Warning: Permanently added '10.128.0.186' (ECDSA) to the list of known hosts. [ 37.977058] random: sshd: uninitialized urandom read (32 bytes read) 2019/04/28 10:25:18 fuzzer started [ 38.070711] audit: type=1400 audit(1556447118.800:7): avc: denied { map } for pid=1789 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.111924] random: cc1: uninitialized urandom read (8 bytes read) 2019/04/28 10:25:22 dialing manager at 10.128.0.26:37563 2019/04/28 10:25:22 syscalls: 1329 2019/04/28 10:25:22 code coverage: enabled 2019/04/28 10:25:22 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/04/28 10:25:22 extra coverage: extra coverage is not supported by the kernel 2019/04/28 10:25:22 setuid sandbox: enabled 2019/04/28 10:25:22 namespace sandbox: enabled 2019/04/28 10:25:22 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/28 10:25:22 fault injection: CONFIG_FAULT_INJECTION is not enabled 2019/04/28 10:25:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/28 10:25:22 net packet injection: enabled 2019/04/28 10:25:22 net device setup: enabled [ 43.051556] random: crng init done INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes 10:26:43 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1800008912, &(0x7f00000001c0)="1098ce66000000007be070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f00000001c0)=0x1, 0x4) sendmmsg(r1, &(0x7f0000007940)=[{{0x0, 0x0, &(0x7f0000007280)=[{&(0x7f0000006dc0)="a5", 0x1}], 0x1}}], 0x1, 0x0) sendmmsg(r1, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000540)="82", 0x1}], 0x1}}], 0x1, 0x4) 10:26:43 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000000080)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f00000be000/0x3000)=nil, 0x3000, 0x2, 0x100132, 0xffffffffffffffff, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f00000000c0)=0x4, 0x4) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") sendto$inet6(r0, &(0x7f00000005c0), 0xe0ffffff, 0x0, 0x0, 0xd8) 10:26:43 executing program 5: 10:26:43 executing program 2: 10:26:43 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="240000004f0007031dfffd946f610500070200001f000000fe000000421ba3a20400ff7e", 0x24}], 0x1}, 0x0) 10:26:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @multicast1}, @icmp=@address_reply={0x8}}}}}, 0x0) [ 123.058193] audit: type=1400 audit(1556447203.780:8): avc: denied { map } for pid=1846 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5011 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 10:26:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0xf) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/policy\x00', 0x0, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000200)=0x7) r2 = creat(0x0, 0x0) arch_prctl$ARCH_GET_CPUID(0x1011) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7fffffff}) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) sched_setaffinity(0x0, 0xffffffffffffff06, &(0x7f0000000340)=0x401) fchdir(r2) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f0000000700)='./bus\x00', 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f00000000c0)="aca8201a21e71ef103f0e1eb132373cb5ee72c14851464510b71b4e1c0efe2534cfb1ea35c5b5020ad293bc38a5a71aaaa6ffb54020f9e615379b1b6a32c7b18947fdd239a9093ddb750df8583c42b75b0f9c98aa1b84f2a247784a59bc3db49abed37a32817c7921c847ee590", 0x53}], 0x1) recvfrom$unix(r1, 0xfffffffffffffffe, 0x0, 0x2061, &(0x7f00000002c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RXATTRCREATE(r5, &(0x7f0000000040)={0x7, 0x21, 0x1}, 0x7) getpeername$packet(r4, &(0x7f0000000240), &(0x7f0000000280)=0x14) r6 = fcntl$getown(r0, 0x9) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000180)=r6) ioctl$sock_netdev_private(r0, 0x89fd, &(0x7f0000000080)='8') 10:26:46 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x101002, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x4, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = memfd_create(&(0x7f00000005c0)='trusted.overlay.origin\x00\x9f\xaa\xab \x85\x9b\xb9\xdf\xbd1Bs\xf3\xce\x91\b\x7f2W\x90\x8b\xea', 0x7) pwrite64(r2, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r2, 0x0) lseek(r1, 0x0, 0x1) sendfile(r2, r2, &(0x7f0000000440), 0x20) sendfile(r2, r2, &(0x7f0000000100), 0x7f8) symlink(0x0, &(0x7f0000000080)='./file0\x00') pivot_root(&(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)='./file0/file0/file0\x00') r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000280)={&(0x7f0000000240)='./file1\x00', r3}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='net/protocols\x00') fcntl$setown(r3, 0x8, 0x0) sendfile(r4, r5, 0x0, 0x8000) fgetxattr(r0, &(0x7f0000000000)=@known='trusted.overlay.origin\x00', &(0x7f0000000140)=""/107, 0x6b) ioctl$GIO_UNIMAP(r5, 0x4b66, &(0x7f0000000340)={0x6, &(0x7f00000002c0)=[{}, {}, {}, {}, {}, {}]}) prctl$PR_SVE_SET_VL(0x32, 0x1000000030a6d) mkdir(&(0x7f0000000600)='./file0\x00', 0x0) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x2) mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x588e, 0x0) umount2(&(0x7f0000000580)='./file0\x00', 0x8) [ 125.843915] hrtimer: interrupt took 29906 ns 10:26:46 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r0, 0x29, 0x49, 0x0, &(0x7f0000000080)) mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000, 0x96a72d57a0ddfb6f, &(0x7f0000ffd000/0x2000)=nil) 10:26:46 executing program 0: r0 = socket$inet(0x2, 0x6, 0x40) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004c80)=[{{0x0, 0x0, &(0x7f0000004bc0)=[{0x0}, {&(0x7f0000003900)=""/224, 0xe0}], 0x2}}], 0x1, 0x0, 0x0) recvmmsg(r0, &(0x7f0000006dc0)=[{{&(0x7f0000000000)=@nfc, 0x80, &(0x7f0000001400)=[{&(0x7f00000000c0)=""/217, 0xd9}, {&(0x7f00000001c0)=""/227, 0xe3}, {&(0x7f00000002c0)=""/112, 0x70}, {&(0x7f0000000340)=""/56, 0x38}, {&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000001380)=""/67, 0x43}], 0x6, &(0x7f0000001480)=""/222, 0xde}, 0x84}, {{&(0x7f0000001580)=@nfc, 0x80, &(0x7f0000001680)=[{&(0x7f0000001600)=""/89, 0x59}], 0x1, &(0x7f00000016c0)=""/4096, 0x1000}, 0xfffe}, {{&(0x7f00000026c0)=@ipx, 0x80, &(0x7f0000007100)=[{&(0x7f0000002740)=""/247, 0xf7}, {&(0x7f0000002840)=""/86, 0x56}], 0x2, &(0x7f0000002900)=""/84, 0x54}, 0xe2ba}, {{&(0x7f0000002980)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, &(0x7f0000002a80)=[{&(0x7f0000002a00)=""/62, 0x3e}, {&(0x7f0000002a40)=""/45, 0x2d}], 0x2, &(0x7f0000002ac0)=""/245, 0xf5}, 0x3}, {{&(0x7f0000002bc0)=@un=@abs, 0x80, &(0x7f0000002f00)=[{&(0x7f0000002c40)=""/37, 0x25}, {&(0x7f0000002c80)=""/200, 0xc8}, {&(0x7f0000002d80)=""/51, 0x33}, {&(0x7f0000002dc0)=""/100, 0x64}, {&(0x7f0000002e40)=""/145, 0x91}], 0x5}, 0x8000}, {{&(0x7f0000002f80)=@alg, 0x80, &(0x7f0000003040)=[{&(0x7f0000003a00)=""/4096, 0x1000}, {&(0x7f0000003000)=""/39, 0x27}, {&(0x7f0000004cc0)=""/4096, 0x1000}], 0x3, &(0x7f0000003080)=""/2, 0x2}, 0x5}, {{&(0x7f00000030c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000003280)=[{&(0x7f0000005cc0)=""/4096, 