[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 34.715763] audit: type=1800 audit(1556287683.608:33): pid=7063 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 34.741386] audit: type=1800 audit(1556287683.608:34): pid=7063 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 38.587980] random: sshd: uninitialized urandom read (32 bytes read) [ 38.845021] audit: type=1400 audit(1556287687.738:35): avc: denied { map } for pid=7235 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.896967] random: sshd: uninitialized urandom read (32 bytes read) [ 39.563423] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.60' (ECDSA) to the list of known hosts. [ 45.197148] random: sshd: uninitialized urandom read (32 bytes read) 2019/04/26 14:08:14 fuzzer started [ 45.389134] audit: type=1400 audit(1556287694.278:36): avc: denied { map } for pid=7244 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.051442] random: cc1: uninitialized urandom read (8 bytes read) 2019/04/26 14:08:16 dialing manager at 10.128.0.105:44877 2019/04/26 14:08:16 syscalls: 2434 2019/04/26 14:08:16 code coverage: enabled 2019/04/26 14:08:16 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/04/26 14:08:16 extra coverage: extra coverage is not supported by the kernel 2019/04/26 14:08:16 setuid sandbox: enabled 2019/04/26 14:08:16 namespace sandbox: enabled 2019/04/26 14:08:16 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/26 14:08:16 fault injection: enabled 2019/04/26 14:08:16 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/26 14:08:16 net packet injection: enabled 2019/04/26 14:08:16 net device setup: enabled [ 49.034332] random: crng init done 14:10:30 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x7, &(0x7f0000013e95), 0x4) ioctl$sock_SIOCETHTOOL(r2, 0x8947, &(0x7f0000000040)={'ip6erspaq0\x00', 0x0}) close(r2) close(r1) 14:10:30 executing program 5: socket$netlink(0x10, 0x3, 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x1, 0x9010000000000084) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0xe, 0x0, 0x0) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x8) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x98) 14:10:30 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f00000001c0), 0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) 14:10:30 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x6cb) setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000000)=0x8, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) 14:10:30 executing program 3: syz_execute_func(&(0x7f0000000040)="b18191cd806969ef69dccf00c4e195e8a4d2e5a700007bb66667450ee8a9db000004024efd5b40f7af8f87fd721c7e50506766400f3831a859b6efb3c4c3090c330053fb1f11cdaefbc44549f216c421fc11c165f00fc70de5110000660f383fd155bebec4210a5fc32af3400faee4de4cde977c7cf752325726400f4d18c4d6fef6f6dd2025500804f4c40e2d690b72c341f6d3c3dbe0") 14:10:30 executing program 4: pipe2$9p(&(0x7f0000000080), 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x7fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x0, 0x0) [ 181.565027] audit: type=1400 audit(1556287830.458:37): avc: denied { map } for pid=7244 comm="syz-fuzzer" path="/root/syzkaller-shm947246610" dev="sda1" ino=16461 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 181.604168] audit: type=1400 audit(1556287830.498:38): avc: denied { map } for pid=7260 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 182.480247] IPVS: ftp: loaded support on port[0] = 21 [ 182.807028] chnl_net:caif_netlink_parms(): no params data found [ 182.816969] IPVS: ftp: loaded support on port[0] = 21 [ 182.872957] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.879542] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.887358] device bridge_slave_0 entered promiscuous mode [ 182.897033] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.903594] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.911079] device bridge_slave_1 entered promiscuous mode [ 182.938505] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.948100] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.971779] IPVS: ftp: loaded support on port[0] = 21 [ 182.979104] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.986719] team0: Port device team_slave_0 added [ 182.995002] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.002424] team0: Port device team_slave_1 added [ 183.014140] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.038552] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.142244] device hsr_slave_0 entered promiscuous mode [ 183.180378] device hsr_slave_1 entered promiscuous mode [ 183.263661] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 183.272792] chnl_net:caif_netlink_parms(): no params data found [ 183.282068] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 183.340464] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.347352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.354475] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.360919] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.374312] IPVS: ftp: loaded support on port[0] = 21 [ 183.385326] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.393649] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.400855] device bridge_slave_0 entered promiscuous mode [ 183.408461] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.415541] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.422972] device bridge_slave_1 entered promiscuous mode [ 183.499198] chnl_net:caif_netlink_parms(): no params data found [ 183.508596] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.518146] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.567213] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.574985] team0: Port device team_slave_0 added [ 183.581521] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.588754] team0: Port device team_slave_1 added [ 183.594681] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.613419] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.634958] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.642159] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.649114] IPVS: ftp: loaded support on port[0] = 21 [ 183.649887] device bridge_slave_0 entered promiscuous mode [ 183.723437] device hsr_slave_0 entered promiscuous mode [ 183.780582] device hsr_slave_1 entered promiscuous mode [ 183.823984] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 183.831820] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.838624] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.846295] device bridge_slave_1 entered promiscuous mode [ 183.869162] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.879182] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.893513] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.901077] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.910242] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 183.966240] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.973088] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.980939] team0: Port device team_slave_0 added [ 184.015488] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.022997] team0: Port device team_slave_1 added [ 184.043580] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.053408] IPVS: ftp: loaded support on port[0] = 21 [ 184.076249] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.097041] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.121328] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 184.136621] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 184.193291] device hsr_slave_0 entered promiscuous mode [ 184.230937] device hsr_slave_1 entered promiscuous mode [ 184.271645] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 184.289085] chnl_net:caif_netlink_parms(): no params data found [ 184.298576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.308082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.316637] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 184.323296] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.329934] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 184.384733] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 184.396214] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 184.427445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.435610] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.443589] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.450114] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.457246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.465709] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.473443] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.479916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.495412] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.532511] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.539018] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.547444] device bridge_slave_0 entered promiscuous mode [ 184.555514] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.562778] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.569885] device bridge_slave_1 entered promiscuous mode [ 184.585932] chnl_net:caif_netlink_parms(): no params data found [ 184.609768] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 184.630888] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.641257] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.649509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.661579] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 184.685390] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 184.692946] team0: Port device team_slave_0 added [ 184.698748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.709502] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 184.738561] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.746401] team0: Port device team_slave_1 added [ 184.754606] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.762678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.771564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.779672] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.792087] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.798733] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.806258] device bridge_slave_0 entered promiscuous mode [ 184.814301] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.827823] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 184.851145] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.857717] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.866905] device bridge_slave_1 entered promiscuous mode [ 184.884333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.893021] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.905942] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 184.934855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.949959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 184.958722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.981162] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 