[info] Using makefile-style concurrent boot in runlevel 2. [ 24.939555] audit: type=1800 audit(1540791818.063:21): pid=5507 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.96' (ECDSA) to the list of known hosts. 2018/10/29 05:43:56 fuzzer started 2018/10/29 05:43:58 dialing manager at 10.128.0.26:41523 2018/10/29 05:43:58 syscalls: 1 2018/10/29 05:43:58 code coverage: enabled 2018/10/29 05:43:58 comparison tracing: enabled 2018/10/29 05:43:58 setuid sandbox: enabled 2018/10/29 05:43:58 namespace sandbox: enabled 2018/10/29 05:43:58 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/29 05:43:58 fault injection: enabled 2018/10/29 05:43:58 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/29 05:43:58 net packed injection: enabled 2018/10/29 05:43:58 net device setup: enabled 05:47:18 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x40000004248, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$evdev(r0, &(0x7f0000000000)=[{{}, 0x1, 0x1c, 0x40000000002}, {}], 0x38b) syzkaller login: [ 244.980889] IPVS: ftp: loaded support on port[0] = 21 05:47:18 executing program 1: timer_create(0x0, &(0x7f0000000180)={0x0, 0x200000000012}, &(0x7f0000000040)) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000100), 0x10000000000002f4, 0x0) [ 245.248010] IPVS: ftp: loaded support on port[0] = 21 05:47:18 executing program 2: openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f00000000c0)={0x0, 0x800}, &(0x7f00000001c0)=0x8) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000100)="66ba400066ed48b8ad592a1773f85c1e0f23d00f21f8353000000b0f23f866bad104b000ee0f01c9c461216b78fd66470f3838a0f0ffffff420f323ef2430f001a26f20f090f20c035020000000f22c0", 0x50}], 0x24e, 0x0, &(0x7f0000000100), 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) write$P9_RSYMLINK(0xffffffffffffffff, &(0x7f0000000080)={0x14, 0x11, 0x0, {0x10, 0x0, 0x8}}, 0x14) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) pipe2(&(0x7f0000000000), 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 245.537185] IPVS: ftp: loaded support on port[0] = 21 05:47:19 executing program 3: getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000040)=ANY=[@ANYBLOB="6e8000000010fdffffff00010000d08415"], &(0x7f0000000140)=0x1) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000040)) prctl$getreaper(0x66, &(0x7f0000000040)) [ 246.052964] IPVS: ftp: loaded support on port[0] = 21 05:47:19 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f00000001c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x2) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='numa_maps\x00') r2 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) sendfile(r2, r1, &(0x7f0000000180)=0x23, 0x10013c93a) eventfd2(0x5, 0x80800) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$PIO_FONTRESET(r1, 0x4b6d, 0x0) getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x3, &(0x7f00000004c0)=""/245, 0xf5) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000400)) ioctl$SG_SET_KEEP_ORPHAN(r1, 0x2287, &(0x7f0000000640)=0x101) syz_open_dev$adsp(&(0x7f0000000280)='/dev/adsp#\x00', 0x0, 0x6000) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000380)={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000003c0)=0x1c) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x10200, 0x2, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) rt_sigsuspend(&(0x7f0000000440)={0xfc}, 0x8) recvfrom$inet(r1, &(0x7f0000000300)=""/10, 0xa, 0x0, &(0x7f0000000340)={0x2, 0x4e21, @rand_addr=0x80}, 0x10) setsockopt$IP_VS_SO_SET_TIMEOUT(r2, 0x0, 0x48a, &(0x7f0000000480)={0x7, 0x100000001, 0x3}, 0xc) [ 246.659386] IPVS: ftp: loaded support on port[0] = 21 [ 246.899432] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.921714] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.929489] device bridge_slave_0 entered promiscuous mode [ 246.980091] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.010804] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.018341] device bridge_slave_0 entered promiscuous mode 05:47:20 executing program 5: socketpair$unix(0x1, 0x4000000000002, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffee1, 0x0, 0x0) shutdown(r0, 0x0) [ 247.113752] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.133896] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.161494] device bridge_slave_1 entered promiscuous mode [ 247.180691] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.187189] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.212376] device bridge_slave_1 entered promiscuous mode [ 247.280272] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 247.349579] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 247.363214] IPVS: ftp: loaded support on port[0] = 21 [ 247.393281] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 247.498588] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 247.802808] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.809556] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.831771] device bridge_slave_0 entered promiscuous mode [ 247.840775] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 247.905239] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 247.985296] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.999416] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.010823] device bridge_slave_1 entered promiscuous mode [ 248.039548] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 248.061145] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 248.166120] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 248.240787] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.253658] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.271379] device bridge_slave_0 entered promiscuous mode [ 248.291533] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 248.306207] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 