0x1000}, {&(0x7f0000003140)=""/253, 0x32}, {&(0x7f0000003240)=""/57, 0x39}], 0x3, &(0x7f0000007040)=""/164, 0x2e}, 0x65ac}, {{&(0x7f0000003380)=@rc, 0x80, &(0x7f0000003540)=[{&(0x7f0000003400)=""/67, 0x3e8}, {&(0x7f0000004c00)=""/112, 0x70}, {&(0x7f0000003500)=""/40, 0x28}], 0x3, &(0x7f0000003580)=""/104, 0x68}, 0xf5}, {{0x0, 0x0, &(0x7f0000003780)=[{&(0x7f0000003600)=""/157, 0x9d}, {&(0x7f00000036c0)=""/175, 0xaf}], 0x2, &(0x7f00000037c0)=""/118, 0x76}, 0xfffffffffffffff8}, {{&(0x7f0000007140)=@can, 0x80, &(0x7f0000004b80)=[{&(0x7f00000038c0)=""/58, 0x3a}, {&(0x7f0000004a00)=""/235, 0xeb}, {&(0x7f0000004b00)=""/75, 0x4b}, {&(0x7f0000006cc0)=""/224, 0xe0}], 0x4}, 0x9}], 0xa, 0x62, 0x0) 10:26:46 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") getsockname$packet(r0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000100)=0x14) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/sockstat\x00') bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)={0x0, r1, 0x3}, 0x195) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000011fd4)={0x3, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x2c) dup2(r0, r2) 10:26:46 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/mls\x00', 0x0, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r0, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x4003ff) open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x1) shutdown(0xffffffffffffffff, 0x0) openat$selinux_avc_hash_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) set_tid_address(&(0x7f0000000140)) r1 = syz_open_dev$loop(&(0x7f00000004c0)='/dev/loop#\x00', 0x0, 0x105082) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = memfd_create(0x0, 0x0) r3 = getpgrp(0x0) sched_setattr(r3, &(0x7f0000000040)={0x30, 0x7, 0x0, 0x8aa1, 0x800, 0x10002d, 0x0, 0x3}, 0x0) pwritev(r2, &(0x7f0000f50f90), 0x0, 0x4081003) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, 0xffffffffffffffff) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) fallocate(r1, 0x11, 0x0, 0x100000001) 10:26:46 executing program 0: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x20, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x4, 0xa5}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80848}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfb, {{}, 0x0, 0x8001, 0x0, {0x8}}, ["", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x44000}, 0x20000000) [ 125.975067] audit: type=1400 audit(1556447206.700:9): avc: denied { map_create } for pid=2759 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 125.998908] audit: type=1400 audit(1556447206.700:10): avc: denied { map_read map_write } for pid=2759 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 126.034237] audit: type=1400 audit(1556447206.760:11): avc: denied { create } for pid=2769 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 126.058694] audit: type=1400 audit(1556447206.760:12): avc: denied { write } for pid=2769 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 126.084114] audit: type=1400 audit(1556447206.760:13): avc: denied { read } for pid=2769 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 126.860372] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Dropping request. Check SNMP counters. [ 127.661375] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Dropping request. Check SNMP counters. 10:26:48 executing program 1: r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000140)=ANY=[], 0xa641f597) unlink(0x0) clone(0x210007f5, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) utimes(&(0x7f0000000000)='\x00', &(0x7f0000000040)={{}, {0x0, 0x2710}}) memfd_create(0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f00000004c0)={&(0x7f0000000340)='./file0\x00'}, 0x10) getpgid(0x0) clock_gettime(0x0, 0x0) sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, 0x0, 0x0) 10:26:48 executing program 0: r0 = perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3d, 0x301) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0xfffffffffffffc92, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x400000000000, 0x0, 0x0, 0x0, @perf_config_ext={0x1ff, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r2, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) getsockopt$SO_COOKIE(r2, 0x1, 0x39, &(0x7f0000000000), &(0x7f0000000200)=0x8) r3 = request_key(&(0x7f0000000880)='cifs.spnego\x00', &(0x7f00000008c0)={'syz', 0x2}, 0xfffffffffffffffd, 0xfffffffffffffffd) r4 = add_key$keyring(&(0x7f0000000900)='keyring\x00', &(0x7f0000000940)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffa) keyctl$negate(0xd, r3, 0x5e4, r4) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x9, 0x17, 0xb, 0xc, "1ce71f571449ea0bc11cb83dd6621ad0dbe76da63b20d86370d495ae9e118f6bb2104a6d8922e528ed1add1f9ddde7e2f317cd67a7c5f0a9ebc1590ebccbd32b", "7b7a31ba7107dfec8cc62580cc9121ddf971f988461013c0a5751ce0330d1a5a", [0x40, 0xd70]}) lsetxattr$security_smack_transmute(&(0x7f0000000140)='./bus\x00', &(0x7f0000000240)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000280)='TRUE', 0xfffffffffffffea2, 0x2) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x2, 0x0) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000a80)='TIPC\x00') setsockopt$inet6_MCAST_LEAVE_GROUP(r2, 0x29, 0x2d, &(0x7f00000006c0)={0x7, {{0xa, 0x4e20, 0x8001, @dev={0xfe, 0x80, [], 0x15}, 0x10001}}}, 0x88) getsockopt$inet6_buf(r1, 0x29, 0x23, &(0x7f0000000580)=""/219, 0x0) sendmsg$TIPC_CMD_GET_NETID(r5, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x500}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r6, 0x0, 0x70bd26}, 0x1c}}, 0x0) r7 = socket(0x9, 0xfffffffffffffffd, 0x8) sendto$inet(r7, &(0x7f0000000980)="9e", 0x1, 0x8000, 0x0, 0x0) ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000840)={0x4, 0x4, 0xfffffffffffffefc, 0x0}) r8 = dup2(r1, r5) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x7, @loopback}, 0x1c) r9 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x1) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000b00)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) dup2(r2, r2) ioctl$TCGETS(r8, 0x5401, &(0x7f0000000680)) personality(0x4000007) ioctl$sock_inet_SIOCGIFPFLAGS(r7, 0x8935, &(0x7f00000009c0)={'bridGe0\x00', 0x4}) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000001c0)=0x1fe, 0x4) ftruncate(r9, 0x80003) sendfile(r2, r9, &(0x7f00000000c0), 0x8000fffffffe) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000300)={{{@in6=@dev={0xfe, 0x80, [], 0x11}, @in6=@ipv4={[], [], @broadcast}, 0x4e20, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x8}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x33}, 0x0, @in6=@mcast2, 0x0, 0x0, 0x3}}, 0xe8) 10:26:48 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000300)='/dev/input/event#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup3(r1, r0, 0x0) write$binfmt_elf64(r2, &(0x7f00000004c0)={{0x7f, 0x45, 0x4c, 0x46, 0x80, 0x6, 0x8, 0x4a9, 0x4c, 0x2, 0x3, 0x2, 0x212, 0x40, 