[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.428838] kauditd_printk_skb: 8 callbacks suppressed [ 29.428849] audit: type=1800 audit(1545527612.648:29): pid=5893 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.460756] audit: type=1800 audit(1545527612.648:30): pid=5893 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 39.161962] sshd (6033) used greatest stack depth: 15728 bytes left Warning: Permanently added '10.128.0.171' (ECDSA) to the list of known hosts. 2018/12/23 01:13:48 fuzzer started 2018/12/23 01:13:50 dialing manager at 10.128.0.26:33943 2018/12/23 01:13:51 syscalls: 1 2018/12/23 01:13:51 code coverage: enabled 2018/12/23 01:13:51 comparison tracing: enabled 2018/12/23 01:13:51 setuid sandbox: enabled 2018/12/23 01:13:51 namespace sandbox: enabled 2018/12/23 01:13:51 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/23 01:13:51 fault injection: enabled 2018/12/23 01:13:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/23 01:13:51 net packet injection: enabled 2018/12/23 01:13:51 net device setup: enabled 01:16:07 executing program 0: syz_emit_ethernet(0x2a, &(0x7f0000000080)={@link_local={0x11}, @broadcast, [], {@arp={0x806, @ether_ipv4={0x6, 0x800, 0x6, 0x4, 0x1, @random="f8bf88df5b1b", @remote, @dev}}}}, 0x0) [ 184.306381] IPVS: ftp: loaded support on port[0] = 21 01:16:07 executing program 1: r0 = socket$inet6(0xa, 0x803, 0x3) r1 = socket(0xa, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000300)=@broute={'broute\x00', 0x20, 0x2, 0x230, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200004c0], 0x0, 0x0, &(0x7f00000004c0)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x3, 0x0, 0x8100, 'nr0\x00', 'team0\x00', 'vlan0\x00', 'veth0_to_team\x00', @remote, [], @remote, [], 0xd0, 0xd0, 0x100, [@vlan={'vlan\x00', 0x8, {{0x0, 0x0, 0x892f, 0x7}}}, @connlabel={'connlabel\x00', 0x8}]}}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x8}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xfffffffffffffffe, 0x1, [{{{0xb, 0x0, 0x0, 'bond0\x00', 'team0\x00', 'bond0\x00', 'veth1_to_bridge\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa0}}, @common=@CONNSECMARK={'CONNSECMARK\x00', 0x8}}]}]}, 0x2a8) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") [ 184.627547] IPVS: ftp: loaded support on port[0] = 21 01:16:07 executing program 2: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) write$binfmt_misc(r0, 0x0, 0x0) [ 184.903408] IPVS: ftp: loaded support on port[0] = 21 01:16:08 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80040000000002, &(0x7f00000000c0)=0x65, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0x3f8, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='illinois\x00', 0x9) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) shutdown(r0, 0x1) [ 185.319698] IPVS: ftp: loaded support on port[0] = 21 01:16:08 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) [ 185.655175] IPVS: ftp: loaded support on port[0] = 21 01:16:09 executing program 5: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) [ 186.084483] IPVS: ftp: loaded support on port[0] = 21 [ 186.146787] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.169010] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.177607] device bridge_slave_0 entered promiscuous mode [ 186.301066] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.323747] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.341232] device bridge_slave_1 entered promiscuous mode [ 186.518240] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 186.631900] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.019110] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.025697] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.033389] device bridge_slave_0 entered promiscuous mode [ 187.091002] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.184575] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.196049] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.203524] device bridge_slave_1 entered promiscuous mode [ 187.294198] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.315389] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.356317] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.377954] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.391474] device bridge_slave_0 entered promiscuous mode [ 187.421955] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.512517] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 187.554302] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.585309] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.595429] device bridge_slave_1 entered promiscuous mode [ 187.610619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.719180] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 187.735964] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.746900] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.764163] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.788720] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.796768] device bridge_slave_0 entered promiscuous mode [ 187.808606] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.891375] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.937431] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.963594] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.973006] device bridge_slave_1 entered promiscuous mode [ 187.990968] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.083513] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.107455] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.115797] device bridge_slave_0 entered promiscuous mode [ 188.128137] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 188.143330] team0: Port device team_slave_0 added [ 188.161654] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.201061] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.224818] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.232214] device bridge_slave_1 entered promiscuous mode [ 188.267564] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.284106] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 188.301415] team0: Port device team_slave_1 added [ 188.356183] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.395362] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.416004] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.422535] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.430647] device bridge_slave_0 entered promiscuous mode [ 188.439488] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.467307] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.521542] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.547781] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 188.593984] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.605282] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 188.621132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.652166] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.696741] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.703165] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.719325] device bridge_slave_1 entered promiscuous mode [ 188.730202] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 188.754155] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 188.765522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.776325] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.815480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.833729] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 188.844519] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.870757] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.885675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.913690] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.930834] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 