248.331557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 248.416818] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.427855] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.435913] device bridge_slave_1 entered promiscuous mode [ 248.461735] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 248.490061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 248.614404] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 248.654368] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 248.700850] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 248.721926] team0: Port device team_slave_0 added [ 248.782029] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 248.827384] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 248.889592] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 248.912318] team0: Port device team_slave_1 added [ 248.919887] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.928679] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.936961] device bridge_slave_0 entered promiscuous mode [ 248.946404] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 248.971303] team0: Port device team_slave_0 added [ 249.060545] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 249.093325] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.099818] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.109626] device bridge_slave_1 entered promiscuous mode [ 249.139574] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 249.150524] team0: Port device team_slave_1 added [ 249.231305] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 249.243913] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 249.295791] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 249.334000] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 249.351529] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 249.359619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 249.386055] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 249.420408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 249.431220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 249.440509] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 249.450909] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 249.465325] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 249.474372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 249.511018] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 249.559251] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 249.566897] team0: Port device team_slave_0 added [ 249.620636] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 249.627733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 249.636063] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 249.658992] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 249.680910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 249.698977] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 249.724695] team0: Port device team_slave_1 added [ 249.772729] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 249.782138] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 249.800740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 249.842419] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 249.865607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 249.885950] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 249.904791] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 249.930971] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 249.939032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 249.970715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 249.978721] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 249.990132] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.996522] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.011315] device bridge_slave_0 entered promiscuous mode [ 250.032452] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 250.065725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 250.093560] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.110731] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.141709] device bridge_slave_1 entered promiscuous mode [ 250.225100] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 250.237354] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 250.259778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 250.275888] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 250.293318] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 250.326901] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 250.353358] team0: Port device team_slave_0 added [ 250.361938] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 250.368810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 250.385516] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 250.428334] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 250.439715] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 250.456683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 250.500226] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 250.509483] team0: Port device team_slave_1 added [ 250.523554] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 250.539207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 250.651611] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 250.658521] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 250.675353] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 250.806742] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 250.826582] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 250.851251] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 250.880784] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 250.923547] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 250.942413] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 250.958283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 