[ 28.913336] audit: type=1800 audit(1545435024.237:28): pid=5929 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.697834] audit: type=1800 audit(1545435025.117:29): pid=5929 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.718014] audit: type=1800 audit(1545435025.117:30): pid=5929 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.151' (ECDSA) to the list of known hosts. 2018/12/21 23:30:35 fuzzer started 2018/12/21 23:30:38 dialing manager at 10.128.0.26:35391 2018/12/21 23:30:38 syscalls: 1 2018/12/21 23:30:38 code coverage: enabled 2018/12/21 23:30:38 comparison tracing: enabled 2018/12/21 23:30:38 setuid sandbox: enabled 2018/12/21 23:30:38 namespace sandbox: enabled 2018/12/21 23:30:38 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/21 23:30:38 fault injection: enabled 2018/12/21 23:30:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/21 23:30:38 net packet injection: enabled 2018/12/21 23:30:38 net device setup: enabled 23:32:59 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x1}) syzkaller login: [ 184.232956] IPVS: ftp: loaded support on port[0] = 21 23:32:59 executing program 1: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x20355}) [ 184.525452] IPVS: ftp: loaded support on port[0] = 21 23:33:00 executing program 2: syz_open_dev$sndctrl(&(0x7f000000a000)='/dev/snd/controlC#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x80003, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) [ 184.891788] IPVS: ftp: loaded support on port[0] = 21 23:33:00 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000080)='./file0\x00', 0x141042, 0x0) fstat(r2, &(0x7f0000000300)) [ 185.161911] IPVS: ftp: loaded support on port[0] = 21 23:33:00 executing program 4: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x1, 0x2}) [ 185.648067] IPVS: ftp: loaded support on port[0] = 21 23:33:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0xe0ff) [ 186.064039] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.071260] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.080222] device bridge_slave_0 entered promiscuous mode [ 186.213633] IPVS: ftp: loaded support on port[0] = 21 [ 186.227626] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.234824] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.243439] device bridge_slave_1 entered promiscuous mode [ 186.389863] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 186.523146] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 186.705569] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.713625] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.720988] device bridge_slave_0 entered promiscuous mode [ 186.863631] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.870120] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.877767] device bridge_slave_1 entered promiscuous mode [ 186.993756] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.004004] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.012727] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.019194] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.030626] device bridge_slave_0 entered promiscuous mode [ 187.126692] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.161014] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.174249] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.180794] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.193123] device bridge_slave_1 entered promiscuous mode [ 187.263182] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.388810] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.581559] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.711508] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.732637] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.745641] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 187.775159] team0: Port device team_slave_0 added [ 187.780650] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.797512] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.814164] device bridge_slave_0 entered promiscuous mode [ 187.852337] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 187.880001] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.910995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.937126] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.952686] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.963097] device bridge_slave_0 entered promiscuous mode [ 187.975197] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 187.983053] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 187.990636] team0: Port device team_slave_1 added [ 188.010231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.030917] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.038552] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.047092] device bridge_slave_1 entered promiscuous mode [ 188.064185] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.082506] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.089869] device bridge_slave_1 entered promiscuous mode [ 188.162347] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 188.186816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.207875] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.225088] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.278058] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.303023] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.379297] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.398664] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 188.415188] team0: Port device team_slave_0 added [ 188.431348] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 188.451623] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.463254] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.493291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.547280] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 188.554830] team0: Port device team_slave_1 added [ 188.579820] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 188.605540] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 188.624118] team0: Port device team_slave_0 added [ 188.638932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.653794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.724705] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 188.735387] team0: Port device team_slave_1 added [ 188.740703] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 188.768630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.795827] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.848517] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.860861] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 188.872867] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 188.880663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.890424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.931481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.945770] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.964370] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.970751] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.978352] device bridge_slave_0 entered promiscuous mode [ 188.989757] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.004551] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.013551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.021570] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.042556] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.087521] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.134483] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.140883] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.156586] device bridge_slave_1 entered promiscuous mode [ 189.167811] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.189800] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.204358] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.213543] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.221590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.252814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.278528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.314987] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.340066] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.348717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.391204] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.472489] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.553454] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 189.570585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.672372] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.682846] team0: Port device team_slave_0 added [ 189.820980] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 189.828606] team0: Port device team_slave_1 added [ 189.859768] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.931905] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.939603] team0: Port device team_slave_0 added [ 189.948102] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 189.981284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.000179] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.036393] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.063443] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.070871] team0: Port device team_slave_1 added [ 