[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.183' (ECDSA) to the list of known hosts. 2021/05/10 12:19:46 fuzzer started 2021/05/10 12:19:46 dialing manager at 10.128.0.163:32911 2021/05/10 12:19:46 syscalls: 1982 2021/05/10 12:19:46 code coverage: enabled 2021/05/10 12:19:46 comparison tracing: enabled 2021/05/10 12:19:46 extra coverage: enabled 2021/05/10 12:19:46 setuid sandbox: enabled 2021/05/10 12:19:46 namespace sandbox: enabled 2021/05/10 12:19:46 Android sandbox: enabled 2021/05/10 12:19:46 fault injection: enabled 2021/05/10 12:19:46 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/05/10 12:19:46 net packet injection: /dev/net/tun does not exist 2021/05/10 12:19:46 net device setup: enabled 2021/05/10 12:19:46 concurrency sanitizer: enabled 2021/05/10 12:19:46 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/05/10 12:19:46 USB emulation: /dev/raw-gadget does not exist 2021/05/10 12:19:46 hci packet injection: /dev/vhci does not exist 2021/05/10 12:19:46 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 2021/05/10 12:19:46 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 2021/05/10 12:19:46 suppressing KCSAN reports in functions: '_find_next_bit' 'blk_mq_dispatch_rq_list' '__ext4_new_inode' '__xa_set_mark' 'blk_mq_rq_ctx_init' 2021/05/10 12:19:46 fetching corpus: 0, signal 0/2000 (executing program) 2021/05/10 12:19:46 fetching corpus: 49, signal 12716/16177 (executing program) 2021/05/10 12:19:46 fetching corpus: 99, signal 21756/26301 (executing program) 2021/05/10 12:19:46 fetching corpus: 149, signal 31938/37087 (executing program) 2021/05/10 12:19:46 fetching corpus: 199, signal 37662/43434 (executing program) 2021/05/10 12:19:47 fetching corpus: 249, signal 43651/49816 (executing program) 2021/05/10 12:19:47 fetching corpus: 299, signal 46955/53678 (executing program) 2021/05/10 12:19:47 fetching corpus: 348, signal 51301/58191 (executing program) 2021/05/10 12:19:47 fetching corpus: 398, signal 57667/64193 (executing program) 2021/05/10 12:19:47 fetching corpus: 448, signal 59799/66576 (executing program) 2021/05/10 12:19:47 fetching corpus: 498, signal 61531/68582 (executing program) 2021/05/10 12:19:47 fetching corpus: 548, signal 63223/70435 (executing program) 2021/05/10 12:19:47 fetching corpus: 597, signal 66382/73275 (executing program) 2021/05/10 12:19:48 fetching corpus: 647, signal 68732/75384 (executing program) 2021/05/10 12:19:48 fetching corpus: 697, signal 72527/78359 (executing program) 2021/05/10 12:19:48 fetching corpus: 747, signal 75666/80762 (executing program) 2021/05/10 12:19:48 fetching corpus: 797, signal 77482/82233 (executing program) 2021/05/10 12:19:48 fetching corpus: 847, signal 78864/83331 (executing program) 2021/05/10 12:19:48 fetching corpus: 897, signal 80435/84418 (executing program) 2021/05/10 12:19:48 fetching corpus: 947, signal 82349/85681 (executing program) 2021/05/10 12:19:48 fetching corpus: 997, signal 83570/86491 (executing program) 2021/05/10 12:19:49 fetching corpus: 1047, signal 85128/87407 (executing program) 2021/05/10 12:19:49 fetching corpus: 1097, signal 86982/88442 (executing program) syzkaller login: [ 20.365454][ T42] ================================================================== [ 20.368061][ T42] BUG: KCSAN: data-race in kthread_is_per_cpu / wb_workfn [ 20.370184][ T42] [ 20.370666][ T42] write to 0xffff8881001cb0ac of 4 bytes by task 8 on cpu 1: [ 20.373023][ T42] wb_workfn+0x221/0x520 [ 20.373994][ T42] process_one_work+0x3e9/0x8f0 [ 20.375708][ T42] worker_thread+0x636/0xae0 [ 20.377011][ T42] kthread+0x1d0/0x1f0 [ 20.378004][ T42] ret_from_fork+0x1f/0x30 [ 20.379369][ T42] [ 20.379848][ T42] read to 0xffff8881001cb0ac of 4 bytes by task 42 on cpu 0: [ 20.381409][ T42] kthread_is_per_cpu+0x2d/0x80 [ 20.382910][ T42] can_migrate_task+0xf/0x180 [ 20.383957][ T42] detach_tasks+0xab/0x380 [ 20.385171][ T42] load_balance+0x768/0xcc0 [ 20.387804][ T42] newidle_balance+0x10b/0x310 [ 20.392554][ T42] pick_next_task_fair+0x37/0x270 [ 20.397555][ T42] __schedule+0x256/0x5b0 [ 20.401871][ T42] schedule+0x67/0x90 [ 20.405840][ T42] worker_thread+0x935/0xae0 [ 20.410420][ T42] kthread+0x1d0/0x1f0 [ 20.414485][ T42] ret_from_fork+0x1f/0x30 [ 20.418894][ T42] [ 20.421226][ T42] Reported by Kernel Concurrency Sanitizer