0x1eb, 0x6, 0x0, 0x38, 0x1, 0x7ff, 0x4, 0x1}, [{0x0, 0x20, 0x3f2595e3, 0x10000000000000, 0x80000001, 0x6, 0x8, 0xcc1}], "f00265b16f28ecf16003be0eb95a910393666ce3b110b375b7910d69092204a10229ea820a21375a1d9d720c7aaf3869915febe59c903c5efaaf04fc8600d195", [[], [], [], [], [], [], [], []]}, 0x8b8) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f00000000c0)={0x0, 0x4, 0x10000, 0x1ff}) flock(r2, 0x4) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full\x00', 0x200000, 0x0) getsockopt$inet_tcp_int(r4, 0x6, 0x22, &(0x7f0000000140), &(0x7f0000000180)=0x4) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="0adc1f123c123f319bd070") ioctl(r2, 0x534, &(0x7f0000000040)="f76282c3bc7024c31c573d57d69b5bb51a9f75c8d26630b8b0c37ee10d8a1b7b1b673e8c87945917c205566aedf85ab340acc875eeb518ca38d221aa409197a00e8b6cf25b0cad06c73055bd89c72e89f9c3fb09f3b46114a2576626441f") syz_read_part_table(0x0, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="02006800000f000000000000000000008128b14700000000d59863d2000000000200632020cc00000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a6e94c0000055aa", 0x60, 0x1a0}]) 10:26:48 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) getrandom(0x0, 0x0, 0x0) getcwd(0x0, 0x0) syz_genetlink_get_family_id$net_dm(0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000380)='/dev/null\x00', 0x8500, 0x0) write$P9_RWRITE(r1, &(0x7f00000003c0)={0xb, 0x77, 0x2, 0xffffffffffff84c5}, 0xb) perf_event_open(&(0x7f00000004c0)={0x0, 0x70, 0x70, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x20000000000) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x1ff) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f00000001c0)=ANY=[]) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x40086602, 0x400007) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0xff4a) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x20032600) syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00') ftruncate(r3, 0x5) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100)=0x1) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, 0x0, 0x8090) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0) ioctl$EXT4_IOC_MIGRATE(r3, 0x6609) sendmmsg(0xffffffffffffffff, 0x0, 0x218, 0xfffffffffffffffc) write$P9_RUNLINKAT(r3, &(0x7f0000000000)={0x7, 0x4d, 0x2}, 0x7) 10:26:48 executing program 3: utime(0x0, &(0x7f0000011ff5)) 10:26:48 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = creat(&(0x7f0000000780)='./file0\x00', 0x4) getdents64(r1, &(0x7f00000007c0)=""/111, 0x6f) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) setxattr$security_evm(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.evm\x00', &(0x7f00000000c0)=@md5={0x1, "958161c43b3a1bd9c68fa5624d683ec9"}, 0x73, 0x2) sendmmsg(r0, &(0x7f0000001900)=[{{&(0x7f0000000540)=@l2, 0x80, 0x0}}], 0x1, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000100)={{{@in6=@empty, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@multicast2}}, &(0x7f0000000200)=0xe8) r3 = geteuid() setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000240)={{{@in6=@loopback, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x4ea2, 0x21dd, 0x4e24, 0x5, 0x2, 0x80, 0x0, 0x6c, r2, r3}, {0x800, 0x0, 0x401, 0x9, 0x6, 0x800, 0x3ff, 0xffffffffffffffff}, {0xfffffffffffffff8, 0x3, 0x0, 0xffffffff}, 0x7, 0x0, 0x2, 0x1, 0x3}, {{@in6=@mcast1, 0x4d4, 0xff}, 0xa, @in=@rand_addr=0x1, 0x0, 0x1, 0x1, 0xf3, 0x401, 0x6d5}}, 0xe8) r4 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000340)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$KDGKBMODE(r4, 0x4b44, &(0x7f00000006c0)) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000004c0)={r4, &(0x7f0000000400)="bd5d4f543dc48964a80ffd4aeefb9d1d66831f2b884f283f2d57d0b91061b9925c98bfea58376745beb288d223e369a55d56e2d259f63fc92f21ab544a0266ce5a2e5eb0bf00030d5044dc0804fc0ace7acf43f496bd3d16ad635af8e40409916f9e0636080a55a5423d2b67654c447422583a3767369adcdc6d54d6be760a10e5ca73f024b8119dc35115c6c682d423e1ad6b3779c26a84734a72aecc44", &(0x7f00000005c0)=""/224}, 0x18) ioprio_get$uid(0x3, r3) getsockopt$packet_buf(r1, 0x107, 0x2, &(0x7f0000000a80)=""/222, &(0x7f0000000b80)=0xde) ioctl$RTC_IRQP_READ(r4, 0x8008700b, &(0x7f0000000380)) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e24, 0x722, @rand_addr="b9f1fa2eb53a04445615371ebeaf2b87", 0xffffffff00000000}, 0x1c) ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000840)={0xffff, 0x8, 0x0, [{0x9, 0x5, 0x1, 0x7, 0x3, 0xffffffff00000000, 0x8}, {0x101, 0x2, 0x7, 0x1, 0x1, 0x99a3, 0x400}, {0x3ff, 0x8, 0x3, 0x6, 0xbf, 0x10001, 0xff}, {0x40, 0x3, 0x8, 0x3d, 0x8, 0x6, 0x6}, {0x5, 0x7, 0xdee, 0x1ff, 0xdf, 0x0, 0x8}, {0x7, 0x1, 0x19, 0x6, 0x9, 0x8, 0x8c}, {0xe21, 0xfffffffffffff800, 0xffffffffffffffff, 0x3, 0x82d, 0x6, 0x40}, {0x5, 0x7fffffff, 0x6, 0x9, 0x7, 0x1f, 0x1}]}) ioctl$FIBMAP(r4, 0x1, &(0x7f0000000700)=0x100000000) ioctl$KDADDIO(r1, 0x4b34, 0x2) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000740)={'dummy0\x00', {0x2, 0x4e24, @remote}}) ioctl$SIOCGSTAMP(r4, 0x8906, &(0x7f0000000500)) 10:26:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) socket$inet6(0xa, 0x7, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'lo:3\x00\x00\x81\x80\x00\x00\xfa\xff\xdf\xf7\x00', &(0x7f00000001c0)=@ethtool_drvinfo={0x3, "862257e3b75ff8856d00c757e617447dc67f0242e1ec41484ce41c1060c90e63", "ef6978db7f81afe20a99eccd673b37496086667385e930a418354d956684f2cf", "3e7b5a5e9569b484e3899364994c091cfb3313301886b11dfb49f9aa5f5866b5", "be47d7344087d0a9209e4ef48e4d74fbb3b73d9f1e4fdb6057c2591188d3c11e", "cc714b2318fa0a0816bd983e3a4bbd21bf9cb9cd1fc89c97ddd6aabd7a825609", "ee60aa946132edf6c84002c8"}}) 10:26:48 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) write$P9_RCLUNK(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f00000001c0)={0x2, 'ip6_vti0\x00', 0x3}, 0x18) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[@ANYRES32], 0x4) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ioctl$KDENABIO(r0, 0x4b36) fallocate(r1, 0x0, 0x0, 0x2000002) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) write$P9_RLCREATE(0xffffffffffffffff, &(0x7f0000000180)={0x18, 0xf, 0x1, {{0x10, 0x4, 0x8}, 0x4}}, 0x18) fallocate(r0, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x0, 0x8}) 10:26:48 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d6000/0x1000)=nil) r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x2) signalfd(r0, &(0x7f0000000140)={0x8}, 0x8) openat(r0, &(0x7f0000000100)='./bus\x00', 0x400000, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='environ\x00') preadv(r1, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0x0) creat(&(0x7f0000000700)='./bus\x00', 0x0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002012, r2, 0x0) 10:26:48 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) syncfs(r0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f00000001c0)=0x200000072, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000003c80)={0x0, &(0x7f0000003c40)}, 