190.097001] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.220480] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.262453] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.270584] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.277116] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.284233] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.290620] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.309471] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 190.316585] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.326652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.363014] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.379368] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.412804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.432743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.483733] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.511541] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.542887] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.562743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.625677] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.655247] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.683093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.763907] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.793258] team0: Port device team_slave_0 added [ 190.803478] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.809857] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.816581] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.822989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.837840] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 190.938528] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.947376] team0: Port device team_slave_1 added [ 190.967351] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.973797] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.980472] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.986928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.999779] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 191.097160] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 191.126604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.153182] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.275736] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.361666] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.392666] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.400874] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.452505] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.459697] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.495886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.504556] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.511795] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.002735] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.009245] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.016019] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.022443] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.047920] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.303459] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.309878] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.316624] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.323040] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.352704] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.512177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.522880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.939835] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.946450] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.953218] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.959602] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.974638] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.522735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.712610] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.180837] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 196.297319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.366875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.685306] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 196.692969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.700089] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.726581] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 196.863729] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 197.137115] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.216601] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 197.225332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.268610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.287888] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 197.306367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.318897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.478941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.488911] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.613916] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.685237] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 197.763766] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.897762] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 198.040234] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.235992] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.259399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.272798] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.402154] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.408354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.417820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.526783] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 198.743865] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.901195] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.039640] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.058617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.073934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.508167] 8021q: adding VLAN 0 to HW filter on device team0 23:33:15 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x1}) [ 200.284026] usb usb2: usbfs: process 7565 (syz-executor0) did not claim interface 0 before use 23:33:15 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x1}) [ 200.363859] usb usb2: usbfs: process 7578 (syz-executor0) did not claim interface 0 before use 23:33:15 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x1}) [ 200.448921] usb usb2: usbfs: process 7587 (syz-executor0) did not claim interface 0 before use 23:33:16 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x1}) [ 200.554171] usb usb2: usbfs: process 7601 (syz-executor0) did not claim interface 0 before use 23:33:16 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x1}) [ 200.597711] usb usb2: usbfs: process 7605 (syz-executor0) did not claim interface 0 before use 23:33:16 executing program 0: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0xc0185500, &(0x7f0000000000)={0x1}) [ 200.662140] usb usb2: usbfs: process 7612 (syz-executor0) did not claim interface 0 before use 23:33:16 executing program 0: r0 = syz_open_dev$usb(0x0, 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x1}) [ 200.803676] vhci_hcd: default hub control req: 5503 v0002 i0000 l0 [ 200.845291] vhci_hcd: default hub control req: 5503 v0002 i0000 l0 23:33:16 executing program 1: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x20355}) 23:33:16 executing program 2: r0 = syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000140)={{0x1}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 200.980138] vhci_hcd: default hub control req: 5503 v0002 i0000 l0 [ 201.463884] audit: type=1804 audit(1545435196.887:31): pid=7695 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor3" name="/root/syzkaller-testdir507119770/syzkaller.3q2fGj/0/file0/file0" dev="loop3" ino=3 res=1 23:33:17 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0xffffffffffffffb4) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r') r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socket$kcm(0x2, 0x3, 0x2) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x8955, &(0x7f0000000040)=0x2) [ 201.524180] audit: type=1804 audit(1545435196.907:32): pid=7699 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor3" name="/root/syzkaller-testdir507119770/syzkaller.3q2fGj/0/file0/file0" dev="loop3" ino=3 res=1 23:33:17 executing program 4: r0 = socket$kcm(0x2, 0x1000000000000805, 0x84) sendmsg(r0, &(0x7f0000000140)={&(0x7f0000000080)=@in={0x2, 0x4e22, @local}, 0x80, &(0x7f0000000740)=[{&(0x7f00000005c0)="f4", 0x1}], 0x1}, 0x0) [ 201.577659] usb usb2: usbfs: process 7705 (syz-executor4) did not claim interface 2 before use [ 201.590643] usb usb2: usbfs: process 7708 (syz-executor4) did not claim interface 2 before use [ 201.763136] [ 201.764934] ====================================================== [ 201.766856] kobject: 'loop5' (00000000077869f8): kobject_uevent_env [ 201.771251] WARNING: possible circular locking dependency detected [ 201.771263] 4.20.0-rc6-next-20181217+ #172 Not tainted [ 201.771274] ------------------------------------------------------ [ 201.780123] kobject: 'loop5' (00000000077869f8): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 201.783986] syz-executor3/7718 is trying to acquire lock: 23:33:17 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0xe0ff) 23:33:17 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x1}) 23:33:17 executing program 2: r0 = syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000140)={{0x1}, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) 23:33:17 executing program 1: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x20355}) 23:33:17 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) recvfrom$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vlan0\x00', r1}) ppoll(&(0x7f0000000000)=[{}], 0x20000000000000a4, 0x0, 0x0, 0x0) [ 201.783992] 00000000ae285a04 (&tbl->lock){+.