on: [ 20.427347][ T42] CPU: 0 PID: 42 Comm: kworker/0:2 Not tainted 5.13.0-rc1-syzkaller #0 [ 20.435558][ T42] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.445749][ T42] Workqueue: 0x0 (events) [ 20.450261][ T42] ================================================================== 2021/05/10 12:19:49 fetching corpus: 1147, signal 88354/89127 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89458 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89474 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89497 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89509 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89530 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89551 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89565 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89580 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89596 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89622 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89642 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89666 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89689 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89712 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89729 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89751 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89770 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89788 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89807 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89833 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89844 (executing program) 2021/05/10 12:19:49 fetching corpus: 1176, signal 88989/89844 (executing program) 2021/05/10 12:19:51 starting 6 fuzzer processes 12:19:51 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000ec0)={@remote, @loopback, r2}, 0xc) connect$inet(r0, &(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10) 12:19:51 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000380)=[{&(0x7f0000000180)="390000001300090468fe0700000000000700ff3f03000000450001070000001419001a000400000000000a00022000a4e91ee438242737d1d1", 0x39}], 0x1) 12:19:51 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x74}]}) 12:19:51 executing program 2: syz_read_part_table(0xfffffffffffffffe, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000240)="0201a60700000a000000ff45ac0080ffffff0500e931190000000000000680ffffffa90000000900000087771f72003007000f00000000000000008000ca55aa", 0x40, 0x1c0}]) 12:19:51 executing program 3: clone(0x41be, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r0, r0, 0x15, &(0x7f0000000300)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r3, 0x0) ptrace(0x10, r1) ptrace$poke(0x5, r1, &(0x7f0000000040), 0x0) 12:19:51 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x100000003, 0x3a) sendto$inet6(r1, &(0x7f0000000000), 0xfa0f, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x2002000000000000, 0xac141409}}, 0x1c) [ 22.223138][ T25] audit: type=1400 audit(1620649191.155:8): avc: denied { execmem } for pid=1755 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 22.316548][ T1760] cgroup: Unknown subsys name 'perf_event' [ 22.322969][ T1760] cgroup: Unknown subsys name 'net_cls' [ 22.394704][ T1762] cgroup: Unknown subsys name 'perf_event' [ 22.400659][ T1762] cgroup: Unknown subsys name 'net_cls' [ 22.428093][ T1767] cgroup: Unknown subsys name 'perf_event' [ 22.444438][ T1767] cgroup: Unknown subsys name 'net_cls' [ 22.449378][ T1769] cgroup: Unknown subsys name 'perf_event' [ 22.452627][ T1772] cgroup: Unknown subsys name 'perf_event' [ 22.465798][ T1772] cgroup: Unknown subsys name 'net_cls' [ 22.469614][ T1769] cgroup: Unknown subsys name 'net_cls' [ 22.472052][ T1778] cgroup: Unknown subsys name 'perf_event' [ 22.486833][ T1778] cgroup: Unknown subsys name 'net_cls' 12:19:55 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000380)=[{&(0x7f0000000180)="390000001300090468fe0700000000000700ff3f03000000450001070000001419001a000400000000000a00022000a4e91ee438242737d1d1", 0x39}], 0x1) 12:19:55 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x100000003, 0x3a) sendto$inet6(r1, &(0x7f0000000000), 0xfa0f, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x2002000000000000, 0xac141409}}, 0x1c) 12:19:55 