0x8) setsockopt$sock_int(r0, 0x1, 0x2d, &(0x7f0000000040), 0x4) clone(0x2102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x3) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x400000000141042, 0x0) close(r1) r2 = syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x0, 0x105082) r3 = memfd_create(&(0x7f0000000140)='\x00\x00\x00\x00\x8c\x00'/15, 0x0) pwritev(r3, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) renameat2(r1, &(0x7f0000000200)='./bus\x00', r1, &(0x7f0000003bc0)='./bus\x00', 0x7) socketpair$unix(0x1, 0x2004, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) ppoll(0x0, 0xfffffffffffffe4c, 0x0, 0x0, 0x0) mmap(&(0x7f000000a000/0x2000)=nil, 0x2000, 0x2000004, 0x10, r3, 0x0) fcntl$setstatus(r0, 0x4, 0x6000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000300)='TIPCv2\x00') perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="147f0000e4ffff3fdef600000000000000000000812c7d79039abf26acb370192984fe48b8672ec040721a6da79f8170443523fdbcd303318a35a415ab5aa07ed7e20f7be0e7ed7cf07aed57fad830756913986de377f153c6523cef2cc80862086d0eae73318155dba25493b8efd506ca9d08c21c593f6ee87978bc9ce6eedfc216ecbd272627a9d0473c187f3f0b5793c0a1836b222941f37a0b259537f59467a4a08241b7b70025703a569d7865c91c0257150bd96815b97a254753764704d29596cefa8ac309de46dd41796a4420e6da93213ee2903f1c9e138fa6d3814a4c1884e4089363e12f4c285166c050c44729dd24e88fc3f24eaa989ad9ee406a092e7df7439679f730aa8276804342485db678db78046296e2f5010ec74b70188053dddfd9b1984aa92b07a5933af97d02eaa0a2566de38471b9e0f1bce9e2793b54aeb45c1becaa081f0d07789dfaf165c8b3d6f5237225156b06e328493db0971b8c679fa70a72df6871fbdccb2d9b54ade951c056b53c83fc10af4d60012b249e1a583b932d9d6469d899917969c7f308fc9213086f04a8e835b5e96f443ce301bde45b300ff720c2f9e6dfbaab44ea8ae0c5377ddcbdbf28dbadc25669742b8e37c3333cfde51290dd0d0b3ae7019ab48e8645ef3d4261297a590bf7d309fc9d30600d43686867d6b0cba22a31ac282c"], 0x1f2}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000400)=[@timestamp, @mss={0x2, 0xbf}, @timestamp, @timestamp], 0x4) sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000003fc0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x21}, 0xc, &(0x7f0000003f80)={&(0x7f0000004bc0)=ANY=[@ANYBLOB="000026bd7000ffdbdf2512000000100001000c0002000800020000000000640005000800010065746800080001007564700008000100756470002c000200080002000100000008000400400000000800010018000000080004000800000008000100200000001c00020008000100010000000800030003000000080001001a000000380006000800010056a5000004000200080001000008000008000100332b0000080001000000000004000200080001000104000004000200a0000100340002000808000000030000080001001701001d90000008000400b43b00000800030002000000180001006574683a7465616d5f736c6176655f31000000002c000200080002003f000047df00030075000000080003000104000008000300d75c000008000400e0ffffff240002000800020003000000080003001600000008000200ffff000008000200000100002000010000000300a50d000000000000080001008400000008000100c6090000b00004001400010062726f6164636173742d6c696e6b00000c00010073797a31000000000c00010073797a30000000001c0007000800020003000000080004000000000008000200000000000c00010073797a31000000001c0007000800020004000000080007000100010008000400976600003c00070008000b000500000008000200000000000800010011000000080001000a0000000800010016000200000000006400019e7ebc34d1bfb37acce1b675341b000c00020008000300ffffff7f08000300834300004400020008000300002000000800020000800000080004000100000008000200ffffffff0800020003000000080001000300000008000400030000000800045cdaff000008000300030000002400050008000100657468000800010069620000080001007564700008000100756470000401040014fe0700080002003e03000008000100190000000c00010073797a30000000001400010062726f6164636173742d6c696e6b00003400070008d4ce00070000000800010000001900080003002700000008000300ffffffff080002000700000008000200800000000c000700080001000a0000000c00070008000400040000000c00010073797a310000000054000700080004000900000008000400020000000800040001000000000000000002000008000400fcffffff080002000900000008000300010400000800030000000000080001000900000008001400070008000600ff0f0000083b867eb6f8ac0c1909768258f59d205b27ca194f9fddd923117ae684c7627848791e9a8b453f15bd293cb263fd7c83a07960b748afb49a5cfb9d152e1c30a5afab4a12ab9042bb6ae2b2fd8a9ef8f715e3f150b4a1c60e93cbda5f001df90ada8a18ee04efac5c38ea2848473287b1f95ad573950f1217c8b5f98fa204009023a9bb3ba9c6230f34cff3c9fa11f1fbc7a719a25822834c795f93583ce2b4e9211e3aea9800df7aa37e479f843e020038b465bfea5173114dd35f45265b7c495f7f2b0ba9721eea3963880788208af595e25d6cb70a46d3a696a6cb5b6a0e5ac393800c4cac33341bef97ec119c664f0ddaded84929d542068abf1229a38e31c3eda72c9715923dddc94d1df4e0db5ff29ac1a4e5f1cb2ac540e18bfff352eec86c32c33be4fe194f96ae06ad75c3d438b195a0a12ced262191a97499ccaa934e3818cee9a0101f94f9be827f39dcb9c18192e15a5001024eb2e550f3e458f4843612f81bdd8b274f855b0dae21f1ab67e5b0516604d90b74f8f7160d7c4e011eac9eda1f4f06fc7adb920804a6c4ed314e288155f5945278f0e863f02888a86106b4a0a7d6bdbec1b4241ff5876d927a3e36c0908ea93d2dd9f746cf1ac8b2f2c9e168a4fe90d6eb990e3adbf49dda5c4b67c0a89a6cc1da9e14331231e39c857bcc6b6de7bfdbd306f03568c9ff76659dbc0316db7e2dd8b20f90424fe21d32a2a7fe08c9dd93cbce6eb8d58ed508640f23277b70f831421e99c00b6cf8c15539782621caf95e558fee5daca684ba1df57bdd00aad5e342eac54a7bac6e4bbc717b251cd49f0000000043f02bd355ba5e9f21352a992aa8829083b55a41bf6cecf12bd21efecfa1a43ee8c54de26fc263a9bd533cdf6cbc42b6eb7be1ed4fd9f0b92209752dfe29e245328f133e56fe6291f22fc74658a0ea4b61ce00"/1601], 0x1}, 0x1, 0x0, 0x0, 0x800}, 0x800) mlock2(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1) sendfile(r2, r3, 0x0, 0x80003) getsockopt$inet_mreq(r0, 0x0, 0x0, &(0x7f00000002c0)={@empty, @local}, &(0x7f0000000380)=0x8) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000240)={{0x2, 0x0, 0x2, 0x55}, 'syz0\x00', 0x40}) [ 127.862325] loop2: p1 p4 [ 127.874895] loop2: p1 size 2047 extends beyond EOD, truncated [ 127.887682] loop2: p4 start 1854537728 is beyond EOD, truncated [ 128.001631] loop2: p1 p4 [ 128.005011] loop2: p1 size 2047 extends beyond EOD, truncated [ 128.023133] loop2: p4 start 1854537728 is beyond EOD, truncated 10:26:48 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000140)={{0x9, 0xd2d, 0x101}, 'syz0\x00', 0x14}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x80000003, 0x8031, 0xffffffffffffffff, 0x0) clone(0x40100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000400)=ANY=[@ANYBLOB="0202200313000000000000000000000005000600571866720a000068c3b29e359eed6d00200000005500000016000000000000000000000005000900df0000002a00002000000000fe8000000000000007000000000000ff00000000000000000200010000ffff000000050d0000000005000500eb0000000a00000000000000ff0200000000000000000000000000010000000000000000"], 0x98}}, 0x0) prctl$PR_SET_MM(0x23, 0x0, &(0x7f0000510000/0x2000)=nil) r2 = getpgid(0xffffffffffffffff) perf_event_open(&(0x7f00000001c0)={0x0, 0x70, 0x7134, 0x0, 0x0, 0x101, 0x0, 0x9, 0x200, 0x6, 0x80, 0x1000, 0x0, 0x80, 0x85, 0xc1c, 0x2, 0x7f, 0x1, 0x6, 0xff, 0x80000000, 0x3a, 0x1, 0x1ff, 0x80, 