188.943072] team0: Port device team_slave_0 added [ 188.955768] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.044985] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.101659] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.121074] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.132442] team0: Port device team_slave_0 added [ 189.141115] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 189.158192] team0: Port device team_slave_1 added [ 189.187961] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.230464] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 189.241179] team0: Port device team_slave_1 added [ 189.256829] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 189.266164] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.321251] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.332920] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 189.349093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.376315] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.420448] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.449323] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.471529] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.509154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.616417] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 189.627178] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.635729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.643584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.657102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.694506] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.703718] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.715585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.748009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 189.767779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.801622] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.855784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.866499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.904515] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.919019] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.932577] team0: Port device team_slave_0 added [ 189.960328] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.971368] team0: Port device team_slave_0 added [ 189.986242] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.008827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.065011] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.072940] team0: Port device team_slave_1 added [ 190.108638] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.140132] team0: Port device team_slave_1 added [ 190.169211] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.211967] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.227448] team0: Port device team_slave_0 added [ 190.237663] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.276224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.378307] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.386271] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.394343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.414060] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.435586] team0: Port device team_slave_1 added [ 190.465366] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.528783] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.536393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.550535] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.562761] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 190.592346] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.609336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.619678] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.655672] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.668019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.677086] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.683575] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.690821] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.697193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.704413] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 190.725087] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 190.745439] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.752640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.767291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.794220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.803428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.825471] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.842066] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.857337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.955080] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.962440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.972690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.483184] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.489656] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.496405] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.502781] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.511850] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 191.544815] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.566384] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.785417] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.791823] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.798545] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.804941] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.828723] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.023762] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.030211] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.036931] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.043312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.063820] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.249952] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.256415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.263084] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.269511] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.289513] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.500146] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.506593] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.513268] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.519731] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.542702] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.574971] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.595337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.631959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.639651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 196.087842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.580380] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 196.955932] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.091194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.108464] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.120099] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 197.135813] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.155406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.184594] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.415490] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 197.564254] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 197.585414] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.592550] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 