184.989544] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.032671] device hsr_slave_0 entered promiscuous mode [ 185.070555] device hsr_slave_1 entered promiscuous mode [ 185.113588] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 185.137422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 185.145644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 185.154244] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.164642] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 185.171036] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 185.178249] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 185.188452] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 185.212272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.219168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.226897] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 185.236199] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 185.243307] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.259486] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 185.267899] team0: Port device team_slave_0 added [ 185.274438] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 185.283145] team0: Port device team_slave_1 added [ 185.289649] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.297922] chnl_net:caif_netlink_parms(): no params data found [ 185.309857] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.326935] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 185.336476] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 185.362779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.371268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.378929] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.385494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.393240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.425966] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.433961] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 185.484270] device hsr_slave_0 entered promiscuous mode [ 185.520692] device hsr_slave_1 entered promiscuous mode [ 185.587131] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 185.598938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.605492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.613882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.622562] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.629129] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.637752] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.655403] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 185.665746] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 185.679328] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.688446] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.695841] device bridge_slave_0 entered promiscuous mode [ 185.704071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.713239] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 185.726028] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 185.734198] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.740778] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.747891] device bridge_slave_1 entered promiscuous mode [ 185.774707] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.783024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.793571] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 185.813887] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 185.823301] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.838269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.848388] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.856889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.863933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.871660] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 185.880653] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 185.886842] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.898765] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.923581] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 185.933980] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 185.941924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.949600] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.957597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 185.965496] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 185.974942] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 186.000848] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 186.008830] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 186.021525] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 186.027851] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.035408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.043816] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.052001] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.058527] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.058960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.076598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.091968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.107437] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 186.115971] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 186.124940] team0: Port device team_slave_0 added [ 186.144888] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.153318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.161290] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.167751] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.177579] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 186.185892] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 186.193262] team0: Port device team_slave_1 added [ 186.199185] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 186.209079] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 186.216562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.227844] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 186.239954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.258867] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 186.265862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.277202] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 186.288047] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 186.304423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.315266] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.323937] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.337323] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 186.347103] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.394551] device hsr_slave_0 entered promiscuous mode [ 186.450540] device hsr_slave_1 entered promiscuous mode [ 186.512006] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 186.519891] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 186.526726] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.534798] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.542613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.549717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.559330] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.569309] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 186.578274] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 186.588318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.602119] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 14:10:35 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f00000000c0)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet_msfilter(r1, 0x0, 0x29, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) fcntl$setstatus(r1, 0x4, 0x42803) [ 186.612518] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 186.620559] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 186.646336] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 186.655516] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.674306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.682463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.692270] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 186.708151] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 186.721769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.728781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.739475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.753312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.773122] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.779542] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.809878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.829811] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 186.843571] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.854352] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.863683] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 186.872726] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.903119] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 186.915006] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 186.936337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.946590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.957747] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.964372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.982102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 14:10:35 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2e0000002b00672de45ae087185082cf0124b0eba06ec42401000000000000140000000000008d0051894dd65b2f", 0x2e}], 0x1}, 0x0) [ 186.998444] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.006944] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.013386] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.023441] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.034661] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 187.059636] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 187.075064] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.085980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 14:10:36 executing program 0: sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x3000, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) [ 187.093545] audit: type=1400 audit(1556287835.978:39): avc: denied { create } for pid=7327 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 187.123107] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.5'. [ 187.131708] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.139619] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.146070] bridge0: port 2(bridge_slave_1) entered forwarding state 14:10:36 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x38, 0x10, 0xe3b, 0x0, 0x0, {0x0, 0x0, 0x4c00}, [@IFLA_MASTER={0x8, 0xd, 0x6}, @IFLA_LINKINFO={0x10, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0x4}}}]}, 0x38}}, 0x0) [ 187.160638] audit: type=1400 audit(1556287836.018:40): avc: denied { write } for pid=7327 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 187.199964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.211003] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 