0x7, 0x334, 0x932, 0x1, 0x5, 0x4, 0x2, 0xfffffffffffffffa, 0xff, 0x3, 0x0, 0x5, 0x0, 0x4, 0x7, @perf_bp={0x0, 0x4}, 0x10, 0x80, 0x7, 0x1, 0x8001, 0x4, 0x8}, r2, 0xe, r0, 0x1) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') getsockopt$packet_int(r3, 0x107, 0x1d, &(0x7f00000000c0), &(0x7f0000000140)=0x4) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000100)) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x8040000001d) wait4(0x0, 0x0, 0x0, 0x0) [ 128.031500] audit: type=1400 audit(1556447208.760:14): avc: denied { map } for pid=2841 comm="syz-executor.4" path=2F6D656D66643A202864656C6574656429 dev="tmpfs" ino=8554 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 10:26:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = perf_event_open(&(0x7f00000000c0)={0x5, 0x70, 0x7, 0xba, 0x8, 0x80000001, 0x0, 0xa7, 0x80200, 0x5, 0x0, 0xfffffffffffffe01, 0x0, 0x6, 0x20, 0x7, 0x8, 0x100000000, 0x8, 0x80, 0x1c000, 0x1f, 0x5, 0xffffffff, 0xfbda, 0x5, 0x6, 0x0, 0x2, 0xfffffffffffffe00, 0xa3, 0xa05f, 0x5, 0x7, 0x8f2, 0xffffffffffffffff, 0x5, 0x9, 0x0, 0x1, 0x3, @perf_config_ext={0x5, 0x9}, 0x8000, 0x7, 0x4, 0x0, 0x3, 0x3, 0x5}, r0, 0x8, 0xffffffffffffff9c, 0x9) r2 = memfd_create(&(0x7f00000002c0)='\x00'/10, 0x0) write$binfmt_elf32(r2, &(0x7f0000000040)=ANY=[], 0x1d2) execveat(r2, &(0x7f0000000080)='\x00', 0x0, 0x0, 0x1000) ptrace$setopts(0x4206, r0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) fgetxattr(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="62747266732e004977e19b059feebc49e8167485b37966d0c148f5c0c743f3be8c75c7f93977bfb1ea945bf0f3724816ca12ecee6937c6caa6a1cf76d4bafd8a6f88783709031585427433ee82e02e626c45d7769f7597fb210ca714a21b04fa26881ea76d757716344a82f73f528e7360c1c2977210704f2ac7ace2c42bf9fab1f714285195d8607073af05775a062a16b313e4b156278c23974a4046b59c4258ffaa275ac19f9e71c753e97c08377905225d309e339b353182a81e5b95f38598"], &(0x7f0000000140)=""/37, 0x25) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f000000d000)}, 0x0) [ 128.136538] audit: type=1400 audit(1556447208.810:15): avc: denied { create } for pid=2841 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 128.193618] audit: type=1400 audit(1556447208.810:16): avc: denied { write } for pid=2841 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 10:26:49 executing program 1: setrlimit(0x7, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="850000000500000015000000000000009500000000000000345eb22f99513dd9bbee309db54dca99185f1e466278c3a6b0231d9ea28f971ff06f84e32aad206efb9df51a93260958340725dfb7b6a6bea27eec99b129bd9de3116b4d53bc0881f604d779c7deb0e055998577e8cbc155132aaf94db57347a50159b94d1e10845adaf4c4bb2de91e016b9eb646ab8a23f0dcb4323dbafb7173b3b0571a0af10ac52022c02ac94211c71794a3b18bcb30f50837fe09076642eebee01be2e4ea46566ea85e0b882a0550d4f63127416b720e70487180cd313912c9a97ce7cf8bbcab5662d1961c9ab96be43636087905e886911a3050837ede8f98613c0cfb36fa1d1276260bf69159bb1"], &(0x7f0000000200)='GPL\x00', 0x5, 0xff7b, &(0x7f00000006c0)=""/195}, 0x48) 10:26:49 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x0, 0x0, 0x0, 0x20, 0x0}, 0x26) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000180)={@rand_addr, @empty, 0x0}, &(0x7f00000001c0)=0xc) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x17, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0xf9}, [@ldst={0x3, 0x3, 0x7, 0x6, 0x1, 0x100, 0xfffffffffffffff0}]}, &(0x7f0000000080)='syzkaller\x00', 0xbb6f, 0x90, &(0x7f00000000c0)=""/144, 0x41f00, 0x1, [], r0, 0x3, r1, 0x8, &(0x7f0000000240)={0xbb92, 0x80000001}, 0x8, 0x10, &(0x7f0000000280)={0x10000, 0x80000000, 0x7, 0x4}, 0x10}, 0x70) 10:26:49 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$9p(0xffffffffffffffff, 0x0, 0x0) clone(0x2902001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffffff, 0x0, 0x0) rt_sigtimedwait(&(0x7f0000000040), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x20, 0x0, &(0x7f0000000000)=[@request_death={0x400c630e, 0x2, 0x1}, @decrefs={0x40046307, 0x4}, @release={0x40046306, 0x2}], 0x64, 0x0, &(0x7f0000000080)="0aa21346064ae5790569ab060bff58df57ad68ea2bf9ef6f923e8e43bd9f3c98c5f99eea1310d1ef4bbf6a17826aaa9f4071f13bfa864a3c5627317168fcef804004f41c870090fda3670b7734607152a475714c3435fbafee08bf1c7cd4c4c22429f764"}) wait4(0x0, 0x0, 0x0, 0x0) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) [ 284.630178] INFO: task syz-executor.0:1848 blocked for more than 140 seconds. [ 284.638030] Not tainted 4.14.113+ #61 [ 284.644155] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 284.652882] syz-executor.0 D24576 1848 1 0x00000004 [ 284.659074] Call Trace: [ 284.662595] ? __schedule+0x91c/0x1f30 [ 284.666782] ? __sched_text_start+0x8/0x8 [ 284.671671] ? lock_downgrade+0x5d0/0x5d0 [ 284.675822] ? lock_acquire+0x10f/0x380 [ 284.680363] ? __mutex_lock+0x2c1/0x1430 [ 284.684665] schedule+0x92/0x1c0 [ 284.688079] schedule_preempt_disabled+0x13/0x20 [ 284.693116] __mutex_lock+0x559/0x1430 [ 284.697111] ? lo_release+0x19/0x190 [ 284.701410] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 284.707174] ? lock_downgrade+0x5d0/0x5d0 [ 284.711833] ? lo_compat_ioctl+0x130/0x130 [ 284.716266] ? lo_release+0x19/0x190 [ 284.720262] lo_release+0x19/0x190 [ 284.724079] ? lo_compat_ioctl+0x130/0x130 [ 284.728405] __blkdev_put+0x518/0x6d0 [ 284.732677] ? bd_set_size+0xb0/0xb0 [ 284.736662] ? blkdev_put+0x75/0x4c0 [ 284.740770] ? blkdev_put+0x4c0/0x4c0 [ 284.744673] blkdev_close+0x86/0xb0 [ 284.748377] __fput+0x25e/0x700 [ 284.751954] task_work_run+0x118/0x190 [ 284.755895] exit_to_usermode_loop+0x13b/0x160 [ 284.760657] do_syscall_64+0x372/0x4b0 [ 284.764902] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 284.770552] INFO: task syz-executor.5:1858 blocked for more than 140 seconds. [ 284.778513] Not tainted 4.14.113+ #61 [ 284.783321] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 284.791598] syz-executor.5 D24928 1858 1 0x00000004 [ 284.797830] Call Trace: [ 284.800740] ? __schedule+0x91c/0x1f30 [ 284.805091] ? __sched_text_start+0x8/0x8 [ 284.809531] ? lock_downgrade+0x5d0/0x5d0 [ 284.813918] ? lock_acquire+0x10f/0x380 [ 284.817908] ? __mutex_lock+0x2c1/0x1430 [ 284.822028] schedule+0x92/0x1c0 [ 284.825404] schedule_preempt_disabled+0x13/0x20 [ 284.830288] __mutex_lock+0x559/0x1430 [ 284.834404] ? __mutex_lock+0x6aa/0x1430 [ 284.838456] ? __mutex_unlock_slowpath+0x9a/0x7d0 [ 284.843517] ? lo_open+0x19/0xb0 [ 284.846938] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 284.852613] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 284.858654] ? kobject_get_unless_zero+0x27/0x40 [ 284.863487] ? lock_downgrade+0x5d0/0x5d0 [ 284.867674] ? refcount_inc_not_zero+0x81/0xe0 [ 284.872435] ? check_preemption_disabled+0x35/0x1f0 [ 284.877472] ? loop_unregister_transfer+0x90/0x90 [ 284.882583] ? lo_open+0x19/0xb0 [ 284.886109] lo_open+0x19/0xb0 [ 284.889298] __blkdev_get+0x267/0xf90 [ 284.893217] ? __blkdev_put+0x6d0/0x6d0 [ 284.897368] ? fsnotify+0x8b0/0x1150 [ 