197.701944] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 197.815413] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.836714] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 197.842956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.857274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.079180] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.085715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.092861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.125558] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.144042] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.165695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.187452] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.212329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.225426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.363506] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.384192] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 198.548564] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.630904] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.660379] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.849289] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.855710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.871480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.345955] 8021q: adding VLAN 0 to HW filter on device team0 01:16:24 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") syz_emit_ethernet(0x7ffff, &(0x7f0000000100)={@broadcast, @link_local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=0x7f000000, @multicast1}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "10d1f6", 0x0, "071ccd"}}}}}}, 0x0) 01:16:24 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000180)={{}, {0x20000000304, @random="abac78350e60"}, 0x4, {0x2, 0x4e21, @local}, '\x00\x00\x00\x00\x01\x00\x00\x01\x00'}) [ 201.089586] [ 201.091265] ====================================================== [ 201.097591] WARNING: possible circular locking dependency detected [ 201.103912] 4.20.0-rc6-next-20181217+ #172 Not tainted [ 201.109184] ------------------------------------------------------ [ 201.115523] syz-executor0/7555 is trying to acquire lock: [ 201.121058] 00000000a1b0d9db (&tbl->lock){+.-.}, at: neigh_change_state+0x1dc/0x7a0 [ 201.128884] [ 201.128884] but task is already holding lock: [ 201.134862] 0000000062cba462 (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0 [ 201.142161] [ 201.142161] which lock already depends on the new lock. [ 201.142161] [ 201.150498] [ 201.150498] the existing dependency chain (in reverse order) is: [ 201.158157] [ 201.158157] -> #1 (&n->lock){++--}: [ 201.163285] _raw_write_lock+0x2d/0x40 [ 201.167699] neigh_periodic_work+0x3c0/0xc30 [ 201.172639] process_one_work+0xc90/0x1c40 [ 201.177422] worker_thread+0x17f/0x1390 [ 201.181929] kthread+0x35a/0x440 [ 201.185814] ret_from_fork+0x3a/0x50 [ 201.190027] [ 201.190027] -> #0 (&tbl->lock){+.-.}: [ 201.195323] lock_acquire+0x1ed/0x520 [ 201.199634] _raw_write_lock_bh+0x31/0x40 [ 201.204307] neigh_change_state+0x1dc/0x7a0 [ 201.209141] __neigh_update+0x478/0x1eb0 [ 201.213857] neigh_update+0x37/0x50 [ 201.218023] arp_req_set+0x54c/0xaa0 [ 201.222240] arp_ioctl+0x48b/0xae0 [ 201.226283] inet_ioctl+0x237/0x360 [ 201.230509] sock_do_ioctl+0xeb/0x420 [ 201.234813] sock_ioctl+0x313/0x690 [ 201.238945] do_vfs_ioctl+0x1de/0x1790 [ 201.243353] ksys_ioctl+0xa9/0xd0 [ 201.247337] __x64_sys_ioctl+0x73/0xb0 [ 201.251735] do_syscall_64+0x1b9/0x820 [ 201.256131] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.261822] [ 201.261822] other info that might help us debug this: [ 201.261822] [ 201.269964] Possible unsafe locking scenario: [ 201.269964] [ 201.276000] CPU0 CPU1 [ 201.280648] ---- ---- [ 201.285321] lock(&n->lock); [ 201.288445] lock(&tbl->lock); [ 201.294252] lock(&n->lock); [ 201.299868] lock(&tbl->lock); [ 201.303139] [ 201.303139] *** DEADLOCK *** [ 201.303139] [ 201.309189] 2 locks held by syz-executor0/7555: [ 201.313847] #0: 000000005b264e87 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 201.321114] #1: 0000000062cba462 (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0 [ 201.328823] [ 201.328823] stack backtrace: [ 201.333314] CPU: 1 PID: 7555 Comm: syz-executor0 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 201.341819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.351164] Call Trace: [ 201.353742] dump_stack+0x244/0x39d [ 201.357405] ? dump_stack_print_info.cold.1+0x20/0x20 [ 201.362584] ? vprintk_func+0x85/0x181 [ 201.366457] print_circular_bug.isra.36.cold.58+0x1bd/0x27d [ 201.372198] ? save_trace+0xe0/0x290 [ 201.375899] __lock_acquire+0x3399/0x4c20 [ 201.380049] ? mark_held_locks+0x130/0x130 [ 201.384269] ? kasan_check_read+0x11/0x20 [ 201.388403] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 201.393667] ? arp_constructor+0x3a5/0xd80 [ 201.397884] ? lock_downgrade+0x900/0x900 [ 201.402046] ? check_preemption_disabled+0x48/0x280 [ 201.407073] ? mark_held_locks+0x130/0x130 [ 201.411295] ? mark_held_locks+0xc7/0x130 [ 201.415429] ? __local_bh_enable_ip+0x160/0x260 [ 201.420080] ? __local_bh_enable_ip+0x160/0x260 [ 201.424732] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 201.429308] ? trace_hardirqs_on+0xbd/0x310 [ 201.433629] ? _raw_write_unlock_bh+0x30/0x40 [ 201.438127] ? trace_hardirqs_off_caller+0x310/0x310 [ 201.443231] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.448751] ? ___neigh_create+0x1704/0x2630 [ 201.453140] ? ___neigh_create+0x1704/0x2630 [ 201.457531] lock_acquire+0x1ed/0x520 [ 201.461344] ? neigh_change_state+0x1dc/0x7a0 [ 201.465845] ? lock_release+0xa00/0xa00 [ 201.469804] _raw_write_lock_bh+0x31/0x40 [ 201.473936] ? neigh_change_state+0x1dc/0x7a0 [ 201.478458] neigh_change_state+0x1dc/0x7a0 [ 201.482781] ? neigh_parms_alloc+0x6d0/0x6d0 [ 201.487173] ? mark_held_locks+0xc7/0x130 [ 201.491337] ? kasan_check_write+0x14/0x20 [ 201.495568] ? do_raw_write_lock+0x14f/0x310 [ 201.499970] ? do_raw_read_unlock+0x70/0x70 [ 201.504285] ? neigh_lookup+0x586/0x7c0 [ 201.508243] ? trace_hardirqs_off_caller+0x310/0x310 [ 201.513351] __neigh_update+0x478/0x1eb0 [ 201.517420] ? __local_bh_enable_ip+0x160/0x260 [ 201.522082] ? arp_key_eq+0x10/0xa0 [ 201.525710] ? __neigh_notify+0x160/0x160 [ 201.529858] ? ip_route_output_key_hash_rcu+0x3490/0x3490 [ 201.535389] ? find_held_lock+0x36/0x1c0 [ 201.539437] neigh_update+0x37/0x50 [ 201.543057] arp_req_set+0x54c/0xaa0 [ 201.546759] ? arp_req_delete+0x870/0x870 [ 201.550906] ? apparmor_cred_prepare+0x5a0/0x5a0 [ 201.555651] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.561189] arp_ioctl+0x48b/0xae0 [ 201.564710] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 201.569882] ? arp_constructor+0xd80/0xd80 [ 201.574101] ? futex_wake+0x304/0x760 [ 201.577909] inet_ioctl+0x237/0x360 [ 201.581534] ? inet_stream_connect+0xa0/0xa0 [ 201.585949] ? mark_held_locks+0x130/0x130 [ 201.590180] ? graph_lock+0x270/0x270 [ 201.593964] ? do_futex+0x249/0x26d0 [ 201.597665] ? kmem_cache_alloc_trace+0x356/0x740 [ 201.602578] ? lockdep_init_map+0x105/0x590 [ 201.606905] ? lockdep_init_map+0x105/0x590 [ 201.611221] ? find_held_lock+0x36/0x1c0 [ 201.615267] sock_do_ioctl+0xeb/0x420 [ 201.619053] ? compat_ifr_data_ioctl+0x170/0x170 [ 201.623792] ? check_preemption_disabled+0x48/0x280 [ 201.628807] ? kasan_check_read+0x11/0x20 [ 201.632941] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 201.638202] ? rcu_read_unlock_special+0x370/0x370 [ 201.643126] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 201.648326] sock_ioctl+0x313/0x690 [ 201.651952] ? dlci_ioctl_set+0x40/0x40 [ 201.655912] ? ksys_dup3+0x680/0x680 [ 201.659631] ? __might_fault+0x12b/0x1e0 [ 