Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. 2021/05/22 03:30:33 fuzzer started 2021/05/22 03:30:33 dialing manager at 10.128.0.163:42059 2021/05/22 03:30:33 syscalls: 1997 2021/05/22 03:30:33 code coverage: enabled 2021/05/22 03:30:33 comparison tracing: enabled 2021/05/22 03:30:33 extra coverage: enabled 2021/05/22 03:30:33 setuid sandbox: enabled 2021/05/22 03:30:33 namespace sandbox: enabled 2021/05/22 03:30:33 Android sandbox: enabled 2021/05/22 03:30:33 fault injection: enabled 2021/05/22 03:30:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/05/22 03:30:33 net packet injection: /dev/net/tun does not exist 2021/05/22 03:30:33 net device setup: enabled 2021/05/22 03:30:33 concurrency sanitizer: enabled 2021/05/22 03:30:33 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/05/22 03:30:33 USB emulation: /dev/raw-gadget does not exist 2021/05/22 03:30:33 hci packet injection: /dev/vhci does not exist 2021/05/22 03:30:33 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 2021/05/22 03:30:33 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 2021/05/22 03:30:34 suppressing KCSAN reports in functions: 'blk_mq_dispatch_rq_list' 'do_readlinkat' '_find_next_bit' 'blk_mq_rq_ctx_init' '__xa_clear_mark' 'exit_mm' 'ext4_free_inodes_count' 'ext4_mark_iloc_dirty' 'n_tty_receive_char_special' 'blk_mq_sched_dispatch_requests' 'alloc_pid' 2021/05/22 03:30:34 fetching corpus: 0, signal 0/2000 (executing program) 2021/05/22 03:30:34 fetching corpus: 50, signal 15131/18576 (executing program) 2021/05/22 03:30:34 fetching corpus: 99, signal 25315/29988 (executing program) 2021/05/22 03:30:34 fetching corpus: 149, signal 33335/39055 (executing program) 2021/05/22 03:30:34 fetching corpus: 198, signal 40869/47376 (executing program) 2021/05/22 03:30:34 fetching corpus: 248, signal 45255/52634 (executing program) 2021/05/22 03:30:34 fetching corpus: 298, signal 49091/57225 (executing program) 2021/05/22 03:30:34 fetching corpus: 348, signal 52513/61324 (executing program) 2021/05/22 03:30:34 fetching corpus: 398, signal 55412/64840 (executing program) 2021/05/22 03:30:34 fetching corpus: 447, signal 58916/68820 (executing program) 2021/05/22 03:30:34 fetching corpus: 497, signal 60943/71485 (executing program) 2021/05/22 03:30:34 fetching corpus: 546, signal 62976/74021 (executing program) 2021/05/22 03:30:34 fetching corpus: 596, signal 65594/76911 (executing program) 2021/05/22 03:30:34 fetching corpus: 646, signal 67196/78998 (executing program) 2021/05/22 03:30:34 fetching corpus: 696, signal 70183/82141 (executing program) 2021/05/22 03:30:34 fetching corpus: 746, signal 73227/85157 (executing program) 2021/05/22 03:30:34 fetching corpus: 796, signal 75649/87551 (executing program) 2021/05/22 03:30:34 fetching corpus: 846, signal 77453/89515 (executing program) 2021/05/22 03:30:35 fetching corpus: 896, signal 79501/91546 (executing program) 2021/05/22 03:30:35 fetching corpus: 946, signal 81386/93442 (executing program) 2021/05/22 03:30:35 fetching corpus: 993, signal 83257/95235 (executing program) 2021/05/22 03:30:35 fetching corpus: 1043, signal 85767/97325 (executing program) 2021/05/22 03:30:35 fetching corpus: 1093, signal 87276/98688 (executing program) 2021/05/22 03:30:35 fetching corpus: 1142, signal 88537/99975 (executing program) syzkaller login: [ 19.466840][ T1748] ================================================================== [ 19.469513][ T1748] BUG: KCSAN: data-race in __send_signal / futex_wait_queue_me [ 19.471401][ T1748] [ 19.472080][ T1748] write to 0xffff888106c1902c of 4 bytes by task 1747 on cpu 1: [ 19.473836][ T1748] futex_wait_queue_me+0x198/0x260 [ 19.475101][ T1748] futex_wait+0x143/0x430 [ 19.475910][ T1748] do_futex+0x9d8/0x1ee0 [ 19.477196][ T1748] __se_sys_futex+0x21c/0x380 [ 19.478206][ T1748] __x64_sys_futex+0x74/0x80 [ 19.479228][ T1748] do_syscall_64+0x4a/0x90 [ 19.480011][ T1748] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 19.481352][ T1748] [ 19.481944][ T1748] read to 0xffff888106c1902c of 4 bytes by task 1748 on cpu 0: [ 19.483925][ T1748] __send_signal+0x282/0x760 [ 19.485103][ T1748] send_signal+0x281/0x390 [ 19.486473][ T1748] do_send_specific+0x13d/0x1c0 [ 19.489604][ T1748] __x64_sys_tgkill+0x108/0x140 [ 19.494447][ T1748] do_syscall_64+0x4a/0x90 [ 19.498840][ T1748] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 19.504712][ T1748] [ 19.507051][ T1748] Reported by Kernel Concurrency Sanitizer on: 2021/05/22 03:30:35 fetching corpus: 1192, signal 89510/101008 (executing program) [ 19.513181][ T1748] CPU: 0 PID: 1748 Comm: syz-fuzzer Not tainted 5.13.0-rc2-syzkaller #0 [ 19.521479][ T1748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.531507][ T1748] ================================================================== 2021/05/22 03:30:35 fetching corpus: 1240, signal 90732/102142 (executing program) 2021/05/22 03:30:35 fetching corpus: 1290, signal 93088/103854 (executing program) 2021/05/22 03:30:35 fetching corpus: 1340, signal 94358/104925 (executing program) 2021/05/22 03:30:35 fetching corpus: 1390, signal 96497/106380 (executing program) 2021/05/22 03:30:35 fetching corpus: 1440, signal 98361/107639 (executing program) 2021/05/22 03:30:35 fetching corpus: 1490, signal 99632/108580 (executing program) 2021/05/22 03:30:35 fetching corpus: 1540, signal 100746/109337 (executing program) 2021/05/22 03:30:35 fetching corpus: 1590, signal 102270/110296 (executing program) 2021/05/22 03:30:35 fetching corpus: 1640, signal 104110/111273 (executing program) 2021/05/22 03:30:35 fetching corpus: 1690, signal 105278/111954 (executing program) 2021/05/22 03:30:35 fetching corpus: 1740, signal 106480/112625 (executing program) 2021/05/22 03:30:35 fetching corpus: 1789, signal 107256/113103 (executing program) 2021/05/22 03:30:36 fetching corpus: 1839, signal 108765/113778 (executing program) 2021/05/22 03:30:36 fetching corpus: 1889, signal 111494/114839 (executing program) 2021/05/22 03:30:36 fetching corpus: 1939, signal 112277/115166 (executing program) 2021/05/22 03:30:36 fetching corpus: 1989, signal 113202/115519 (executing program) 2021/05/22 03:30:36 fetching corpus: 2039, signal 114186/115852 (executing program) 2021/05/22 03:30:36 fetching corpus: 2085, signal 115317/116211 (executing program) 2021/05/22 03:30:36 fetching corpus: 2086, signal 115323/116232 (executing program) 2021/05/22 03:30:36 fetching corpus: 2086, signal 115323/116261 (executing program) 2021/05/22 03:30:36 fetching corpus: 2086, signal 115323/116292 (executing program) 2021/05/22 03:30:36 fetching corpus: 2086, signal 115323/116321 (executing program) 2021/05/22 03:30:36 fetching corpus: 2086, signal 115328/116353 (executing program) 2021/05/22 03:30:36 fetching corpus: 2086, signal 115328/116378 (executing program) 2021/05/22 03:30:36 fetching corpus: 2086, signal 115328/116398 (executing program) 2021/05/22 03:30:36 fetching corpus: 2086, signal 115328/116418 (executing program) 2021/05/22 03:30:36 fetching corpus: 2086, signal 115328/116441 (executing program) 2021/05/22 03:30:36 fetching corpus: 2086, signal 115328/116467 (executing program) 2021/05/22 03:30:36 fetching corpus: 2086, signal 115328/116494 (executing program) 2021/05/22 03:30:36 fetching corpus: 2086, signal 115328/116517 (executing program) 2021/05/22 03:30:36 fetching corpus: 2087, signal 115357/116539 (executing program) 2021/05/22 03:30:36 fetching corpus: 2087, signal 115357/116554 (executing program) 2021/05/22 03:30:36 fetching corpus: 2087, signal 115357/116577 (executing program) 2021/05/22 03:30:36 fetching corpus: 2087, signal 115359/116582 (executing program) 2021/05/22 03:30:36 fetching corpus: 2087, signal 115359/116582 (executing program) 2021/05/22 03:30:37 starting 6 fuzzer processes 03:30:37 executing program 0: prctl$PR_SET_SECUREBITS(0x1c, 0x25) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) prctl$PR_SET_SECUREBITS(0x8, 0x0) 03:30:37 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x5382, &(0x7f0000000180)) 03:30:37 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x20}, {0x3d}, {0x16}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 03:30:37 executing program 2: r0 = socket$inet6(0xa, 0x3, 0xff) sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @dev}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000180)="774adc96d46b99c7d7b4b8a06ab0fe35f62049662b8ada79bc6483cbffbd37aad18739dc01000080", 0x28}], 0x1}}], 0x1, 0x20020814) 03:30:37 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$BLKTRACESTOP(r0, 0x2283, 0x401000) 03:30:37 executing program 4: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff9000/0x4000)=nil) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) r1 = shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x5000) shmdt(r1) [ 21.919830][ T22] audit: type=1400 audit(1621654237.709:8): avc: denied { execmem } for pid=1759 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 21.978366][ T1764] cgroup: Unknown subsys name 'perf_event' [ 21.994423][ T1764] cgroup: Unknown subsys name 'net_cls' [ 22.019218][ T1765] cgroup: Unknown subsys name 'perf_event' [ 22.037588][ T1765] cgroup: Unknown subsys name 'net_cls' [ 22.064343][ T1767] cgroup: Unknown subsys name 'perf_event' [ 22.076533][ T1767] cgroup: Unknown subsys name 'net_cls' [ 22.082638][ T1769] cgroup: Unknown subsys name 'perf_event' [ 22.083000][ T1770] cgroup: Unknown subsys name 'perf_event' [ 22.090820][ T1769] cgroup: Unknown subsys name 'net_cls' [ 22.103224][ T1774] cgroup: Unknown subsys name 'perf_event' [ 22.118567][ T1774] cgroup: Unknown subsys name 'net_cls' [ 22.124526][ T1770] cgroup: Unknown subsys name 'net_cls' 03:30:41 executing program 0: prctl$PR_SET_SECUREBITS(0x1c, 0x25) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) prctl$PR_SET_SECUREBITS(0x8, 0x0) 03:30:41 executing program 0: prctl$PR_SET_SECUREBITS(0x1c, 0x25) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) prctl$PR_SET_SECUREBITS(0x8, 0x0) 03:30:42 executing program 0: prctl$PR_SET_SECUREBITS(0x1c, 0x25) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0) prctl$PR_SET_SECUREBITS(0x8, 0x0) 03:30:42 executing program 0: r0 = semget$private(0x0, 0x6, 0x0) semtimedop(r0, &(0x7f0000000040)=[{0x0, 0x8001}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000000)=[{}, {0x0, 0xffff}], 0x2, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) [ 26.230748][ T22] audit: type=1326 audit(1621654242.030:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4470 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x0 03:30:42 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x5382, &(0x7f0000000180)) 03:30:42 executing program 4: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff9000/0x4000)=nil) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) r1 = shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x5000) shmdt(r1) 03:30:42 executing program 2: r0 = socket$inet6(0xa, 0x3, 0xff) sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @dev}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000180)="774adc96d46b99c7d7b4b8a06ab0fe35f62049662b8ada79bc6483cbffbd37aad18739dc01000080", 0x28}], 0x1}}], 0x1, 0x20020814) 03:30:42 executing program 4: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff9000/0x4000)=nil) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) r1 = shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x5000) shmdt(r1) 03:30:42 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x20}, {0x3d}, {0x16}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 03:30:42 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x5382, &(0x7f0000000180)) 03:30:42 executing program 2: r0 = socket$inet6(0xa, 0x3, 0xff) sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @dev}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000180)="774adc96d46b99c7d7b4b8a06ab0fe35f62049662b8ada79bc6483cbffbd37aad18739dc01000080", 0x28}], 0x1}}], 0x1, 0x20020814) 03:30:42 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$BLKTRACESTOP(r0, 0x2283, 0x401000) 03:30:42 executing program 4: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff9000/0x4000)=nil) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) r1 = shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x5000) shmdt(r1) 03:30:42 executing program 0: r0 = semget$private(0x0, 0x6, 0x0) semtimedop(r0, &(0x7f0000000040)=[{0x0, 0x8001}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000000)=[{}, {0x0, 0xffff}], 0x2, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) [ 27.057661][ T22] audit: type=1326 audit(1621654242.860:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4470 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x0 03:30:42 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x20}, {0x3d}, {0x16}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 03:30:42 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$BLKTRACESTOP(r0, 0x2283, 0x401000) 03:30:42 executing program 2: r0 = socket$inet6(0xa, 0x3, 