Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. 2021/04/15 16:40:44 fuzzer started 2021/04/15 16:40:44 dialing manager at 10.128.0.163:41517 2021/04/15 16:40:45 syscalls: 1982 2021/04/15 16:40:45 code coverage: enabled 2021/04/15 16:40:45 comparison tracing: enabled 2021/04/15 16:40:45 extra coverage: enabled 2021/04/15 16:40:45 setuid sandbox: enabled 2021/04/15 16:40:45 namespace sandbox: enabled 2021/04/15 16:40:45 Android sandbox: enabled 2021/04/15 16:40:45 fault injection: enabled 2021/04/15 16:40:45 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/04/15 16:40:45 net packet injection: /dev/net/tun does not exist 2021/04/15 16:40:45 net device setup: enabled 2021/04/15 16:40:45 concurrency sanitizer: enabled 2021/04/15 16:40:45 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/04/15 16:40:45 USB emulation: /dev/raw-gadget does not exist 2021/04/15 16:40:45 hci packet injection: /dev/vhci does not exist 2021/04/15 16:40:45 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 2021/04/15 16:40:45 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 2021/04/15 16:40:45 suppressing KCSAN reports in functions: 'do_signal_stop' 'xas_clear_mark' 'exit_mm' '__add_to_page_cache_locked' 'blk_mq_rq_ctx_init' 'ext4_free_inode' 'do_nanosleep' 'dd_has_work' 'step_into' '__xa_clear_mark' 'blk_mq_dispatch_rq_list' 'shmem_mknod' 'ext4_ext_insert_extent' 'shmem_add_to_page_cache' 'n_tty_receive_buf_common' 'ext4_writepages' 'fast_dput' '__ext4_new_inode' 'generic_write_end' 2021/04/15 16:40:45 fetching corpus: 0, signal 0/2000 (executing program) 2021/04/15 16:40:46 fetching corpus: 50, signal 20063/23460 (executing program) 2021/04/15 16:40:46 fetching corpus: 100, signal 27948/32707 (executing program) 2021/04/15 16:40:46 fetching corpus: 150, signal 32645/38708 (executing program) 2021/04/15 16:40:46 fetching corpus: 200, signal 38214/45410 (executing program) 2021/04/15 16:40:46 fetching corpus: 249, signal 42152/50393 (executing program) 2021/04/15 16:40:46 fetching corpus: 299, signal 45456/54779 (executing program) 2021/04/15 16:40:46 fetching corpus: 349, signal 48489/58762 (executing program) 2021/04/15 16:40:46 fetching corpus: 399, signal 51965/63047 (executing program) 2021/04/15 16:40:46 fetching corpus: 449, signal 55900/67598 (executing program) 2021/04/15 16:40:46 fetching corpus: 499, signal 59136/71456 (executing program) 2021/04/15 16:40:46 fetching corpus: 549, signal 60963/74082 (executing program) 2021/04/15 16:40:46 fetching corpus: 599, signal 62956/76816 (executing program) 2021/04/15 16:40:46 fetching corpus: 649, signal 64520/79102 (executing program) syzkaller login: [ 22.347652][ T1750] ================================================================== [ 22.351208][ T1750] BUG: KCSAN: data-race in complete_signal / futex_wait_queue_me [ 22.354207][ T1750] [ 22.355047][ T1750] write to 0xffff88810029e02c of 4 bytes by task 1754 on cpu 0: [ 22.357615][ T1750] futex_wait_queue_me+0x198/0x260 [ 22.359321][ T1750] futex_wait+0x143/0x430 [ 22.360406][ T1750] do_futex+0x9e8/0x1e10 [ 22.361044][ T1750] __se_sys_futex+0x2a8/0x390 [ 22.362493][ T1750] __x64_sys_futex+0x74/0x80 [ 22.364182][ T1750] do_syscall_64+0x34/0x50 [ 22.365490][ T1750] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 22.367308][ T1750] [ 22.368849][ T1750] read to 0xffff88810029e02c of 4 bytes by task 1750 on cpu 1: [ 22.376363][ T1750] complete_signal+0x7c/0x600 [ 22.381015][ T1750] __send_signal+0x680/0x760 [ 22.385578][ T1750] send_signal+0x38e/0x3d0 [ 22.389971][ T1750] do_send_specific+0x13d/0x1c0 2021/04/15 16:40:46 fetching corpus: 699, signal 66437/81566 (executing program) [ 22.395129][ T1750] __x64_sys_tgkill+0x108/0x140 [ 22.399966][ T1750] do_syscall_64+0x34/0x50 [ 22.404359][ T1750] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 22.410231][ T1750] [ 22.412547][ T1750] Reported by Kernel Concurrency Sanitizer on: [ 22.418667][ T1750] CPU: 1 PID: 1750 Comm: syz-fuzzer Not tainted 5.12.0-rc7-syzkaller #0 [ 22.426965][ T1750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.437013][ T1750] ================================================================== 2021/04/15 16:40:47 fetching corpus: 748, signal 68523/84047 (executing program) 2021/04/15 16:40:47 fetching corpus: 798, signal 70422/86467 (executing program) 2021/04/15 16:40:47 fetching corpus: 848, signal 72127/88678 (executing program) 2021/04/15 16:40:47 fetching corpus: 898, signal 73252/90346 (executing program) 2021/04/15 16:40:47 fetching corpus: 948, signal 76694/93687 (executing program) 2021/04/15 16:40:47 fetching corpus: 998, signal 78608/95875 (executing program) 2021/04/15 16:40:47 fetching corpus: 1048, signal 80157/97713 (executing program) 2021/04/15 16:40:47 fetching corpus: 1098, signal 81561/99479 (executing program) 2021/04/15 16:40:47 fetching corpus: 1148, signal 83483/101472 (executing program) 2021/04/15 16:40:47 fetching corpus: 1198, signal 84680/102950 (executing program) 2021/04/15 16:40:47 fetching corpus: 1248, signal 85779/104337 (executing program) 2021/04/15 16:40:47 fetching corpus: 1298, signal 86684/105575 (executing program) 2021/04/15 16:40:48 fetching corpus: 1348, signal 88472/107323 (executing program) 2021/04/15 16:40:48 fetching corpus: 1398, signal 89886/108772 (executing program) 2021/04/15 16:40:48 fetching corpus: 1448, signal 91019/110073 (executing program) 2021/04/15 16:40:48 fetching corpus: 1498, signal 92212/111364 (executing program) 2021/04/15 16:40:48 fetching corpus: 1548, signal 93873/112850 (executing program) 2021/04/15 16:40:48 fetching corpus: 1598, signal 95147/114072 (executing program) 2021/04/15 16:40:48 fetching corpus: 1648, signal 96232/115154 (executing program) 2021/04/15 16:40:48 fetching corpus: 1697, signal 97331/116216 (executing program) 2021/04/15 16:40:48 fetching corpus: 1747, signal 98791/117456 (executing program) 2021/04/15 16:40:48 fetching corpus: 1797, signal 99514/118313 (executing program) 2021/04/15 16:40:48 fetching corpus: 1845, signal 100290/119154 (executing program) 2021/04/15 16:40:48 fetching corpus: 1895, signal 101838/120254 (executing program) 2021/04/15 16:40:49 fetching corpus: 1944, signal 102783/121066 (executing program) 2021/04/15 16:40:49 fetching corpus: 1994, signal 103584/121827 (executing program) 2021/04/15 16:40:49 fetching corpus: 2044, signal 104003/122431 (executing program) 2021/04/15 16:40:49 fetching corpus: 2094, signal 105271/123329 (executing program) 2021/04/15 16:40:49 fetching corpus: 2144, signal 106529/124171 (executing program) 2021/04/15 16:40:49 fetching corpus: 2194, signal 107350/124840 (executing program) 2021/04/15 16:40:49 fetching corpus: 2244, signal 108362/125494 (executing program) 2021/04/15 16:40:49 fetching corpus: 2294, signal 109831/126307 (executing program) 2021/04/15 16:40:49 fetching corpus: 2344, signal 110833/126923 (executing program) 2021/04/15 16:40:49 fetching corpus: 2394, signal 111597/127464 (executing program) 2021/04/15 16:40:49 fetching corpus: 2444, signal 112258/127906 (executing program) 2021/04/15 16:40:49 fetching corpus: 2494, signal 113043/128404 (executing program) 2021/04/15 16:40:50 fetching corpus: 2544, signal 113711/128821 (executing program) 2021/04/15 16:40:50 fetching corpus: 2594, signal 114418/129267 (executing program) 2021/04/15 16:40:50 fetching corpus: 2644, signal 115351/129677 (executing program) 2021/04/15 16:40:50 fetching corpus: 2694, signal 116476/130150 (executing program) 2021/04/15 16:40:50 fetching corpus: 2744, signal 116879/130455 (executing program) 2021/04/15 16:40:50 fetching corpus: 2794, signal 117790/130839 (executing program) 2021/04/15 16:40:50 fetching corpus: 2844, signal 118518/131167 (executing program) 2021/04/15 16:40:50 fetching corpus: 2894, signal 119032/131480 (executing program) 2021/04/15 16:40:50 fetching corpus: 