-.}, at: neigh_change_state+0x1dc/0x7a0 [ 201.784019] [ 201.784019] but task is already holding lock: [ 201.784023] 00000000904f44a3 (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0 [ 201.784053] [ 201.784053] which lock already depends on the new lock. [ 201.784053] [ 201.839914] [ 201.839914] the existing dependency chain (in reverse order) is: [ 201.847530] [ 201.847530] -> #1 (&n->lock){++--}: [ 201.852680] _raw_write_lock+0x2d/0x40 [ 201.857092] neigh_flush_dev+0x34f/0x960 23:33:17 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x1}) [ 201.861682] neigh_changeaddr+0x31/0x40 [ 201.866090] kobject: 'loop5' (00000000077869f8): kobject_uevent_env [ 201.866197] ndisc_netdev_event+0xe6/0x5b0 [ 201.872819] kobject: 'loop5' (00000000077869f8): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 201.877347] notifier_call_chain+0x17e/0x380 [ 201.877361] raw_notifier_call_chain+0x2d/0x40 [ 201.877376] call_netdevice_notifiers_info+0x3f/0x90 [ 201.877395] dev_set_mac_address+0x293/0x3b0 [ 201.907420] do_setlink+0x7c7/0x3f30 23:33:17 executing program 2: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045518, &(0x7f0000000000)={0x1}) [ 201.911661] __rtnl_newlink+0xcde/0x19e0 [ 201.916244] rtnl_newlink+0x6b/0xa0 [ 201.920409] rtnetlink_rcv_msg+0x46a/0xc20 [ 201.925175] netlink_rcv_skb+0x172/0x440 [ 201.929782] rtnetlink_rcv+0x1c/0x20 [ 201.934021] netlink_unicast+0x5a5/0x760 [ 201.938608] netlink_sendmsg+0xa18/0xfc0 [ 201.943208] sock_sendmsg+0xd5/0x120 [ 201.947449] ___sys_sendmsg+0x7fd/0x930 [ 201.951948] __sys_sendmsg+0x11d/0x280 [ 201.952996] kobject: 'loop0' (00000000101a0c5b): kobject_uevent_env 23:33:17 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x1}) [ 201.956364] __x64_sys_sendmsg+0x78/0xb0 [ 201.956380] do_syscall_64+0x1b9/0x820 [ 201.956402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.977469] [ 201.977469] -> #0 (&tbl->lock){+.-.}: [ 201.982769] lock_acquire+0x1ed/0x520 [ 201.987102] _raw_write_lock_bh+0x31/0x40 [ 201.991785] neigh_change_state+0x1dc/0x7a0 [ 201.996635] __neigh_update+0x478/0x1eb0 [ 201.997869] kobject: 'loop0' (00000000101a0c5b): fill_kobj_path: path = '/devices/virtual/block/loop0' 23:33:17 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x8, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='\xfc\xfa\xc5:;k\xf7\xe7z\xe9\xae\x84\x98\xf9\x9c\x8f\x844\xde\xe1\xdc\r\x04\xc1%<_HS\x9cb\xfc\xd3\x1e\x03-\x9a6\xcf\xe1y-\xb5\xd6\xd7=\x91{*mMI\x93q-\xdaE\xa0\xec\xa3B0\x1bU\xc5\xf2\xb4\xbb\xae\xcc\xf8]]H\xf7\xcb\x03U\xa1\x14Mn\xa6O\x10\xdb\xea@1\xbb\xf8\xd29~\xa7\x9d\xd3\xb2a\'\xc3\xdc\a,\xeb\xc9L\xa1\t\x02\xdf\xc2N\xa3\xe9k\xf8\x85\xc7\xf4\xf9U\xa84\x0eG\xbcR\xc2\xda\x9c\"L$=x\xc4\xcf\xc0\x9f\xb5\xfc\xd6\xae/\xdc\xa9\x8d[\x91\xfd\nl\x00\x10\x00\x00t`\xc7\x9d`\x1b*\xfc\xca\xf1 \x00\xde\xe7\xc2\x00\x00', 0xffffffffffffffff, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) [ 202.001222] neigh_update+0x37/0x50 [ 202.001237] arp_req_set+0x54c/0xaa0 [ 202.001253] arp_ioctl+0x48b/0xae0 [ 202.023122] inet_ioctl+0x237/0x360 [ 202.027284] sock_do_ioctl+0xeb/0x420 [ 202.031627] sock_ioctl+0x313/0x690 [ 202.035983] do_vfs_ioctl+0x1de/0x1790 [ 202.040400] ksys_ioctl+0xa9/0xd0 [ 202.044396] __x64_sys_ioctl+0x73/0xb0 [ 202.048829] do_syscall_64+0x1b9/0x820 [ 202.053248] entry_SYSCALL_64_after_hwframe+0x49/0xbe 23:33:17 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0xe0ff) [ 202.057034] kobject: 'loop2' (0000000001407e0d): kobject_uevent_env [ 202.058949] [ 202.058949] other info that might help us debug this: [ 202.058949] [ 202.058954] Possible unsafe locking scenario: [ 202.058954] [ 202.058957] CPU0 CPU1 [ 202.058960] ---- ---- [ 202.058963] lock(&n->lock); [ 202.058972] lock(&tbl->lock); [ 202.058986] lock(&n->lock); [ 202.085289] vhci_hcd: default hub control req: 5503 v0002 i0000 l0 [ 202.088924] lock(&tbl->lock); [ 202.107224] kobject: 'loop2' (0000000001407e0d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 202.109734] [ 202.109734] *** DEADLOCK *** [ 202.109734] [ 202.109744] 2 locks held by syz-executor3/7718: [ 202.109748] #0: 0000000053b7854d (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 202.140453] #1: 00000000904f44a3 (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0 [ 202.148179] [ 202.148179] stack backtrace: [ 202.152682] CPU: 0 PID: 7718 Comm: syz-executor3 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 202.161168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.170525] Call Trace: [ 202.173115] dump_stack+0x244/0x39d [ 202.176748] ? dump_stack_print_info.cold.1+0x20/0x20 [ 202.181957] ? vprintk_func+0x85/0x181 [ 202.185852] print_circular_bug.isra.36.cold.58+0x1bd/0x27d [ 202.191563] ? save_trace+0xe0/0x290 [ 202.195297] __lock_acquire+0x3399/0x4c20 [ 202.199458] ? print_usage_bug+0xc0/0xc0 [ 202.203529] ? mark_held_locks+0x130/0x130 [ 202.207767] ? __call_rcu.constprop.57+0x3ea/0x950 [ 202.212701] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 202.217971] ? call_rcu+0xb/0x10 [ 202.221338] ? trace_hardirqs_off_caller+0x310/0x310 [ 202.226446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.232006] ? mark_held_locks+0x130/0x130 [ 202.236252] ? mark_held_locks+0xc7/0x130 [ 202.240434] ? __local_bh_enable_ip+0x160/0x260 [ 202.245102] ? __local_bh_enable_ip+0x160/0x260 [ 202.249766] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 202.254347] ? trace_hardirqs_on+0xbd/0x310 [ 202.258682] ? trace_hardirqs_off_caller+0x310/0x310 [ 202.263788] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.269322] ? ___neigh_create+0x1704/0x2630 [ 202.273726] ? ___neigh_create+0x1704/0x2630 [ 202.278133] lock_acquire+0x1ed/0x520 [ 202.281940] ? neigh_change_state+0x1dc/0x7a0 [ 202.286442] ? lock_release+0xa00/0xa00 [ 202.290427] _raw_write_lock_bh+0x31/0x40 [ 202.294576] ? neigh_change_state+0x1dc/0x7a0 [ 202.299068] neigh_change_state+0x1dc/0x7a0 [ 202.303396] ? neigh_parms_alloc+0x6d0/0x6d0 [ 202.307811] ? mark_held_locks+0xc7/0x130 [ 202.311967] ? kasan_check_write+0x14/0x20 [ 202.316204] ? do_raw_write_lock+0x14f/0x310 [ 202.320611] ? do_raw_read_unlock+0x70/0x70 [ 202.324941] ? neigh_lookup+0x586/0x7c0 [ 202.328919] ? trace_hardirqs_off_caller+0x310/0x310 [ 202.334027] __neigh_update+0x478/0x1eb0 [ 202.338106] ? __local_bh_enable_ip+0x160/0x260 [ 202.342776] ? arp_key_eq+0x10/0xa0 [ 202.346404] ? __neigh_notify+0x160/0x160 [ 202.350555] ? ip_route_output_key_hash_rcu+0x3490/0x3490 [ 202.356097] ? find_held_lock+0x36/0x1c0 [ 202.360171] neigh_update+0x37/0x50 [ 202.363830] arp_req_set+0x54c/0xaa0 [ 202.367545] ? arp_req_delete+0x870/0x870 [ 202.371700] ? apparmor_cred_prepare+0x5a0/0x5a0 [ 202.376455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.382008] arp_ioctl+0x48b/0xae0 [ 202.385547] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 202.390735] ? arp_constructor+0xd80/0xd80 [ 202.394967] ? futex_wake+0x304/0x760 [ 202.398775] inet_ioctl+0x237/0x360 [ 202.402413] ? inet_stream_connect+0xa0/0xa0 [ 202.406821] ? mark_held_locks+0x130/0x130 [ 202.411052] ? graph_lock+0x270/0x270 [ 202.414853] ? do_futex+0x249/0x26d0 [ 202.418585] ? kmem_cache_alloc_trace+0x356/0x740 [ 202.423432] ? lockdep_init_map+0x105/0x590 [ 202.427775] ? lockdep_init_map+0x105/0x590 [ 202.432103] ? find_held_lock+0x36/0x1c0 [ 202.436170] sock_do_ioctl+0xeb/0x420 [ 202.439979] ? compat_ifr_data_ioctl+0x170/0x170 [ 202.444732] ? check_preemption_disabled+0x48/0x280 [ 202.449745] ? kasan_check_read+0x11/0x20 [ 202.453896] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 202.459183] ? rcu_read_unlock_special+0x370/0x370 [ 202.464124] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 202.469339] sock_ioctl+0x313/0x690 [ 202.472965] ? dlci_ioctl_set+0x40/0x40 [ 202.476936] ? ksys_dup3+0x680/0x680 [ 202.480648] ? __might_fault+0x12b/0x1e0 [ 202.484710] ? lock_downgrade+0x900/0x900 [ 202.488861] ? lock_release+0xa00/0xa00 [ 202.492838] ? perf_trace_sched_process_exec+0x860/0x860 [ 202.498297] ? dlci_ioctl_set+0x40/0x40 [ 202.502273] do_vfs_ioctl+0x1de/0x1790 [ 202.506172] ? ioctl_preallocate+0x300/0x300 [ 202.510580] ? __fget_light+0x2e9/0x430 [ 202.514569] ? fget_raw+0x20/0x20 [ 202.518019] ? _copy_to_user+0xc8/0x110 [ 202.521994] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.527539] ? put_timespec64+0x10f/0x1b0 [ 202.531685] ? nsecs_to_jiffies+0x30/0x30 [ 202.535843] ? do_syscall_64+0x9a/0x820 [ 202.539814] ? do_syscall_64+0x9a/0x820 [ 202.543789] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 202.548371] ? security_file_ioctl+0x94/0xc0 [ 202.552784] ksys_ioctl+0xa9/0xd0 [ 202.556238] __x64_sys_ioctl+0x73/0xb0 [ 202.560123] do_syscall_64+0x1b9/0x820 [ 202.564029] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 202.569417] ? syscall_return_slowpath+0x5e0/0x5e0 [ 202.574354] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 202.579204] ? trace_hardirqs_on_caller+0x310/0x310 [ 202.584246] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 202.589263] ? prepare_exit_to_usermode+0x291/0x3b0 [ 202.594279] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 