Warning: Permanently added '10.128.1.46' (ECDSA) to the list of known hosts. 2021/05/04 13:50:16 fuzzer started 2021/05/04 13:50:16 dialing manager at 10.128.0.163:36445 2021/05/04 13:50:16 syscalls: 1982 2021/05/04 13:50:16 code coverage: enabled 2021/05/04 13:50:16 comparison tracing: enabled 2021/05/04 13:50:16 extra coverage: enabled 2021/05/04 13:50:16 setuid sandbox: enabled 2021/05/04 13:50:16 namespace sandbox: enabled 2021/05/04 13:50:16 Android sandbox: enabled 2021/05/04 13:50:16 fault injection: enabled 2021/05/04 13:50:16 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/05/04 13:50:16 net packet injection: /dev/net/tun does not exist 2021/05/04 13:50:16 net device setup: enabled 2021/05/04 13:50:16 concurrency sanitizer: enabled 2021/05/04 13:50:16 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/05/04 13:50:16 USB emulation: /dev/raw-gadget does not exist 2021/05/04 13:50:16 hci packet injection: /dev/vhci does not exist 2021/05/04 13:50:16 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 2021/05/04 13:50:16 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 2021/05/04 13:50:17 suppressing KCSAN reports in functions: 'do_readlinkat' 'blk_mq_dispatch_rq_list' 'generic_write_end' 'step_into' '__ext4_new_inode' 'ext4_free_inodes_count' 'n_tty_receive_buf_common' '__xa_clear_mark' 'do_signal_stop' '__send_signal' 2021/05/04 13:50:17 fetching corpus: 0, signal 0/2000 (executing program) 2021/05/04 13:50:17 fetching corpus: 50, signal 19495/22636 (executing program) 2021/05/04 13:50:17 fetching corpus: 100, signal 27560/31807 (executing program) 2021/05/04 13:50:17 fetching corpus: 150, signal 32689/37893 (executing program) 2021/05/04 13:50:17 fetching corpus: 200, signal 38756/44613 (executing program) 2021/05/04 13:50:17 fetching corpus: 250, signal 44557/50862 (executing program) 2021/05/04 13:50:17 fetching corpus: 300, signal 49868/56453 (executing program) 2021/05/04 13:50:17 fetching corpus: 349, signal 53192/60175 (executing program) 2021/05/04 13:50:17 fetching corpus: 399, signal 55764/63167 (executing program) 2021/05/04 13:50:17 fetching corpus: 449, signal 57966/65729 (executing program) 2021/05/04 13:50:17 fetching corpus: 499, signal 60140/68171 (executing program) syzkaller login: [ 18.571485][ T1746] ================================================================== [ 18.574651][ T1746] BUG: KCSAN: data-race in complete_signal / futex_wait_queue_me [ 18.577661][ T1746] [ 18.578163][ T1746] write to 0xffff888103ed30ac of 4 bytes by task 1747 on cpu 0: [ 18.580407][ T1746] futex_wait_queue_me+0x198/0x260 [ 18.582320][ T1746] futex_wait+0x143/0x430 [ 18.583728][ T1746] do_futex+0x9e8/0x1ee0 [ 18.585347][ T1746] __se_sys_futex+0x2a8/0x390 [ 18.586406][ T1746] __x64_sys_futex+0x74/0x80 [ 18.588388][ T1746] do_syscall_64+0x4a/0x90 [ 18.589696][ T1746] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 18.592180][ T1746] [ 18.594489][ T1746] read to 0xffff888103ed30ac of 4 bytes by task 1746 on cpu 1: [ 18.602003][ T1746] complete_signal+0x7c/0x600 [ 18.606657][ T1746] __send_signal+0x680/0x760 [ 18.611236][ T1746] send_signal+0x281/0x390 [ 18.615625][ T1746] do_send_specific+0x13d/0x1c0 2021/05/04 13:50:17 fetching corpus: 548, signal 62728/70856 (executing program) [ 18.620455][ T1746] __x64_sys_tgkill+0x108/0x140 [ 18.625316][ T1746] do_syscall_64+0x4a/0x90 [ 18.629715][ T1746] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 18.635588][ T1746] [ 18.637887][ T1746] Reported by Kernel Concurrency Sanitizer on: [ 18.644022][ T1746] CPU: 1 PID: 1746 Comm: syz-fuzzer Not tainted 5.12.0-syzkaller #0 [ 18.651972][ T1746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.662017][ T1746] ================================================================== 2021/05/04 13:50:17 fetching corpus: 598, signal 66750/74523 (executing program) 2021/05/04 13:50:18 fetching corpus: 647, signal 68708/76549 (executing program) 2021/05/04 13:50:18 fetching corpus: 696, signal 70317/78200 (executing program) 2021/05/04 13:50:18 fetching corpus: 746, signal 72714/80299 (executing program) 2021/05/04 13:50:18 fetching corpus: 