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x100000003, 0x3a) sendto$inet6(r1, &(0x7f0000000000), 0xfa0f, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x2002000000000000, 0xac141409}}, 0x1c) 12:19:55 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000380)=[{&(0x7f0000000180)="390000001300090468fe0700000000000700ff3f03000000450001070000001419001a000400000000000a00022000a4e91ee438242737d1d1", 0x39}], 0x1) 12:19:55 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x100000003, 0x3a) sendto$inet6(r1, &(0x7f0000000000), 0xfa0f, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x2002000000000000, 0xac141409}}, 0x1c) 12:19:55 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000ec0)={@remote, @loopback, r2}, 0xc) connect$inet(r0, &(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10) 12:19:55 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000380)=[{&(0x7f0000000180)="390000001300090468fe0700000000000700ff3f03000000450001070000001419001a000400000000000a00022000a4e91ee438242737d1d1", 0x39}], 0x1) 12:19:55 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000ec0)={@remote, @loopback, r2}, 0xc) connect$inet(r0, &(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10) 12:19:55 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x74}]}) [ 27.050765][ T4542] loop2: detected capacity change from 0 to 264192 12:19:56 executing program 2: syz_read_part_table(0xfffffffffffffffe, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000240)="0201a60700000a000000ff45ac0080ffffff0500e931190000000000000680ffffffa90000000900000087771f72003007000f00000000000000008000ca55aa", 0x40, 0x1c0}]) [ 27.112187][ T4542] loop2: p1 p2 < > p3 p4 < p5 p6 > [ 27.117550][ T4542] loop2: p1 size 11290111 extends beyond EOD, truncated [ 27.126107][ T4542] loop2: p3 size 1914664839 extends beyond EOD, truncated [ 27.134354][ T4542] loop2: p5 size 11290111 extends beyond EOD, truncated [ 27.141697][ T4542] loop2: p6 size 1914664839 extends beyond EOD, truncated [ 27.210801][ T4562] loop2: detected capacity change from 0 to 264192 [ 27.252263][ T4562] loop2: p1 p2 < > p3 p4 < p5 p6 > [ 27.257657][ T4562] loop2: p1 size 11290111 extends beyond EOD, truncated [ 27.268532][ T4562] loop2: p3 size 1914664839 extends beyond EOD, truncated [ 27.277184][ T4562] loop2: p5 size 11290111 extends beyond EOD, truncated [ 27.284735][ T4562] loop2: p6 size 1914664839 extends beyond EOD, truncated [ 27.299133][ T1032] loop2: p1 p2 < > p3 p4 < p5 p6 > [ 27.304475][ T1032] loop2: p1 size 11290111 extends beyond EOD, truncated [ 27.312695][ T1032] loop2: p3 size 1914664839 extends beyond EOD, truncated [ 27.320525][ T1032] loop2: p5 size 11290111 extends beyond EOD, truncated [ 27.328371][ T1032] loop2: p6 size 1914664839 extends beyond EOD, truncated 12:19:56 executing program 3: clone(0x41be, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r0, r0, 0x15, &(0x7f0000000300)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r3, 0x0) ptrace(0x10, r1) ptrace$poke(0x5, r1, &(0x7f0000000040), 0x0) 12:19:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000ec0)={@remote, @loopback, r2}, 0xc) connect$inet(r0, &(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10) 12:19:56 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000ec0)={@remote, @loopback, r2}, 0xc) connect$inet(r0, &(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10) 12:19:56 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000ec0)={@remote, @loopback, r2}, 0xc) connect$inet(r0, &(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10) 12:19:56 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x74}]}) 12:19:56 executing program 2: syz_read_part_table(0xfffffffffffffffe, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000240)="0201a60700000a000000ff45ac0080ffffff0500e931190000000000000680ffffffa90000000900000087771f72003007000f00000000000000008000ca55aa", 0x40, 0x1c0}]) 12:19:56 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x74}]}) 12:19:56 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000ec0)={@remote, @loopback, r2}, 0xc) connect$inet(r0, &(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10) 12:19:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000ec0)={@remote, @loopback, r2}, 0xc) connect$inet(r0, &(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10) 