202.599122] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.604314] RIP: 0033:0x457669 [ 202.607521] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.626424] RSP: 002b:00007f34f718ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 202.634134] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 202.641415] RDX: 0000000020000040 RSI: 0000000000008955 RDI: 0000000000000003 [ 202.648687] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 202.655950] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f34f718f6d4 [ 202.663237] R13: 00000000004c0acd R14: 00000000004d1c98 R15: 00000000ffffffff [ 202.686958] kobject: 'loop0' (00000000101a0c5b): kobject_uevent_env [ 202.698695] usb usb2: usbfs: process 7744 (syz-executor0) did not claim interface 0 before use [ 202.707587] kobject: 'loop0' (00000000101a0c5b): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 202.726489] kobject: 'loop2' (0000000001407e0d): kobject_uevent_env [ 202.738643] kobject: 'loop2' (0000000001407e0d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 202.761329] kobject: 'loop1' (000000000d7c37fe): kobject_uevent_env [ 202.773891] kobject: 'loop1' (000000000d7c37fe): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 202.814306] kobject: 'loop5' (00000000077869f8): kobject_uevent_env 23:33:18 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0xffffffffffffffb4) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r') r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socket$kcm(0x2, 0x3, 0x2) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x8955, &(0x7f0000000040)=0x2) 23:33:18 executing program 1: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x20355}) 23:33:18 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x8, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='\xfc\xfa\xc5:;k\xf7\xe7z\xe9\xae\x84\x98\xf9\x9c\x8f\x844\xde\xe1\xdc\r\x04\xc1%<_HS\x9cb\xfc\xd3\x1e\x03-\x9a6\xcf\xe1y-\xb5\xd6\xd7=\x91{*mMI\x93q-\xdaE\xa0\xec\xa3B0\x1bU\xc5\xf2\xb4\xbb\xae\xcc\xf8]]H\xf7\xcb\x03U\xa1\x14Mn\xa6O\x10\xdb\xea@1\xbb\xf8\xd29~\xa7\x9d\xd3\xb2a\'\xc3\xdc\a,\xeb\xc9L\xa1\t\x02\xdf\xc2N\xa3\xe9k\xf8\x85\xc7\xf4\xf9U\xa84\x0eG\xbcR\xc2\xda\x9c\"L$=x\xc4\xcf\xc0\x9f\xb5\xfc\xd6\xae/\xdc\xa9\x8d[\x91\xfd\nl\x00\x10\x00\x00t`\xc7\x9d`\x1b*\xfc\xca\xf1 \x00\xde\xe7\xc2\x00\x00', 0xffffffffffffffff, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) 23:33:18 executing program 0: syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0xc0185500, &(0x7f0000000000)={0x1}) 23:33:18 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0xe0ff) [ 202.824984] kobject: 'loop5' (00000000077869f8): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 202.852448] kobject: 'loop3' (000000007a0473a7): kobject_uevent_env 23:33:18 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, 0x0) [ 202.868611] kobject: 'loop3' (000000007a0473a7): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 202.892565] vhci_hcd: default hub control req: 5503 v0002 i0000 l0 [ 202.907308] kobject: 'loop0' (00000000101a0c5b): kobject_uevent_env [ 202.922339] kobject: 'loop0' (00000000101a0c5b): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 202.957686] kobject: 'loop2' (0000000001407e0d): kobject_uevent_env [ 202.979666] kobject: 'loop2' (0000000001407e0d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 202.998341] kobject: 'loop1' (000000000d7c37fe): kobject_uevent_env [ 203.005263] kobject: 'loop1' (000000000d7c37fe): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 203.015160] kobject: 'loop5' (00000000077869f8): kobject_uevent_env [ 203.021572] kobject: 'loop5' (00000000077869f8): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 203.055811] kobject: 'loop3' (000000007a0473a7): kobject_uevent_env [ 203.062419] kobject: 'loop3' (000000007a0473a7): fill_kobj_path: path = '/devices/virtual/block/loop3' 23:33:18 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) recvfrom$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vlan0\x00', r1}) ppoll(&(0x7f0000000000)=[{}], 0x20000000000000a4, 0x0, 0x0, 0x0) 23:33:18 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x15) ptrace$getsig(0x4202, r1, 0x0, 0x0) 23:33:18 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)) 23:33:18 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0xe0ff) 23:33:18 executing program 1: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x20355}) 23:33:18 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0xffffffffffffffb4) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r') r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socket$kcm(0x2, 0x3, 0x2) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x8955, &(0x7f0000000040)=0x2) 23:33:18 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)) [ 203.238126] kobject: 'loop4' (00000000fe3a9211): kobject_uevent_env [ 203.245270] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 203.251614] vhci_hcd: default hub control req: 5503 v0002 i0000 l0 [ 203.262545] kobject: 'loop4' (00000000fe3a9211): fill_kobj_path: path = '/devices/virtual/block/loop4' 23:33:18 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000007e00), 0x136a88c8311572c, 0xe0ff) 23:33:18 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x15) ptrace$getsig(0x4202, r1, 0x0, 0x0) 23:33:18 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)) [ 203.294772] kobject: 'loop0' (00000000101a0c5b): kobject_uevent_env [ 203.303673] kobject: 'loop0' (00000000101a0c5b): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 203.311049] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 23:33:18 executing program 1: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0xc0185500, &(0x7f0000000000)={0x20355}) 23:33:18 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0xe0ff) [ 203.347360] kobject: 'loop5' (00000000077869f8): kobject_uevent_env [ 203.356095] kobject: 'loop5' (00000000077869f8): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 203.377926] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 203.394533] kobject: 'loop2' (0000000001407e0d): kobject_uevent_env [ 203.404490] kobject: 'loop2' (0000000001407e0d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 203.422776] kobject: 'loop1' (000000000d7c37fe): kobject_uevent_env [ 203.430711] kobject: 'loop1' (000000000d7c37fe): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 203.441586] kobject: 'loop2' (0000000001407e0d): kobject_uevent_env [ 203.448325] kobject: 'loop2' (0000000001407e0d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 203.458733] kobject: 'loop3' (000000007a0473a7): kobject_uevent_env [ 203.465674] kobject: 'loop3' (000000007a0473a7): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 203.475563] kobject: 'loop0' (00000000101a0c5b): kobject_uevent_env [ 203.481985] kobject: 'loop0' (00000000101a0c5b): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 203.492610] kobject: 'loop1' (000000000d7c37fe): kobject_uevent_env [ 203.507872] kobject: 'loop1' (000000000d7c37fe): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 203.519169] kobject: 'loop5' (00000000077869f8): kobject_uevent_env [ 203.525640] kobject: 'loop5' (00000000077869f8): fill_kobj_path: path = '/devices/virtual/block/loop5' 23:33:19 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) recvfrom$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vlan0\x00', r1}) ppoll(&(0x7f0000000000)=[{}], 0x20000000000000a4, 0x0, 0x0, 0x0) 23:33:19 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x15) ptrace$getsig(0x4202, r1, 0x0, 0x0) 23:33:19 executing program 3: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x15) ptrace$getsig(0x4202, r1, 0x0, 0x0) 23:33:19 executing program 0: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x15) ptrace$getsig(0x4202, r1, 0x0, 0x0) 23:33:19 executing program 1: r0 = syz_open_dev$usb(0x0, 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x20355}) 23:33:19 executing program 5: r0 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0xe0ff) 23:33:19 executing program 1: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x20355}) 23:33:19 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x15) ptrace$getsig(0x4202, r1, 0x0, 0x0) 23:33:19 executing program 0: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x15) ptrace$getsig(0x4202, r1, 0x0, 0x0) [ 203.605525] kobject: 'loop4' (00000000fe3a9211): kobject_uevent_env [ 203.616807] kobject: 'loop4' (00000000fe3a9211): fill_kobj_path: path = '/devices/virtual/block/loop4' 23:33:19 executing program 3: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x15) ptrace$getsig(0x4202, r1, 0x0, 0x0) 23:33:19 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x15) 23:33:19 executing program 1: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x20355}) [ 203.659343] kobject: 'loop1' (000000000d7c37fe): kobject_uevent_env [ 203.695868] kobject: 'loop1' (000000000d7c37fe): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 203.716791] kobject: 'loop2' (0000000001407e0d): kobject_uevent_env [ 203.724314] kobject: 'loop2' (0000000001407e0d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 203.736533] kobject: 'loop0' (00000000101a0c5b): kobject_uevent_env [ 203.751999] kobject: 'loop0' (00000000101a0c5b): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 203.765475] kobject: 'loop3' (000000007a0473a7): kobject_uevent_env [ 203.775518] kobject: 'loop3' (000000007a0473a7): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 