201.663693] ? lock_downgrade+0x900/0x900 [ 201.667825] ? lock_release+0xa00/0xa00 [ 201.671787] ? perf_trace_sched_process_exec+0x860/0x860 [ 201.677229] ? dlci_ioctl_set+0x40/0x40 [ 201.681188] do_vfs_ioctl+0x1de/0x1790 [ 201.685063] ? ioctl_preallocate+0x300/0x300 [ 201.689507] ? __fget_light+0x2e9/0x430 [ 201.693464] ? fget_raw+0x20/0x20 [ 201.696904] ? _copy_to_user+0xc8/0x110 [ 201.700868] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.706390] ? put_timespec64+0x10f/0x1b0 [ 201.710526] ? nsecs_to_jiffies+0x30/0x30 [ 201.714705] ? do_syscall_64+0x9a/0x820 [ 201.718669] ? do_syscall_64+0x9a/0x820 [ 201.722626] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 201.727197] ? security_file_ioctl+0x94/0xc0 [ 201.731607] ksys_ioctl+0xa9/0xd0 [ 201.735065] __x64_sys_ioctl+0x73/0xb0 [ 201.738939] do_syscall_64+0x1b9/0x820 [ 201.742813] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 201.748203] ? syscall_return_slowpath+0x5e0/0x5e0 [ 201.753120] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 201.757961] ? trace_hardirqs_on_caller+0x310/0x310 [ 201.762996] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 201.767995] ? prepare_exit_to_usermode+0x291/0x3b0 [ 201.772998] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 201.777826] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.783016] RIP: 0033:0x457669 [ 201.786192] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.805077] RSP: 002b:00007fd5841c8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 201.812767] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 201.820024] RDX: 0000000020000180 RSI: 0000000000008955 RDI: 0000000000000003 [ 201.827280] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 201.834551] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd5841c96d4 [ 201.841819] R13: 00000000004c2747 R14: 00000000004d46f8 R15: 00000000ffffffff 01:16:25 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000180)={{}, {0x20000000304, @random="abac78350e60"}, 0x4, {0x2, 0x4e21, @local}, '\x00\x00\x00\x00\x01\x00\x00\x01\x00'}) [ 201.956734] kobject: 'loop0' (000000008497d327): kobject_uevent_env [ 201.981739] kobject: 'loop0' (000000008497d327): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 202.022084] kobject: 'loop2' (00000000f2fe98e9): kobject_uevent_env [ 202.041500] kobject: 'loop2' (00000000f2fe98e9): fill_kobj_path: path = '/devices/virtual/block/loop2' 01:16:25 executing program 2: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) write$binfmt_misc(r0, 0x0, 0x0) 01:16:25 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000180)={{}, {0x20000000304, @random="abac78350e60"}, 0x4, {0x2, 0x4e21, @local}, '\x00\x00\x00\x00\x01\x00\x00\x01\x00'}) [ 202.109393] kobject: 'loop4' (00000000882b96ae): kobject_uevent_env [ 202.131068] kobject: 'loop4' (00000000882b96ae): fill_kobj_path: path = '/devices/virtual/block/loop4' 01:16:25 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) [ 202.180468] cannot load conntrack support for proto=7 [ 202.188258] kobject: 'loop1' (000000006407dca7): kobject_uevent_env [ 202.204762] kobject: 'loop1' (000000006407dca7): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 202.220920] cannot load conntrack support for proto=7 01:16:25 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000180)={{}, {0x20000000304, @random="abac78350e60"}, 0x4, {0x2, 0x4e21, @local}, '\x00\x00\x00\x00\x01\x00\x00\x01\x00'}) 01:16:25 executing program 1: r0 = socket$inet6(0xa, 0x803, 0x3) r1 = socket(0xa, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000300)=@broute={'broute\x00', 0x20, 0x2, 0x230, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200004c0], 0x0, 0x0, &(0x7f00000004c0)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x3, 0x0, 0x8100, 'nr0\x00', 'team0\x00', 'vlan0\x00', 'veth0_to_team\x00', @remote, [], @remote, [], 0xd0, 0xd0, 0x100, [@vlan={'vlan\x00', 0x8, {{0x0, 0x0, 0x892f, 0x7}}}, @connlabel={'connlabel\x00', 0x8}]}}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x8}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xfffffffffffffffe, 0x1, [{{{0xb, 0x0, 0x0, 'bond0\x00', 'team0\x00', 'bond0\x00', 'veth1_to_bridge\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa0}}, @common=@CONNSECMARK={'CONNSECMARK\x00', 0x8}}]}]}, 0x2a8) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") [ 202.230301] kobject: 'loop0' (000000008497d327): kobject_uevent_env [ 202.242840] kobject: 'loop0' (000000008497d327): fill_kobj_path: path = '/devices/virtual/block/loop0' 01:16:25 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) [ 202.273164] kobject: 'loop3' (000000002ac42b54): kobject_uevent_env [ 202.288544] kobject: 'loop3' (000000002ac42b54): fill_kobj_path: path = '/devices/virtual/block/loop3' 01:16:25 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80040000000002, &(0x7f00000000c0)=0x65, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0x3f8, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='illinois\x00', 0x9) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) shutdown(r0, 0x1) 01:16:25 executing program 2: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) write$binfmt_misc(r0, 0x0, 0x0) [ 202.324302] kobject: 'loop2' (00000000f2fe98e9): kobject_uevent_env [ 202.344211] kobject: 'loop2' (00000000f2fe98e9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 202.356337] cannot load conntrack support for proto=7 [ 202.405773] kobject: 'loop4' (00000000882b96ae): kobject_uevent_env [ 202.412258] kobject: 'loop4' (00000000882b96ae): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 202.432915] kobject: 'loop3' (000000002ac42b54): kobject_uevent_env [ 202.439573] kobject: 'loop3' (000000002ac42b54): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 202.450824] kobject: 'loop0' (000000008497d327): kobject_uevent_env [ 202.458041] kobject: 'loop0' (000000008497d327): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 202.468092] kobject: 'loop2' (00000000f2fe98e9): kobject_uevent_env [ 202.478610] kobject: 'loop2' (00000000f2fe98e9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 202.488685] kobject: 'loop4' (00000000882b96ae): kobject_uevent_env [ 202.495486] kobject: 'loop4' (00000000882b96ae): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 202.506348] kobject: 'loop1' (000000006407dca7): kobject_uevent_env [ 202.512803] kobject: 'loop1' (000000006407dca7): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 202.523924] kobject: 'loop3' (000000002ac42b54): kobject_uevent_env [ 202.530925] kobject: 'loop3' (000000002ac42b54): fill_kobj_path: path = '/devices/virtual/block/loop3' 01:16:25 executing program 5: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) 01:16:25 executing program 0: ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000180)={{}, {0x20000000304, @random="abac78350e60"}, 0x4, {0x2, 0x4e21, @local}, '\x00\x00\x00\x00\x01\x00\x00\x01\x00'}) 01:16:25 executing program 2: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) write$binfmt_misc(r0, 0x0, 0x0) 01:16:25 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 01:16:25 executing program 1: r0 = socket$inet6(0xa, 0x803, 0x3) r1 = socket(0xa, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000300)=@broute={'broute\x00', 0x20, 0x2, 0x230, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200004c0], 0x0, 0x0, &(0x7f00000004c0)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x3, 0x0, 0x8100, 'nr0\x00', 'team0\x00', 'vlan0\x00', 'veth0_to_team\x00', @remote, [], @remote, [], 0xd0, 0xd0, 0x100, [@vlan={'vlan\x00', 0x8, {{0x0, 0x0, 0x892f, 0x7}}}, @connlabel={'connlabel\x00', 0x8}]}}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x8}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xfffffffffffffffe, 0x1, [{{{0xb, 