12:19:56 executing program 5: clone(0x41be, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r0, r0, 0x15, &(0x7f0000000300)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r3, 0x0) ptrace(0x10, r1) ptrace$poke(0x5, r1, &(0x7f0000000040), 0x0) 12:19:56 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000ec0)={@remote, @loopback, r2}, 0xc) connect$inet(r0, &(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10) [ 27.743693][ T4613] loop2: detected capacity change from 0 to 264192 12:19:56 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x100000003, 0x3a) sendto$inet6(r1, &(0x7f0000000000), 0xfa0f, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x2002000000000000, 0xac141409}}, 0x1c) [ 27.816220][ T4613] loop2: p1 p2 < > p3 p4 < p5 p6 > [ 27.826816][ T4613] loop2: p1 size 11290111 extends beyond EOD, truncated [ 27.887926][ T4613] loop2: p3 size 1914664839 extends beyond EOD, truncated [ 27.905482][ T4613] loop2: p5 size 11290111 extends beyond EOD, truncated [ 27.915483][ T4613] loop2: p6 size 1914664839 extends beyond EOD, truncated 12:19:57 executing program 3: clone(0x41be, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r0, r0, 0x15, &(0x7f0000000300)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r3, 0x0) ptrace(0x10, r1) ptrace$poke(0x5, r1, &(0x7f0000000040), 0x0) 12:19:57 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={'trans=fd,', {}, 0x2c, {}, 0x64, {[], [{@context={'context', 0x2c, 'system_u'}}], 0x6b}}) 12:19:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000ec0)={@remote, @loopback, r2}, 0xc) connect$inet(r0, &(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10) 12:19:57 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x100000003, 0x3a) sendto$inet6(r1, &(0x7f0000000000), 0xfa0f, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x2002000000000000, 0xac141409}}, 0x1c) 12:19:57 executing program 2: syz_read_part_table(0xfffffffffffffffe, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000240)="0201a60700000a000000ff45ac0080ffffff0500e931190000000000000680ffffffa90000000900000087771f72003007000f00000000000000008000ca55aa", 0x40, 0x1c0}]) 12:19:57 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r1 = socket$inet6(0xa, 0x100000003, 0x3a) sendto$inet6(r1, &(0x7f0000000000), 0xfa0f, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x2002000000000000, 0xac141409}}, 0x1c) 12:19:57 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$inet6(r0, &(0x7f0000001500)={&(0x7f0000000280)={0xa, 0x0, 0x0, @local}, 0x1c, &(0x7f0000001480)=[{&(0x7f00000002c0)="bfd6ed71", 0x4}], 0x1}, 0x0) [ 28.599680][ T4690] loop2: detected capacity change from 0 to 264192 [ 28.602610][ T4687] 9pnet: Insufficient options for proto=fd [ 28.631358][ T4700] 9pnet: Insufficient options for proto=fd [ 28.631689][ T4690] loop2: p1 p2 < > p3 p4 < p5 p6 > 12:19:57 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={'trans=fd,', {}, 0x2c, {}, 0x64, {[], [{@context={'context', 0x2c, 'system_u'}}], 0x6b}}) 12:19:57 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001a00010a"], 0x14}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000180)=ANY=[], 0xfffffc7b) r2 = openat(0xffffffffffffffff, &(0x7f0000001940)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = socket(0x10, 0x3, 0x0) splice(r0, 0x0, r3, 0x0, 0x4ffe0, 0x0) 12:19:57 executing program 5: clone(0x41be, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r0, r0, 0x15, &(0x7f0000000300)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r3, 0x0) ptrace(0x10, r1) ptrace$poke(0x5, r1, &(0x7f0000000040), 0x0) 12:19:57 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$inet6(r0, &(0x7f0000001500)={&(0x7f0000000280)={0xa, 0x0, 0x0, @local}, 0x1c, &(0x7f0000001480)=[{&(0x7f00000002c0)="bfd6ed71", 0x4}], 0x1}, 0x0) [ 28.648207][ T4690] loop2: p1 size 11290111 extends beyond EOD, truncated [ 28.665417][ T4690] loop2: p3 size 1914664839 extends beyond EOD, truncated [ 28.673644][ T4690] loop2: p5 size 11290111 extends beyond EOD, truncated [ 28.681105][ T4690] loop2: p6 size 1914664839 extends beyond EOD, truncated [ 28.683601][ T4713] 9pnet: Insufficient options for proto=fd 12:19:57 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={'trans=fd,', {}, 0x2c, {}, 0x64, {[], [{@context={'context', 0x2c, 