251.011250] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 251.020860] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 251.030873] team0: Port device team_slave_0 added [ 251.039522] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.046142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.053433] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.059855] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.080602] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 251.090656] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 251.111807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 251.140925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 251.177615] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 251.204710] team0: Port device team_slave_1 added [ 251.320983] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 251.332530] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 251.354959] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 251.380655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 251.440860] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 251.447805] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 251.467235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 251.485834] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.492343] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.499051] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.505521] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.513841] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 251.641063] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 251.648429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 251.670905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 251.803412] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 251.814687] team0: Port device team_slave_0 added [ 251.835253] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 251.847688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 251.863770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 251.960528] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 251.970900] team0: Port device team_slave_1 added [ 252.049622] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.056111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 252.062857] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.069267] bridge0: port 1(bridge_slave_0) entered forwarding state [ 252.107774] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 252.183647] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 252.326259] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 252.337054] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 252.345262] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 252.443960] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 252.465943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 252.475199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 252.575758] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 252.591286] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 252.599346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 252.623964] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.630433] bridge0: port 2(bridge_slave_1) entered forwarding state [ 252.637135] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.643608] bridge0: port 1(bridge_slave_0) entered forwarding state [ 252.653614] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 253.340517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 253.373328] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.379767] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.386545] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.392979] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.423504] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 253.999246] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.005711] bridge0: port 2(bridge_slave_1) entered forwarding state [ 254.012452] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.018837] bridge0: port 1(bridge_slave_0) entered forwarding state [ 254.047637] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 254.381140] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 254.388505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 256.680390] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.055786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.154897] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.200742] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 257.497349] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 257.612990] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 257.660807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.750243] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 257.765782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 257.781145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 258.057348] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 258.079308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 258.089377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 258.132156] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 258.154743] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 258.163124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 258.177550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 258.205688] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.448390] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.617784] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 258.632061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 258.640892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 258.671349] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.684459] 8021q: adding VLAN 0 to HW filter on device bond0 [ 259.107247] 8021q: adding VLAN 0 to HW