0x0, 0x0, 'bond0\x00', 'team0\x00', 'bond0\x00', 'veth1_to_bridge\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa0}}, @common=@CONNSECMARK={'CONNSECMARK\x00', 0x8}}]}]}, 0x2a8) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") 01:16:25 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80040000000002, &(0x7f00000000c0)=0x65, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0x3f8, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='illinois\x00', 0x9) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) shutdown(r0, 0x1) [ 202.615760] kobject: 'loop5' (00000000f4fd664c): kobject_uevent_env [ 202.622245] kobject: 'loop5' (00000000f4fd664c): fill_kobj_path: path = '/devices/virtual/block/loop5' 01:16:25 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 01:16:25 executing program 0: socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000180)={{}, {0x20000000304, @random="abac78350e60"}, 0x4, {0x2, 0x4e21, @local}, '\x00\x00\x00\x00\x01\x00\x00\x01\x00'}) 01:16:25 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80040000000002, &(0x7f00000000c0)=0x65, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0x3f8, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='illinois\x00', 0x9) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) shutdown(r0, 0x1) [ 202.673892] kobject: 'loop5' (00000000f4fd664c): kobject_uevent_env [ 202.688738] kobject: 'loop5' (00000000f4fd664c): fill_kobj_path: path = '/devices/virtual/block/loop5' 01:16:25 executing program 2: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) write$binfmt_misc(r0, 0x0, 0x0) 01:16:25 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 01:16:25 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) [ 202.725181] cannot load conntrack support for proto=7 01:16:26 executing program 5: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) 01:16:26 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80040000000002, &(0x7f00000000c0)=0x65, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0x3f8, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='illinois\x00', 0x9) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) 01:16:26 executing program 1: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) 01:16:26 executing program 2: r0 = socket(0x1e, 0x4, 0x0) write$binfmt_misc(r0, 0x0, 0x0) 01:16:26 executing program 4: connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0) [ 202.768828] kobject: 'loop4' (00000000882b96ae): kobject_uevent_env [ 202.806576] kobject: 'loop4' (00000000882b96ae): fill_kobj_path: path = '/devices/virtual/block/loop4' 01:16:26 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000180)={{}, {0x0, @random="abac78350e60"}, 0x4, {0x2, 0x4e21, @local}, '\x00\x00\x00\x00\x01\x00\x00\x01\x00'}) 01:16:26 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80040000000002, &(0x7f00000000c0)=0x65, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0x3f8, 0x4) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) 01:16:26 executing program 5: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) [ 202.845646] kobject: 'loop0' (000000008497d327): kobject_uevent_env [ 202.852130] kobject: 'loop0' (000000008497d327): fill_kobj_path: path = '/devices/virtual/block/loop0' 01:16:26 executing program 1: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) 01:16:26 executing program 2: setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) 01:16:26 executing program 4: r0 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) [ 202.889583] kobject: 'loop3' (000000002ac42b54): kobject_uevent_env [ 202.909334] kobject: 'loop3' (000000002ac42b54): fill_kobj_path: path = '/devices/virtual/block/loop3' 01:16:26 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000180)={{}, {0x20000000304, @random="abac78350e60"}, 0x0, {0x2, 0x4e21, @local}, '\x00\x00\x00\x00\x01\x00\x00\x01\x00'}) 01:16:26 executing program 2: r0 = socket(0x0, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) write$binfmt_misc(r0, 0x0, 0x0) [ 202.935149] kobject: 'loop2' (00000000f2fe98e9): kobject_uevent_env [ 202.942818] kobject: 'loop2' (00000000f2fe98e9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 202.975289] kobject: 'loop4' (00000000882b96ae): kobject_uevent_env 01:16:26 executing program 5: r0 = socket(0x1e, 0x4, 0x0) bind(r0, 0x0, 0x0) 01:16:26 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80040000000002, &(0x7f00000000c0)=0x65, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) 01:16:26 executing program 1: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) 01:16:26 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 01:16:26 executing program 2: r0 = socket(0x1e, 0x0, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) write$binfmt_misc(r0, 0x0, 0x0) [ 202.981944] kobject: 'loop4' (00000000882b96ae): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 203.006677] kobject: 'loop0' (000000008497d327): kobject_uevent_env [ 203.020169] kobject: 'loop0' (000000008497d327): fill_kobj_path: path = '/devices/virtual/block/loop0' 01:16:26 executing program 5: setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(0xffffffffffffffff, 0x0, 0x0) 01:16:26 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000180)={{}, {0x20000000304, @random="abac78350e60"}, 0x0, {0x2, 0x4e21, @local}, '\x00\x00\x00\x00\x01\x00\x00\x01\x00'}) 01:16:26 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80040000000002, &(0x7f00000000c0)=0x65, 0x4) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) 01:16:26 executing program 1: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) [ 203.079737] kobject: 'loop3' (000000002ac42b54): kobject_uevent_env [ 203.097718] kobject: 'loop3' (000000002ac42b54): fill_kobj_path: path = '/devices/virtual/block/loop3' 01:16:26 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, 0x0, 0x0) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 01:16:26 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000180)={{}, {0x20000000304, @random="abac78350e60"}, 0x0, {0x2, 0x4e21, @local}, '\x00\x00\x00\x00\x01\x00\x00\x01\x00'}) 01:16:26 executing program 2: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) write$binfmt_misc(r0, 0x0, 0x0) 01:16:26 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) [ 203.135269] kobject: 'loop1' (000000006407dca7): kobject_uevent_env [ 203.161492] kobject: 'loop1' (000000006407dca7): fill_kobj_path: path = '/devices/virtual/block/loop1' 01:16:26 executing program 5: r0 = socket(0x0, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) 01:16:26 executing program 1: setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) [ 203.184250] kobject: 'loop5' (00000000f4fd664c): kobject_uevent_env [ 203.191700] kobject: 'loop5' (00000000f4fd664c): fill_kobj_path: path = '/devices/virtual/block/loop5' 01:16:26 executing program 2: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, 0x0, 0x0) write$binfmt_misc(r0, 0x0, 0x0) 01:16:26 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) [ 203.227255] kobject: 'loop2' (00000000f2fe98e9): kobject_uevent_env [ 203.233740] kobject: 'loop2' (00000000f2fe98e9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 203.253543] kobject: 'loop0' (000000008497d327): kobject_uevent_env [ 203.262947] kobject: 'loop0' (000000008497d327): fill_kobj_path: path = '/devices/virtual/block/loop0' 01:16:26 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000180)={{}, {0x20000000304, @random="abac78350e60"}, 0x4, {0x2, 0x0, @local}, '\x00\x00\x00\x00\x01\x00\x00\x01\x00'}) 01:16:26 executing program 3: sendto$inet(0xffffffffffffffff, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) 01:16:26 executing program 5: r0 = socket(0x1e, 0x0, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) 