796, signal 74919/82202 (executing program) 2021/05/04 13:50:18 fetching corpus: 846, signal 76874/83878 (executing program) 2021/05/04 13:50:18 fetching corpus: 896, signal 78208/85047 (executing program) 2021/05/04 13:50:18 fetching corpus: 945, signal 79761/86309 (executing program) 2021/05/04 13:50:18 fetching corpus: 995, signal 83457/88629 (executing program) 2021/05/04 13:50:18 fetching corpus: 1045, signal 84852/89628 (executing program) 2021/05/04 13:50:18 fetching corpus: 1095, signal 86551/90707 (executing program) 2021/05/04 13:50:18 fetching corpus: 1145, signal 87509/91378 (executing program) 2021/05/04 13:50:18 fetching corpus: 1195, signal 88604/92053 (executing program) 2021/05/04 13:50:18 fetching corpus: 1244, signal 90960/93498 (executing program) 2021/05/04 13:50:18 fetching corpus: 1293, signal 92382/94239 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94024/94923 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94032/94963 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94040/94989 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94040/95025 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94040/95054 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94040/95090 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94040/95120 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94046/95154 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94046/95181 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94046/95209 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94046/95260 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94046/95296 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94046/95329 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94046/95364 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94046/95411 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94046/95438 (executing program) 2021/05/04 13:50:18 fetching corpus: 1334, signal 94046/95470 (executing program) 2021/05/04 13:50:19 fetching corpus: 1334, signal 94046/95501 (executing program) 2021/05/04 13:50:19 fetching corpus: 1334, signal 94046/95535 (executing program) 2021/05/04 13:50:19 fetching corpus: 1334, signal 94046/95573 (executing program) 2021/05/04 13:50:19 fetching corpus: 1334, signal 94046/95586 (executing program) 2021/05/04 13:50:19 fetching corpus: 1334, signal 94046/95586 (executing program) 2021/05/04 13:50:20 starting 6 fuzzer processes 13:50:20 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x19, 0x0, &(0x7f0000000280)) 13:50:20 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x5) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}], 0x1) ioctl$SG_GET_PACK_ID(r0, 0x227c, &(0x7f0000000080)) 13:50:20 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000100)="39000000130003475fae7cdac52541300600000001000000450000002500000019001a00160002000200000000000006040000000000000000", 0x39}], 0x1) 13:50:20 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x4000000a, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000004c0)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x3c) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x148, &(0x7f0000000240)="98a2cd9e00550f47e89a1069878a23b50cec416dc81a234841c9c503b7ee9fb9c2c32940a73e7f665b50b9a8d70f9345bd9707d6b2beb28e778c3b6d80a7683634d204584d022cb003e2ab4494ac642d8fc368fdd5c24fd9ad26e6746936b4714ba9ca80575f15873721299aa25061fe1b9480843f410f4fcf69ee72a6096be4769c9e8c8e49d415d0beafba016151e1b6e74a38d179c4dc2d3ecfcb46ecfb9a21f55af8d111547a220a51e83f03999ebd9d32d8080542388154899288d2b3ff98db1507cee49dc4e3a6c8a50bc376824b896e86c65ea8e227f37521347416cae24b8b3eebc0f3d31fe787e103ad888a4683d51510ef4c08c2a91009728ea456f3fedc89098961e434aabf1952adfd8f591ddca1f6e188df2a5f4016f891f9e483cf159736063e099c2b001ae599296344c5b5537a517a95242b75b8924926919a8bac6dd9e461d7"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 13:50:20 executing program 3: r0 = fork() ptrace(0x10, r0) wait4(0x0, 0x0, 0x0, 0x0) ptrace$getregset(0x4204, r0, 0x1, &(0x7f0000001080)={&(0x7f0000000080)=""/4088, 0xff8}) 13:50:20 executing program 4: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='cpuset\x00', 