filter on device team0 [ 259.209659] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 259.340922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 259.633841] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 259.658243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 259.670998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 259.817668] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 260.085012] 8021q: adding VLAN 0 to HW filter on device team0 [ 260.383940] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 260.394263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 260.410672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 260.921648] 8021q: adding VLAN 0 to HW filter on device team0 05:47:34 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) 05:47:34 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000e15000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="71e66daf", 0x4) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendto(r1, &(0x7f00005c8f58), 0xfffffffffffffeee, 0x0, &(0x7f0000351ff0)=@ipx={0x4, 0x0, 0x0, "a074edebb7e1"}, 0x10) recvmmsg(r1, &(0x7f0000007a80)=[{{&(0x7f0000001cc0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f0000002f00)=[{&(0x7f0000001d40)=""/161, 0xa1}, {&(0x7f0000001e00)=""/144, 0x90}], 0x2, &(0x7f0000002f40)}}], 0x1, 0x0, &(0x7f0000007c00)={0x77359400}) [ 261.585097] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 05:47:34 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x104, 0x2) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x40000, 0x0) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff4d}, [{}]}, 0x78) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000240)=0x0) capget(&(0x7f0000000280)={0x0, r2}, &(0x7f00000002c0)={0x3, 0x80000000, 0x0, 0x800, 0x2, 0xb6}) r3 = inotify_add_watch(r0, &(0x7f00000001c0)='./file0\x00', 0x800) inotify_rm_watch(r1, r3) utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, 0x0}) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000200)) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x6, 0xffffffffffffff15, 0x10000000000, 0x3, 0x0, 0x7, 0x64000, 0xd, 0x86e, 0x8, 0x5, 0x8, 0x6, 0x2, 0x6, 0x0, 0x100000000, 0x1c, 0x5, 0x2, 0x1, 0x9, 0xff, 0xe4, 0x100000000, 0x3f, 0x2, 0x79d2, 0xfff, 0x12, 0x2, 0x63, 0xffffffffffffff80, 0xffffffffffffff7f, 0x1000, 0x7ff, 0x0, 0x2, 0x7, @perf_config_ext={0xfffffffffffffffb, 0x5}, 0x4004, 0x7, 0xf10, 0x0, 0x5c, 0x1}, r4, 0x5, 0xffffffffffffffff, 0x3) 05:47:34 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") socket$alg(0x26, 0x5, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo/3\x00') preadv(r1, &(0x7f0000000480), 0x10000000000001cf, 0x0) 05:47:35 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") socket$alg(0x26, 0x5, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo/3\x00') preadv(r1, &(0x7f0000000480), 0x10000000000001cf, 0x0) [ 261.882588] hrtimer: interrupt took 31470 ns [ 261.900203] sg_write: data in/out 131036/74 bytes for SCSI command 0xff-- guessing data in; [ 261.900203] program syz-executor1 not setting count and/or reply_len properly 05:47:35 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x104, 0x2) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x40000, 0x0) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff4d}, [{}]}, 0x78) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000240)=0x0) capget(&(0x7f0000000280)={0x0, r2}, &(0x7f00000002c0)={0x3, 0x80000000, 0x0, 0x800, 0x2, 0xb6}) r3 = inotify_add_watch(r0, &(0x7f00000001c0)='./file0\x00', 0x800) inotify_rm_watch(r1, r3) utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, 0x0}) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000200)) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x6, 0xffffffffffffff15, 0x10000000000, 0x3, 0x0, 0x7, 0x64000, 0xd, 0x86e, 0x8, 0x5, 0x8, 0x6, 0x2, 0x6, 0x0, 0x100000000, 0x1c, 0x5, 0x2, 0x1, 0x9, 0xff, 0xe4, 0x100000000, 0x3f, 0x2, 0x79d2, 0xfff, 0x12, 0x2, 0x63, 0xffffffffffffff80, 0xffffffffffffff7f, 0x1000, 0x7ff, 0x0, 0x2, 0x7, @perf_config_ext={0xfffffffffffffffb, 0x5}, 0x4004, 0x7, 0xf10, 0x0, 0x5c, 0x1}, r4, 0x5, 0xffffffffffffffff, 0x3) [ 262.095838] sg_write: data in/out 131036/74 bytes for SCSI command 0xff-- guessing data in; [ 262.095838] program syz-executor1 not setting count and/or reply_len properly 05:47:35 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") socket$alg(0x26, 0x5, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo/3\x00') preadv(r1, &(0x7f0000000480), 0x10000000000001cf, 0x0) 05:47:35 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x104, 0x2) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x40000, 0x0) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff4d}, [{}]}, 0x78) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000240)=0x0) capget(&(0x7f0000000280)={0x0, r2}, &(0x7f00000002c0)={0x3, 0x80000000, 0x0, 0x800, 0x2, 0xb6}) r3 = inotify_add_watch(r0, &(0x7f00000001c0)='./file0\x00', 0x800) inotify_rm_watch(r1, r3) utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, 0x0}) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000200)) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x6, 0xffffffffffffff15, 0x10000000000, 0x3, 0x0, 0x7, 0x64000, 0xd, 0x86e, 0x8, 0x5, 0x8, 0x6, 0x2, 0x6, 0x0, 0x100000000, 0x1c, 0x5, 0x2, 0x1, 0x9, 0xff, 0xe4, 0x100000000, 0x3f, 0x2, 0x79d2, 0xfff, 0x12, 0x2, 0x63, 0xffffffffffffff80, 0xffffffffffffff7f, 0x1000, 0x7ff, 0x0, 0x2, 0x7, @perf_config_ext={0xfffffffffffffffb, 0x5}, 0x4004, 0x7, 0xf10, 0x0, 0x5c, 0x1}, r4, 0x5, 0xffffffffffffffff, 0x3) 05:47:35 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x104, 0x2) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x40000, 0x0) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff4d}, [{}]}, 0x78) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000240)=0x0) capget(&(0x7f0000000280)={0x0, r2}, &(0x7f00000002c0)={0x3, 