284.901290] blkdev_get+0x97/0x8b0 [ 284.905033] ? bd_acquire+0x171/0x2c0 [ 284.909090] ? bd_may_claim+0xd0/0xd0 [ 284.913337] ? lock_downgrade+0x5d0/0x5d0 [ 284.917530] ? lock_acquire+0x10f/0x380 [ 284.921559] ? bd_acquire+0x21/0x2c0 [ 284.925406] blkdev_open+0x1cc/0x250 [ 284.929290] ? security_file_open+0x88/0x190 [ 284.933763] do_dentry_open+0x44e/0xdf0 [ 284.937858] ? bd_acquire+0x2c0/0x2c0 [ 284.941719] vfs_open+0x105/0x230 [ 284.945209] path_openat+0xb6b/0x2b70 [ 284.949009] ? path_mountpoint+0x9a0/0x9a0 [ 284.954160] ? trace_hardirqs_on+0x10/0x10 [ 284.958412] do_filp_open+0x1a1/0x280 [ 284.962627] ? may_open_dev+0xe0/0xe0 [ 284.966744] ? lock_downgrade+0x5d0/0x5d0 [ 284.971205] ? lock_acquire+0x10f/0x380 [ 284.975243] ? __alloc_fd+0x3f/0x490 [ 284.978958] ? _raw_spin_unlock+0x29/0x40 [ 284.983278] ? __alloc_fd+0x1bf/0x490 [ 284.987086] do_sys_open+0x2ca/0x590 [ 284.990989] ? filp_open+0x60/0x60 [ 284.994572] ? SyS_mkdirat+0x146/0x220 [ 284.998453] ? _raw_spin_unlock_irq+0x35/0x50 [ 285.003075] ? do_syscall_64+0x43/0x4b0 [ 285.007292] ? do_sys_open+0x590/0x590 [ 285.011625] do_syscall_64+0x19b/0x4b0 [ 285.015526] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 285.021416] INFO: task syz-executor.2:1857 blocked for more than 140 seconds. [ 285.028824] Not tainted 4.14.113+ #61 [ 285.033400] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.041701] syz-executor.2 D25488 1857 1 0x00000004 [ 285.047373] Call Trace: [ 285.049978] ? __schedule+0x91c/0x1f30 [ 285.054036] ? __sched_text_start+0x8/0x8 [ 285.058195] ? lock_downgrade+0x5d0/0x5d0 [ 285.062506] ? lock_acquire+0x10f/0x380 [ 285.066573] ? __mutex_lock+0x2c1/0x1430 [ 285.070986] schedule+0x92/0x1c0 [ 285.074556] schedule_preempt_disabled+0x13/0x20 [ 285.079411] __mutex_lock+0x559/0x1430 [ 285.083466] ? blkdev_reread_part+0x1b/0x40 [ 285.088132] ? mark_held_locks+0xa6/0xf0 [ 285.092786] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 285.098480] ? trace_hardirqs_on_caller+0x37b/0x540 [ 285.103974] ? _raw_spin_unlock_irqrestore+0x41/0x70 [ 285.109570] ? __wake_up_common_lock+0xe0/0x170 [ 285.114661] ? blk_mq_unfreeze_queue+0x38/0x70 [ 285.119474] ? blkdev_reread_part+0x1b/0x40 [ 285.124010] blkdev_reread_part+0x1b/0x40 [ 285.128171] loop_reread_partitions+0x72/0x80 [ 285.133095] loop_clr_fd+0x828/0xac0 [ 285.142340] lo_ioctl+0x813/0x1970 [ 285.151152] ? kasan_slab_free+0xb0/0x190 [ 285.155301] ? kmem_cache_free+0xc4/0x330 [ 285.159528] ? putname+0xcd/0x110 [ 285.163413] ? do_sys_open+0x250/0x590 [ 285.167549] ? do_syscall_64+0x19b/0x4b0 [ 285.171843] ? loop_clr_fd+0xac0/0xac0 [ 285.175813] blkdev_ioctl+0x4d9/0x1810 [ 285.179704] ? blkpg_ioctl+0x910/0x910 [ 285.183887] ? lock_downgrade+0x5d0/0x5d0 [ 285.188471] ? lock_acquire+0x10f/0x380 [ 285.192737] ? debug_check_no_obj_freed+0x148/0x5c0 [ 285.198223] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 285.203558] ? trace_hardirqs_on_caller+0x37b/0x540 [ 285.208660] block_ioctl+0xd9/0x120 [ 285.212461] ? blkdev_fallocate+0x3b0/0x3b0 [ 285.216793] do_vfs_ioctl+0xabe/0x1040 [ 285.221092] ? selinux_file_ioctl+0x426/0x590 [ 285.225777] ? selinux_file_ioctl+0x116/0x590 [ 285.230344] ? ioctl_preallocate+0x1e0/0x1e0 [ 285.234819] ? selinux_parse_skb.constprop.0+0x16b0/0x16b0 [ 285.240899] ? rcu_read_lock_sched_held+0x10a/0x130 [ 285.245932] ? putname+0xcd/0x110 [ 285.249628] ? do_sys_open+0x255/0x590 [ 285.253793] ? filp_open+0x60/0x60 [ 285.257440] ? security_file_ioctl+0x7c/0xb0 [ 285.262283] SyS_ioctl+0x7f/0xb0 [ 285.265871] ? do_vfs_ioctl+0x1040/0x1040 [ 285.270073] do_syscall_64+0x19b/0x4b0 [ 285.274352] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 285.279863] INFO: task syz-executor.1:1865 blocked for more than 140 seconds. [ 285.288321] Not tainted 4.14.113+ #61 [ 285.293104] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.301232] syz-executor.1 D25160 1865 1 0x00000004 [ 285.307286] Call Trace: [ 285.309964] ? __schedule+0x91c/0x1f30 [ 285.314484] ? __sched_text_start+0x8/0x8 [ 285.318931] ? lock_downgrade+0x5d0/0x5d0 [ 285.323609] ? lock_acquire+0x10f/0x380 [ 285.328032] ? __mutex_lock+0x2c1/0x1430 [ 285.332720] schedule+0x92/0x1c0 [ 285.336185] schedule_preempt_disabled+0x13/0x20 [ 285.341410] __mutex_lock+0x559/0x1430 [ 285.345772] ? __mutex_lock+0x6aa/0x1430 [ 285.349927] ? __mutex_unlock_slowpath+0x9a/0x7d0 [ 285.354844] ? lo_open+0x19/0xb0 [ 285.358472] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 285.363982] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 285.369679] ? kobject_get_unless_zero+0x27/0x40 [ 285.374698] ? lock_downgrade+0x5d0/0x5d0 [ 285.378928] ? refcount_inc_not_zero+0x81/0xe0 [ 285.384369] ? check_preemption_disabled+0x35/0x1f0 [ 285.389491] ? loop_unregister_transfer+0x90/0x90 [ 285.394657] ? lo_open+0x19/0xb0 [ 285.400853] lo_open+0x19/0xb0 [ 285.404845] __blkdev_get+0x267/0xf90 [ 285.408643] ? __blkdev_put+0x6d0/0x6d0 [ 285.412689] ? fsnotify+0x8b0/0x1150 [ 285.416424] blkdev_get+0x97/0x8b0 [ 285.419957] ? bd_acquire+0x171/0x2c0 [ 285.423928] ? bd_may_claim+0xd0/0xd0 [ 285.427718] ? lock_downgrade+0x5d0/0x5d0 [ 285.432007] ? lock_acquire+0x10f/0x380 [ 285.435990] ? bd_acquire+0x21/0x2c0 [ 285.439702] blkdev_open+0x1cc/0x250 [ 285.443483] ? security_file_open+0x88/0x190 [ 285.447984] do_dentry_open+0x44e/0xdf0 [ 285.452196] ? bd_acquire+0x2c0/0x2c0 [ 285.456005] vfs_open+0x105/0x230 [ 285.459443] path_openat+0xb6b/0x2b70 [ 285.463317] ? path_mountpoint+0x9a0/0x9a0 [ 285.467635] ? trace_hardirqs_on+0x10/0x10 [ 285.471922] do_filp_open+0x1a1/0x280 [ 285.475894] ? may_open_dev+0xe0/0xe0 [ 285.480200] ? lock_downgrade+0x5d0/0x5d0 [ 285.484351] ? lock_acquire+0x10f/0x380 [ 285.488310] ? __alloc_fd+0x3f/0x490 [ 285.492094] ? _raw_spin_unlock+0x29/0x40 [ 285.496246] ? __alloc_fd+0x1bf/0x490 [ 285.500103] do_sys_open+0x2ca/0x590 [ 285.504016] ? filp_open+0x60/0x60 [ 285.507586] ? SyS_mkdirat+0x146/0x220 [ 285.511544] ? _raw_spin_unlock_irq+0x35/0x50 [ 285.516051] ? do_syscall_64+0x43/0x4b0 [ 285.520256] ? do_sys_open+0x590/0x590 [ 285.524155] do_syscall_64+0x19b/0x4b0 [ 285.528031] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 285.533493] INFO: task syz-executor.3:1866 blocked for more than 140 seconds. [ 285.540818] Not tainted 4.14.113+ #61 [ 285.545124] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.553258] syz-executor.3 D25640 1866 1 0x00000004 [ 285.558898] Call Trace: [ 285.561624] ? __schedule+0x91c/0x1f30 [ 285.565578] ? __sched_text_start+0x8/0x8 [ 285.569931] ? lock_downgrade+0x5d0/0x5d0 [ 285.574257] ? lock_acquire+0x10f/0x380 [ 285.578235] ? __mutex_lock+0x2c1/0x1430 [ 285.582528] schedule+0x92/0x1c0 [ 285.585914] schedule_preempt_disabled+0x13/0x20 [ 285.590714] __mutex_lock+0x559/0x1430 [ 285.594705] ? __mutex_lock+0x6aa/0x1430 [ 285.598753] ? __mutex_unlock_slowpath+0x9a/0x7d0 [ 285.603678] ? lo_open+0x19/0xb0 [ 285.607066] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 