203.787313] kobject: 'loop2' (0000000001407e0d): kobject_uevent_env [ 203.794049] kobject: 'loop2' (0000000001407e0d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 203.803994] kobject: 'loop5' (00000000077869f8): kobject_uevent_env [ 203.810449] kobject: 'loop5' (00000000077869f8): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 203.820498] kobject: 'loop0' (00000000101a0c5b): kobject_uevent_env [ 203.826972] kobject: 'loop0' (00000000101a0c5b): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 203.837701] kobject: 'loop2' (0000000001407e0d): kobject_uevent_env [ 203.844302] kobject: 'loop2' (0000000001407e0d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 203.854430] kobject: 'loop3' (000000007a0473a7): kobject_uevent_env [ 203.860858] kobject: 'loop3' (000000007a0473a7): fill_kobj_path: path = '/devices/virtual/block/loop3' 23:33:19 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) recvfrom$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vlan0\x00', r1}) ppoll(&(0x7f0000000000)=[{}], 0x20000000000000a4, 0x0, 0x0, 0x0) 23:33:19 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0xe0ff) 23:33:19 executing program 0: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x15) ptrace$getsig(0x4202, r1, 0x0, 0x0) 23:33:19 executing program 1: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x20355}) 23:33:19 executing program 3: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x15) ptrace$getsig(0x4202, r1, 0x0, 0x0) 23:33:19 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) tkill(r1, 0x15) 23:33:19 executing program 0: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x15) 23:33:19 executing program 3: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x15) 23:33:19 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0xe0ff) [ 204.233735] kobject: 'loop4' (00000000fe3a9211): kobject_uevent_env [ 204.240217] kobject: 'loop4' (00000000fe3a9211): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 204.251069] vhci_hcd: default hub control req: 5503 v0002 i0000 l0 [ 204.271628] kobject: 'loop0' (00000000101a0c5b): kobject_uevent_env 23:33:19 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) tkill(0x0, 0x15) 23:33:19 executing program 1: syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0xc0185500, &(0x7f0000000000)={0x20355}) 23:33:19 executing program 0: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) [ 204.295981] kobject: 'loop0' (00000000101a0c5b): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 204.326786] kobject: 'loop3' (000000007a0473a7): kobject_uevent_env 23:33:19 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) recvfrom$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) ppoll(&(0x7f0000000000)=[{}], 0x20000000000000a4, 0x0, 0x0, 0x0) 23:33:19 executing program 1: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, 0x0) 23:33:19 executing program 2: r0 = inotify_init1(0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) tkill(r1, 0x15) 23:33:19 executing program 3: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) 23:33:19 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000007e00), 0x136a88c8311572c, 0xe0ff) [ 204.359784] kobject: 'loop3' (000000007a0473a7): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 204.383992] kobject: 'loop5' (00000000077869f8): kobject_uevent_env [ 204.390501] kobject: 'loop5' (00000000077869f8): fill_kobj_path: path = '/devices/virtual/block/loop5' 23:33:19 executing program 0: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)) [ 204.404578] kobject: 'loop2' (0000000001407e0d): kobject_uevent_env 23:33:19 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, 0x0, 0x0, 0xe0ff) 23:33:19 executing program 3: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) 23:33:19 executing program 2: fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000340)={0x0, 0x0}) tkill(r0, 0x15) 23:33:19 executing program 0: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) [ 204.446765] kobject: 'loop2' (0000000001407e0d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 204.480608] kobject: 'loop1' (000000000d7c37fe): kobject_uevent_env 23:33:19 executing program 1: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x200, 0x800000002009) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)) 23:33:19 executing program 3: r0 = inotify_init1(0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) [ 204.504543] kobject: 'loop1' (000000000d7c37fe): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 204.533515] kobject: 'loop2' (0000000001407e0d): kobject_uevent_env [ 204.547882] kobject: 'loop2' (0000000001407e0d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 204.559930] kobject: 'loop1' (000000000d7c37fe): kobject_uevent_env [ 204.568137] kobject: 'loop1' (000000000d7c37fe): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 204.580196] kobject: 'loop5' (00000000077869f8): kobject_uevent_env [ 204.582439] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 204.586817] kobject: 'loop5' (00000000077869f8): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 204.603166] kobject: 'loop4' (00000000fe3a9211): kobject_uevent_env [ 204.609605] kobject: 'loop4' (00000000fe3a9211): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 204.619816] kobject: 'loop0' (00000000101a0c5b): kobject_uevent_env [ 204.626299] kobject: 'loop0' (00000000101a0c5b): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 204.636071] kobject: 'loop5' (00000000077869f8): kobject_uevent_env [ 204.642530] kobject: 'loop5' (00000000077869f8): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 204.652342] kobject: 'loop2' (0000000001407e0d): kobject_uevent_env [ 204.658754] kobject: 'loop2' (0000000001407e0d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 204.669577] kobject: 'loop0' (00000000101a0c5b): kobject_uevent_env [ 204.676522] kobject: 'loop0' (00000000101a0c5b): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 204.686370] kobject: 'loop1' (000000000d7c37fe): kobject_uevent_env [ 204.692830] kobject: 'loop1' (000000000d7c37fe): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 204.702635] kobject: 'loop3' (000000007a0473a7): kobject_uevent_env [ 204.709046] kobject: 'loop3' (000000007a0473a7): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 204.718890] kobject: 'loop0' (00000000101a0c5b): kobject_uevent_env [ 204.725327] kobject: 'loop0' (00000000101a0c5b): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 204.735179] kobject: 'loop2' (0000000001407e0d): kobject_uevent_env [ 204.741589] kobject: 'loop2' (0000000001407e0d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 204.751454] kobject: 'loop3' (000000007a0473a7): kobject_uevent_env [ 204.757889] kobject: 'loop3' (000000007a0473a7): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 204.767721] kobject: 'loop1' (000000000d7c37fe): kobject_uevent_env [ 204.774167] kobject: 'loop1' (000000000d7c37fe): fill_kobj_path: path = '/devices/virtual/block/loop1' 23:33:20 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) recvfrom$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f0000000000)=[{}], 0x20000000000000a4, 0x0, 0x0, 0x0) 23:33:20 executing program 0: inotify_init1(0x0) 23:33:20 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) tkill(r1, 0x15) 23:33:20 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, 0x0, 0x0, 0xe0ff) 23:33:20 executing program 3: fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r0, 0x0, 0x0) 23:33:20 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, &(0x7f0000000340)) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/sockcreate\x00') preadv(r0, &(0x7f00000017c0), 0x1a3, 0x0) 23:33:20 executing program 3: r0 = inotify_init1(0x0) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) [ 204.869217] kobject: 'loop4' (00000000fe3a9211): kobject_uevent_env [ 204.892388] kobject: 'loop4' (00000000fe3a9211): fill_kobj_path: path = '/devices/virtual/block/loop4' 23:33:20 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x50, 0x0) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) r2 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r2) write$cgroup_pid(r1, &(0x7f0000000080), 0x12) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$FIDEDUPERANGE(r3, 0xc0189436, &(0x7f0000000340)={0x0, 0x2}) 23:33:20 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000340)={0x0, 0x0}) tkill(r1, 0x15) 23:33:20 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, 0x0, 0x0, 0xe0ff) 23:33:20 executing program 3: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) 23:33:20 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, &(0x7f0000000340)) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/sockcreate\x00') preadv(r0, &(0x7f00000017c0), 0x1a3, 0x0) [ 204.981250] kobject: 'loop5' (00000000077869f8): kobject_uevent_env [ 204.993974] kobject: 'loop5' (00000000077869f8): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 205.039092] kobject: 'loop2' (0000000001407e0d): kobject_uevent_env [ 205.045453] audit: type=1804 audit(1545435200.467:33): pid=7963 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor0" name="/root/syzkaller-testdir194543839/syzkaller.8lOOjs/24/file0/bus" dev="ramfs" ino=24608 res=1 [ 205.055648] kobject: 'loop2' (0000000001407e0d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 205.101283] hrtimer: interrupt took 37588 ns [ 205.126686] audit: type=1804 audit(1545435200.517:34): pid=7963 