0x80000000, 0x0, 0x800, 0x2, 0xb6}) r3 = inotify_add_watch(r0, &(0x7f00000001c0)='./file0\x00', 0x800) inotify_rm_watch(r1, r3) utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, 0x0}) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000200)) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x6, 0xffffffffffffff15, 0x10000000000, 0x3, 0x0, 0x7, 0x64000, 0xd, 0x86e, 0x8, 0x5, 0x8, 0x6, 0x2, 0x6, 0x0, 0x100000000, 0x1c, 0x5, 0x2, 0x1, 0x9, 0xff, 0xe4, 0x100000000, 0x3f, 0x2, 0x79d2, 0xfff, 0x12, 0x2, 0x63, 0xffffffffffffff80, 0xffffffffffffff7f, 0x1000, 0x7ff, 0x0, 0x2, 0x7, @perf_config_ext={0xfffffffffffffffb, 0x5}, 0x4004, 0x7, 0xf10, 0x0, 0x5c, 0x1}, r4, 0x5, 0xffffffffffffffff, 0x3) 05:47:35 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 262.368395] sg_write: data in/out 131036/74 bytes for SCSI command 0xff-- guessing data in; [ 262.368395] program syz-executor1 not setting count and/or reply_len properly [ 262.376204] sg_write: data in/out 131036/74 bytes for SCSI command 0xff-- guessing data in; [ 262.376204] program syz-executor3 not setting count and/or reply_len properly 05:47:36 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f00000001c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x2) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='numa_maps\x00') r2 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) sendfile(r2, r1, &(0x7f0000000180)=0x23, 0x10013c93a) eventfd2(0x5, 0x80800) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$PIO_FONTRESET(r1, 0x4b6d, 0x0) getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x3, &(0x7f00000004c0)=""/245, 0xf5) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000400)) ioctl$SG_SET_KEEP_ORPHAN(r1, 0x2287, &(0x7f0000000640)=0x101) syz_open_dev$adsp(&(0x7f0000000280)='/dev/adsp#\x00', 0x0, 0x6000) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000380)={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000003c0)=0x1c) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x10200, 0x2, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) rt_sigsuspend(&(0x7f0000000440)={0xfc}, 0x8) recvfrom$inet(r1, &(0x7f0000000300)=""/10, 0xa, 0x0, &(0x7f0000000340)={0x2, 0x4e21, @rand_addr=0x80}, 0x10) setsockopt$IP_VS_SO_SET_TIMEOUT(r2, 0x0, 0x48a, &(0x7f0000000480)={0x7, 0x100000001, 0x3}, 0xc) 05:47:37 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000340)={0x1, 0x0, 0x0, 0x0, "73797a3100000000004000100000000000000000fdffffff007d00000000000000000800"}) 05:47:37 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") socket$alg(0x26, 0x5, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo/3\x00') preadv(r1, &(0x7f0000000480), 0x10000000000001cf, 0x0) 05:47:37 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='\x00\n\x00\x00\x00') writev(r0, &(0x7f0000000080), 0x1a6) 05:47:37 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x104, 0x2) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x40000, 0x0) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff4d}, [{}]}, 0x78) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000240)=0x0) capget(&(0x7f0000000280)={0x0, r2}, &(0x7f00000002c0)={0x3, 0x80000000, 0x0, 0x800, 0x2, 0xb6}) r3 = inotify_add_watch(r0, &(0x7f00000001c0)='./file0\x00', 0x800) inotify_rm_watch(r1, r3) utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, 0x0}) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000200)) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x6, 0xffffffffffffff15, 0x10000000000, 0x3, 0x0, 0x7, 0x64000, 0xd, 0x86e, 0x8, 0x5, 0x8, 0x6, 0x2, 0x6, 0x0, 0x100000000, 0x1c, 0x5, 0x2, 0x1, 0x9, 0xff, 0xe4, 0x100000000, 0x3f, 0x2, 0x79d2, 0xfff, 0x12, 0x2, 0x63, 0xffffffffffffff80, 0xffffffffffffff7f, 0x1000, 0x7ff, 0x0, 0x2, 0x7, @perf_config_ext={0xfffffffffffffffb, 0x5}, 0x4004, 0x7, 0xf10, 0x0, 0x5c, 0x1}, r4, 0x5, 0xffffffffffffffff, 0x3) 05:47:37 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/ptmx\x00', 0x0, 0x0) read(0xffffffffffffffff, &(0x7f0000000600)=""/11, 0xfe1c) syz_open_procfs(0x0, &(0x7f0000000180)="2f65786500000000000409004bdd070000a4d119698f1c12750f798058439ed554fa07424adee901d2da75cb85b4b7a1350588743c8d9baf1f02acc7edbcd7a071fb35331ce39c5a8b0bd6dcaf21bc211317ffef33867ccc5b8f1439b56d341662bc8880979843b3355236be93426485f99f87998f48ad7ffa29bda080d701b70d252407218fad612e074583416711ec1053ba40f26809a95171a9") fsetxattr(0xffffffffffffffff, &(0x7f0000000000)=@known='user.syz\x00', &(0x7f00000000c0)='\x00', 0xfe9, 0x0) ioctl$KDDISABIO(r0, 0x4b37) 05:47:37 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000000c0)="0a5c2d0240316285717070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000e15000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="71e66daf", 0x4) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendto(r2, &(0x7f00005c8f58), 0xfffffffffffffeee, 0x0, &(0x7f0000351ff0)=@ipx={0x4, 0x0, 0x0, "a074edebb7e1"}, 0x10) recvmmsg(r2, &(0x7f0000007a80)=[{{&(0x7f0000001cc0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f0000002f00)=[{&(0x7f0000001f00)=""/4096, 0x1000}], 0x1, &(0x7f0000002f40)}}], 0x1, 0x0, &(0x7f0000007c00)={0x77359400}) 05:47:37 executing program 0: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee6b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x7}, 0x14) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)) creat(&(0x7f0000000400)='./file0\x00', 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) close(r1) [ 263.950645] sg_write: data in/out 131036/74 bytes for SCSI command 0xff-- guessing data in; [ 263.950645] program syz-executor1 not setting count and/or reply_len properly 05:47:37 executing program 3: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$apparmor_current(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="7065726d68617420dd8cee63fa853078303030303030303030303030303030305e2d837070703100006368616e6765686174204040406208914ac9a46465767d00006368696e67"], 