285.612672] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 285.618130] ? kobject_get_unless_zero+0x27/0x40 [ 285.622948] ? lock_downgrade+0x5d0/0x5d0 [ 285.627101] ? refcount_inc_not_zero+0x81/0xe0 [ 285.631835] ? check_preemption_disabled+0x35/0x1f0 [ 285.636852] ? loop_unregister_transfer+0x90/0x90 [ 285.641837] ? lo_open+0x19/0xb0 [ 285.645206] lo_open+0x19/0xb0 [ 285.648389] __blkdev_get+0x267/0xf90 [ 285.652315] ? __blkdev_put+0x6d0/0x6d0 [ 285.656301] ? fsnotify+0x8b0/0x1150 [ 285.660000] blkdev_get+0x97/0x8b0 [ 285.663619] ? bd_acquire+0x171/0x2c0 [ 285.667468] ? bd_may_claim+0xd0/0xd0 [ 285.671360] ? lock_downgrade+0x5d0/0x5d0 [ 285.675516] ? lock_acquire+0x10f/0x380 [ 285.679478] ? bd_acquire+0x21/0x2c0 [ 285.683314] blkdev_open+0x1cc/0x250 [ 285.687034] ? security_file_open+0x88/0x190 [ 285.691497] do_dentry_open+0x44e/0xdf0 [ 285.695596] ? bd_acquire+0x2c0/0x2c0 [ 285.699436] vfs_open+0x105/0x230 [ 285.702958] path_openat+0xb6b/0x2b70 [ 285.706864] ? path_mountpoint+0x9a0/0x9a0 [ 285.711164] ? trace_hardirqs_on+0x10/0x10 [ 285.715450] do_filp_open+0x1a1/0x280 [ 285.719247] ? may_open_dev+0xe0/0xe0 [ 285.723098] ? lock_downgrade+0x5d0/0x5d0 [ 285.727248] ? lock_acquire+0x10f/0x380 [ 285.731314] ? __alloc_fd+0x3f/0x490 [ 285.735057] ? _raw_spin_unlock+0x29/0x40 [ 285.739191] ? __alloc_fd+0x1bf/0x490 [ 285.743041] do_sys_open+0x2ca/0x590 [ 285.746797] ? filp_open+0x60/0x60 [ 285.750380] ? SyS_mkdirat+0x146/0x220 [ 285.754283] ? _raw_spin_unlock_irq+0x35/0x50 [ 285.758863] ? do_syscall_64+0x43/0x4b0 [ 285.762919] ? do_sys_open+0x590/0x590 [ 285.766815] do_syscall_64+0x19b/0x4b0 [ 285.770806] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 285.776194] INFO: task syz-executor.4:2853 blocked for more than 140 seconds. [ 285.783531] Not tainted 4.14.113+ #61 [ 285.787849] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.796054] syz-executor.4 D27968 2853 1870 0x00000004 [ 285.801833] Call Trace: [ 285.804424] ? __schedule+0x91c/0x1f30 [ 285.808306] ? __sched_text_start+0x8/0x8 [ 285.812521] ? lock_downgrade+0x5d0/0x5d0 [ 285.816758] ? lock_acquire+0x10f/0x380 [ 285.820774] ? __mutex_lock+0x64b/0x1430 [ 285.825011] schedule+0x92/0x1c0 [ 285.828384] schedule_preempt_disabled+0x13/0x20 [ 285.833208] __mutex_lock+0x559/0x1430 [ 285.837169] ? lo_ioctl+0x83/0x1970 [ 285.840858] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 285.846310] ? lock_downgrade+0x5d0/0x5d0 [ 285.850526] ? lock_acquire+0x10f/0x380 [ 285.854510] ? check_preemption_disabled+0x35/0x1f0 [ 285.859624] ? avc_has_extended_perms+0x706/0xc20 [ 285.864560] ? lo_ioctl+0x83/0x1970 [ 285.868251] lo_ioctl+0x83/0x1970 [ 285.871768] ? __lock_acquire+0x56a/0x3fa0 [ 285.876013] ? loop_clr_fd+0xac0/0xac0 [ 285.879895] blkdev_ioctl+0x4d9/0x1810 [ 285.883843] ? blkpg_ioctl+0x910/0x910 [ 285.887806] ? trace_hardirqs_on+0x10/0x10 [ 285.892093] ? wait_for_completion_io+0x10/0x10 [ 285.896776] block_ioctl+0xd9/0x120 [ 285.900504] ? blkdev_fallocate+0x3b0/0x3b0 [ 285.904831] do_vfs_ioctl+0xabe/0x1040 [ 285.908707] ? selinux_file_ioctl+0x426/0x590 [ 285.913238] ? selinux_file_ioctl+0x116/0x590 [ 285.917728] ? ioctl_preallocate+0x1e0/0x1e0 [ 285.922188] ? selinux_parse_skb.constprop.0+0x16b0/0x16b0 [ 285.928003] ? __fget+0x1ff/0x360 [ 285.931551] ? lock_downgrade+0x5d0/0x5d0 [ 285.935699] ? lock_acquire+0x10f/0x380 [ 285.939654] ? __fget+0x44/0x360 [ 285.943046] ? check_preemption_disabled+0x35/0x1f0 [ 285.948066] ? security_file_ioctl+0x7c/0xb0 [ 285.952537] SyS_ioctl+0x7f/0xb0 [ 285.955961] ? do_vfs_ioctl+0x1040/0x1040 [ 285.960248] do_syscall_64+0x19b/0x4b0 [ 285.964144] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 285.969537] INFO: task blkid:2850 blocked for more than 140 seconds. [ 285.976221] Not tainted 4.14.113+ #61 [ 285.980626] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.988964] blkid D28808 2850 2842 0x00000004 [ 285.994665] Call Trace: [ 285.997259] ? __schedule+0x91c/0x1f30 [ 286.001199] ? __sched_text_start+0x8/0x8 [ 286.005402] ? lock_downgrade+0x5d0/0x5d0 [ 286.009547] ? lock_acquire+0x10f/0x380 [ 286.013801] ? __mutex_lock+0x2c1/0x1430 [ 286.017870] schedule+0x92/0x1c0 [ 286.021339] schedule_preempt_disabled+0x13/0x20 [ 286.026116] __mutex_lock+0x559/0x1430 [ 286.030133] ? trace_hardirqs_on+0x10/0x10 [ 286.034370] ? lo_release+0x78/0x190 [ 286.038088] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 286.043695] ? lock_downgrade+0x5d0/0x5d0 [ 286.047846] ? lock_acquire+0x10f/0x380 [ 286.051875] ? __blkdev_put+0x1cb/0x6d0 [ 286.055860] ? lo_compat_ioctl+0x130/0x130 [ 286.060136] ? lo_release+0x78/0x190 [ 286.063845] lo_release+0x78/0x190 [ 286.067387] ? lo_compat_ioctl+0x130/0x130 [ 286.071751] __blkdev_put+0x518/0x6d0 [ 286.075562] ? bd_set_size+0xb0/0xb0 [ 286.079267] ? blkdev_put+0x75/0x4c0 [ 286.083037] ? blkdev_put+0x4c0/0x4c0 [ 286.086949] blkdev_close+0x86/0xb0 [ 286.090728] __fput+0x25e/0x700 [ 286.094022] task_work_run+0x118/0x190 [ 286.097892] exit_to_usermode_loop+0x13b/0x160 [ 286.102529] do_syscall_64+0x372/0x4b0 [ 286.106424] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 286.111885] INFO: task blkid:2860 blocked for more than 140 seconds. [ 286.118382] Not tainted 4.14.113+ #61 [ 286.122739] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.130734] blkid D29224 2860 351 0x00000004 [ 286.136542] Call Trace: [ 286.139229] ? __schedule+0x91c/0x1f30 [ 286.143180] ? __sched_text_start+0x8/0x8 [ 286.147412] ? lock_downgrade+0x5d0/0x5d0 [ 286.151664] ? lock_acquire+0x10f/0x380 [ 286.155676] ? __mutex_lock+0x2c1/0x1430 [ 286.159817] schedule+0x92/0x1c0 [ 286.163248] schedule_preempt_disabled+0x13/0x20 [ 286.168052] __mutex_lock+0x559/0x1430 [ 286.172044] ? __mutex_unlock_slowpath+0x9a/0x7d0 [ 286.176892] ? trace_hardirqs_on+0x10/0x10 [ 286.181203] ? __blkdev_get+0xf3/0xf90 [ 286.185100] ? refcount_inc_not_zero+0x81/0xe0 [ 286.189676] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 286.195256] ? kobject_get_unless_zero+0x27/0x40 [ 286.200052] ? get_disk+0xd0/0xd0 [ 286.203517] ? exact_match+0x9/0x20 [ 286.207135] ? kobj_lookup+0x325/0x410 [ 286.211100] ? blkdev_ioctl+0x1810/0x1810 [ 286.215257] ? __blkdev_get+0xf3/0xf90 [ 286.219133] __blkdev_get+0xf3/0xf90 [ 286.223247] ? __blkdev_put+0x6d0/0x6d0 [ 286.227230] ? fsnotify+0x8b0/0x1150 [ 286.231031] blkdev_get+0x97/0x8b0 [ 286.234621] ? bd_acquire+0x171/0x2c0 [ 286.238419] ? bd_may_claim+0xd0/0xd0 [ 286.242298] ? lock_downgrade+0x5d0/0x5d0 [ 286.246446] ? lock_acquire+0x10f/0x380 [ 286.250602] ? bd_acquire+0x21/0x2c0 [ 286.254329] blkdev_open+0x1cc/0x250 [ 286.258032] ? security_file_open+0x88/0x190 [ 286.262514] do_dentry_open+0x44e/0xdf0 [ 286.266551] ? bd_acquire+0x2c0/0x2c0 [ 286.270429] vfs_open+0x105/0x230 [ 286.273997] path_openat+0xb6b/0x2b70 [ 286.277792] ? path_mountpoint+0x9a0/0x9a0 [ 286.282115] ? trace_hardirqs_on+0x10/0x10 [ 286.286364] do_filp_open+0x1a1/0x280 [ 286.290246] ? may_open_dev+0xe0/0xe0 [ 