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor0" name="/root/syzkaller-testdir194543839/syzkaller.8lOOjs/24/file0/file0/bus" dev="ramfs" ino=24311 res=1 [ 205.135501] kobject: 'loop3' (000000007a0473a7): kobject_uevent_env [ 205.157904] kobject: 'loop3' (000000007a0473a7): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 205.171842] kobject: 'loop5' (00000000077869f8): kobject_uevent_env [ 205.179032] kobject: 'loop5' (00000000077869f8): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 205.189446] kobject: 'loop3' (000000007a0473a7): kobject_uevent_env [ 205.195952] kobject: 'loop3' (000000007a0473a7): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 205.206359] kobject: 'loop0' (00000000101a0c5b): kobject_uevent_env [ 205.212854] kobject: 'loop0' (00000000101a0c5b): fill_kobj_path: path = '/devices/virtual/block/loop0' 23:33:21 executing program 4: socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) ppoll(&(0x7f0000000000)=[{}], 0x20000000000000a4, 0x0, 0x0, 0x0) 23:33:21 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, 0x0) tkill(0x0, 0x15) 23:33:21 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0x0) 23:33:21 executing program 3: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) 23:33:21 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, &(0x7f0000000340)) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/sockcreate\x00') preadv(r0, &(0x7f00000017c0), 0x1a3, 0x0) 23:33:21 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") open(&(0x7f0000000800)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r1, &(0x7f00000019c0)={0x8, "7c70ee3800d5ab5f2036f872e0ac57cbd592bca0d671633f50a3102066d6e765f5a64731e3fb8d90d250eda2cc33b60a7ff98074cdc3f1dd1a2df26a381d95974e0925d521c6b48c3dee0d430d398884316091aff6adb6153dc3c92549957d3488efc02d6f6fb172524b095c30c1bd35aae04236bdd42694d613eb54c0b65a338c48dc4c8bad70754fc81d9928e4a1b81f9c77075258a0805b4494867247966b24a023311fd91ef3754b98d3acde6f2ef0617f123c22fccb81c11389fdfa2e21c2365aabfc8916e02151d8643ae21cab7fcbec6142186d3bb57546c106484bc4c28a48da2b75dd82aabe99464558e60cd101f6b65856fabee614d271741a68dd550c8772f06a93cf8e5c0de549c3b75a72f8a590bd50b2af5f64009c969ed7596f0192b0f98b1afac0e8c5f4c653f611b4a71776400a9ae3f18e75f856788c97195749042510735880b99c0ccb23210832a4f1c6f134d68f8e299837c426e0c9a45d5d2c959446cc363f370c67cd01a063c91254d692fe35abee92fabda4f66d93228c979ebe036c5c2e0028ec76562d67d0919ca28258fec0ed60603142b5c57c4cfb1ea1e892d0fd2f33970142b179c415d6bea344fbcc82d133052e848a885160737c69eb02ca9f544831c8e3ffcf40cb7b415d24795fc8aaeb8e76bec262aea5e28fe5d6495c4b5895a612b1cc2122286add66356f3ecd309f970634f1b09da1507964d35575167317f13c7fd9f11af27ceea86e9a5b3494a27ba98ba38dd1fb72ef2c6163664fd8f7c946935cd4833121f505ff277c03d959d9a12f3389e9eb6701a8b29f72c20c6abb7bd8349dd2e120bdd59dca9f1a2a877f1677b59d7920ddf29b9d94f7c6879b78e31cf1b65b60fe349ef9d4976f46609ee34e33f647aafbf64f6323d18598905f2e73af75661397595b8f9c1e9a4e993946820da5378ca5b363560e95edce316e99bac6e6250efcf1cb58fdcf94c7557c2d7f763a688543462d54b64e178c2e64c6ebba356894973051907fd8de8ba908e822168b171c1707efcd9ac827e64313721876e2ff26ac34e88557a4a0dfde08eda81cf0c1465a89b68429e48966044c767563e1121db48c9b619fd7362afd15ec6aa19b28759d7977be4fbcad0cf8dd5dc5362259bd5cb5089a9d18db969afe1192571f5fcc0c4d6be281d23b9c1f9f32873c058adfa1bf57a3718686957edfd6e4b58aa959541127696d59fb2810d042ced227961eb19a424e4cf45bc6243217bb7561b7ee11f8c0b8f39480343a26f2da5fe79d5e213c01ea47155ffa91e7d7ba0bc8ccb018bd69cfe71dd8565a645d678b404a295397e83ae69dbf8505f6947a836b44823a92861124330fccd4bc4a2e20d9047bd919d82c89623caa87eb09bd584d58f42b35ef55fddc06dfb3957f3f507e5ca9b8b98947cc5bb68846755527ddf32ffa444e1c7a5654d4d377e04a9f22e1069804fdcdb251acb6bd6b32d100feb44286991d779d2b3e2b7f5cc5f8eb3ae166a3b6fb9df11e1867989a6f9b2028e4c73b4d418b51f6e870713cadafddb47a48c9a97283da214f02db3326d42438d9a7db580693ad1887f99d86bb5fafd6d07c2647fc80c2c5a1ed9ea3b95be65ca422080ddefca5b49ccd538f6bc67390f892d9e416f7e835f76dd90edc56256348d20560caeea05c0922cab60dbf0b57ddaaed6ded5a336e01485fd571dc12050461271cee347c31ac245bfee9128630dfcc43b6d88b5ba9937a6f6ab70b7d256784ff72297cfcfd0ffacd09b55fb832bf60f04d87c48c74972b9f18fa178ce4880b025d1c1097ddb929e8f7e02f1c0e03012bec0fa61a49eb1c2a50a45fc0d98b6649de325184006938e421321e8b366649d9b6ebadf78109c9d48844e80f7752fd7daaa5c938b946feaaac0d871203270a747035c7e2f697c84e792a55cbce76c0a25360f7acbeaab60627aa9c37064af75b67f46732844eb2f6b37226004afe451a9fbfbbcf7e72ade67b017e9209b5627fbe16789abd90326751a1fd1d93efc59f2650f979ba71938d784064922bee2874c4b76d5f26e39ea0a98cf175950137feff9456c88c6a295830183fae3a9c2312c25f3d81708d73488d15a587e7e7cdde3b77917eef29c8b5965c916a65c3c5a53b7313c3115d0a8bb4e16f6b80ff6f78adb756aba94ced86047562a2cd2fb25e9a4656f6359c3f2fde8b5ab38852853cbd7221cb4d59b7f0e79bd37f9ade073f62b75edbe63c13c0d02bf076d88f5b750ea640aad47ce97d6a0783398dd3fbb63734ed969470cf45200235650532224fc28caf1e36ca6b402ec4c978add40fc59f2113485875682139f8aa9aeb48d09178de919370b0cd0ebcab5e60e1b0a2fc153db0dae8e50b48561622a677d0f1afc149676f832e016e14007fb298dcb96f11a92a1ac8bd4cc7b34d659d6cd2c9817b586585e72080255b083bc84512277ffb7f561c6a7a08cd128bfe9b525da531f0bf04f11d3de102b3538835807ac0b2f4325fc6765d02d692ec82f5b338c8257029136fcd3427c09874ecc7492becdd6608eac4adf1abc3f7e08868a72e57ce4dcfc288a25af73d19f1118a9254963c1548cdca5fc7c921a7f218f8e71edd7969dfb35beae1091d7530e32236397fa9fcd232b441ff1b0177829468c198d659d247ccca4fbd58c625501e4368075d0e5e69a6f90952f5bbe48e85a303131dedf7f1a513b291598a545784e1013521877c25d6069d3a855652a4bad5b2df2e4da2de756a20e790b756dd2925ce824561e5892b5e064c7c7b996acc4e29597e0cd00956e9c57ec374714f846be7632d3075e38bead499163498810886c78a2cc73fb64fd48e186083ce911e0751b4dc63476859c2824fa532a4b1711c244619e702eeab19380aeb7b17f67fade3dcad8ddddd893a526cd5d04d8ae982c88029ec71bdd0772fd74adbdb378fc204ca411a2d8a50331516a28552be78f9725f32d1b3a6c7bdf3277c5f7e385c7ebbacc419ec7ca3c5b8f46dbefee59b6422a6b22d60527edc012f852077d925619874f7709f283e01678fed36528003a696ee431a817f34f453c143dc56b70e1f810a5380a555cc8c4fc6522ab544ce5d715caa302ebdd0aa8286b7ef5dd6dd48a8ad9566818f7509daf02db0b98b432f57f1d107ee95a86228728cab4062e27922381e1e2ee351af5e2ea0fd6d1cea70b3b8f4a50f0776fc9aa2a7d2dff6e1ea3769864104f09137b99960b69af13895d842649eacaed8ddf183beba3323640af8deb52b902c0974d685d19fc87c93eb80ad5d28e54363705ad39231d989522e94f000256bc8d93af138a45d67dad3e21fa9fb31d9327c6e71f61956d9daf4f97333112704136d3d1bf6fe0e4c002e10b684d2344300ec70fae0b50532ebace58f0e8318354a172cceacf27d01ff41cc8fef42443f62b0e15b5fcc0728630b96fb2c2b59634f4993bb1ce2eace6fb0f53e5f84bc5f58b1b66d59e3c75a98670496f105a703607211aa9e882e72f13e9fe07f0767ad4e5ac5c732b65301d8ceab36b5ff2f71958fb1b51d2e703ac506e68d4026160fd3f60440b8b8f554f1feeba5d53f71cbe60d143620f8fa779acb94c965b729207a5ab11f4a51b694c31606171da44a28d80cde296dff5724ff718d6377eb8534e616cff39af943ee4ce87b4fadded30c702d370a71072ab3e20f19b8c1b73fdbbb9c675352bb73ee85e22597fc0c439a33f5febe1629bd084af7193f8d1a1415b02ca54706711505cbae11ec6411b012cc3a3eddcfb002901b6e7565b9fbf4d605c147031888ceb590c14697d00970ce9095c6f7fee41ec6a15d7ef52dfedfff2a0d3dbb387b61232aee6ca202787038021e6aabda18e2adf6fd89aa491e65f9813d73412fbfff089752d713d7efa690ec4fc254b56908d3057f65997acf81aea589e272f8fa852849e488f1e0c0cb6cdb5f46ca92e36d39224e704850056d2e9b91909aed0f55d054e274415ecc39b8958335a14cfb0a42d7f26ef8e82592dfd03b3550b5193fba077994c682951968869574fd94976760d9bd9b334353eeda836cc8dab244e72095cc46833f02bb2f6df35601b3085664261abb67fc9ab9f27210e6827cd15ce16c55f0f7f5b8ab401f24032b19a53a9299b62ebf4a8cf7f4753d95126f008a8ce349036666de66bcaf40b27fa875efa98873e1ef9302e2a24bfe07bd1054bdf9ba9ad1b1075402f26d682833b947c762513ba5f07537bb712473184a60e04ace5adb8d982d6153b011ae0b2034adc0ff4a64e2c6561c2e0840cdab2120bc916cde9b7a92c4d332d0f83945fe55e3c8f4d93f22e7759c20241d92cca0ae5a3d06a127e5614df708cea1ad3b2f231c81460ff4c3f349c67a87135a4b67589ffce311832923f71796276e81f0537e265404c0ee06d5ed98a5ec5f8ad62db589eb585fc4627173b51fd4e897a3e8d2acbb82ec2996ac3a6823368a1e12a0536a9d1a7b2d31d80c46c292ff51395481d4f65c53fab867e27bec9156ee189d245d94877a1405dc9e1e996822ad47071a9ab36c9bfd02c41ea5ba21591793053b1b64758bae0addfcd69d169849bc1ee6ce5c08f0d3da5ecc1b6ab31e13af2fa5ce4d921163270901264a88ac4250e8fb6371663dd04146932238597258b123a8036250c190fbb3cfc6ebbf9e06c4a9053e8332c95c91a890a3d35ddd35f47e7ab606f3e345e12560e6d52243883da7b8910834042ad12e7fb3f08a0b14ef6aee22251999e6079be2ef5666d7d5ae00d161720262761da3f378c63cb151f4e94d034e9de949dfe796b905804ca555691023c30ea7cf0cb276e1e3ba65793291f8287d1064606bf5787421b9b9bfc05e9c5eac750de92519fe9e2592cd34a2ef6ec18efed5e7c13bfcfce47327cbecac358bbe6d44164849308cf91cd5ea87fa4b02ba4939e28141c7dad42714b019470d91808a8f46150677b6c90f267ecb39ef42afc95de0cbd016775c89d8213ec9d4e061e6493f237296f91abfc64176c0e885ef54af4136a724fadfe89a25d7599998acebc4a27f8fb5b26936bda5c3d5fec3373dcd9a0e99fc939641c50669adc54119582e8835575d1c57fa955cd29d870360620f91c3ff90d264013816352317ae226f7d7bad5db711f8973382f6cebd63cd519ddd08e1772649be75f64f4acc15f828dc0b305584b6dd2213194603c44e2964358d305aa97fb08568a0a955ad7a6f8d042754b4bbf2fb3414052719fd9841bef8360d1d3195c69414be882115c2c64fecdcbdaed3a2e943fdfef9a13520e41d32a787bcfe4f05000000d35aa70784a772cf8ebcaaeb105e4627516db2ababfcb8c11f224c3a48c86160d34d0ee59f02c31648ae4b0309b378f0bf6326690900000000000000613c6d0d48915a9cf28a52b106544cde1b38ff2e2a1275fd0d3899ce7f7c6653c9017f7ac4aaa35bcb2811a8f9dbb56746b45475350e7c13d42abb5692377da7a4045ee644ce00f8699e3251d75621c82cd659ea3add277affe3ff792f7d24a3d0979ef82cfc0d409697ae2e8598854a8327f46974c901d309dc6dbe31913c59d821aa50c0fe95cc822e8f07bbb00e9a09bc9a570b9778d29308740bc336a41258d209c206f87a709aa43415da0096f7d177e509a7d625645fb098ccc45367d82235e952670ac5f82f8ced3f59fd9ee20ac75be609cc832417e807ddc40630cba4c91e0785edcb5f20b9e6dedb1ec172cd16fc034f410e9ce375ea855144aa3076317f649cf4efe4d7abf244984c4e", 