0x1) 05:47:37 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") socket$alg(0x26, 0x5, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000001cf, 0x0) 05:47:37 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x104, 0x2) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x40000, 0x0) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff4d}, [{}]}, 0x78) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000240)=0x0) capget(&(0x7f0000000280)={0x0, r2}, &(0x7f00000002c0)={0x3, 0x80000000, 0x0, 0x800, 0x2, 0xb6}) r3 = inotify_add_watch(r0, &(0x7f00000001c0)='./file0\x00', 0x800) inotify_rm_watch(r1, r3) utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000200)) 05:47:37 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0xfffffff0}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x28, 0xb01, 0x0, 0x0, {0x6}}, 0x14}}, 0x0) [ 264.218902] sg_write: data in/out 131036/74 bytes for SCSI command 0xff-- guessing data in; [ 264.218902] program syz-executor1 not setting count and/or reply_len properly 05:47:37 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f00000001c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x2) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='numa_maps\x00') r2 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) sendfile(r2, r1, &(0x7f0000000180)=0x23, 0x10013c93a) eventfd2(0x5, 0x80800) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$PIO_FONTRESET(r1, 0x4b6d, 0x0) getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x3, &(0x7f00000004c0)=""/245, 0xf5) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000400)) ioctl$SG_SET_KEEP_ORPHAN(r1, 0x2287, &(0x7f0000000640)=0x101) syz_open_dev$adsp(&(0x7f0000000280)='/dev/adsp#\x00', 0x0, 0x6000) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000380)={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000003c0)=0x1c) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x10200, 0x2, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) rt_sigsuspend(&(0x7f0000000440)={0xfc}, 0x8) recvfrom$inet(r1, &(0x7f0000000300)=""/10, 0xa, 0x0, &(0x7f0000000340)={0x2, 0x4e21, @rand_addr=0x80}, 0x10) setsockopt$IP_VS_SO_SET_TIMEOUT(r2, 0x0, 0x48a, &(0x7f0000000480)={0x7, 0x100000001, 0x3}, 0xc) 05:47:37 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") socket$alg(0x26, 0x5, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000001cf, 0x0) 05:47:37 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) setsockopt$inet6_tcp_int(r2, 0x6, 0x1e, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) 05:47:37 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0xfffffff0}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x28, 0xb01, 0x0, 0x0, {0x6}}, 0x14}}, 0x0) 05:47:37 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x104, 0x2) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x40000, 0x0) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff4d}, [{}]}, 0x78) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000240)=0x0) capget(&(0x7f0000000280)={0x0, r2}, &(0x7f00000002c0)={0x3, 0x80000000, 0x0, 0x800, 0x2, 0xb6}) r3 = inotify_add_watch(r0, &(0x7f00000001c0)='./file0\x00', 0x800) inotify_rm_watch(r1, r3) utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000200)) 05:47:37 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xc, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x1800000000000000, 0x54, 0x29, &(0x7f0000000440)="b90703e6681b00000000000000ead5dc57ee41dea43e63a377fb8a977c3f1d1700040000d80648a2ac141411e0000001e1977d486a72d7363417ef6c909047dc183aea9747b34b3cbaa8ad830be27f3c1c54e771", &(0x7f0000000400)=""/41, 0x100}, 0x28) [ 264.571589] sg_write: data in/out 131036/74 bytes for SCSI command 0xff-- guessing data in; [ 264.571589] program syz-executor1 not setting count and/or reply_len properly [ 264.755858] ODEBUG: object 0000000076e975b6 is on stack 000000001956c031, but NOT annotated. [ 264.767624] WARNING: CPU: 0 PID: 7337 at lib/debugobjects.c:369 __debug_object_init.cold.14+0x51/0xdf [ 264.777001] Kernel panic - not syncing: panic_on_warn set ... [ 264.782908] CPU: 0 PID: 7337 Comm: syz-executor3 Not tainted 4.19.0-rc8-next-20181019+ #99 [ 264.791322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 264.800694] Call Trace: [ 264.803310] dump_stack+0x244/0x39d [ 264.806960] ? dump_stack_print_info.cold.1+0x20/0x20 [ 264.812171] panic+0x2ad/0x55c [ 264.815403] ? add_taint.cold.5+0x16/0x16 [ 264.819571] ? __warn.cold.8+0x5/0x45 [ 264.823388] ? __debug_object_init.cold.14+0x51/0xdf [ 264.828503] __warn.cold.8+0x20/0x45 [ 264.832241] ? __debug_object_init.cold.14+0x51/0xdf [ 264.837365] report_bug+0x254/0x2d0 [ 264.841009] do_error_trap+0x11b/0x200 [ 264.844917] do_invalid_op+0x36/0x40 [ 264.848652] ? __debug_object_init.cold.14+0x51/0xdf [ 264.853770] invalid_op+0x14/0x20 [ 264.857250] RIP: 0010:__debug_object_init.cold.14+0x51/0xdf [ 264.862983] Code: ea 03 80 3c 02 00 75 7c 49 8b 54 24 18 48 89 de 48 c7 c7 80 fb 60 88 4c 89 85 d0 fd ff ff e8 39 f7 d0 fd 4c 8b 85 d0 fd ff ff <0f> 0b e9 09 d6 ff ff 41 83 c4 01 b8 ff ff 37 00 44 89 25 07 c6 87 [ 264.881904] RSP: 0018:ffff8801c0b67308 EFLAGS: 00010086 [ 264.887281] RAX: 0000000000000050 RBX: ffff8801c0b67af8 RCX: ffffc90008595000 [ 264.894569] RDX: 0000000000000000 RSI: ffffffff8165ba85 RDI: 0000000000000005 [ 264.901850] RBP: ffff8801c0b67560 R08: ffff8801ce1a25c0 R09: ffffed003b5c5020 [ 264.909130] R10: ffffed003b5c5020 R11: ffff8801dae28107 R12: ffff8801d4a9a400 [ 264.916415] R13: 000000000001e840 R14: ffff8801d4a9a400 R15: ffff8801ce1a25b0 [ 264.923719] ? vprintk_func+0x85/0x181 [ 264.927629] ? __debug_object_init.cold.14+0x4a/0xdf [ 264.932760] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 264.937369] ? debug_object_free+0x690/0x690 [ 264.942219] ? unwind_get_return_address+0x61/0xa0 [ 264.947168] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 264.952314] ? depot_save_stack+0x292/0x470 [ 264.956656] ? save_stack+0xa9/0xd0 [ 264.960309] ? save_stack+0x43/0xd0 [ 264.963951] ? kasan_kmalloc+0xc7/0xe0 [ 264.967942] ? bpf_test_init.isra.10+0x98/0x100 [ 264.972629] ? zap_class+0x640/0x640 [ 264.975611] kobject: 'loop0' (000000006c4ff0f2): kobject_uevent_env [ 264.976356] ? do_syscall_64+0x1b9/0x820 [ 264.976374] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.976395] ? find_held_lock+0x36/0x1c0 [ 264.982950] kobject: 'loop0' (000000006c4ff0f2): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 264.986880] debug_object_init+0x16/0x20 [ 264.986895] init_timer_key+0xa9/0x480 [ 264.986912] ? init_timer_on_stack_key+0xe0/0xe0 [ 265.018466] ? __might_fault+0x12b/0x1e0 [ 265.022533] ? __lockdep_init_map+0x105/0x590 [ 265.027022] ? __lockdep_init_map+0x105/0x590 [ 265.031513] ? lockdep_init_map+0x9/0x10 [ 265.035575] sock_init_data+0xe1/0xdc0 [ 265.039457] ? sk_stop_timer+0x50/0x50 [ 265.043346] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 265.048901] ? _copy_from_user+0xdf/0x150 [ 265.053099] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 265.058631] ? bpf_test_init.isra.10+0x70/0x100 [ 265.063303] bpf_prog_test_run_skb+0x255/0xc40 [ 265.067881] ? __lock_acquire+0x62f/0x4c20 [ 265.072111] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 265.076949] ? __lock_acquire+0x62f/0x4c20 [ 265.081237] ? fput+0x130/0x1a0 [ 265.084512] ? __bpf_prog_get+0x9b/0x290 [ 265.088572] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 265.093408] bpf_prog_test_run+0x130/0x1a0 [ 265.097636] __x64_sys_bpf+0x3d8/0x510 [ 265.101516] ? bpf_prog_get+0x20/0x20 [ 265.105322] do_syscall_64+0x1b9/0x820 [ 265.109223] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 265.114584] ? syscall_return_slowpath+0x5e0/0x5e0 [ 265.119505] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 265.124342] ? trace_hardirqs_on_caller+0x310/0x310 [ 265.129370] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 265.134400] ? prepare_exit_to_usermode+0x291/0x3b0 [ 265.139423] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 265.144279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 265.149463] RIP: 0033:0x457569 [ 265.152651] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 265.171550] RSP: 002b:00007f1e41165c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 265.179256] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 265.186520] RDX: 0000000000000028 RSI: 0000000020000080 RDI: 000000000000000a [ 265.193784] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 265.201052] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1e411666d4 [ 265.208318] R13: 00000000004bd892 R14: 00000000004cc468 R15: 00000000ffffffff [ 265.215588] [ 265.215593] ====================================================== [ 265.215596] WARNING: possible circular locking dependency detected [ 265.215599] 4.19.0-rc8-next-20181019+ #99 Not tainted [ 265.215603] ------------------------------------------------------ [ 265.215606] syz-executor3/7337 is trying to acquire lock: [ 265.215608] 000000005e31bdca ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70 [ 265.215617] [ 265.215619] but task is already holding lock: [ 265.215621] 00000000f0b6efc1 (&obj_hash[i].lock){-.-.}, at: __debug_object_init+0x127/0x1290 [ 265.215630] [ 265.215633] which lock already depends on the new lock. [ 265.215634] [ 265.215636] [ 265.215639] the existing dependency chain (in reverse order) is: [ 265.215640] [ 265.215642] -> #3 (&obj_hash[i].lock){-.-.}: [ 265.215650] _raw_spin_lock_irqsave+0x99/0xd0 [ 265.215653] __debug_object_init+0x127/0x1290 [ 265.215655] debug_object_init+0x16/0x20 [ 265.215658] hrtimer_init+0x97/0x490 [ 265.215660] init_dl_task_timer+0x1b/0x50 [ 265.215663] __sched_fork+0x2ae/0x590 [ 265.215665] init_idle+0x75/0x740 [ 265.215667] sched_init+0xb33/0xc07 [ 265.215670] start_kernel+0x4be/0xa2b [ 265.215673] x86_64_start_reservations+0x2e/0x30 [ 265.215676] x86_64_start_kernel+0x76/0x79 [ 265.215678] secondary_startup_64+0xa4/0xb0 [ 265.215679] [ 265.215681] -> #2 (&rq->lock){-.-.}: [ 265.215689] _raw_spin_lock+0x2d/0x40 [ 265.215691] task_fork_fair+0xb0/0x6d0 [ 265.215694] sched_fork+0x443/0xba0 [ 265.215696] copy_process+0x25b8/0x8790 [ 265.215698] _do_fork+0x1cb/0x11c0 [ 265.215701] kernel_thread+0x34/0x40 [ 265.215703] rest_init+0x28/0x372 [ 265.215706] arch_call_rest_init+0xe/0x1b [ 265.215708] start_kernel+0x9f0/0xa2b [ 265.215711] x86_64_start_reservations+0x2e/0x30 [ 265.215713] x86_64_start_kernel+0x76/0x79 [ 265.215716] secondary_startup_64+0xa4/0xb0 [ 265.215717] [ 265.215719] -> #1 (&p->pi_lock){-.-.}: [ 265.215727] _raw_spin_lock_irqsave+0x99/0xd0 [ 265.215730] try_to_wake_up+0xdc/0x1490 [ 265.215732] wake_up_process+0x10/0x20 [ 265.215734] __up.isra.1+0x1c0/0x2a0 [ 265.215736] up+0x13c/0x1c0 [ 265.215739] __up_console_sem+0xbe/0x1b0 [ 265.215741] console_unlock+0x80c/0x1190 [ 265.215744] vprintk_emit+0x391/0x990 [ 265.215746] vprintk_default+0x28/0x30 [ 265.215749] vprintk_func+0x7e/0x181 [ 265.215751] printk+0xa7/0xcf [ 265.215753] do_exit.cold.18+0x57/0x16f [ 265.215756] do_group_exit+0x177/0x440 [ 265.215758] __x64_sys_exit_group+0x3e/0x50 [ 265.215761] do_syscall_64+0x1b9/0x820 [ 265.215764] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 265.215765] [ 265.215767] -> #0 ((console_sem).lock){-.-.