01:16:26 executing program 1: r0 = socket(0x0, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) 01:16:26 executing program 2: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x0, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) write$binfmt_misc(r0, 0x0, 0x0) [ 203.280016] kobject: 'loop3' (000000002ac42b54): kobject_uevent_env [ 203.291868] kobject: 'loop3' (000000002ac42b54): fill_kobj_path: path = '/devices/virtual/block/loop3' 01:16:26 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0) 01:16:26 executing program 0: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) write$binfmt_misc(r0, 0x0, 0x0) 01:16:26 executing program 3: sendto$inet(0xffffffffffffffff, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) 01:16:26 executing program 5: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) [ 203.341547] kobject: 'loop5' (00000000f4fd664c): kobject_uevent_env [ 203.354002] kobject: 'loop5' (00000000f4fd664c): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 203.375422] kobject: 'loop1' (000000006407dca7): kobject_uevent_env 01:16:26 executing program 2: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89}, 0x1c) write$binfmt_misc(r0, 0x0, 0x0) 01:16:26 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, 0x0, 0x0, 0x0) 01:16:26 executing program 0: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) write$binfmt_misc(r0, 0x0, 0x0) 01:16:26 executing program 1: r0 = socket(0x1e, 0x0, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) [ 203.406352] kobject: 'loop1' (000000006407dca7): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 203.445531] kobject: 'loop2' (00000000f2fe98e9): kobject_uevent_env 01:16:26 executing program 3: sendto$inet(0xffffffffffffffff, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) 01:16:26 executing program 5: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, 0x0, 0x0) bind(r0, 0x0, 0x0) [ 203.456414] kobject: 'loop2' (00000000f2fe98e9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 203.481060] kobject: 'loop0' (000000008497d327): kobject_uevent_env 01:16:26 executing program 2: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) 01:16:26 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, 0x0, 0x0, 0x0) 01:16:26 executing program 5: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x0, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) 01:16:26 executing program 1: socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) 01:16:26 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) [ 203.504805] kobject: 'loop0' (000000008497d327): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 203.537391] kobject: 'loop2' (00000000f2fe98e9): kobject_uevent_env 01:16:26 executing program 0: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) write$binfmt_misc(r0, 0x0, 0x0) 01:16:26 executing program 5: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89}, 0x1c) bind(r0, 0x0, 0x0) 01:16:26 executing program 1: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, 0x0, 0x0) 01:16:26 executing program 2: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) write$binfmt_misc(r0, 0x0, 0x0) 01:16:26 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, 0x0, 0x0, 0x0) [ 203.565056] kobject: 'loop2' (00000000f2fe98e9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 203.596191] kobject: 'loop5' (00000000f4fd664c): kobject_uevent_env [ 203.602730] kobject: 'loop5' (00000000f4fd664c): fill_kobj_path: path = '/devices/virtual/block/loop5' 01:16:26 executing program 0: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) 01:16:26 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) [ 203.657516] kobject: 'loop3' (000000002ac42b54): kobject_uevent_env [ 203.664083] kobject: 'loop3' (000000002ac42b54): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 203.685835] kobject: 'loop1' (000000006407dca7): kobject_uevent_env 01:16:26 executing program 4: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) write$binfmt_misc(r0, 0x0, 0x0) 01:16:26 executing program 5: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89}, 0x1c) bind(0xffffffffffffffff, 0x0, 0x0) 01:16:26 executing program 1: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x0, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) 01:16:26 executing program 2: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) write$binfmt_misc(r0, 0x0, 0x0) 01:16:26 executing program 0: r0 = socket(0x1e, 0x4, 0x0) bind(r0, 0x0, 0x0) [ 203.705919] kobject: 'loop1' (000000006407dca7): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 203.739875] kobject: 'loop2' (00000000f2fe98e9): kobject_uevent_env 01:16:27 executing program 4: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) write$binfmt_misc(r0, 0x0, 0x0) 01:16:27 executing program 1: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89}, 0x1c) [ 203.761555] kobject: 'loop2' (00000000f2fe98e9): fill_kobj_path: path = '/devices/virtual/block/loop2' 01:16:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000003000/0x18000)=nil, &(0x7f0000000340)=[@textreal={0x8, &(0x7f0000000040)="66b9800000c00f326635010000000f30dfb900000f018cc760ba4000ec0fc7a8d65f0fc75a0dbaa10066ed660fe7150fae4baaba2100b80020ef", 0x3a}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x40000000000009) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') getdents(r3, &(0x7f0000000100)=""/114, 0x21b) ioctl$KDSETMODE(r3, 0x4b3a, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 01:16:27 executing program 0: setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(0xffffffffffffffff, 0x0, 0x0) 01:16:27 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) 01:16:27 executing program 2: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) write$binfmt_misc(r0, 0x0, 0x0) [ 203.812497] kobject: 'loop5' (00000000f4fd664c): kobject_uevent_env [ 203.830864] kobject: 'loop5' (00000000f4fd664c): fill_kobj_path: path = '/devices/virtual/block/loop5' 01:16:27 executing program 4: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) write$binfmt_misc(r0, 0x0, 0x0) [ 203.860795] kobject: 'loop3' (000000002ac42b54): kobject_uevent_env [ 203.869368] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 203.877457] kobject: 'loop3' (000000002ac42b54): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 203.895489] kobject: 'kvm' (00000000c4652139): kobject_uevent_env 01:16:27 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f0000000200), 0x2ab, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) 01:16:27 executing program 0: r0 = socket(0x0, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) 01:16:27 executing program 2: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) [ 203.922603] kobject: 'kvm' (00000000c4652139): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 203.944465] kobject: 'loop1' (000000006407dca7): kobject_uevent_env 01:16:27 executing program 4: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) 01:16:27 executing program 3: socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000a88f88), 0x0, 0x20004000, 0x0, 0x0) 01:16:27 executing program 0: r0 = socket(0x1e, 0x0, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) bind(r0, 0x0, 0x0) [ 203.974909] kobject: 'loop1' (000000006407dca7): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 203.998471] kobject: 'loop4' (00000000882b96ae): kobject_uevent_env [ 204.010396] hrtimer: interrupt took 52399 ns [ 204.011756] kobject: 'loop4' (00000000882b96ae): fill_kobj_path: path = '/devices/virtual/block/loop4' 01:16:27 executing program 4: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x89, 0x0, 0x0, 0xfffffffffffffeff}, 0x1c) [ 204.051826] ================================================================== [ 204.052098] kobject: 