187.218951] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 187.234402] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.246649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.250041] hrtimer: interrupt took 40339 ns 14:10:36 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_SIOCETHTOOL(r1, 0x8906, 0x0) close(r1) [ 187.255732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.269671] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 187.286472] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready 14:10:36 executing program 0: sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x3000, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) [ 187.307192] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.327170] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.339810] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.352537] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 187.382783] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 187.391592] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.398705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.418811] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.427764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.436508] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.446652] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 187.462376] 8021q: adding VLAN 0 to HW filter on device bond0 14:10:36 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup\x00\x06\"\xce[\x94:\xc1F\xd4\xb7^\v\x1e;\xed\xc1\xe9\xd0\xa7\xbc\xcd\x87\x96\xabg\"\x9f\xaa\xa3N\x98\x0e2\x1b\xd8\x9aC\x97\xbb\x11\xd7\x8a\xe5\x95\x97\x98cWD\xb8\xf5K\xbb\xeb\xd7\x89\xef\xaf5\xd0\xb9\xe2\xff/1\x05\xf5l\x04\xe3\x06\xab=\x924[>lE\xf3\x9b\xd4\xc9\xe5-\xf1\x93)\xbe\xe0{{\x99\t\x92Z\xfaZ\xfe\xac\xe9\xaf\a>zH\xdaJ\x9e\xd1\x7f\n \xde\xb6>m\xdcG\x83H,\xc1\x14\xcb\xd4 \x15T)-', 0xea02ffe0, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0) flistxattr(0xffffffffffffffff, &(0x7f00000000c0)=""/9, 0x9) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) shmget(0x3, 0x3000, 0x0, &(0x7f0000572000/0x3000)=nil) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000480)={0x0, 0x568f, 0xfffffffffffffffd, 0x7, 0x6, 0x3, 0x0, 0x89d, 0x0, 0x8, 0x0, 0x5}) r2 = semget(0x0, 0x0, 0x85) semctl$GETALL(r2, 0x0, 0xd, &(0x7f0000000280)=""/132) prctl$PR_GET_FPEXC(0xb, 0x0) syz_genetlink_get_family_id$tipc2(0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000140)=0x3, &(0x7f0000000440)=0x1) write$cgroup_pid(r3, &(0x7f0000000080), 0xfffffe38) r4 = perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(r3, 0x117, 0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r3, 0x660c, 0x0) write$P9_RSTAT(r3, 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000005, 0x13, r1, 0x0) setxattr$security_smack_transmute(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f00000001c0)='TRUE', 0x4, 0x1) ioctl$VT_WAITACTIVE(r3, 0x5607) epoll_pwait(r3, &(0x7f00000004c0)=[{}], 0x1, 0x3, &(0x7f0000000580), 0x8) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xffffffffffffffff, 0x4002091, r4, 0x0) ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000340)={0x2, 0x3f}) mkdir(&(0x7f0000000040)='./file0\x00', 0x10) [ 187.903551] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.910259] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.918696] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.929098] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.942182] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 187.961993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.969902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.987640] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.994282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.001894] audit: type=1800 audit(1556287836.878:41): pid=7374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name=63B0406F75702E65CB3204CC3232B36B7818A276656E747307FBF44D16312571984531712080F045C7CF33A15A3EE505900DF446CE3704C0A9F154C9CAEB9AF7A031E8EB0DEC7B8863A20D1A dev="sda1" ino=16524 res=0 [ 188.039094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.049572] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 188.060513] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 188.068187] audit: type=1400 audit(1556287836.898:42): avc: denied { read } for pid=7371 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 188.095640] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 188.105624] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 188.115941] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 188.124686] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 188.137386] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.153725] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 188.172696] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 188.192879] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.236505] audit: type=1400 audit(1556287837.128:43): avc: denied { map } for pid=7371 comm="syz-executor.1" path="/dev/loop0" dev="devtmpfs" ino=357 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=1 [ 188.272969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.281243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.294921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.350747] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.358756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.366977] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.374828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.382670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.391513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.400504] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.408762] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.416162] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.583526] audit: type=1400 audit(1556287837.478:44): avc: denied { getopt } for pid=7371 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 14:10:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000080)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETS2(r1, 0x402c542b, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "7e884838dad904e4a8cdc56fb10d03d8427415"}) ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000000)) readv(r2, &(0x7f0000000780)=[{&(0x7f0000000140)=""/142, 0x8e}], 0x1) dup2(r2, r1) 14:10:38 executing program 5: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() rt_sigqueueinfo(r0, 0x0, 0x0) 14:10:38 executing program 4: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = openat$random(0xffffffffffffff9c, 0x0, 0x0, 0x0) sync_file_range(r0, 0x0, 0x0, 0x0) 14:10:38 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001000)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc4c85512, &(0x7f0000001000)) 14:10:38 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock2(&(0x7f00004de000/0x4000)=nil, 0x4000, 0x0) munlock(&(0x7f00004df000/0x3000)=nil, 0x3000) 14:10:38 executing program 3: syz_execute_func(&(0x7f0000000040)="b18191cd806969ef69dccf00c4e195e8a4d2e5a700007bb66667450ee8a9db000004024efd5b40f7af8f87fd721c7e50506766400f3831a859b6efb3c4c3090c330053fb1f11cdaefbc44549f216c421fc11c165f00fc70de5110000660f383fd155bebec4210a5fc32af3400faee4de4cde977c7cf752325726400f4d18c4d6fef6f6dd2025500804f4c40e2d690b72c341f6d3c3dbe0") 14:10:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r1, &(0x7f0000000000), 0x10) 14:10:38 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x1cd, 0x0) perf_event_open(&(0x7f0000001000)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc4c85512, &(0x7f0000001000)) 14:10:38 executing program 3: syz_execute_func(&(0x7f0000000040)="b18191cd806969ef69dccf00c4e195e8a4d2e5a700007bb66667450ee8a9db000004024efd5b40f7af8f87fd721c7e50506766400f3831a859b6efb3c4c3090c330053fb1f11cdaefbc44549f216c421fc11c165f00fc70de5110000660f383fd155bebec4210a5fc32af3400faee4de4cde977c7cf752325726400f4d18c4d6fef6f6dd2025500804f4c40e2d690b72c341f6d3c3dbe0") 14:10:38 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f319bd070") r1 = socket$inet(0x10, 0x800000003, 0x10000000000000c) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="24000000010807601dfffd946fa2830020200a0009000600001d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) 14:10:38 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg(r0, &(0x7f000000aac0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000005d40)=[{0xc, 0x1}], 0xc}}], 0x1, 0x50) 14:10:38 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) open(&(0x7f0000000100)='./file0/file0\x00', 0x3, 0x0) 14:10:38 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000000680)=""/190, 0xbe}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='stack\x00') preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0) [ 189.869125] audit: type=1400 audit(1556287838.758:45): avc: denied { create } for pid=7439 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 14:10:38 executing program 3: syz_execute_func(&(0x7f0000000040)="b18191cd806969ef69dccf00c4e195e8a4d2e5a700007bb66667450ee8a9db000004024efd5b40f7af8f87fd721c7e50506766400f3831a859b6efb3c4c3090c330053fb1f11cdaefbc44549f216c421fc11c165f00fc70de5110000660f383fd155bebec4210a5fc32af3400faee4de4cde977c7cf752325726400f4d18c4d6fef6f6dd2025500804f4c40e2d690b72c341f6d3c3dbe0") 14:10:38 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) creat(&(0x7f0000000080)='./file0\x00', 0x0) socket$unix(0x1, 0x3, 0x0) pipe(&(0x7f0000000180)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 14:10:38 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x7, &(0x7f0000013e95), 0x4) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x7d, 0x0, &(0x7f0000000100)) close(r2) close(r1) 14:10:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) fcntl$addseals(0xffffffffffffffff, 0x409, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f00000000c0)="66b80f0000000f23d00f21f86635000000000f23f866b87e13e8ab0f23c80f21f86635000070000f23f80f20590f73d600640f0766b93d0b00000f320fc72cb800008ec82e640f5a4700660f13890000", 0x50}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:10:38 executing program 3: syz_execute_func(0x0) [ 190.033052] audit: type=1400 audit(1556287838.758:46): avc: denied { write } for pid=7439 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 14:10:39 executing program 3: syz_execute_func(0x0) 14:10:39 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$binfmt_aout(r1, &(0x7f00000006c0)=ANY=[@ANYBLOB="0000000000000000070008100000ee8b08b7960ff7aa6e041c7700fd15873809aa0063b8f24252b1d85cbf000000000038f70f653f0ffb09f0d536b564df5e0a9efd50fe203534da91b5b9fb501e1ac4bfa3841f9d63e232b9b2500fb1d96033ccfdff066428eb74af955568576bc5a15aff94ce45ffd34ef01cb29b1229b421db3bcc3fa1eae6f1b1d0c15b22e6eb0d8608bb83b955cad9e5b56dbb18e65ec595c4b7d0e0f50b0c90abdd35b87bcc8cd0d4a7a4"], 0xb4) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) [ 190.097857] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 14:10:39 executing program 3: syz_execute_func(0x0) [ 190.150179] protocol 88fb is buggy, dev