}: [ 265.215775] lock_acquire+0x1ed/0x520 [ 265.215778] _raw_spin_lock_irqsave+0x99/0xd0 [ 265.215780] down_trylock+0x13/0x70 [ 265.215783] __down_trylock_console_sem+0xae/0x1f0 [ 265.215786] console_trylock+0x15/0xa0 [ 265.215790] vprintk_emit+0x372/0x990 [ 265.215793] vprintk_default+0x28/0x30 [ 265.215795] vprintk_func+0x7e/0x181 [ 265.215797] printk+0xa7/0xcf [ 265.215800] __debug_object_init.cold.14+0x4a/0xdf [ 265.215803] debug_object_init+0x16/0x20 [ 265.215805] init_timer_key+0xa9/0x480 [ 265.215808] sock_init_data+0xe1/0xdc0 [ 265.215810] bpf_prog_test_run_skb+0x255/0xc40 [ 265.215813] bpf_prog_test_run+0x130/0x1a0 [ 265.215815] __x64_sys_bpf+0x3d8/0x510 [ 265.215818] do_syscall_64+0x1b9/0x820 [ 265.215821] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 265.215822] [ 265.215825] other info that might help us debug this: [ 265.215826] [ 265.215828] Chain exists of: [ 265.215830] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 265.215840] [ 265.215842] Possible unsafe locking scenario: [ 265.215844] [ 265.215846] CPU0 CPU1 [ 265.215849] ---- ---- [ 265.215850] lock(&obj_hash[i].lock); [ 265.215856] lock(&rq->lock); [ 265.215861] lock(&obj_hash[i].lock); [ 265.215866] lock((console_sem).lock); [ 265.215871] [ 265.215873] *** DEADLOCK *** [ 265.215874] [ 265.215877] 1 lock held by syz-executor3/7337: [ 265.215878] #0: 00000000f0b6efc1 (&obj_hash[i].lock){-.-.}, at: __debug_object_init+0x127/0x1290 [ 265.215888] [ 265.215890] stack backtrace: [ 265.215894] CPU: 0 PID: 7337 Comm: syz-executor3 Not tainted 4.19.0-rc8-next-20181019+ #99 [ 265.215899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 265.215901] Call Trace: [ 265.215903] dump_stack+0x244/0x39d [ 265.215906] ? dump_stack_print_info.cold.1+0x20/0x20 [ 265.215909] ? vprintk_func+0x85/0x181 [ 265.215915] print_circular_bug.isra.35.cold.54+0x1bd/0x27d [ 265.215920] ? save_trace+0xe0/0x290 [ 265.215925] __lock_acquire+0x3399/0x4c20 [ 265.215929] ? mark_held_locks+0x130/0x130 [ 265.215933] ? put_dec+0xf0/0xf0 [ 265.215938] ? mark_held_locks+0x130/0x130 [ 265.215943] ? pointer_string+0x14e/0x1b0 [ 265.215947] ? number+0xca0/0xca0 [ 265.215951] ? update_load_avg+0x2470/0x2470 [ 265.215956] ? print_usage_bug+0xc0/0xc0 [ 265.215960] ? ptr_to_id+0xd0/0x1d0 [ 265.215965] ? dentry_name+0x8f0/0x8f0 [ 265.215969] ? pick_next_task_fair+0xa35/0x1c90 [ 265.215974] ? zap_class+0x640/0x640 [ 265.215979] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 265.215983] lock_acquire+0x1ed/0x520 [ 265.215987] ? down_trylock+0x13/0x70 [ 265.215992] ? lock_release+0xa10/0xa10 [ 265.215997] ? trace_hardirqs_off+0xb8/0x310 [ 265.216001] ? vprintk_emit+0x1de/0x990 [ 265.216006] ? trace_hardirqs_on+0x310/0x310 [ 265.216011] ? trace_hardirqs_off+0xb8/0x310 [ 265.216015] ? log_store+0x344/0x4c0 [ 265.216020] ? vprintk_emit+0x372/0x990 [ 265.216024] _raw_spin_lock_irqsave+0x99/0xd0 [ 265.216029] ? down_trylock+0x13/0x70 [ 265.216032] down_trylock+0x13/0x70 [ 265.216038] __down_trylock_console_sem+0xae/0x1f0 [ 265.216042] console_trylock+0x15/0xa0 [ 265.216046] vprintk_emit+0x372/0x990 [ 265.216050] ? wake_up_klogd+0x180/0x180 [ 265.216052] ? zap_class+0x640/0x640 [ 265.216055] ? __switch_to_asm+0x34/0x70 [ 265.216057] ? __switch_to_asm+0x40/0x70 [ 265.216060] ? print_usage_bug+0xc0/0xc0 [ 265.216062] ? __switch_to_asm+0x40/0x70 [ 265.216065] ? find_held_lock+0x36/0x1c0 [ 265.216067] vprintk_default+0x28/0x30 [ 265.216069] vprintk_func+0x7e/0x181 [ 265.216072] printk+0xa7/0xcf [ 265.216074] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 265.216077] __debug_object_init.cold.14+0x4a/0xdf [ 265.216080] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 265.216082] ? debug_object_free+0x690/0x690 [ 265.216085] ? unwind_get_return_address+0x61/0xa0 [ 265.216088] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 265.216091] ? depot_save_stack+0x292/0x470 [ 265.216093] ? save_stack+0xa9/0xd0 [ 265.216096] ? save_stack+0x43/0xd0 [ 265.216098] ? kasan_kmalloc+0xc7/0xe0 [ 265.216101] ? bpf_test_init.isra.10+0x98/0x100 [ 265.216103] ? zap_class+0x640/0x640 [ 265.216105] ? do_syscall_64+0x1b9/0x820 [ 265.216108] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 265.216111] ? find_held_lock+0x36/0x1c0 [ 265.216113] debug_object_init+0x16/0x20 [ 265.216115] init_timer_key+0xa9/0x480 [ 265.216118] ? init_timer_on_stack_key+0xe0/0xe0 [ 265.216121] ? __might_fault+0x12b/0x1e0 [ 265.216123] ? __lockdep_init_map+0x105/0x590 [ 265.216126] ? __lockdep_init_map+0x105/0x590 [ 265.216128] ? lockdep_init_map+0x9/0x10 [ 265.216131] sock_init_data+0xe1/0xdc0 [ 265.216133] ? sk_stop_timer+0x50/0x50 [ 265.216136] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 265.216139] ? _copy_from_user+0xdf/0x150 [ 265.216142] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 265.216144] ? bpf_test_init.isra.10+0x70/0x100 [ 265.216147] bpf_prog_test_run_skb+0x255/0xc40 [ 265.216149] ? __lock_acquire+0x62f/0x4c20 [ 265.216152] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 265.216155] ? __lock_acquire+0x62f/0x4c20 [ 265.216157] ? fput+0x130/0x1a0 [ 265.216159] ? __bpf_prog_get+0x9b/0x290 [ 265.216162] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 265.216164] bpf_prog_test_run+0x130/0x1a0 [ 265.216167] __x64_sys_bpf+0x3d8/0x510 [ 265.216169] ? bpf_prog_get+0x20/0x20 [ 265.216190] do_syscall_64+0x1b9/0x820 [ 265.216194] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 265.216197] ? syscall_return_slowpath+0x5e0/0x5e0 [ 265.216200] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 265.216203] ? trace_hardirqs_on_caller+0x310/0x310 [ 265.216206] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 265.216208] ? prepare_exit_to_usermode+0x291/0x3b0 [ 265.216211] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 265.216214] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 265.216216] RIP: 0033:0x457569 [ 265.216225] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 265.216228] RSP: 002b:00007f1e41165c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 265.216235] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 265.216238] RDX: 0000000000000028 RSI: 0000000020000080 RDI: 000000000000000a [ 265.216242] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 265.216246] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1e411666d4 [ 265.216250] R13: 00000000004bd892 R14: 00000000004cc468 R15: 00000000ffffffff [ 265.217131] Kernel Offset: disabled [ 266.124706] Rebooting in 86400 seconds..