0xff) sendmmsg$inet6(r0, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @dev}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000180)="774adc96d46b99c7d7b4b8a06ab0fe35f62049662b8ada79bc6483cbffbd37aad18739dc01000080", 0x28}], 0x1}}], 0x1, 0x20020814) 03:30:42 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x5382, &(0x7f0000000180)) [ 27.136130][ T22] audit: type=1326 audit(1621654242.940:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4549 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x0 03:30:43 executing program 2: r0 = semget$private(0x0, 0x6, 0x0) semtimedop(r0, &(0x7f0000000040)=[{0x0, 0x8001}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000000)=[{}, {0x0, 0xffff}], 0x2, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) 03:30:43 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$BLKTRACESTOP(r0, 0x2283, 0x401000) [ 27.206716][ T22] audit: type=1326 audit(1621654242.990:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4563 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x0 03:30:43 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x20}, {0x3d}, {0x16}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 03:30:43 executing program 1: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff9000/0x4000)=nil) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) r1 = shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x5000) shmdt(r1) 03:30:43 executing program 3: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff9000/0x4000)=nil) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) r1 = shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x5000) shmdt(r1) 03:30:43 executing program 2: r0 = semget$private(0x0, 0x6, 0x0) semtimedop(r0, &(0x7f0000000040)=[{0x0, 0x8001}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000000)=[{}, {0x0, 0xffff}], 0x2, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) 03:30:43 executing program 0: r0 = semget$private(0x0, 0x6, 0x0) semtimedop(r0, &(0x7f0000000040)=[{0x0, 0x8001}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000000)=[{}, {0x0, 0xffff}], 0x2, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) 03:30:43 executing program 3: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff9000/0x4000)=nil) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) r1 = shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x5000) shmdt(r1) 03:30:43 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x20}, {0x3d}, {0x16}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 03:30:43 executing program 1: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff9000/0x4000)=nil) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) r1 = shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x5000) shmdt(r1) 03:30:43 executing program 3: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff9000/0x4000)=nil) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) r1 = shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x5000) shmdt(r1) [ 27.999366][ T22] audit: type=1326 audit(1621654243.801:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4605 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x0 03:30:43 executing program 1: r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ff9000/0x4000)=nil) shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x4000) r1 = shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x5000) shmdt(r1) 03:30:43 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket(0x11, 0x800000003, 0x0) r3 = socket(0x11, 0x800000003, 0x0) r4 = socket(0x11, 0x800000003, 0x0) bind(r4, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c58110308d9123127ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000400)={r5, 0x3, 0x6, @dev}, 0x10) dup2(r2, r3) [ 28.066064][ T22] audit: type=1326 audit(1621654243.871:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4617 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x0 03:30:43 executing program 0: r0 = semget$private(0x0, 0x6, 0x0) semtimedop(r0, &(0x7f0000000040)=[{0x0, 0x8001}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000000)=[{}, {0x0, 0xffff}], 0x2, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) [ 28.121938][ T4632] device lo entered promiscuous mode [ 28.128476][ T4632] device lo left promiscuous mode [ 28.139576][ T4632] device lo entered promiscuous mode [ 28.145388][ T4635] device lo left promiscuous