hsr_slave_0 [ 190.155482] protocol 88fb is buggy, dev hsr_slave_1 14:10:39 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0) flistxattr(0xffffffffffffffff, &(0x7f00000000c0)=""/9, 0x9) sched_setscheduler(0x0, 0x0, 0x0) shmget(0x3, 0x3000, 0x0, &(0x7f0000572000/0x3000)=nil) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000480)={0x0, 0x568f, 0x0, 0x7, 0x6, 0x3, 0x0, 0x89d, 0x0, 0x8, 0x0, 0x5}) futex(&(0x7f000000cffc), 0x800000000006, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = semget(0x0, 0x0, 0x85) semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000280)=""/132) prctl$PR_GET_FPEXC(0xb, 0x0) syz_genetlink_get_family_id$tipc2(0x0) clock_gettime(0x0, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) write$cgroup_pid(r2, &(0x7f0000000080), 0xfffffe38) r3 = perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x660c, 0x0) write$P9_RSTAT(r2, 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000005, 0x13, r0, 0x0) setxattr$security_smack_transmute(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000001c0)='TRUE', 0x4, 0x1) ioctl$VT_WAITACTIVE(r2, 0x5607) syz_open_procfs(0x0, 0x0) epoll_pwait(r2, &(0x7f00000004c0)=[{}], 0x1, 0x3, &(0x7f0000000580), 0x8) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xffffffffffffffff, 0x4002091, r3, 0x0) ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000340)={0x2, 0x3f}) [ 190.231015] protocol 88fb is buggy, dev hsr_slave_0 [ 190.236222] protocol 88fb is buggy, dev hsr_slave_1 14:10:39 executing program 3: syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0) socket$packet(0x11, 0x3, 0x300) socket(0x1e, 0x4, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x84) connect$inet6(r0, &(0x7f0000000080), 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) [ 190.321038] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 190.335681] FAT-fs (loop2): Filesystem has been set read-only [ 190.342838] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 17) [ 190.592219] audit: type=1400 audit(1556287839.488:47): avc: denied { map } for pid=7487 comm="syz-executor.5" path="socket:[27893]" dev="sockfs" ino=27893 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 190.620398] audit: type=1400 audit(1556287839.488:48): avc: denied { accept } for pid=7487 comm="syz-executor.5" path="socket:[27893]" dev="sockfs" ino=27893 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 190.650132] protocol 88fb is buggy, dev hsr_slave_0 [ 190.655408] protocol 88fb is buggy, dev hsr_slave_1 14:10:39 executing program 1: inotify_init1(0x0) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, 0x0, 0x0) 14:10:39 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x7, &(0x7f0000013e95), 0x4) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x70, 0x0, &(0x7f0000000100)) close(r2) close(r1) 14:10:39 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$binfmt_aout(r1, &(0x7f00000006c0)=ANY=[@ANYBLOB="0000000000000000070008100000ee8b08b7960ff7aa6e041c7700fd15873809aa0063b8f24252b1d85cbf000000000038f70f653f0ffb09f0d536b564df5e0a9efd50fe203534da91b5b9fb501e1ac4bfa3841f9d63e232b9b2500fb1d96033ccfdff066428eb74af955568576bc5a15aff94ce45ffd34ef01cb29b1229b421db3bcc3fa1eae6f1b1d0c15b22e6eb0d8608bb83b955cad9e5b56dbb18e65ec595c4b7d0e0f50b0c90abdd35b87bcc8cd0d4a7a4"], 0xb4) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) [ 190.818165] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 190.826955] FAT-fs (loop2): Filesystem has been set read-only [ 190.842235] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 17) 14:10:39 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000200)={0x6, @local, 0x0, 0x0, 'rr\x00', 0x0, 0x81, 0x46}, 0x2c) 14:10:39 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0) flistxattr(0xffffffffffffffff, &(0x7f00000000c0)=""/9, 0x9) sched_setscheduler(0x0, 0x0, 0x0) shmget(0x3, 0x3000, 0x0, &(0x7f0000572000/0x3000)=nil) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000480)={0x0, 0x568f, 0x0, 0x7, 0x6, 0x3, 0x0, 0x89d, 0x0, 0x8, 0x0, 0x5}) futex(&(0x7f000000cffc), 0x800000000006, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = semget(0x0, 0x0, 0x85) semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000280)=""/132) prctl$PR_GET_FPEXC(0xb, 0x0) syz_genetlink_get_family_id$tipc2(0x0) clock_gettime(0x0, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) write$cgroup_pid(r2, &(0x7f0000000080), 0xfffffe38) r3 = perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x660c, 0x0) write$P9_RSTAT(r2, 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000005, 0x13, r0, 0x0) setxattr$security_smack_transmute(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000001c0)='TRUE', 0x4, 0x1) ioctl$VT_WAITACTIVE(r2, 0x5607) syz_open_procfs(0x0, 0x0) epoll_pwait(r2, &(0x7f00000004c0)=[{}], 0x1, 0x3, &(0x7f0000000580), 0x8) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xffffffffffffffff, 0x4002091, r3, 0x0) ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000340)={0x2, 0x3f}) 14:10:39 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f319bd070") r1 = socket$inet(0x10, 0x800000003, 0x10000000000000c) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="24000000010807681dfffd946fa2830020200a0009000600001d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) 14:10:39 executing program 2: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = getpid() sched_setattr(r0, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x40000200) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw6\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0) preadv(r1, &(0x7f00000017c0), 0x1fe, 0x400000000000) [ 190.870324] protocol 88fb is buggy, dev hsr_slave_0 [ 190.875432] protocol 88fb is buggy, dev hsr_slave_1 [ 190.904974] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 14:10:39 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000200)={0x6, @local, 0x0, 0x0, 'rr\x00', 0x0, 0x81, 0x46}, 0x2c) 14:10:39 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000ac5000), 0x4) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) r2 = memfd_create(&(0x7f0000000080)='dev ', 0x0) write(r2, &(0x7f0000000040)="16", 0x1) sendfile(r1, r2, &(0x7f0000000000), 0x1) dup2(r2, r1) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000013) 14:10:39 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000200)={0x6, @local, 0x0, 0x0, 'rr\x00', 0x0, 0x81, 0x46}, 0x2c) 14:10:40 executing program 0: 14:10:40 executing program 3: syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0) socket$packet(0x11, 0x3, 0x300) socket(0x1e, 0x4, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x84) connect$inet6(r0, &(0x7f0000000080), 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) 14:10:40 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000200)={0x6, @local, 0x0, 0x0, 'rr\x00', 0x0, 0x81, 0x46}, 0x2c) 14:10:40 executing program 1: 14:10:40 executing program 0: 14:10:40 executing program 5: 14:10:40 executing program 5: 14:10:40 executing program 4: [ 191.830238] protocol 88fb is buggy, dev hsr_slave_0 [ 191.835383] protocol 88fb is buggy, dev hsr_slave_1 [ 191.890174] IPVS: ftp: loaded support on port[0] = 21 14:10:41 executing program 2: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = getpid() sched_setattr(r0, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x40000200) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw6\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0) preadv(r1, &(0x7f00000017c0), 0x1fe, 0x400000000000) 14:10:41 executing program 0: 14:10:41 executing program 1: 14:10:41 executing program 5: 14:10:41 executing program 4: 14:10:41 executing program 1: 14:10:41 executing program 0: 14:10:41 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ceph(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x11000, 0x0) 14:10:41 executing program 3: 14:10:41 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000000680)=""/190, 0xbe}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='stack\x00') preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0) syz_open_procfs(0x0, 0x0) 14:10:41 executing program 3: 14:10:41 executing program 1: 14:10:41 executing program 2: 14:10:41 executing program 0: 14:10:41 executing program 1: 14:10:41 executing program 3: 14:10:41 executing program 4: 14:10:41 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000000680)=""/190, 0xbe}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='stack\x00') preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0) syz_open_procfs(0x0, 0x0) 14:10:41 executing program 0: 14:10:41 executing program 2: 14:10:42 executing program 1: syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="0090006b7f040000006c4c00000000000000000000000000e0e51532000000000200880126000100000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}]) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 14:10:42 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000180)=""/11, 0x8c0d351c) accept4$packet(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x800) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) r1 = dup2(r0, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000080), 0x1c) r3 = dup2(r2, r2) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) sendto$unix(r3, 0x0, 0x0, 0x8000000020003ffc, &(0x7f0000000280)=@abs={0x1}, 0x6e) ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000100)) 14:10:42 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) syz_open_dev$ndb(&(0x7f00000002c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x800) syz_execute_func(&(0x7f00000001c0)="b13691cd803eedf26f6fd0c40f5ead0e0000005bf91cc10f788e008000000fc4014c5868f4a95ff9c44149f2168f4808eebce00000802000c4217c5e51c1ead8cfc48192558dc3c366450f18674667f3426f7c7c730f5726cb660f72d55a181836019b9bf6e3df64673667856666430fefb30000000000c0e7f30f1a120f984898111d54111d00") 14:10:42 executing program 0: clone(0x0, 0x0, 0x0, 0x0, 0x0) signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) 14:10:42 executing program 2: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000300)='/dev/audio\x00', 0x0, 0x0) close(r1) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000640)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000100)={0x0, r1}) [ 193.254468] ldm_validate_privheads(): Disk read failed. [ 193.282791] loop1: p1 p2 p3 p4 14:10:42 executing program 0: sysinfo(&(0x7f0000000000)=""/22) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x392, &(0x7f0000000440)}, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) r1 = syz_open_dev$usbmon(0x0, 0x0, 0x0) setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000040)=0x1ff, 0x4) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000980), &(0x7f00000009c0)=0xc) write$P9_RFSYNC(r1, &(0x7f0000000100)={0x7, 0x33, 0x1}, 0x7) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000140)={0x0, r0, 0x7f, 0xffff, 0x4, 0x2}) sendmsg(r1, &(0x7f0000000940)={&(0x7f0000000200)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000700)="46913ed009ec7e758850e2a9d962c6b4584b572bb269753daec5c22fc476d81bce1f0a9dded3b7293d22228b83299b75898ecf0b469864d27ad6ada0cde77febd0f770c10765401738a7e33b022d606c7df636e5a9bd211131ba597e744b0431131fa1a85c725aaef6314e60c7b27d7d71ec3af64c306e34a390e492bc4e0caabe0554f23b53fec6a25140e7effeb9a51651a831651889aaaa6f", 