286.294050] ? lock_downgrade+0x5d0/0x5d0 [ 286.298179] ? lock_acquire+0x10f/0x380 [ 286.302213] ? __alloc_fd+0x3f/0x490 [ 286.305932] ? _raw_spin_unlock+0x29/0x40 [ 286.310182] ? __alloc_fd+0x1bf/0x490 [ 286.314005] do_sys_open+0x2ca/0x590 [ 286.317713] ? filp_open+0x60/0x60 [ 286.321322] ? do_syscall_64+0x43/0x4b0 [ 286.325301] ? do_sys_open+0x590/0x590 [ 286.329178] do_syscall_64+0x19b/0x4b0 [ 286.333341] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 286.338718] INFO: task blkid:2862 blocked for more than 140 seconds. [ 286.346913] Not tainted 4.14.113+ #61 [ 286.351318] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.359275] blkid D29000 2862 350 0x00000004 [ 286.365056] Call Trace: [ 286.367650] ? __schedule+0x91c/0x1f30 [ 286.371602] ? __sched_text_start+0x8/0x8 [ 286.375760] ? lock_downgrade+0x5d0/0x5d0 [ 286.379889] ? lock_acquire+0x10f/0x380 [ 286.383911] ? __mutex_lock+0x2c1/0x1430 [ 286.387976] schedule+0x92/0x1c0 [ 286.391466] schedule_preempt_disabled+0x13/0x20 [ 286.396286] __mutex_lock+0x559/0x1430 [ 286.400223] ? __mutex_lock+0x6aa/0x1430 [ 286.404281] ? __mutex_unlock_slowpath+0x9a/0x7d0 [ 286.409109] ? lo_open+0x19/0xb0 [ 286.412544] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 286.417994] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 286.423488] ? kobject_get_unless_zero+0x27/0x40 [ 286.428359] ? get_disk+0xd0/0xd0 [ 286.431929] ? exact_match+0x9/0x20 [ 286.435567] ? blkdev_ioctl+0x1810/0x1810 [ 286.439700] ? loop_unregister_transfer+0x90/0x90 [ 286.444601] ? lo_open+0x19/0xb0 [ 286.447964] lo_open+0x19/0xb0 [ 286.451190] __blkdev_get+0x963/0xf90 [ 286.455099] ? __blkdev_put+0x6d0/0x6d0 [ 286.459069] ? fsnotify+0x8b0/0x1150 [ 286.462852] blkdev_get+0x97/0x8b0 [ 286.466397] ? bd_acquire+0x171/0x2c0 [ 286.470291] ? bd_may_claim+0xd0/0xd0 [ 286.474099] ? lock_downgrade+0x5d0/0x5d0 [ 286.478276] ? lock_acquire+0x10f/0x380 [ 286.482349] ? bd_acquire+0x21/0x2c0 [ 286.486086] blkdev_open+0x1cc/0x250 [ 286.489787] ? security_file_open+0x88/0x190 [ 286.494256] do_dentry_open+0x44e/0xdf0 [ 286.498234] ? bd_acquire+0x2c0/0x2c0 [ 286.502127] vfs_open+0x105/0x230 [ 286.505589] path_openat+0xb6b/0x2b70 [ 286.509377] ? path_mountpoint+0x9a0/0x9a0 [ 286.513660] ? trace_hardirqs_on+0x10/0x10 [ 286.517897] do_filp_open+0x1a1/0x280 [ 286.521825] ? may_open_dev+0xe0/0xe0 [ 286.525638] ? lock_downgrade+0x5d0/0x5d0 [ 286.529770] ? lock_acquire+0x10f/0x380 [ 286.533975] ? __alloc_fd+0x3f/0x490 [ 286.537698] ? _raw_spin_unlock+0x29/0x40 [ 286.541879] ? __alloc_fd+0x1bf/0x490 [ 286.545774] do_sys_open+0x2ca/0x590 [ 286.549469] ? filp_open+0x60/0x60 [ 286.553062] ? do_syscall_64+0x43/0x4b0 [ 286.557124] ? do_sys_open+0x590/0x590 [ 286.561064] do_syscall_64+0x19b/0x4b0 [ 286.564959] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 286.570393] [ 286.570393] Showing all locks held in the system: [ 286.576722] 1 lock held by khungtaskd/23: [ 286.580953] #0: (tasklist_lock){.+.+}, at: [<000000006d0c29c8>] debug_show_all_locks+0x7c/0x21a [ 286.590106] 1 lock held by rsyslogd/1637: [ 286.594234] #0: (&f->f_pos_lock){+.+.}, at: [<000000007b2b8d9f>] __fdget_pos+0xa6/0xc0 [ 286.602542] 2 locks held by getty/1765: [ 286.606508] #0: (&tty->ldisc_sem){++++}, at: [<0000000038a67836>] tty_ldisc_ref_wait+0x22/0x80 [ 286.615491] #1: (&ldata->atomic_read_lock){+.+.}, at: [<00000000c24efd9a>] n_tty_read+0x1f7/0x1700 [ 286.624941] 2 locks held by syz-executor.0/1848: [ 286.629680] #0: (&bdev->bd_mutex){+.+.}, at: [<0000000004e5109d>] __blkdev_put+0xb1/0x6d0 [ 286.638328] #1: (loop_index_mutex){+.+.}, at: [<00000000580bcd9f>] lo_release+0x19/0x190 [ 286.646780] 2 locks held by syz-executor.5/1858: [ 286.651578] #0: (&bdev->bd_mutex){+.+.}, at: [<000000005a78ece3>] __blkdev_get+0xf3/0xf90 [ 286.660120] #1: (loop_index_mutex){+.+.}, at: [<000000002378453c>] lo_open+0x19/0xb0 [ 286.668182] 2 locks held by syz-executor.2/1857: [ 286.672991] #0: (loop_ctl_mutex/1){+.+.}, at: [<000000008a719159>] lo_ioctl+0x83/0x1970 [ 286.681362] #1: (&bdev->bd_mutex){+.+.}, at: [<00000000da9b9eb5>] blkdev_reread_part+0x1b/0x40 [ 286.690422] 2 locks held by syz-executor.1/1865: [ 286.695189] #0: (&bdev->bd_mutex){+.+.}, at: [<000000005a78ece3>] __blkdev_get+0xf3/0xf90 [ 286.703840] #1: (loop_index_mutex){+.+.}, at: [<000000002378453c>] lo_open+0x19/0xb0 [ 286.711955] 2 locks held by syz-executor.3/1866: [ 286.716847] #0: (&bdev->bd_mutex){+.+.}, at: [<000000005a78ece3>] __blkdev_get+0xf3/0xf90 [ 286.725532] #1: (loop_index_mutex){+.+.}, at: [<000000002378453c>] lo_open+0x19/0xb0 [ 286.733642] 1 lock held by syz-executor.4/2853: [ 286.738292] #0: (loop_ctl_mutex/1){+.+.}, at: [<000000008a719159>] lo_ioctl+0x83/0x1970 [ 286.746796] 3 locks held by blkid/2850: [ 286.750799] #0: (&bdev->bd_mutex){+.+.}, at: [<0000000004e5109d>] __blkdev_put+0xb1/0x6d0 [ 286.759317] #1: (loop_index_mutex){+.+.}, at: [<00000000580bcd9f>] lo_release+0x19/0x190 [ 286.767864] #2: (loop_ctl_mutex#2){+.+.}, at: [<00000000cee44b99>] lo_release+0x78/0x190 [ 286.776414] 1 lock held by blkid/2860: [ 286.780403] #0: (&bdev->bd_mutex){+.+.}, at: [<000000005a78ece3>] __blkdev_get+0xf3/0xf90 [ 286.789080] 2 locks held by blkid/2862: [ 286.793225] #0: (&bdev->bd_mutex){+.+.}, at: [<000000005a78ece3>] __blkdev_get+0xf3/0xf90 [ 286.801772] #1: (loop_index_mutex){+.+.}, at: [<000000002378453c>] lo_open+0x19/0xb0 [ 286.809945] [ 286.811613] ============================================= [ 286.811613] [ 286.818620] NMI backtrace for cpu 0 [ 286.822277] CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.113+ #61 [ 286.828849] Call Trace: [ 286.831508] dump_stack+0xb9/0x10e [ 286.835038] ? irq_force_complete_move.cold+0x2c/0x7b [ 286.840214] nmi_cpu_backtrace.cold+0x47/0x86 [ 286.844692] ? irq_force_complete_move.cold+0x7b/0x7b [ 286.849867] ? nmi_trigger_cpumask_backtrace+0x119/0x147 [ 286.855310] ? watchdog+0x5e2/0xb80 [ 286.858928] ? hungtask_pm_notify+0x50/0x50 [ 286.863279] ? kthread+0x310/0x420 [ 286.866808] ? kthread_create_on_node+0xf0/0xf0 [ 286.871469] ? ret_from_fork+0x3a/0x50 [ 286.875455] Sending NMI from CPU 0 to CPUs 1: [ 286.880044] NMI backtrace for cpu 1 skipped: idling at pc 0xffffffff8404ece2 [ 286.881000] Kernel panic - not syncing: hung_task: blocked tasks [ 286.893516] CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.113+ #61 [ 286.900080] Call Trace: [ 286.902928] dump_stack+0xb9/0x10e [ 286.906521] panic+0x1d9/0x3c2 [ 286.909703] ? add_taint.cold+0x16/0x16 [ 286.913665] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 286.918754] ? cpumask_next+0x1f/0x30 [ 286.922546] ? printk_safe_flush+0xac/0x110 [ 286.926895] watchdog+0x5f3/0xb80 [ 286.930342] ? hungtask_pm_notify+0x50/0x50 [ 286.934654] kthread+0x310/0x420 [ 286.938106] ? kthread_create_on_node+0xf0/0xf0 [ 286.942821] ret_from_fork+0x3a/0x50 [ 286.946879] Kernel Offset: 0x1800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 286.957707] Rebooting in 86400 seconds..