unknown subsys name 'perf_event' [ 25.075738][ T1785] cgroup: Unknown subsys name 'net_cls'