0xfffffffffffffed4}, 0xfffffeb6) truncate(&(0x7f0000000280)='./bus\x00', 0x0) [ 205.758426] kobject: 'loop4' (00000000fe3a9211): kobject_uevent_env [ 205.786491] kobject: 'loop4' (00000000fe3a9211): fill_kobj_path: path = '/devices/virtual/block/loop4' 23:33:21 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='cmdline\x00') pread64(0xffffffffffffffff, 0x0, 0xfc, 0x0) close(r0) write$P9_RFSYNC(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)) setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0x5, 0x0, 0x381) ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x2) close(0xffffffffffffffff) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000040)={0x6}, 0x88) 23:33:21 executing program 3: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0) 23:33:21 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)) tkill(0x0, 0x15) 23:33:21 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, &(0x7f0000000340)) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/sockcreate\x00') preadv(r0, &(0x7f00000017c0), 0x1a3, 0x0) [ 205.815634] kobject: 'loop5' (00000000077869f8): kobject_uevent_env [ 205.836547] kobject: 'loop5' (00000000077869f8): fill_kobj_path: path = '/devices/virtual/block/loop5' 23:33:21 executing program 4: ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) ppoll(&(0x7f0000000000)=[{}], 0x20000000000000a4, 0x0, 0x0, 0x0) [ 205.873187] kobject: 'loop3' (000000007a0473a7): kobject_uevent_env [ 205.879663] kobject: 'loop3' (000000007a0473a7): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 205.902974] kobject: 'loop2' (0000000001407e0d): kobject_uevent_env 23:33:21 executing program 5: lseek(0xffffffffffffffff, 0xfffffffffffffffc, 0x1) fsetxattr$security_evm(0xffffffffffffffff, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="000207007fffffff10001c14f063905b580b50eb2fafb52a832246e4568bc8e70d65254032614cf908000000a54ca10a0f80f6504c87f158ad45e6c551"], 0x1, 0x0) clone(0x20000102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e0000000400000050032200c0010000f0000000f0000000f000000000000000b8020000b8020000b8020000b8020000b802000004"], 0x1) ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, 0x0) 23:33:21 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, 0x0}) tkill(r1, 0x0) 23:33:21 executing program 3: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000340)) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) [ 205.917501] kobject: 'loop2' (0000000001407e0d): fill_kobj_path: path = '/devices/virtual/block/loop2' 23:33:21 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, &(0x7f0000000340)) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1a3, 0x0) 23:33:21 executing program 5: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000200)="b8010000000f01d965660faeb603000000b8358556370f23c80f21f8350400d0000f23f8640fc7ae02000000ea00600000fa00c4c18566220f20d835080000000f22d8360f01cf66baf80cb83bd30c85ef66bafc0cb06aee0fc7b49f0a000000", 0x60}], 0x1, 0x5, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 23:33:21 executing program 4: ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, 0x0) ppoll(&(0x7f0000000000)=[{}], 0x20000000000000a4, 0x0, 0x0, 0x0) [ 205.952753] kobject: 'loop1' (000000000d7c37fe): kobject_uevent_env [ 205.967101] kobject: 'loop1' (000000000d7c37fe): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 206.004743] kobject: 'loop4' (00000000fe3a9211): kobject_uevent_env [ 206.023498] kobject: 'loop4' (00000000fe3a9211): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 206.033776] kobject: 'loop5' (00000000077869f8): kobject_uevent_env [ 206.041428] kobject: 'loop5' (00000000077869f8): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 206.051398] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 206.053415] kobject: 'loop2' (0000000001407e0d): kobject_uevent_env [ 206.073626] kobject: 'loop2' (0000000001407e0d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 206.083821] kobject: 'loop1' (000000000d7c37fe): kobject_uevent_env [ 206.090442] kobject: 'loop1' (000000000d7c37fe): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 206.102132] kobject: 'loop5' (00000000077869f8): kobject_uevent_env [ 206.104188] kobject: 'kvm' (00000000574fb555): kobject_uevent_env [ 206.108715] kobject: 'loop5' (00000000077869f8): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 206.124942] kobject: 'loop4' (00000000fe3a9211): kobject_uevent_env [ 206.129234] kobject: 'kvm' (00000000574fb555): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 206.131515] kobject: 'loop4' (00000000fe3a9211): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 206.158164] kobject: 'loop1' (000000000d7c37fe): kobject_uevent_env [ 206.166768] kobject: 'kvm' (00000000574fb555): kobject_uevent_env [ 206.179764] kobject: 'loop1' (000000000d7c37fe): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 206.207497] kobject: 'kvm' (00000000574fb555): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 206.227034] ================================================================== [ 206.234445] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 206.241033] Write of size 832 at addr ffff8881b675abc0 by task syz-executor5/8015 [ 206.248659] [ 206.250303] CPU: 0 PID: 8015 Comm: syz-executor5 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 206.258792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.268160] Call Trace: [ 206.270755] dump_stack+0x244/0x39d [ 206.274393] ? dump_stack_print_info.cold.1+0x20/0x20 [ 206.279607] ? printk+0xa7/0xcf [ 206.282892] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 206.287674] print_address_description.cold.4+0x9/0x1ff [ 206.293038] ? fpstate_init+0x50/0x160 [ 206.296928] kasan_report.cold.5+0x1b/0x39 [ 206.301167] ? fpstate_init+0x50/0x160 [ 206.305070] ? fpstate_init+0x50/0x160 [ 206.308977] check_memory_region+0x13e/0x1b0 [ 206.313386] memset+0x23/0x40 [ 206.316519] fpstate_init+0x50/0x160 [ 206.320260] kvm_arch_vcpu_init+0x3e9/0x870 [ 206.324599] kvm_vcpu_init+0x2fa/0x420 [ 206.328486] ? vcpu_stat_get+0x300/0x300 [ 206.332547] ? kmem_cache_alloc+0x30b/0x730 [ 206.336900] vmx_create_vcpu+0x1b7/0x2695 [ 206.341067] ? perf_trace_sched_process_exec+0x860/0x860 [ 206.346518] ? do_raw_spin_unlock+0xa7/0x330 [ 206.350926] ? vmx_exec_control+0x210/0x210 [ 206.355261] ? kasan_check_write+0x14/0x20 [ 206.359494] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 206.364429] ? futex_wait_queue_me+0x55d/0x840 [ 206.369011] ? wait_for_completion+0x8a0/0x8a0 [ 206.373601] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.379142] ? get_futex_value_locked+0xcb/0xf0 [ 206.383828] kvm_arch_vcpu_create+0xe5/0x220 [ 206.388234] ? kvm_arch_vcpu_free+0x90/0x90 [ 206.392578] kvm_vm_ioctl+0x526/0x2030 [ 206.396464] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 206.401566] ? futex_wait+0x5ec/0xa50 [ 206.405366] ? kvm_unregister_device_ops+0x70/0x70 [ 206.410301] ? mark_held_locks+0x130/0x130 [ 206.414557] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 206.419751] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 206.424853] ? futex_wake+0x304/0x760 [ 206.428666] ? is_bpf_text_address+0xac/0x170 [ 206.433199] ? mark_held_locks+0x130/0x130 [ 206.437447] ? do_futex+0x249/0x26d0 [ 206.441168] ? kasan_check_read+0x11/0x20 [ 206.445327] ? rcu_read_unlock_special+0x370/0x370 [ 206.450258] ? rcu_softirq_qs+0x20/0x20 [ 206.454233] ? unwind_dump+0x190/0x190 [ 206.458123] ? exit_robust_list+0x280/0x280 [ 206.462469] ? kernel_text_address+0x79/0xf0 [ 206.466881] ? __fget+0x4aa/0x740 [ 206.470337] ? lock_downgrade+0x900/0x900 [ 206.474491] ? lock_release+0xa00/0xa00 [ 206.478505] ? rcu_read_unlock_special+0x370/0x370 [ 206.483439] ? save_stack+0x43/0xd0 [ 206.487063] ? __kasan_slab_free+0x102/0x150 [ 206.491487] ? kasan_slab_free+0xe/0x10 [ 206.495464] ? __fget+0x4d1/0x740 [ 206.498934] ? ksys_dup3+0x680/0x680 [ 206.502665] ? __might_fault+0x12b/0x1e0 [ 206.506751] ? lock_downgrade+0x900/0x900 [ 206.510902] ? lock_release+0xa00/0xa00 [ 206.514879] ? perf_trace_sched_process_exec+0x860/0x860 [ 206.520329] ? kvm_unregister_device_ops+0x70/0x70 [ 206.525259] do_vfs_ioctl+0x1de/0x1790 [ 206.529158] ? ioctl_preallocate+0x300/0x300 [ 206.533567] ? __fget_light+0x2e9/0x430 [ 206.537541] ? fget_raw+0x20/0x20 [ 206.540992] ? _copy_to_user+0xc8/0x110 [ 206.544970] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 206.550509] ? put_timespec64+0x10f/0x1b0 [ 206.554671] ? nsecs_to_jiffies+0x30/0x30 [ 206.558824] ? security_file_ioctl+0x94/0xc0 [ 206.563234] ksys_ioctl+0xa9/0xd0 [ 206.566690] __x64_sys_ioctl+0x73/0xb0 [ 206.570578] do_syscall_64+0x1b9/0x820 [ 206.574472] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 206.579838] ? syscall_return_slowpath+0x5e0/0x5e0 [ 206.584783] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 206.589633] ? trace_hardirqs_on_caller+0x310/0x310 [ 206.594649] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 206.599666] ? prepare_exit_to_usermode+0x291/0x3b0 [ 206.604686] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 206.609533] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.614718] RIP: 0033:0x457669 [ 206.617911] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.636821] RSP: 