0x0, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.memory_spread_slab\x00', 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendfile(r2, r1, 0x0, 0x3) [ 21.162069][ T25] audit: type=1400 audit(1620136220.412:8): avc: denied { execmem } for pid=1753 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 21.301811][ T1759] cgroup: Unknown subsys name 'perf_event' [ 21.302021][ T1760] cgroup: Unknown subsys name 'perf_event' [ 21.308406][ T1759] cgroup: Unknown subsys name 'net_cls' [ 21.341258][ T1760] cgroup: Unknown subsys name 'net_cls' [ 21.384556][ T1763] cgroup: Unknown subsys name 'perf_event' [ 21.386835][ T1764] cgroup: Unknown subsys name 'perf_event' [ 21.390547][ T1763] cgroup: Unknown subsys name 'net_cls' [ 21.397464][ T1766] cgroup: Unknown subsys name 'perf_event' [ 21.402336][ T1765] cgroup: Unknown subsys name 'perf_event' [ 21.408344][ T1766] cgroup: Unknown subsys name 'net_cls' [ 21.413506][ T1765] cgroup: Unknown subsys name 'net_cls' [ 21.421161][ T1764] cgroup: Unknown subsys name 'net_cls' 13:50:24 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x5) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}], 0x1) ioctl$SG_GET_PACK_ID(r0, 0x227c, &(0x7f0000000080)) 13:50:24 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x19, 0x0, &(0x7f0000000280)) 13:50:24 executing program 3: r0 = fork() ptrace(0x10, r0) wait4(0x0, 0x0, 0x0, 0x0) ptrace$getregset(0x4204, r0, 0x1, &(0x7f0000001080)={&(0x7f0000000080)=""/4088, 0xff8}) 13:50:24 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000100)="39000000130003475fae7cdac52541300600000001000000450000002500000019001a00160002000200000000000006040000000000000000", 0x39}], 0x1) 13:50:24 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x19, 0x0, &(0x7f0000000280)) 13:50:24 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x5) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}], 0x1) ioctl$SG_GET_PACK_ID(r0, 0x227c, &(0x7f0000000080)) 13:50:24 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000100)="39000000130003475fae7cdac52541300600000001000000450000002500000019001a00160002000200000000000006040000000000000000", 0x39}], 0x1) 13:50:24 executing program 3: r0 = fork() ptrace(0x10, r0) wait4(0x0, 0x0, 0x0, 0x0) ptrace$getregset(0x4204, r0, 0x1, &(0x7f0000001080)={&(0x7f0000000080)=""/4088, 0xff8}) 13:50:24 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x19, 0x0, &(0x7f0000000280)) [ 25.575928][ T4534] new mount options do not match the existing superblock, will be ignored [ 25.586100][ T4534] new mount options do not match the existing superblock, will be ignored 13:50:27 executing program 2: r0 = fork() ptrace(0x10, r0) wait4(0x0, 0x0, 0x0, 0x0) ptrace$getregset(0x4204, r0, 0x1, &(0x7f0000001080)={&(0x7f0000000080)=""/4088, 0xff8}) 13:50:27 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x5) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff8240200005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}], 0x1) ioctl$SG_GET_PACK_ID(r0, 0x227c, &(0x7f0000000080)) 13:50:27 executing program 3: r0 = fork() ptrace(0x10, r0) wait4(0x0, 0x0, 0x0, 0x0) ptrace$getregset(0x4204, r0, 0x1, &(0x7f0000001080)={&(0x7f0000000080)=""/4088, 0xff8}) 13:50:27 executing program 4: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='cpuset\x00', 0x0, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.memory_spread_slab\x00', 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0) preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0) sendfile(r2, r1, 0x0, 0x3) 13:50:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000100)="39000000130003475fae7cdac52541300600000001000000450000002500000019001a00160002000200000000000006040000000000000000", 0x39}], 0x1) 13:50:27 executing program 0: r0 = fork() ptrace(0x10, r0) wait4(0x0, 0x0, 0x0, 0x0) ptrace$getregset(0x4204, r0, 0x1, &(0x7f0000001080)={&(0x7f0000000080)=""/4088, 0xff8}) 13:50:27 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x11, &(0x7f0000000000), 0x4) 13:50:27 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x0, @dev}, 0x22, {0x2, 0x0, @local}, 'ip6_vti0\x00'})