mode 03:30:44 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x20}, {0x3d}, {0x16}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 03:30:44 executing program 2: r0 = semget$private(0x0, 0x6, 0x0) semtimedop(r0, &(0x7f0000000040)=[{0x0, 0x8001}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000000)=[{}, {0x0, 0xffff}], 0x2, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) 03:30:44 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000200)=ANY=[], 0x208e24b) read$rfkill(r0, 0x0, 0x0) write$binfmt_elf64(r0, 0x0, 0x0) 03:30:44 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket(0x11, 0x800000003, 0x0) r3 = socket(0x11, 0x800000003, 0x0) r4 = socket(0x11, 0x800000003, 0x0) bind(r4, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c58110308d9123127ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000400)={r5, 0x3, 0x6, @dev}, 0x10) dup2(r2, r3) 03:30:44 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0xc0401, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x280000c, 0x100010, r1, 0xcbc97000) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r0, 0x8010661b, &(0x7f0000000240)) preadv(r0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x10, 0xffffffffffffffff, 0x0) time(0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000000c0)='reno\x00', 0x5) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000000)=0x200, 0x4) bind$inet(r2, &(0x7f0000000380)={0x2, 0x200000000004e23, @local}, 0x10) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000100), 0x4) recvmsg(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1}, 0x0) write$binfmt_elf64(r2, &(0x7f0000000300)=ANY=[@ANYRESDEC, @ANYRESDEC, @ANYRESOCT, @ANYRESDEC], 0x100000530) [ 28.846615][ T4650] device lo entered promiscuous mode [ 28.859628][ T4650] device lo left promiscuous mode 03:30:44 executing program 4: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x20}, {0x3d}, {0x16}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 03:30:44 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket(0x11, 0x800000003, 0x0) r3 = socket(0x11, 0x800000003, 0x0) r4 = socket(0x11, 0x800000003, 0x0) bind(r4, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c58110308d9123127ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000400)={r5, 0x3, 0x6, @dev}, 0x10) dup2(r2, r3) [ 28.876518][ T22] audit: type=1326 audit(1621654244.681:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4656 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x0 03:30:44 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = open(&(0x7f0000000200)='.\x00', 0x0, 0x0) ioctl$FITRIM(r0, 0x40086607, &(0x7f0000000040)={0x1fffffffffffffff}) 03:30:44 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0) r2 = socket(0x11, 0x800000003, 0x0) r3 = socket(0x11, 0x800000003, 0x0) r4 = socket(0x11, 0x800000003, 0x0) bind(r4, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c58110308d9123127ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000400)={r5, 0x3, 0x6, @dev}, 0x10) dup2(r2, r3) [ 28.939742][ T22] audit: type=1326 audit(1621654244.721:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4660 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x0 [ 28.963726][ T4670] device lo entered promiscuous mode [ 28.975976][ T4670] device lo left promiscuous mode 03:30:44 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = open(&(0x7f0000000200)='.\x00', 0x0, 0x0) ioctl$FITRIM(r0, 0x40086607, &(0x7f0000000040)={0x1fffffffffffffff}) 03:30:44 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x100100, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x2, 0x0, 0x8000000}) 03:30:44 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x100100, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x2, 0x0, 0x8000000}) [ 29.012768][ T4678] EXT4-fs warning (device sda1): ext4_group_extend:1817: will only finish group (524288 blocks, 256 new) [ 29.018270][ T4680] device lo entered promiscuous mode [ 29.035894][ T4680] device lo left promiscuous mode [ 29.037764][ T4678] EXT4-fs warning (device sda1): ext4_group_extend:1822: can't read last block, resize aborted [ 29.099467][ T4692] EXT4-fs warning (device sda1): ext4_group_extend:1817: will only finish group (524288 blocks, 256 new) [ 29.123661][ T4692] EXT4-fs warning (device sda1): ext4_group_extend:1822: can't read last block, resize aborted