'loop2' (00000000f2fe98e9): kobject_uevent_env [ 204.059267] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 204.059280] Write of size 832 at addr ffff8881c4920bc0 by task syz-executor5/7835 [ 204.059284] [ 204.059300] CPU: 0 PID: 7835 Comm: syz-executor5 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 204.059310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.059315] Call Trace: [ 204.059332] dump_stack+0x244/0x39d [ 204.059349] ? dump_stack_print_info.cold.1+0x20/0x20 [ 204.059376] ? printk+0xa7/0xcf [ 204.059398] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 204.108131] kobject: 'loop2' (00000000f2fe98e9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 204.110830] print_address_description.cold.4+0x9/0x1ff [ 204.110850] ? fpstate_init+0x50/0x160 [ 204.125249] kobject: 'loop5' (00000000f4fd664c): kobject_uevent_env [ 204.128310] kasan_report.cold.5+0x1b/0x39 [ 204.128327] ? fpstate_init+0x50/0x160 [ 204.128344] ? fpstate_init+0x50/0x160 [ 204.137428] kobject: 'loop5' (00000000f4fd664c): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 204.137610] check_memory_region+0x13e/0x1b0 [ 204.158240] kobject: 'loop3' (000000002ac42b54): kobject_uevent_env [ 204.165446] memset+0x23/0x40 [ 204.165462] fpstate_init+0x50/0x160 [ 204.165477] kvm_arch_vcpu_init+0x3e9/0x870 [ 204.165496] kvm_vcpu_init+0x2fa/0x420 [ 204.165511] ? vcpu_stat_get+0x300/0x300 [ 204.165532] ? kmem_cache_alloc+0x30b/0x730 [ 204.188001] kobject: 'loop3' (000000002ac42b54): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 204.191369] vmx_create_vcpu+0x1b7/0x2695 [ 204.191390] ? perf_trace_sched_process_exec+0x860/0x860 [ 204.210413] kobject: 'loop1' (000000006407dca7): kobject_uevent_env [ 204.213574] ? do_raw_spin_unlock+0xa7/0x330 [ 204.213594] ? vmx_exec_control+0x210/0x210 [ 204.234181] ? retint_kernel+0x2d/0x2d [ 204.236467] kobject: 'loop1' (000000006407dca7): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 204.238087] ? trace_hardirqs_on_caller+0xc0/0x310 [ 204.238109] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.257244] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 204.260057] kobject: 'loop2' (00000000f2fe98e9): kobject_uevent_env [ 204.262722] ? futex_wait_queue_me+0x55d/0x840 [ 204.262745] ? wait_for_completion+0x8a0/0x8a0 [ 204.278294] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.279588] kobject: 'loop2' (00000000f2fe98e9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 204.283065] kvm_arch_vcpu_create+0xe5/0x220 [ 204.283082] ? kvm_arch_vcpu_free+0x90/0x90 [ 204.301241] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 204.306186] kvm_vm_ioctl+0x526/0x2030 [ 204.310087] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 204.315198] ? futex_wait+0x5ec/0xa50 [ 204.319008] ? kvm_unregister_device_ops+0x70/0x70 [ 204.322394] kobject: 'kvm' (00000000c4652139): kobject_uevent_env [ 204.323990] ? mark_held_locks+0x130/0x130 [ 204.324013] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 204.330967] kobject: 'loop4' (00000000882b96ae): kobject_uevent_env [ 204.334483] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 204.351138] ? futex_wake+0x304/0x760 [ 204.352112] kobject: 'loop4' (00000000882b96ae): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 204.354976] ? retint_kernel+0x2d/0x2d [ 204.354994] ? trace_hardirqs_on_caller+0xc0/0x310 [ 204.355015] ? mark_held_locks+0x130/0x130 [ 204.377756] ? do_futex+0x249/0x26d0 [ 204.379094] kobject: 'loop3' (000000002ac42b54): kobject_uevent_env [ 204.381486] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.392663] ? retint_kernel+0x2d/0x2d [ 204.396560] ? retint_kernel+0x2d/0x2d [ 204.399322] kobject: 'kvm' (00000000c4652139): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 204.400457] ? exit_robust_list+0x280/0x280 [ 204.400477] ? __fget+0x4aa/0x740 [ 204.400495] ? lock_downgrade+0x900/0x900 [ 204.400514] ? retint_kernel+0x2d/0x2d [ 204.410129] kobject: 'loop3' (000000002ac42b54): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 204.413841] ? trace_hardirqs_on_caller+0xc0/0x310 [ 204.425378] kobject: 'loop5' (00000000f4fd664c): kobject_uevent_env [ 204.434714] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.434733] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 204.434747] ? rcu_read_unlock_special+0x370/0x370 [ 204.434766] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.448850] kobject: 'loop5' (00000000f4fd664c): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 204.450859] ? retint_kernel+0x2d/0x2d [ 204.457103] kobject: 'loop1' (000000006407dca7): kobject_uevent_env [ 204.461213] ? do_vfs_ioctl+0xd1/0x1790 [ 204.467603] kobject: 'loop1' (000000006407dca7): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 204.475406] ? write_comp_data+0x14/0x70 [ 204.475423] ? kvm_unregister_device_ops+0x70/0x70 [ 204.475439] do_vfs_ioctl+0x1de/0x1790 [ 204.475458] ? ioctl_preallocate+0x300/0x300 [ 204.480736] kobject: 'loop2' (00000000f2fe98e9): kobject_uevent_env [ 204.485739] ? __fget_light+0x2e9/0x430 [ 204.485753] ? fget_raw+0x20/0x20 [ 204.485768] ? _copy_to_user+0xc8/0x110 [ 204.485786] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.485804] ? put_timespec64+0x10f/0x1b0 [ 204.485823] ? nsecs_to_jiffies+0x30/0x30 [ 204.491091] kobject: 'loop2' (00000000f2fe98e9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 204.499244] ? security_file_ioctl+0x94/0xc0 [ 204.499277] ksys_ioctl+0xa9/0xd0 [ 204.499293] __x64_sys_ioctl+0x73/0xb0 [ 204.499309] do_syscall_64+0x1b9/0x820 [ 204.499324] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 204.499338] ? syscall_return_slowpath+0x5e0/0x5e0 [ 204.499349] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 204.499374] ? trace_hardirqs_on_caller+0x310/0x310 [ 204.499387] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 204.499402] ? prepare_exit_to_usermode+0x291/0x3b0 [ 204.499421] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 204.511694] kobject: 'loop4' (00000000882b96ae): kobject_uevent_env [ 204.512290] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.512307] RIP: 0033:0x457669 [ 204.517397] kobject: 'loop4' (00000000882b96ae): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 204.523105] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.523113] RSP: 002b:00007f73abce2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 204.528041] kobject: 'loop3' (000000002ac42b54): kobject_uevent_env [ 204.530546] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 204.530555] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 204.530578] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 204.530607] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f73abce36d4 [ 204.534994] kobject: 'loop3' (000000002ac42b54): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 204.540108] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 204.540123] [ 204.540137] Allocated by task 7835: [ 204.545270] kobject: 'loop5' (00000000f4fd664c): kobject_uevent_env [ 204.548418] save_stack+0x43/0xd0 [ 204.548430] kasan_kmalloc+0xcb/0xd0 [ 204.548446] kasan_slab_alloc+0x12/0x20 [ 204.558009] kobject: 'loop5' (00000000f4fd664c): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 204.562282] kmem_cache_alloc+0x130/0x730 [ 204.562296] vmx_create_vcpu+0x110/0x2695 [ 204.562312] kvm_arch_vcpu_create+0xe5/0x220 [ 204.566766] kobject: 'loop2' (00000000f2fe98e9): kobject_uevent_env [ 204.569643] kvm_vm_ioctl+0x526/0x2030 [ 204.569658] do_vfs_ioctl+0x1de/0x1790 [ 204.569675] ksys_ioctl+0xa9/0xd0 [ 204.573614] kobject: 'loop2' (00000000f2fe98e9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 204.578902] __x64_sys_ioctl+0x73/0xb0 [ 204.578915] do_syscall_64+0x1b9/0x820 [ 204.578931] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.578934] [ 