0x9a}], 0x1}, 0x800) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f0000000080)={0xc6, 0x9, "97e3302e14d04b5b17dc30cadecf8dc1da7ccd66ddbc9b29fa58ffaf1e9340b6", 0x200, 0x80000000, 0xd1f, 0x0, 0x8}) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x80800) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', @ifru_flags}) 14:10:42 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) syz_open_dev$ndb(&(0x7f00000002c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x800) syz_execute_func(&(0x7f00000001c0)="b13691cd803eedf26f6fd0c40f5ead0e0000005bf91cc10f788e008000000fc4014c5868f4a95ff9c44149f2168f4808eebce00000802000c4217c5e51c1ead8cfc48192558dc3c366450f18674667f3426f7c7c730f5726cb660f72d55a181836019b9bf6e3df64673667856666430fefb30000000000c0e7f30f1a120f984898111d54111d00") [ 193.305835] loop1: partition table partially beyond EOD, truncated [ 193.348909] loop1: p1 start 1 is beyond EOD, truncated 14:10:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0) syz_execute_func(&(0x7f00000001c0)="b13691cd803eedf26f6fd0c40f5ead0e0000005bf91cc10f788e008000000fc4014c5868f4a95ff9c44149f2168f4808eebce00000802000c4217c5e51c1ead8cfc48192558dc3c366450f18674667f3426f7c7c730f5726cb660f72d55a181836019b9bf6e3df64673667856666430fefb30000000000c0e7f30f1a120f984898111d54111d00") [ 193.375240] loop1: p2 start 101 is beyond EOD, truncated [ 193.402452] loop1: p3 start 201 is beyond EOD, truncated [ 193.426192] loop1: p4 start 301 is beyond EOD, truncated 14:10:42 executing program 1: syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="0090006b7f040000006c4c00000000000000000000000000e0e51532000000000200880126000100000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}]) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 14:10:42 executing program 5: r0 = open(&(0x7f0000000080)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = open(&(0x7f00000007c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") fcntl$setlease(r1, 0x400, 0x2) [ 193.601066] ldm_validate_privheads(): Disk read failed. [ 193.606628] loop1: p1 p2 p3 p4 [ 193.622444] loop1: partition table partially beyond EOD, truncated [ 193.655299] loop1: p1 start 1 is beyond EOD, truncated 14:10:42 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000000180), 0x400000000000370, 0x0, &(0x7f0000000100)={0x77359400}) 14:10:42 executing program 0: sysinfo(&(0x7f0000000000)=""/22) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x392, &(0x7f0000000440)}, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) r1 = syz_open_dev$usbmon(0x0, 0x0, 0x0) setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000040)=0x1ff, 0x4) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000980), &(0x7f00000009c0)=0xc) write$P9_RFSYNC(r1, &(0x7f0000000100)={0x7, 0x33, 0x1}, 0x7) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000140)={0x0, r0, 0x7f, 0xffff, 0x4, 0x2}) sendmsg(r1, &(0x7f0000000940)={&(0x7f0000000200)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000700)="46913ed009ec7e758850e2a9d962c6b4584b572bb269753daec5c22fc476d81bce1f0a9dded3b7293d22228b83299b75898ecf0b469864d27ad6ada0cde77febd0f770c10765401738a7e33b022d606c7df636e5a9bd211131ba597e744b0431131fa1a85c725aaef6314e60c7b27d7d71ec3af64c306e34a390e492bc4e0caabe0554f23b53fec6a25140e7effeb9a51651a831651889aaaa6f", 0x9a}], 0x1}, 0x800) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f0000000080)={0xc6, 0x9, "97e3302e14d04b5b17dc30cadecf8dc1da7ccd66ddbc9b29fa58ffaf1e9340b6", 0x200, 0x80000000, 0xd1f, 0x0, 0x8}) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x80800) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', @ifru_flags}) 14:10:42 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x2, 0x82800) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r0, 0xc0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x7, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x0, &(0x7f0000001000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}}, 0x108) syz_open_procfs(0x0, &(0x7f000012bff2)='net/mcfilter6\x00') sched_setaffinity(0x0, 0xffffffffffffff6b, &(0x7f0000000940)=0x5) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00') socket$packet(0x11, 0x800000002, 0x300) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x20004, 0x800000032, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0) preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000) timer_gettime(0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) add_key$user(&(0x7f0000000040)='user\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) [ 193.686699] loop1: p2 start 101 is beyond EOD, truncated [ 193.711175] loop1: p3 start 201 is beyond EOD, truncated [ 193.716841] loop1: p4 start 301 is beyond EOD, truncated 14:10:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x8}]}}}]}, 0x3c}}, 0x0) 14:10:43 executing program 0: sysinfo(&(0x7f0000000000)=""/22) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x392, &(0x7f0000000440)}, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) r1 = syz_open_dev$usbmon(0x0, 0x0, 0x0) setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000040)=0x1ff, 0x4) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000980), &(0x7f00000009c0)=0xc) write$P9_RFSYNC(r1, &(0x7f0000000100)={0x7, 0x33, 0x1}, 0x7) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000140)={0x0, r0, 0x7f, 0xffff, 0x4, 0x2}) sendmsg(r1, &(0x7f0000000940)={&(0x7f0000000200)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000700)="46913ed009ec7e758850e2a9d962c6b4584b572bb269753daec5c22fc476d81bce1f0a9dded3b7293d22228b83299b75898ecf0b469864d27ad6ada0cde77febd0f770c10765401738a7e33b022d606c7df636e5a9bd211131ba597e744b0431131fa1a85c725aaef6314e60c7b27d7d71ec3af64c306e34a390e492bc4e0caabe0554f23b53fec6a25140e7effeb9a51651a831651889aaaa6f", 0x9a}], 0x1}, 0x800) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f0000000080)={0xc6, 0x9, "97e3302e14d04b5b17dc30cadecf8dc1da7ccd66ddbc9b29fa58ffaf1e9340b6", 0x200, 0x80000000, 0xd1f, 0x0, 0x8}) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x80800) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', @ifru_flags}) 14:10:43 executing program 5: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) flistxattr(0xffffffffffffffff, 0x0, 0x0) fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) sendto$inet6(r0, &(0x7f0000000600), 0x0, 0x0, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) 14:10:43 executing program 1: syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="0090006b7f040000006c4c00000000000000000000000000e0e51532000000000200880126000100000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}]) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 14:10:43 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000000180), 0x400000000000370, 0x0, &(0x7f0000000100)={0x77359400}) 14:10:43 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x2, 0x82800) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r0, 0xc0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x7, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x0, &(0x7f0000001000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}}, 0x108) syz_open_procfs(0x0, &(0x7f000012bff2)='net/mcfilter6\x00') sched_setaffinity(0x0, 0xffffffffffffff6b, &(0x7f0000000940)=0x5) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00') socket$packet(0x11, 0x800000002, 0x300) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x20004, 0x800000032, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0) preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000) timer_gettime(0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) add_key$user(&(0x7f0000000040)='user\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) 14:10:43 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000180)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[], 0x0, 0x280}) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000000)) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:10:43 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x2, 0x82800) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r0, 0xc0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x7, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x0, &(0x7f0000001000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}}, 0x108) syz_open_procfs(0x0, &(0x7f000012bff2)='net/mcfilter6\x00') sched_setaffinity(0x0, 0xffffffffffffff6b, &(0x7f0000000940)=0x5) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00') socket$packet(0x11, 0x800000002, 0x300) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x20004, 0x800000032, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0) preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000) timer_gettime(0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) add_key$user(&(0x7f0000000040)='user\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) [ 194.251831] ldm_validate_privheads(): Disk read failed. [ 194.257325] loop1: p1 p2 p3 p4 [ 194.285458] loop1: partition table partially beyond EOD, truncated [ 194.316630] loop1: p1 start 1 is beyond EOD, truncated 14:10:43 executing program 3: socket$netlink(0x10, 0x3, 0x0) connect$netlink(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x1, 0x9010000000000084) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0xe, 0x0, 0x0) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x8) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = accept4(r0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001580)='cpu.stat\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x1f4, 0x0, 0x0, 0x54}, 0x98) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000400)) [ 194.354250] loop1: p2 start 101 is beyond EOD, truncated [ 194.384568] loop1: p3 start 201 is beyond EOD, truncated 14:10:43 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) fcntl$lock(r0, 0x26, &(0x7f0000000040)={0x0, 0x1}) [ 194.440923] loop1: p4 start 301 is beyond EOD, truncated 14:10:43 executing program 0: sysinfo(&(0x7f0000000000)=""/22) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x392, &(0x7f0000000440)}, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) r1 = syz_open_dev$usbmon(0x0, 0x0, 0x0) setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000040)=0x1ff, 0x4) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000980), &(0x7f00000009c0)=0xc) write$P9_RFSYNC(r1, &(0x7f0000000100)={0x7, 0x33, 0x1}, 0x7) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000140)={0x0, r0, 0x7f, 0xffff, 0x4, 0x2}) sendmsg(r1, &(0x7f0000000940)={&(0x7f0000000200)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000700)="46913ed009ec7e758850e2a9d962c6b4584b572bb269753daec5c22fc476d81bce1f0a9dded3b7293d22228b83299b75898ecf0b469864d27ad6ada0cde77febd0f770c10765401738a7e33b022d606c7df636e5a9bd211131ba597e744b0431131fa1a85c725aaef6314e60c7b27d7d71ec3af64c306e34a390e492bc4e0caabe0554f23b53fec6a25140e7effeb9a51651a831651889aaaa6f", 0x9a}], 