2944, signal 119822/131767 (executing program) 2021/04/15 16:40:50 fetching corpus: 2993, signal 120682/132056 (executing program) 2021/04/15 16:40:50 fetching corpus: 3042, signal 121410/132304 (executing program) 2021/04/15 16:40:51 fetching corpus: 3091, signal 122449/132536 (executing program) 2021/04/15 16:40:51 fetching corpus: 3141, signal 122992/132712 (executing program) 2021/04/15 16:40:51 fetching corpus: 3191, signal 123789/132905 (executing program) 2021/04/15 16:40:51 fetching corpus: 3241, signal 124214/133042 (executing program) 2021/04/15 16:40:51 fetching corpus: 3291, signal 124715/133100 (executing program) 2021/04/15 16:40:51 fetching corpus: 3341, signal 125506/133100 (executing program) 2021/04/15 16:40:51 fetching corpus: 3391, signal 126648/133100 (executing program) 2021/04/15 16:40:51 fetching corpus: 3441, signal 127246/133100 (executing program) 2021/04/15 16:40:51 fetching corpus: 3491, signal 127829/133100 (executing program) 2021/04/15 16:40:51 fetching corpus: 3541, signal 128319/133100 (executing program) 2021/04/15 16:40:51 fetching corpus: 3591, signal 128695/133103 (executing program) 2021/04/15 16:40:51 fetching corpus: 3641, signal 129308/133123 (executing program) 2021/04/15 16:40:51 fetching corpus: 3689, signal 129791/133123 (executing program) 2021/04/15 16:40:51 fetching corpus: 3739, signal 130715/133123 (executing program) 2021/04/15 16:40:51 fetching corpus: 3789, signal 131358/133148 (executing program) 2021/04/15 16:40:51 fetching corpus: 3819, signal 131620/133148 (executing program) 2021/04/15 16:40:51 fetching corpus: 3819, signal 131620/133148 (executing program) 2021/04/15 16:40:53 starting 6 fuzzer processes 16:40:53 executing program 0: move_pages(0x0, 0x2000000000000264, &(0x7f0000000000)=[&(0x7f0000ff4000/0x2000)=nil], 0x0, &(0x7f0000000280), 0x0) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3, &(0x7f00000000c0)=0x6, 0x6, 0x0) 16:40:53 executing program 1: unshare(0x40000400) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x8}) 16:40:53 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_opts(r1, 0x0, 0xc, &(0x7f0000937fed)=""/1, &(0x7f0000000080)=0x1) 16:40:53 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2800004, 0x12, r1, 0x0) preadv(r0, &(0x7f00000001c0)=[{0x0}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x800000000009031, 0xffffffffffffffff, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x84, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_HELP={0x10, 0x10, 0x0, 0x1, {0x9, 0x1, 'snmp\x00'}}, @CTA_NAT_SRC={0x10, 0x6, 0x0, 0x1, [@CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6}]}]}]}, 0x84}}, 0x0) 16:40:53 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) 16:40:53 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001240)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000001280)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r2, 0x84, 0x25, &(0x7f00000000c0)=""/4093, &(0x7f0000001140)=0xffd) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(r3, r1, 0x0, 0x100000002) [ 28.768311][ T25] audit: type=1400 audit(1618504853.289:8): avc: denied { execmem } for pid=1761 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 28.935644][ T1767] cgroup: Unknown subsys name 'perf_event' [ 28.942028][ T1767] cgroup: Unknown subsys name 'net_cls' [ 28.966980][ T1768] cgroup: Unknown subsys name 'perf_event' [ 28.973113][ T1768] cgroup: Unknown subsys name 'net_cls' [ 28.988688][ T1769] cgroup: Unknown subsys name 'perf_event' [ 28.990538][ T1771] cgroup: Unknown subsys name 'perf_event' [ 29.004274][ T1769] cgroup: Unknown subsys name 'net_cls' [ 29.005596][ T1771] cgroup: Unknown subsys name 'net_cls' [ 29.027727][ T1774] cgroup: Unknown subsys name 'perf_event' [ 29.040786][ T1774] cgroup: Unknown subsys name 'net_cls' [ 29.048851][ T1784] cgroup: Unknown subsys name 'perf_event' [ 29.063512][ T1784] cgroup: Unknown subsys name 'net_cls'