204.578940] Freed by task 0: [ 204.578943] (stack is not available) [ 204.578946] [ 204.578956] The buggy address belongs to the object at ffff8881c4920b80 [ 204.578956] which belongs to the cache x86_fpu of size 832 [ 204.578972] The buggy address is located 64 bytes inside of [ 204.578972] 832-byte region [ffff8881c4920b80, ffff8881c4920ec0) [ 204.586891] kobject: 'loop4' (00000000882b96ae): kobject_uevent_env [ 204.588706] The buggy address belongs to the page: [ 204.588720] page:ffffea0007124800 count:1 mapcount:0 mapping:ffff8881d7a72380 index:0x0 [ 204.588737] flags: 0x2fffc0000000200(slab) [ 204.593804] kobject: 'loop4' (00000000882b96ae): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 204.598749] raw: 02fffc0000000200 ffff8881d511ff48 ffff8881d511ff48 ffff8881d7a72380 [ 204.598764] raw: 0000000000000000 ffff8881c4920040 0000000100000004 0000000000000000 [ 204.598769] page dumped because: kasan: bad access detected [ 204.598772] [ 204.598776] Memory state around the buggy address: [ 204.598788] ffff8881c4920d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 204.598798] ffff8881c4920e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 204.598811] >ffff8881c4920e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 204.606299] kobject: 'loop1' (000000006407dca7): kobject_uevent_env [ 204.608651] ^ [ 204.615544] kobject: 'loop1' (000000006407dca7): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 204.620248] ffff8881c4920f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 204.620259] ffff8881c4920f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 204.620269] ================================================================== [ 204.623940] kobject: 'loop5' (00000000f4fd664c): kobject_uevent_env [ 204.674780] Kernel panic - not syncing: panic_on_warn set ... [ 204.687342] kobject: 'loop5' (00000000f4fd664c): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 204.687938] CPU: 0 PID: 7835 Comm: syz-executor5 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 204.696055] kobject: 'loop3' (000000002ac42b54): kobject_uevent_env [ 204.704650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.704660] Call Trace: [ 204.712478] kobject: 'loop3' (000000002ac42b54): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 204.713560] dump_stack+0x244/0x39d [ 204.717874] kobject: 'loop2' (00000000f2fe98e9): kobject_uevent_env [ 204.723564] ? dump_stack_print_info.cold.1+0x20/0x20 [ 204.727501] kobject: 'loop2' (00000000f2fe98e9): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 204.730711] ? fpstate_init+0x30/0x160 [ 204.735546] kobject: 'loop4' (00000000882b96ae): kobject_uevent_env [ 204.744112] panic+0x2ad/0x632 [ 204.748811] kobject: 'loop4' (00000000882b96ae): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 204.752399] ? add_taint.cold.5+0x16/0x16 [ 204.758578] kobject: 'loop5' (00000000f4fd664c): kobject_uevent_env [ 204.763204] ? preempt_schedule+0x4d/0x60 [ 204.767482] kobject: 'loop5' (00000000f4fd664c): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 204.770967] ? ___preempt_schedule+0x16/0x18 [ 204.775210] kobject: 'loop1' (000000006407dca7): kobject_uevent_env [ 204.783881] ? trace_hardirqs_on+0xb4/0x310 [ 204.787887] kobject: 'loop1' (000000006407dca7): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 204.791637] ? fpstate_init+0x50/0x160 [ 204.797714] kobject: 'loop3' (000000002ac42b54): kobject_uevent_env [ 204.798423] end_report+0x47/0x4f [ 204.801442] kobject: 'loop3' (000000002ac42b54): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 204.805123] kasan_report.cold.5+0xe/0x39 [ 204.805138] ? fpstate_init+0x50/0x160 [ 204.805152] ? fpstate_init+0x50/0x160 [ 204.805166] check_memory_region+0x13e/0x1b0 [ 204.805178] memset+0x23/0x40 [ 204.805195] fpstate_init+0x50/0x160 [ 204.807756] kobject: 'loop5' (00000000f4fd664c): kobject_uevent_env [ 204.819124] kvm_arch_vcpu_init+0x3e9/0x870 [ 204.819141] kvm_vcpu_init+0x2fa/0x420 [ 204.819153] ? vcpu_stat_get+0x300/0x300 [ 204.819194] ? kmem_cache_alloc+0x30b/0x730 [ 204.819211] vmx_create_vcpu+0x1b7/0x2695 [ 204.819230] ? perf_trace_sched_process_exec+0x860/0x860 [ 204.819243] ? do_raw_spin_unlock+0xa7/0x330 [ 204.819259] ? vmx_exec_control+0x210/0x210 [ 204.819273] ? retint_kernel+0x2d/0x2d [ 204.819288] ? trace_hardirqs_on_caller+0xc0/0x310 [ 204.819318] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.819346] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 204.819372] ? futex_wait_queue_me+0x55d/0x840 [ 204.819386] ? wait_for_completion+0x8a0/0x8a0 [ 204.819404] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.819422] kvm_arch_vcpu_create+0xe5/0x220 [ 204.819435] ? kvm_arch_vcpu_free+0x90/0x90 [ 204.819448] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 204.819462] kvm_vm_ioctl+0x526/0x2030 [ 204.819475] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 204.819488] ? futex_wait+0x5ec/0xa50 [ 204.819502] ? kvm_unregister_device_ops+0x70/0x70 [ 204.819521] ? mark_held_locks+0x130/0x130 [ 204.819539] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 204.819554] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 204.819566] ? futex_wake+0x304/0x760 [ 204.819588] ? retint_kernel+0x2d/0x2d [ 204.819601] ? trace_hardirqs_on_caller+0xc0/0x310 [ 204.819627] ? mark_held_locks+0x130/0x130 [ 204.819641] ? do_futex+0x249/0x26d0 [ 204.819658] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.819674] ? retint_kernel+0x2d/0x2d [ 204.819687] ? retint_kernel+0x2d/0x2d [ 204.819700] ? exit_robust_list+0x280/0x280 [ 204.819718] ? __fget+0x4aa/0x740 [ 204.819733] ? lock_downgrade+0x900/0x900 [ 204.819747] ? retint_kernel+0x2d/0x2d [ 204.819762] ? trace_hardirqs_on_caller+0xc0/0x310 [ 204.819777] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.819794] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 204.819809] ? rcu_read_unlock_special+0x370/0x370 [ 204.819828] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 204.819845] ? retint_kernel+0x2d/0x2d [ 204.819865] ? do_vfs_ioctl+0xd1/0x1790 [ 204.819880] ? write_comp_data+0x14/0x70 [ 204.819896] ? kvm_unregister_device_ops+0x70/0x70 [ 204.819909] do_vfs_ioctl+0x1de/0x1790 [ 204.819928] ? ioctl_preallocate+0x300/0x300 [ 204.819942] ? __fget_light+0x2e9/0x430 [ 204.819957] ? fget_raw+0x20/0x20 [ 204.819971] ? _copy_to_user+0xc8/0x110 [ 204.819989] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.820005] ? put_timespec64+0x10f/0x1b0 [ 204.820020] ? nsecs_to_jiffies+0x30/0x30 [ 204.820040] ? security_file_ioctl+0x94/0xc0 [ 204.820057] ksys_ioctl+0xa9/0xd0 [ 204.820074] __x64_sys_ioctl+0x73/0xb0 [ 204.820089] do_syscall_64+0x1b9/0x820 [ 204.820102] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 204.820118] ? syscall_return_slowpath+0x5e0/0x5e0 [ 204.820132] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 204.820148] ? trace_hardirqs_on_caller+0x310/0x310 [ 204.820163] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 204.820179] ? prepare_exit_to_usermode+0x291/0x3b0 [ 204.820197] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 204.820216] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.820227] RIP: 0033:0x457669 [ 204.820243] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.820250] RSP: 002b:00007f73abce2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 204.820264] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 204.820273] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 204.820281] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 204.820305] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f73abce36d4 [ 204.820315] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 204.821433] Kernel Offset: disabled [ 205.529150] Rebooting in 86400 seconds..