0x1}, 0x800) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f0000000080)={0xc6, 0x9, "97e3302e14d04b5b17dc30cadecf8dc1da7ccd66ddbc9b29fa58ffaf1e9340b6", 0x200, 0x80000000, 0xd1f, 0x0, 0x8}) accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x80800) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', @ifru_flags}) 14:10:43 executing program 4: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000300)='/dev/audio\x00', 0x0, 0x0) close(r1) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000700)={0x2, 0x0, [{0x0, 0x0, 0x0}, {0x0, 0x0, 0x0}]}) write$vnet(r0, &(0x7f00000004c0)={0x1, {0x0, 0x0, &(0x7f0000000280)=""/118, 0x3, 0x2}}, 0x68) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000100)={0x0, r1}) 14:10:43 executing program 1: syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="0090006b7f040000006c4c00000000000000000000000000e0e51532000000000200880126000100000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}]) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 14:10:43 executing program 0: sysinfo(&(0x7f0000000000)=""/22) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x392, &(0x7f0000000440)}, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) r1 = syz_open_dev$usbmon(0x0, 0x0, 0x0) setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000040)=0x1ff, 0x4) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000980), &(0x7f00000009c0)=0xc) write$P9_RFSYNC(r1, &(0x7f0000000100)={0x7, 0x33, 0x1}, 0x7) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000140)={0x0, r0, 0x7f, 0xffff, 0x4, 0x2}) sendmsg(r1, &(0x7f0000000940)={&(0x7f0000000200)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000700)="46913ed009ec7e758850e2a9d962c6b4584b572bb269753daec5c22fc476d81bce1f0a9dded3b7293d22228b83299b75898ecf0b469864d27ad6ada0cde77febd0f770c10765401738a7e33b022d606c7df636e5a9bd211131ba597e744b0431131fa1a85c725aaef6314e60c7b27d7d71ec3af64c306e34a390e492bc4e0caabe0554f23b53fec6a25140e7effeb9a51651a831651889aaaa6f", 0x9a}], 0x1}, 0x800) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f0000000080)={0xc6, 0x9, "97e3302e14d04b5b17dc30cadecf8dc1da7ccd66ddbc9b29fa58ffaf1e9340b6", 0x200, 0x80000000, 0xd1f, 0x0, 0x8}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', @ifru_flags}) 14:10:43 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x2, 0x82800) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r0, 0xc0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x7, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x0, &(0x7f0000001000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}}, 0x108) syz_open_procfs(0x0, &(0x7f000012bff2)='net/mcfilter6\x00') sched_setaffinity(0x0, 0xffffffffffffff6b, &(0x7f0000000940)=0x5) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00') socket$packet(0x11, 0x800000002, 0x300) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x20004, 0x800000032, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0) preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000) timer_gettime(0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) add_key$user(&(0x7f0000000040)='user\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) 14:10:43 executing program 3: syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x0) socket$packet(0x11, 0x3, 0x300) socket(0x1e, 0x4, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x84) connect$inet6(r0, &(0x7f0000000080), 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) 14:10:43 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r1 = socket$key(0xf, 0x3, 0x2) recvmmsg(r1, &(0x7f00000046c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) tkill(r0, 0x1000000000016) sendmsg$key(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)={0x2, 0xf, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 14:10:43 executing program 4: [ 427.990493] INFO: task syz-executor.0:7264 blocked for more than 140 seconds. [ 427.998103] Not tainted 4.14.113 #3 [ 428.002564] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 428.010955] syz-executor.0 D24768 7264 1 0x00000004 [ 428.016693] Call Trace: [ 428.019385] __schedule+0x7be/0x1cf0 [ 428.023354] ? __mutex_lock+0x737/0x1470 [ 428.027575] ? pci_mmcfg_check_reserved+0x150/0x150 [ 428.032950] schedule+0x92/0x1c0 [ 428.036442] schedule_preempt_disabled+0x13/0x20 [ 428.041667] __mutex_lock+0x73c/0x1470 [ 428.045566] ? trace_hardirqs_on+0x10/0x10 [ 428.050206] ? lo_release+0x84/0x1b0 [ 428.054079] ? save_trace+0x280/0x290 [ 428.058005] ? mutex_trylock+0x1c0/0x1c0 [ 428.062286] ? __blkdev_put+0x397/0x7f0 [ 428.066513] ? find_held_lock+0x35/0x130 [ 428.070978] ? __blkdev_put+0x397/0x7f0 [ 428.074972] ? loop_clr_fd+0xae0/0xae0 [ 428.078944] mutex_lock_nested+0x16/0x20 [ 428.083275] ? mutex_lock_nested+0x16/0x20 [ 428.087707] lo_release+0x84/0x1b0 [ 428.091321] ? loop_clr_fd+0xae0/0xae0 [ 428.095386] __blkdev_put+0x436/0x7f0 [ 428.099295] ? bd_set_size+0xb0/0xb0 [ 428.103082] ? wait_for_completion+0x420/0x420 [ 428.107802] blkdev_put+0x88/0x510 [ 428.111426] ? fcntl_setlk+0xb90/0xb90 [ 428.115584] ? blkdev_put+0x510/0x510 [ 428.119532] blkdev_close+0x8b/0xb0 [ 428.123535] __fput+0x277/0x7a0 [ 428.126890] ____fput+0x16/0x20 [ 428.130251] task_work_run+0x119/0x190 [ 428.134363] exit_to_usermode_loop+0x1da/0x220 [ 428.139105] do_syscall_64+0x4a9/0x630 [ 428.143182] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 428.148029] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 428.153446] RIP: 0033:0x412b40 [ 428.156645] RSP: 002b:00007ffe9dd5e9e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 428.164540] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000412b40 [ 428.172367] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003 [ 428.179648] RBP: 0000000000000037 R08: 0000000000000000 R09: 000000000000000a [ 428.187169] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 428.194624] R13: 00007ffe9dd5ea20 R14: 000000000002f7fc R15: 00007ffe9dd5ea30 [ 428.201987] INFO: task syz-executor.5:7267 blocked for more than 140 seconds. [ 428.209503] Not tainted 4.14.113 #3 [ 428.213880] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 428.222411] syz-executor.5 D24992 7267 1 0x00000004 [ 428.228169] Call Trace: [ 428.230916] __schedule+0x7be/0x1cf0 [ 428.235165] ? __mutex_lock+0x737/0x1470 [ 428.239355] ? pci_mmcfg_check_reserved+0x150/0x150 [ 428.244627] schedule+0x92/0x1c0 [ 428.247986] schedule_preempt_disabled+0x13/0x20 [ 428.252997] __mutex_lock+0x73c/0x1470 [ 428.256887] ? trace_hardirqs_on+0x10/0x10 [ 428.261346] ? lo_open+0x1d/0xb0 [ 428.264800] ? refcount_inc_not_zero+0x50/0xe0 [ 428.269372] ? mutex_trylock+0x1c0/0x1c0 [ 428.273665] ? find_held_lock+0x35/0x130 [ 428.277979] ? disk_get_part+0x9c/0x140 [ 428.282151] ? lock_downgrade+0x6e0/0x6e0 [ 428.286317] ? loop_unregister_transfer+0x90/0x90 [ 428.291584] mutex_lock_nested+0x16/0x20 [ 428.295643] ? mutex_lock_nested+0x16/0x20 [ 428.299861] lo_open+0x1d/0xb0 [ 428.303788] __blkdev_get+0x2c9/0x1120 [ 428.307682] ? __blkdev_put+0x7f0/0x7f0 [ 428.312011] ? bd_acquire+0x178/0x2c0 [ 428.316053] ? find_held_lock+0x35/0x130 [ 428.320163] blkdev_get+0xa8/0x8e0 [ 428.324061] ? bd_may_claim+0xd0/0xd0 [ 428.327865] ? _raw_spin_unlock+0x2d/0x50 [ 428.332069] blkdev_open+0x1d1/0x260 [ 428.336065] ? security_file_open+0x8f/0x1a0 [ 428.340546] do_dentry_open+0x73e/0xeb0 [ 428.344782] ? bd_acquire+0x2c0/0x2c0 [ 428.348827] vfs_open+0x105/0x230 [ 428.352469] path_openat+0x8bd/0x3f70 [ 428.356390] ? trace_hardirqs_on+0x10/0x10 [ 428.361010] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 428.365808] ? find_held_lock+0x35/0x130 [ 428.370015] ? __alloc_fd+0x1d4/0x4a0 [ 428.374020] do_filp_open+0x18e/0x250 [ 428.377832] ? may_open_dev+0xe0/0xe0 [ 428.381895] ? _raw_spin_unlock+0x2d/0x50 [ 428.386047] ? __alloc_fd+0x1d4/0x4a0 [ 428.389897] do_sys_open+0x2c5/0x430 [ 428.393684] ? filp_open+0x70/0x70 [ 428.397218] SyS_open+0x2d/0x40 [ 428.400681] ? do_sys_open+0x430/0x430 [ 428.404575] do_syscall_64+0x1eb/0x630 [ 428.408448] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 428.413371] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 428.418558] RIP: 0033:0x412d20 [ 428.421803] RSP: 002b:00007fff56fc1fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 428.429899] RAX: ffffffffffffffda RBX: 000000000002f868 RCX: 0000000000412d20 [ 428.437729] RDX: 00007fff56fc204a RSI: 0000000000000002 RDI: 00007fff56fc2040 [ 428.445309] RBP: 0000000000000037 R08: 0000000000000000 R09: 000000000000000a [ 428.452937] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 428.460414] R13: 00007fff56fc1ff0 R14: 000000000002f7bd R15: 00007fff56fc2000 [ 428.468037] INFO: task syz-executor.2:7269 blocked for more than 140 seconds. [ 428.475444] Not tainted 4.14.113 #3 [ 428.479745] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 428.487934] syz-executor.2 D24992 7269 1 0x00000004 [ 428.493676] Call Trace: [ 428.496549] __schedule+0x7be/0x1cf0 [ 428.500319] ? __mutex_lock+0x737/0x1470 [ 428.504446] ? pci_mmcfg_check_reserved+0x150/0x150 [ 428.509480] schedule+0x92/0x1c0 [ 428.513146] schedule_preempt_disabled+0x13/0x20 [ 428.518045] __mutex_lock+0x73c/0x1470 [ 428.522108] ? trace_hardirqs_on+0x10/0x10 [ 428.526493] ? lo_open+0x1d/0xb0 [ 428.529956] ? refcount_inc_not_zero+0x50/0xe0 [ 428.534739] ? mutex_trylock+0x1c0/0x1c0 [ 428.539109] ? find_held_lock+0x35/0x130 [ 428.543241] ? disk_get_part+0x9c/0x140 [ 428.547386] ? lock_downgrade+0x6e0/0x6e0 [ 428.551645] ? loop_unregister_transfer+0x90/0x90 [ 428.556497] mutex_lock_nested+0x16/0x20 [ 428.561050] ? mutex_lock_nested+0x16/0x20 [ 428.565284] lo_open+0x1d/0xb0 [ 428.568464] __blkdev_get+0x2c9/0x1120 [ 428.572437] ? __blkdev_put+0x7f0/0x7f0 [ 428.576743] ? bd_acquire+0x178/0x2c0 [ 428.580613] ? find_held_lock+0x35/0x130 [ 428.584686] blkdev_get+0xa8/0x8e0 [ 428.588406] ? bd_may_claim+0xd0/0xd0 [ 428.592274] ? _raw_spin_unlock+0x2d/0x50 [ 428.596419] blkdev_open+0x1d1/0x260 [ 428.600414] ? security_file_open+0x8f/0x1a0 [ 428.604865] do_dentry_open+0x73e/0xeb0 [ 428.608875] ? bd_acquire+0x2c0/0x2c0 [ 428.612747] vfs_open+0x105/0x230 [ 428.616197] path_openat+0x8bd/0x3f70 [ 428.619992] ? trace_hardirqs_on+0x10/0x10 [ 428.624532] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 428.629209] ? find_held_lock+0x35/0x130 [ 428.633572] ? __alloc_fd+0x1d4/0x4a0 [ 428.637618] do_filp_open+0x18e/0x250 [ 428.641520] ? may_open_dev+0xe0/0xe0 [ 428.645334] ? _raw_spin_unlock+0x2d/0x50 [ 428.649595] ? __alloc_fd+0x1d4/0x4a0 [ 428.653634] do_sys_open+0x2c5/0x430 [ 428.657365] ? filp_open+0x70/0x70 [ 428.661194] SyS_open+0x2d/0x40 [ 428.664627] ? do_sys_open+0x430/0x430 [ 428.668727] do_syscall_64+0x1eb/0x630 [ 428.672911] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 428.677997] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 428.683270] RIP: 0033:0x412d20 [ 428.686468] RSP: 002b:00007ffcb6e07398 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 428.694993] RAX: ffffffffffffffda RBX: 000000000002f860 RCX: 0000000000412d20 [ 428.702444] RDX: 00007ffcb6e0742a RSI: 0000000000000002 RDI: 00007ffcb6e07420 [ 428.709779] RBP: 