'system_u'}}], 0x6b}}) [ 28.757836][ T4734] 9pnet: Insufficient options for proto=fd 12:19:58 executing program 2: unshare(0x20400) r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) close(0xffffffffffffffff) fgetxattr(r0, 0x0, 0x0, 0x0) 12:19:58 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$inet6(r0, &(0x7f0000001500)={&(0x7f0000000280)={0xa, 0x0, 0x0, @local}, 0x1c, &(0x7f0000001480)=[{&(0x7f00000002c0)="bfd6ed71", 0x4}], 0x1}, 0x0) 12:19:58 executing program 3: clone(0x41be, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r0, r0, 0x15, &(0x7f0000000300)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r3, 0x0) ptrace(0x10, r1) ptrace$poke(0x5, r1, &(0x7f0000000040), 0x0) 12:19:58 executing program 4: creat(&(0x7f0000000000)='./file0\x00', 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={'trans=fd,', {}, 0x2c, {}, 0x64, {[], [{@context={'context', 0x2c, 'system_u'}}], 0x6b}}) 12:19:58 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001300), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000001880)={0x18, r1, 0x701, 0x0, 0x0, {}, [@HEADER={0x4}]}, 0x18}}, 0x0) 12:19:58 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$inet6(r0, &(0x7f0000001500)={&(0x7f0000000280)={0xa, 0x0, 0x0, @local}, 0x1c, &(0x7f0000001480)=[{&(0x7f00000002c0)="bfd6ed71", 0x4}], 0x1}, 0x0) 12:19:58 executing program 2: unshare(0x20400) r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) close(0xffffffffffffffff) fgetxattr(r0, 0x0, 0x0, 0x0) [ 29.445361][ T4754] 9pnet: Insufficient options for proto=fd 12:19:58 executing program 1: unshare(0x20400) r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) close(0xffffffffffffffff) fgetxattr(r0, 0x0, 0x0, 0x0) 12:19:58 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001a00010a"], 0x14}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000180)=ANY=[], 0xfffffc7b) r2 = openat(0xffffffffffffffff, &(0x7f0000001940)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = socket(0x10, 0x3, 0x0) splice(r0, 0x0, r3, 0x0, 0x4ffe0, 0x0) 12:19:58 executing program 5: clone(0x41be, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r0, r0, 0x15, &(0x7f0000000300)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r3, 0x0) ptrace(0x10, r1) ptrace$poke(0x5, r1, &(0x7f0000000040), 0x0) 12:19:58 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001300), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000001880)={0x18, r1, 0x701, 0x0, 0x0, {}, [@HEADER={0x4}]}, 0x18}}, 0x0) 12:19:58 executing program 1: unshare(0x20400) r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) close(0xffffffffffffffff) fgetxattr(r0, 0x0, 0x0, 0x0) 12:19:59 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001300), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000001880)={0x18, r1, 0x701, 0x0, 0x0, {}, [@HEADER={0x4}]}, 0x18}}, 0x0) 12:19:59 executing program 2: unshare(0x20400) r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) close(0xffffffffffffffff) fgetxattr(r0, 0x0, 0x0, 0x0) 12:19:59 executing program 1: unshare(0x20400) r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) close(0xffffffffffffffff) fgetxattr(r0, 0x0, 0x0, 0x0) 12:19:59 executing program 3: unshare(0x20400) r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) close(0xffffffffffffffff) fgetxattr(r0, 0x0, 0x0, 0x0) 12:19:59 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001300), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000001880)={0x18, r1, 0x701, 0x0, 0x0, {}, [@HEADER={0x4}]}, 0x18}}, 0x0) 12:19:59 executing program 2: unshare(0x20400) r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) close(0xffffffffffffffff) fgetxattr(r0, 0x0, 0x0, 0x0) 12:19:59 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f00000000c0)={0x0, 0x2}) 12:19:59 executing program 3: unshare(0x20400) r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) close(0xffffffffffffffff) fgetxattr(r0, 0x0, 0x0, 0x0) 12:19:59 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001a00010a"], 0x14}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000180)=ANY=[], 0xfffffc7b) r2 = openat(0xffffffffffffffff, &(0x7f0000001940)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0) preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r3 = socket(0x10, 0x3, 0x0) splice(r0, 0x0, r3, 0x0, 0x4ffe0, 0x0)