002b:00007f37ec3f4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 206.644530] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 206.651794] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 206.659062] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 206.666330] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f37ec3f56d4 [ 206.673598] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 206.680871] [ 206.682550] Allocated by task 8015: [ 206.686184] save_stack+0x43/0xd0 [ 206.689633] kasan_kmalloc+0xcb/0xd0 [ 206.693346] kasan_slab_alloc+0x12/0x20 [ 206.697319] kmem_cache_alloc+0x130/0x730 [ 206.701480] vmx_create_vcpu+0x110/0x2695 [ 206.705623] kvm_arch_vcpu_create+0xe5/0x220 [ 206.710027] kvm_vm_ioctl+0x526/0x2030 [ 206.713914] do_vfs_ioctl+0x1de/0x1790 [ 206.717817] ksys_ioctl+0xa9/0xd0 [ 206.721271] __x64_sys_ioctl+0x73/0xb0 [ 206.725166] do_syscall_64+0x1b9/0x820 [ 206.729053] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.734230] [ 206.735848] Freed by task 0: [ 206.738853] (stack is not available) [ 206.742567] [ 206.744218] The buggy address belongs to the object at ffff8881b675ab80 [ 206.744218] which belongs to the cache x86_fpu of size 832 [ 206.756527] The buggy address is located 64 bytes inside of [ 206.756527] 832-byte region [ffff8881b675ab80, ffff8881b675aec0) [ 206.768323] The buggy address belongs to the page: [ 206.773258] page:ffffea0006d9d680 count:1 mapcount:0 mapping:ffff8881d7bc4540 index:0x0 [ 206.781399] flags: 0x2fffc0000000200(slab) [ 206.785642] raw: 02fffc0000000200 ffff8881d637c648 ffff8881d637c648 ffff8881d7bc4540 [ 206.793528] raw: 0000000000000000 ffff8881b675a040 0000000100000004 0000000000000000 [ 206.801398] page dumped because: kasan: bad access detected [ 206.807102] [ 206.808719] Memory state around the buggy address: [ 206.813646] ffff8881b675ad80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 206.821001] ffff8881b675ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 206.828358] >ffff8881b675ae80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 206.835710] ^ [ 206.841177] ffff8881b675af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 206.848537] ffff8881b675af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 206.855896] ================================================================== [ 206.905665] Kernel panic - not syncing: panic_on_warn set ... [ 206.911608] CPU: 1 PID: 8015 Comm: syz-executor5 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 206.921489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.930845] Call Trace: [ 206.933442] dump_stack+0x244/0x39d [ 206.937113] ? dump_stack_print_info.cold.1+0x20/0x20 [ 206.942328] ? fpstate_init+0x30/0x160 [ 206.946232] panic+0x2ad/0x632 [ 206.949428] ? add_taint.cold.5+0x16/0x16 [ 206.953585] ? preempt_schedule+0x4d/0x60 [ 206.957741] ? ___preempt_schedule+0x16/0x18 [ 206.962184] ? trace_hardirqs_on+0xb4/0x310 [ 206.966520] ? fpstate_init+0x50/0x160 [ 206.970422] end_report+0x47/0x4f [ 206.973888] kasan_report.cold.5+0xe/0x39 [ 206.978052] ? fpstate_init+0x50/0x160 [ 206.981952] ? fpstate_init+0x50/0x160 [ 206.985876] check_memory_region+0x13e/0x1b0 [ 206.990299] memset+0x23/0x40 [ 206.993421] fpstate_init+0x50/0x160 [ 206.997143] kvm_arch_vcpu_init+0x3e9/0x870 [ 207.001486] kvm_vcpu_init+0x2fa/0x420 [ 207.005415] ? vcpu_stat_get+0x300/0x300 [ 207.009483] ? kmem_cache_alloc+0x30b/0x730 [ 207.013817] vmx_create_vcpu+0x1b7/0x2695 [ 207.017983] ? perf_trace_sched_process_exec+0x860/0x860 [ 207.023438] ? do_raw_spin_unlock+0xa7/0x330 [ 207.027856] ? vmx_exec_control+0x210/0x210 [ 207.032195] ? kasan_check_write+0x14/0x20 [ 207.036635] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 207.041573] ? futex_wait_queue_me+0x55d/0x840 [ 207.046174] ? wait_for_completion+0x8a0/0x8a0 [ 207.050802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.056348] ? get_futex_value_locked+0xcb/0xf0 [ 207.061039] kvm_arch_vcpu_create+0xe5/0x220 [ 207.065445] ? kvm_arch_vcpu_free+0x90/0x90 [ 207.069796] kvm_vm_ioctl+0x526/0x2030 [ 207.073737] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 207.078857] ? futex_wait+0x5ec/0xa50 [ 207.082684] ? kvm_unregister_device_ops+0x70/0x70 [ 207.087628] ? mark_held_locks+0x130/0x130 [ 207.091883] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 207.097087] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 207.102200] ? futex_wake+0x304/0x760 [ 207.106046] ? is_bpf_text_address+0xac/0x170 [ 207.110560] ? mark_held_locks+0x130/0x130 [ 207.114805] ? do_futex+0x249/0x26d0 [ 207.118533] ? kasan_check_read+0x11/0x20 [ 207.122693] ? rcu_read_unlock_special+0x370/0x370 [ 207.127627] ? rcu_softirq_qs+0x20/0x20 [ 207.131606] ? unwind_dump+0x190/0x190 [ 207.135505] ? exit_robust_list+0x280/0x280 [ 207.139840] ? kernel_text_address+0x79/0xf0 [ 207.144258] ? __fget+0x4aa/0x740 [ 207.147736] ? lock_downgrade+0x900/0x900 [ 207.151893] ? lock_release+0xa00/0xa00 [ 207.155923] ? rcu_read_unlock_special+0x370/0x370 [ 207.160857] ? save_stack+0x43/0xd0 [ 207.164966] ? __kasan_slab_free+0x102/0x150 [ 207.169384] ? kasan_slab_free+0xe/0x10 [ 207.173381] ? __fget+0x4d1/0x740 [ 207.174069] kobject: 'loop0' (00000000101a0c5b): kobject_uevent_env [ 207.176855] ? ksys_dup3+0x680/0x680 [ 207.186960] ? __might_fault+0x12b/0x1e0 [ 207.191043] ? lock_downgrade+0x900/0x900 [ 207.195217] ? lock_release+0xa00/0xa00 [ 207.195983] kobject: 'loop0' (00000000101a0c5b): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 207.199216] ? perf_trace_sched_process_exec+0x860/0x860 [ 207.199233] ? kvm_unregister_device_ops+0x70/0x70 [ 207.199254] do_vfs_ioctl+0x1de/0x1790 [ 207.222938] ? ioctl_preallocate+0x300/0x300 [ 207.227363] ? __fget_light+0x2e9/0x430 [ 207.231369] ? fget_raw+0x20/0x20 [ 207.234830] ? _copy_to_user+0xc8/0x110 [ 207.238821] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 207.244399] ? put_timespec64+0x10f/0x1b0 [ 207.248558] ? nsecs_to_jiffies+0x30/0x30 [ 207.252766] ? security_file_ioctl+0x94/0xc0 [ 207.257202] ksys_ioctl+0xa9/0xd0 [ 207.260672] __x64_sys_ioctl+0x73/0xb0 [ 207.264570] do_syscall_64+0x1b9/0x820 [ 207.268468] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 207.273848] ? syscall_return_slowpath+0x5e0/0x5e0 [ 207.278785] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 207.283644] ? trace_hardirqs_on_caller+0x310/0x310 [ 207.288674] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 207.293705] ? prepare_exit_to_usermode+0x291/0x3b0 [ 207.298748] ? trace_hardirqs_off_thunk+0x1a/0x1c 23:33:22 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlock2(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x0) mremap(&(0x7f0000a93000/0x3000)=nil, 0x3000, 0xe000, 0x3, &(0x7f0000b18000/0xe000)=nil) munlockall() 23:33:22 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, &(0x7f0000000340)) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1a3, 0x0) 23:33:22 executing program 3: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x4001, 0x0) 23:33:22 executing program 2: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x20001, 0x70, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() clock_gettime(0x3, &(0x7f0000000400)) clock_nanosleep(0x2, 0x1, &(0x7f0000000040), 0x0) timer_create(0x2000000, &(0x7f0000000480)={0x0, 0x30}, &(0x7f00000004c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, &(0x7f0000000000)) r1 = creat(&(0x7f0000000300)='./file0\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[]}}, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000340)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}, &(0x7f0000000380)=0x10) getpid() syz_open_dev$midi(0x0, 0xffffffffffff8001, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000200)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x2, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0xffffff77}], 0x1, &(0x7f00000001c0)=""/17, 0xffda}, 0x3f00) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, 0x0, 0x0) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(0xffffffffffffffff, 0x111, 0x5, 0x0, 0xfffffffffffffeff) tkill(r0, 0x1004000000016) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1b) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x4d, 0x0, 0x0, 0x0, 0x8}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r2, 0x0, 0x0) 23:33:22 executing program 4: ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) 23:33:22 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, &(0x7f0000000340)) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1a3, 0x0) 23:33:22 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/sockcreate\x00') preadv(r0, &(0x7f00000017c0), 0x1a3, 0x0) 23:33:22 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/sockcreate\x00') preadv(r0, &(0x7f00000017c0), 0x1a3, 0x0) [ 207.303613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.308809] RIP: 0033:0x457669 [ 207.312027] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 207.320553] kobject: 'loop1' (000000000d7c37fe): kobject_uevent_env [ 207.330934] RSP: 002b:00007f37ec3f4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 207.330963] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 207.330971] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 207.330979] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 207.330988] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f37ec3f56d4 [ 207.330995] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 207.338438] Kernel Offset: disabled [ 207.386071] Rebooting in 86400 seconds..