000000000000002d R08: 0000000000000000 R09: 000000000000000a [ 428.717243] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 428.725006] R13: 00007ffcb6e073d0 R14: 000000000002f7c8 R15: 00007ffcb6e073e0 [ 428.732893] INFO: task syz-executor.3:7270 blocked for more than 140 seconds. [ 428.740237] Not tainted 4.14.113 #3 [ 428.744390] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 428.752580] syz-executor.3 D25168 7270 1 0x00000004 [ 428.758329] Call Trace: [ 428.760987] __schedule+0x7be/0x1cf0 [ 428.764719] ? __mutex_lock+0x737/0x1470 [ 428.768871] ? pci_mmcfg_check_reserved+0x150/0x150 [ 428.773967] schedule+0x92/0x1c0 [ 428.777384] schedule_preempt_disabled+0x13/0x20 [ 428.782326] __mutex_lock+0x73c/0x1470 [ 428.786235] ? trace_hardirqs_on+0x10/0x10 [ 428.790747] ? lo_open+0x1d/0xb0 [ 428.794215] ? refcount_inc_not_zero+0x50/0xe0 [ 428.799001] ? mutex_trylock+0x1c0/0x1c0 [ 428.803140] ? find_held_lock+0x35/0x130 [ 428.807334] ? disk_get_part+0x9c/0x140 [ 428.811679] ? lock_downgrade+0x6e0/0x6e0 [ 428.815842] ? loop_unregister_transfer+0x90/0x90 [ 428.821395] mutex_lock_nested+0x16/0x20 [ 428.825467] ? mutex_lock_nested+0x16/0x20 [ 428.829700] lo_open+0x1d/0xb0 [ 428.832955] __blkdev_get+0x2c9/0x1120 [ 428.836943] ? __blkdev_put+0x7f0/0x7f0 [ 428.840970] ? bd_acquire+0x178/0x2c0 [ 428.844812] ? find_held_lock+0x35/0x130 [ 428.849108] blkdev_get+0xa8/0x8e0 [ 428.853123] ? bd_may_claim+0xd0/0xd0 [ 428.857004] ? _raw_spin_unlock+0x2d/0x50 [ 428.861373] blkdev_open+0x1d1/0x260 [ 428.865112] ? security_file_open+0x8f/0x1a0 [ 428.869615] do_dentry_open+0x73e/0xeb0 [ 428.873668] ? bd_acquire+0x2c0/0x2c0 [ 428.877497] vfs_open+0x105/0x230 [ 428.881021] path_openat+0x8bd/0x3f70 [ 428.884840] ? trace_hardirqs_on+0x10/0x10 [ 428.889135] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 428.894181] ? find_held_lock+0x35/0x130 [ 428.898352] ? __alloc_fd+0x1d4/0x4a0 [ 428.902244] do_filp_open+0x18e/0x250 [ 428.906280] ? may_open_dev+0xe0/0xe0 [ 428.910569] ? _raw_spin_unlock+0x2d/0x50 [ 428.915243] ? __alloc_fd+0x1d4/0x4a0 [ 428.919184] do_sys_open+0x2c5/0x430 [ 428.923002] ? filp_open+0x70/0x70 [ 428.926643] SyS_open+0x2d/0x40 [ 428.930240] ? do_sys_open+0x430/0x430 [ 428.934262] do_syscall_64+0x1eb/0x630 [ 428.938163] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 428.943330] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 428.948704] RIP: 0033:0x412d20 [ 428.952945] RSP: 002b:00007fffc8b96688 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 428.960918] RAX: ffffffffffffffda RBX: 000000000002f8aa RCX: 0000000000412d20 [ 428.968380] RDX: 00007fffc8b9671a RSI: 0000000000000002 RDI: 00007fffc8b96710 [ 428.975836] RBP: 0000000000000027 R08: 0000000000000000 R09: 000000000000000a [ 428.983166] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 428.990881] R13: 00007fffc8b966c0 R14: 000000000002f7c0 R15: 00007fffc8b966d0 [ 428.998419] INFO: task syz-executor.4:7271 blocked for more than 140 seconds. [ 429.006346] Not tainted 4.14.113 #3 [ 429.010806] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 429.018978] syz-executor.4 D25232 7271 1 0x00000004 [ 429.024687] Call Trace: [ 429.027703] __schedule+0x7be/0x1cf0 [ 429.031654] ? __mutex_lock+0x737/0x1470 [ 429.036032] ? pci_mmcfg_check_reserved+0x150/0x150 [ 429.041215] schedule+0x92/0x1c0 [ 429.044603] schedule_preempt_disabled+0x13/0x20 [ 429.049360] __mutex_lock+0x73c/0x1470 [ 429.053418] ? __mutex_unlock_slowpath+0x71/0x800 [ 429.058277] ? __blkdev_get+0x145/0x1120 [ 429.062404] ? mutex_trylock+0x1c0/0x1c0 [ 429.066475] ? exact_match+0xd/0x20 [ 429.070216] ? kobj_lookup+0x319/0x410 [ 429.074115] ? blkdev_ioctl+0x1880/0x1880 [ 429.078262] mutex_lock_nested+0x16/0x20 [ 429.083228] ? mutex_lock_nested+0x16/0x20 [ 429.087475] __blkdev_get+0x145/0x1120 [ 429.091603] ? __blkdev_put+0x7f0/0x7f0 [ 429.095744] ? bd_acquire+0x178/0x2c0 [ 429.099585] ? find_held_lock+0x35/0x130 [ 429.103814] blkdev_get+0xa8/0x8e0 [ 429.107372] ? bd_may_claim+0xd0/0xd0 [ 429.111758] ? _raw_spin_unlock+0x2d/0x50 [ 429.116084] blkdev_open+0x1d1/0x260 [ 429.119963] ? security_file_open+0x8f/0x1a0 [ 429.124451] do_dentry_open+0x73e/0xeb0 [ 429.128619] ? bd_acquire+0x2c0/0x2c0 [ 429.132656] vfs_open+0x105/0x230 [ 429.136128] path_openat+0x8bd/0x3f70 [ 429.140116] ? trace_hardirqs_on+0x10/0x10 [ 429.144378] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 429.149168] ? find_held_lock+0x35/0x130 [ 429.153390] ? __alloc_fd+0x1d4/0x4a0 [ 429.158783] do_filp_open+0x18e/0x250 [ 429.162646] ? may_open_dev+0xe0/0xe0 [ 429.166515] ? _raw_spin_unlock+0x2d/0x50 [ 429.170725] ? __alloc_fd+0x1d4/0x4a0 [ 429.174540] do_sys_open+0x2c5/0x430 [ 429.178357] ? filp_open+0x70/0x70 [ 429.181964] SyS_open+0x2d/0x40 [ 429.185249] ? do_sys_open+0x430/0x430 [ 429.189134] do_syscall_64+0x1eb/0x630 [ 429.193318] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 429.198457] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 429.203833] RIP: 0033:0x412d20 [ 429.207026] RSP: 002b:00007fff1dedda18 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 429.215323] RAX: ffffffffffffffda RBX: 000000000002f897 RCX: 0000000000412d20 [ 429.223082] RDX: 00007fff1deddaaa RSI: 0000000000000002 RDI: 00007fff1deddaa0 [ 429.230506] RBP: 000000000000002b R08: 0000000000000000 R09: 000000000000000a [ 429.237830] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 429.245435] R13: 00007fff1dedda50 R14: 000000000002f837 R15: 00007fff1dedda60 [ 429.252755] INFO: task blkid:7728 blocked for more than 140 seconds. [ 429.259240] Not tainted 4.14.113 #3 [ 429.263440] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 429.271684] blkid D28880 7728 7442 0x00000004 [ 429.277313] Call Trace: [ 429.280020] __schedule+0x7be/0x1cf0 [ 429.283807] ? __mutex_lock+0x737/0x1470 [ 429.287987] ? pci_mmcfg_check_reserved+0x150/0x150 [ 429.293221] schedule+0x92/0x1c0 [ 429.296604] schedule_preempt_disabled+0x13/0x20 [ 429.301418] __mutex_lock+0x73c/0x1470 [ 429.305306] ? trace_hardirqs_on+0x10/0x10 [ 429.309627] ? lo_open+0x1d/0xb0 [ 429.313044] ? refcount_inc_not_zero+0x50/0xe0 [ 429.317950] ? mutex_trylock+0x1c0/0x1c0 [ 429.322063] ? find_held_lock+0x35/0x130 [ 429.326287] ? disk_get_part+0x9c/0x140 [ 429.330346] ? lock_downgrade+0x6e0/0x6e0 [ 429.334520] ? loop_unregister_transfer+0x90/0x90 [ 429.339480] mutex_lock_nested+0x16/0x20 [ 429.344354] ? mutex_lock_nested+0x16/0x20 [ 429.348762] lo_open+0x1d/0xb0 [ 429.352056] __blkdev_get+0x2c9/0x1120 [ 429.355968] ? __blkdev_put+0x7f0/0x7f0 [ 429.360100] ? bd_acquire+0x178/0x2c0 [ 429.363916] ? find_held_lock+0x35/0x130 [ 429.367985] blkdev_get+0xa8/0x8e0 [ 429.371589] ? bd_may_claim+0xd0/0xd0 [ 429.375506] ? _raw_spin_unlock+0x2d/0x50 [ 429.379716] blkdev_open+0x1d1/0x260 [ 429.383495] ? security_file_open+0x8f/0x1a0 [ 429.388139] do_dentry_open+0x73e/0xeb0 [ 429.392167] ? bd_acquire+0x2c0/0x2c0 [ 429.395981] vfs_open+0x105/0x230 [ 429.399429] path_openat+0x8bd/0x3f70 [ 429.403288] ? trace_hardirqs_on+0x10/0x10 [ 429.407541] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 429.412261] ? find_held_lock+0x35/0x130 [ 429.416336] ? __alloc_fd+0x1d4/0x4a0 [ 429.420327] do_filp_open+0x18e/0x250 [ 429.424135] ? may_open_dev+0xe0/0xe0 [ 429.427983] ? _raw_spin_unlock+0x2d/0x50 [ 429.432303] ? __alloc_fd+0x1d4/0x4a0 [ 429.436139] do_sys_open+0x2c5/0x430 [ 429.439880] ? filp_open+0x70/0x70 [ 429.443577] SyS_open+0x2d/0x40 [ 429.446867] ? do_sys_open+0x430/0x430 [ 429.450799] do_syscall_64+0x1eb/0x630 [ 429.454699] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 429.459538] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 429.464816] RIP: 0033:0x7fc7190f4120 [ 429.468524] RSP: 002b:00007ffc05258258 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 429.476874] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc7190f4120 [ 429.484189] RDX: 00007ffc05259f34 RSI: 0000000000000000 RDI: 00007ffc05259f34 [ 429.491766] RBP: 0000000000000000 R08: 0000000000000078 R09: 0000000000000000 [ 429.499041] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000016c0030 [ 429.506673] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000005 [ 429.514158] INFO: task syz-executor.1:7736 blocked for more than 140 seconds. [ 429.521707] Not tainted 4.14.113 #3 [ 429.525892] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 429.534074] syz-executor.1 D29264 7736 7268 0x00000004 [ 429.539732] Call Trace: [ 429.542394] __schedule+0x7be/0x1cf0 [ 429.546296] ? __mutex_lock+0x737/0x1470 [ 429.550421] ? pci_mmcfg_check_reserved+0x150/0x150 [ 429.555455] schedule+0x92/0x1c0 [ 429.558830] schedule_preempt_disabled+0x13/0x20 [ 429.563857] __mutex_lock+0x73c/0x1470 [ 429.568078] ? blkdev_reread_part+0x1f/0x40 [ 429.572473] ? mutex_trylock+0x1c0/0x1c0 [ 429.576762] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 429.582017] ? __wake_up_common_lock+0xe3/0x160 [ 429.586696] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 429.591992] mutex_lock_nested+0x16/0x20 [ 429.596060] ? mutex_lock_nested+0x16/0x20 [ 429.601239] blkdev_reread_part+0x1f/0x40 [ 429.605398] loop_reread_partitions+0x7c/0x90 [ 429.609893] loop_set_status+0xc28/0x1200 [ 429.614250] loop_set_status64+0xa6/0xf0 [ 429.618318] ? loop_set_status_old+0x2d0/0x2d0 [ 429.622994] lo_ioctl+0x5c1/0x1c70 [ 429.626709] ? loop_probe+0x160/0x160 [ 429.630842] blkdev_ioctl+0x983/0x1880 [ 429.634859] ? blkpg_ioctl+0x980/0x980 [ 429.638773] ? __might_sleep+0x93/0xb0 [ 429.642737] ? __fget+0x210/0x370 [ 429.646323] block_ioctl+0xde/0x120 [ 429.649949] ? blkdev_fallocate+0x3b0/0x3b0 [ 429.654383] do_vfs_ioctl+0x7b9/0x1070 [ 429.658387] ? selinux_file_mprotect+0x5d0/0x5d0 [ 429.663194] ? lock_downgrade+0x6e0/0x6e0 [ 429.667354] ? ioctl_preallocate+0x1c0/0x1c0 [ 429.672129] ? __fget+0x237/0x370 [ 429.675747] ? security_file_ioctl+0x8f/0xc0 [ 429.680342] SyS_ioctl+0x8f/0xc0 [ 429.683725] ? do_vfs_ioctl+0x1070/0x1070 [ 429.687878] do_syscall_64+0x1eb/0x630 [ 429.692004] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 429.696922] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 429.702299] RIP: 0033:0x458c17 [ 429.705718] RSP: 002b:00007f6efc8509f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 429.713844] RAX: ffffffffffffffda RBX: 00007f6efc8516d4 RCX: 0000000000458c17 [ 429.721462] RDX: 00007f6efc850ab0 RSI: 0000000000004c04 RDI: 0000000000000004 [ 429.728755] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 429.736797] R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000003 [ 429.744399] R13: 0000000000000003 R14: 0000000000000004 R15: 00000000ffffffff [ 429.752204] INFO: task blkid:7739 blocked for more than 140 seconds. [ 429.759572] Not tainted 4.14.113 #3 [ 429.763861] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 429.772154] blkid D28880 7739 7230 0x00000004 [ 429.777798] Call Trace: [ 429.780465] __schedule+0x7be/0x1cf0 [ 429.784204] ? __mutex_lock+0x737/0x1470 [ 429.788517] ? pci_mmcfg_check_reserved+0x150/0x150 [ 429.793970] schedule+0x92/0x1c0 [ 429.797585] schedule_preempt_disabled+0x13/0x20 [ 429.802551] __mutex_lock+0x73c/0x1470 [ 429.806494] ? lo_open+0x1d/0xb0 [ 429.809927] ? refcount_inc_not_zero+0x50/0xe0 [ 429.814632] ? mutex_trylock+0x1c0/0x1c0 [ 429.818856] ? exact_match+0xd/0x20 [ 429.822597] ? kobj_lookup+0x319/0x410 [ 429.826574] ? loop_unregister_transfer+0x90/0x90 [ 429.831832] mutex_lock_nested+0x16/0x20 [ 429.835925] ? mutex_lock_nested+0x16/0x20 [ 429.840328] lo_open+0x1d/0xb0 [ 429.843550] __blkdev_get+0xab1/0x1120 [ 429.847551] ? __blkdev_put+0x7f0/0x7f0 [ 429.851659] ? bd_acquire+0x178/0x2c0 [ 429.855472] ? find_held_lock+0x35/0x130 [ 429.859706] blkdev_get+0xa8/0x8e0 [ 429.863971] ? bd_may_claim+0xd0/0xd0 [ 429.868287] ? _raw_spin_unlock+0x2d/0x50 [ 429.872526] blkdev_open+0x1d1/0x260 [ 429.876286] ? security_file_open+0x8f/0x1a0 [ 429.880758] do_dentry_open+0x73e/0xeb0 [ 429.884747] ? bd_acquire+0x2c0/0x2c0 [ 429.888541] vfs_open+0x105/0x230 [ 429.892044] path_openat+0x8bd/0x3f70 [ 429.895855] ? trace_hardirqs_on+0x10/0x10 [ 429.900146] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 429.904823] ? find_held_lock+0x35/0x130 [ 429.908985] ? __alloc_fd+0x1d4/0x4a0 [ 429.912856] do_filp_open+0x18e/0x250 [ 429.916667] ? may_open_dev+0xe0/0xe0 [ 429.920545] ? _raw_spin_unlock+0x2d/0x50 [ 429.924699] ? __alloc_fd+0x1d4/0x4a0 [ 429.928611] do_sys_open+0x2c5/0x430 [ 429.932384] ? filp_open+0x70/0x70 [ 429.936020] SyS_open+0x2d/0x40 [ 429.939282] ? do_sys_open+0x430/0x430 [ 429.943244] do_syscall_64+0x1eb/0x630 [ 429.947134] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 429.952033] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 429.957258] RIP: 0033:0x7fd18a82c120 [ 429.961222] RSP: 002b:00007ffea14bd0f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 429.969065] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd18a82c120 [ 429.976427] RDX: 00007ffea14bef41 RSI: 0000000000000000 RDI: 00007ffea14bef41 [ 429.984189] RBP: 0000000000000000 R08: 0000000000000078 R09: 0000000000000000 [ 429.992113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001617030 [ 429.999411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000005 [ 430.006766] INFO: task blkid:7740 blocked for more than 140 seconds. [ 430.013315] Not tainted 4.14.113 #3 [ 430.017462] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 430.025586] blkid D28880 7740 7231 0x00000004 [ 430.031269] Call Trace: [ 430.033966] __schedule+0x7be/0x1cf0 [ 430.037910] ? __mutex_lock+0x737/0x1470 [ 430.042045] ? pci_mmcfg_check_reserved+0x150/0x150 [ 430.047074] schedule+0x92/0x1c0 [ 430.050476] schedule_preempt_disabled+0x13/0x20 [ 430.055350] __mutex_lock+0x73c/0x1470 [ 430.059226] ? __mutex_unlock_slowpath+0x71/0x800 [ 430.064135] ? __blkdev_get+0x145/0x1120 [ 430.068213] ? mutex_trylock+0x1c0/0x1c0 [ 430.072416] ? exact_match+0xd/0x20 [ 430.076052] ? kobj_lookup+0x319/0x410 [ 430.079937] ? blkdev_ioctl+0x1880/0x1880 [ 430.084147] mutex_lock_nested+0x16/0x20 [ 430.088212] ? mutex_lock_nested+0x16/0x20 [ 430.092501] __blkdev_get+0x145/0x1120 [ 430.096400] ? __blkdev_put+0x7f0/0x7f0 [ 430.100518] ? bd_acquire+0x178/0x2c0 [ 430.104424] ? find_held_lock+0x35/0x130 [ 430.108497] blkdev_get+0xa8/0x8e0 [ 430.112224] ? bd_may_claim+0xd0/0xd0 [ 430.116052] ? _raw_spin_unlock+0x2d/0x50 [ 430.121052] blkdev_open+0x1d1/0x260 [ 430.124774] ? security_file_open+0x8f/0x1a0 [ 430.129169] do_dentry_open+0x73e/0xeb0 [ 430.133203] ? bd_acquire+0x2c0/0x2c0 [ 430.137052] vfs_open+0x105/0x230 [ 430.140574] path_openat+0x8bd/0x3f70 [ 430.144627] ? trace_hardirqs_on+0x10/0x10 [ 430.148885] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 430.153806] ? find_held_lock+0x35/0x130 [ 430.158070] ? __alloc_fd+0x1d4/0x4a0 [ 430.161939] do_filp_open+0x18e/0x250 [ 430.165747] ? may_open_dev+0xe0/0xe0 [ 430.169540] ? _raw_spin_unlock+0x2d/0x50 [ 430.173781] ? __alloc_fd+0x1d4/0x4a0 [ 430.177609] do_sys_open+0x2c5/0x430 [ 430.181380] ? filp_open+0x70/0x70 [ 430.184944] SyS_open+0x2d/0x40 [ 430.188210] ? do_sys_open+0x430/0x430 [ 430.192151] do_syscall_64+0x1eb/0x630 [ 430.196044] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 430.200986] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 430.206182] RIP: 0033:0x7f07b0fcb120 [ 430.209969] RSP: 002b:00007ffdcfae0808 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 430.217792] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07b0fcb120 [ 430.225257] RDX: 00007ffdcfae2f34 RSI: 0000000000000000 RDI: 00007ffdcfae2f34 [ 430.232610] RBP: 0000000000000000 R08: 0000000000000078 R09: 0000000000000000 [ 430.239895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000e3c030 [ 430.247248] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000005 [ 430.254928] [ 430.254928] Showing all locks held in the system: [ 430.261326] 1 lock held by khungtaskd/1008: [ 430.265776] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7f/0x21f [ 430.274933] 2 locks held by getty/7223: [ 430.278917] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 430.287774] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 430.297148] 2 locks held by getty/7224: [ 430.301348] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 430.310132] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 430.319528] 2 locks held by getty/7225: [ 430.323565] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 430.332289] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 430.341647] 2 locks held by getty/7226: [ 430.345704] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 430.354614] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 430.363981] 2 locks held by getty/7227: [ 430.367954] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 430.376690] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 430.386061] 2 locks held by getty/7228: [ 430.390079] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 430.398771] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 430.408113] 2 locks held by getty/7229: [ 430.412128] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 430.420857] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 430.430422] 3 locks held by syz-executor.0/7264: [ 430.435167] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_put+0xa6/0x7f0 [ 430.443736] #1: (loop_index_mutex){+.+.}, at: [] lo_release+0x1e/0x1b0 [ 430.452210] #2: (loop_ctl_mutex#2){+.+.}, at: [] lo_release+0x84/0x1b0 [ 430.460695] 2 locks held by syz-executor.5/7267: [ 430.465477] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x145/0x1120 [ 430.474269] #1: (loop_index_mutex){+.+.}, at: [] lo_open+0x1d/0xb0 [ 430.482396] 2 locks held by syz-executor.2/7269: [ 430.487143] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x145/0x1120 [ 430.495861] #1: (loop_index_mutex){+.+.}, at: [] lo_open+0x1d/0xb0 [ 430.503984] 2 locks held by syz-executor.3/7270: [ 430.508736] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x145/0x1120 [ 430.517466] #1: (loop_index_mutex){+.+.}, at: [] lo_open+0x1d/0xb0 [ 430.525756] 1 lock held by syz-executor.4/7271: [ 430.530449] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x145/0x1120 [ 430.539376] 2 locks held by blkid/7728: [ 430.543392] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x145/0x1120 [ 430.552122] #1: (loop_index_mutex){+.+.}, at: [] lo_open+0x1d/0xb0 [ 430.560251] 2 locks held by syz-executor.1/7736: [ 430.565017] #0: (loop_ctl_mutex/1){+.+.}, at: [] lo_ioctl+0x87/0x1c70 [ 430.573642] #1: (&bdev->bd_mutex){+.+.}, at: [] blkdev_reread_part+0x1f/0x40 [ 430.582649] 2 locks held by blkid/7739: [ 430.586619] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x145/0x1120 [ 430.595347] #1: (loop_index_mutex){+.+.}, at: [] lo_open+0x1d/0xb0 [ 430.603588] 1 lock held by blkid/7740: [ 430.607469] #0: (&bdev->bd_mutex){+.+.}, at: [] __blkdev_get+0x145/0x1120 [ 430.616370] [ 430.618019] ============================================= [ 430.618019] [ 430.625416] NMI backtrace for cpu 1 [ 430.629063] CPU: 1 PID: 1008 Comm: khungtaskd Not tainted 4.14.113 #3 [ 430.635626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 430.644967] Call Trace: [ 430.647549] dump_stack+0x138/0x19c [ 430.651307] nmi_cpu_backtrace.cold+0x57/0x94 [ 430.656177] ? irq_force_complete_move.cold+0x7d/0x7d [ 430.661373] nmi_trigger_cpumask_backtrace+0x141/0x189 [ 430.666655] arch_trigger_cpumask_backtrace+0x14/0x20 [ 430.671943] watchdog+0x5e7/0xb90 [ 430.675504] kthread+0x31c/0x430 [ 430.678905] ? hungtask_pm_notify+0x60/0x60 [ 430.683238] ? kthread_create_on_node+0xd0/0xd0 [ 430.687937] ret_from_fork+0x3a/0x50 [ 430.691930] Sending NMI from CPU 1 to CPUs 0: [ 430.696856] NMI backtrace for cpu 0 [ 430.696861] CPU: 0 PID: 2299 Comm: kworker/u4:4 Not tainted 4.14.113 #3 [ 430.696868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 430.696870] Workqueue: bat_events batadv_nc_worker [ 430.696876] task: ffff8880a1b68540 task.stack: ffff8880a1b70000 [ 430.696879] RIP: 0010:lock_release+0x38c/0x940 [ 430.696881] RSP: 0018:ffff8880a1b77bd0 EFLAGS: 00000046 [ 430.696890] RAX: 0000000000000000 RBX: 1ffff1101436ef80 RCX: 1ffff1101436d1b6 [ 430.696893] RDX: 0000000000000003 RSI: 0000000000000003 RDI: ffff8880a1b68540 [ 430.696897] RBP: ffff8880a1b77c68 R08: ffff8880a1b68540 R09: 0000000000000003 [ 430.696901] R10: 0000000000000000 R11: ffff8880a1b68540 R12: 0a99f4b87723b82a [ 430.696907] R13: ffffffff8603a53e R14: ffffffff891a5640 R15: ffff8880a1b77c40 [ 430.696917] FS: 0000000000000000(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 430.696923] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 430.696926] CR2: 00007fd5b81ba000 CR3: 0000000075967000 CR4: 00000000001406f0 [ 430.696930] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 430.696939] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 430.696941] Call Trace: [ 430.696944] ? lock_downgrade+0x6e0/0x6e0 [ 430.696950] batadv_nc_process_nc_paths.part.0+0x225/0x350 [ 430.696958] ? batadv_nc_sniffed_purge+0x310/0x310 [ 430.696964] batadv_nc_worker+0x4bb/0x6d0 [ 430.696967] process_one_work+0x868/0x1610 [ 430.696972] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 430.696977] worker_thread+0x5d9/0x1050 [ 430.696979] kthread+0x31c/0x430 [ 430.696984] ? process_one_work+0x1610/0x1610 [ 430.696987] ? kthread_create_on_node+0xd0/0xd0 [ 430.696990] ret_from_fork+0x3a/0x50 [ 430.696991] Code: 03 80 3c 01 00 0f 85 c7 04 00 00 4d 89 a0 70 08 00 00 83 c2 01 44 89 ce 4c 89 c7 44 89 8d 78 ff ff ff 4c 89 45 80 e8 b4 ea ff ff <4c> 8b 45 80 85 c0 44 8b 8d 78 ff ff ff 75 38 48 b8 00 00 00 00 [ 430.697523] Kernel panic - not syncing: hung_task: blocked tasks [ 430.887302] CPU: 1 PID: 1008 Comm: khungtaskd Not tainted 4.14.113 #3 [ 430.893878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 430.903615] Call Trace: [ 430.906235] dump_stack+0x138/0x19c [ 430.909872] panic+0x1f2/0x438 [ 430.913069] ? add_taint.cold+0x16/0x16 [ 430.917074] ? ___preempt_schedule+0x16/0x18 [ 430.921476] watchdog+0x5f8/0xb90 [ 430.924931] kthread+0x31c/0x430 [ 430.928284] ? hungtask_pm_notify+0x60/0x60 [ 430.932601] ? kthread_create_on_node+0xd0/0xd0 [ 430.937268] ret_from_fork+0x3a/0x50 [ 430.942606] Kernel Offset: disabled [ 430.946237] Rebooting in 86400 seconds..