[info] Using makefile-style concurrent boot in runlevel 2. [ 26.748928] audit: type=1800 audit(1545588318.019:21): pid=5880 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.127982] sshd (6019) used greatest stack depth: 15424 bytes left Warning: Permanently added '10.128.0.74' (ECDSA) to the list of known hosts. 2018/12/23 18:05:27 fuzzer started 2018/12/23 18:05:29 dialing manager at 10.128.0.26:33943 2018/12/23 18:05:29 syscalls: 1 2018/12/23 18:05:29 code coverage: enabled 2018/12/23 18:05:29 comparison tracing: enabled 2018/12/23 18:05:29 setuid sandbox: enabled 2018/12/23 18:05:29 namespace sandbox: enabled 2018/12/23 18:05:29 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/23 18:05:29 fault injection: enabled 2018/12/23 18:05:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/23 18:05:29 net packet injection: enabled 2018/12/23 18:05:29 net device setup: enabled 18:07:47 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) sendto$inet6(r0, &(0x7f00000001c0)="81", 0x1, 0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000000)='1', 0x1, 0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f00000000c0)="9e", 0x1, 0x0, 0x0, 0x0) [ 176.159170] IPVS: ftp: loaded support on port[0] = 21 18:07:47 executing program 1: r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000180)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000400)="c10100000000000000e5f700ac14140b", 0x10}], 0x1}, 0x0) [ 176.464108] IPVS: ftp: loaded support on port[0] = 21 18:07:47 executing program 2: openat(0xffffffffffffffff, &(0x7f0000000000)='/', 0x0, 0x10b) [ 176.813740] IPVS: ftp: loaded support on port[0] = 21 18:07:48 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x80000002, 0x8972, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000aba000/0x1000)=nil, 0x1000, 0xe000, 0x3, &(0x7f0000bf8000/0xe000)=nil) madvise(&(0x7f0000a62000/0x1000)=nil, 0x1000, 0x10200000008) [ 177.161109] IPVS: ftp: loaded support on port[0] = 21 18:07:48 executing program 4: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="02030606100000000000004c9e0000000200ff7f00000000000000000001000105000600200000000a00000000f4ffffff0400e500000700c6c61fd014bf18d8c95271e754006f0252ffa778f495000000020000627c05000500000900170a00000000000000ff17000000000000000000000000011700000000000000000000"], 0x80}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="020a00000700000028bd70170080000005001a0000000000000000000000eaffac1414aa0000100040400000113c04a23743f008499547b5"], 0x38}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x400000000000134, 0x0) [ 177.762114] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.769154] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.792526] device bridge_slave_0 entered promiscuous mode [ 177.881817] IPVS: ftp: loaded support on port[0] = 21 [ 177.959870] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.967634] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.992388] device bridge_slave_1 entered promiscuous mode 18:07:49 executing program 5: r0 = socket$unix(0x1, 0x2, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f00000002c0)={@multicast1, @rand_addr=0x3a}, 0xc) syncfs(0xffffffffffffffff) fsetxattr$security_evm(0xffffffffffffffff, 0x0, 0x0, 0x4e, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) [ 178.084647] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.206977] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.320325] IPVS: ftp: loaded support on port[0] = 21 [ 178.418358] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.449824] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.458373] device bridge_slave_0 entered promiscuous mode [ 178.587108] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.600616] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.608355] device bridge_slave_1 entered promiscuous mode [ 178.672422] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.784133] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.813104] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 178.939800] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.124677] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.131665] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.147930] device bridge_slave_0 entered promiscuous mode [ 179.249145] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.285852] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.299741] device bridge_slave_1 entered promiscuous mode [ 179.322164] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.353732] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.360102] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.368009] device bridge_slave_0 entered promiscuous mode [ 179.432759] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.475873] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.496919] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.508012] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.521666] device bridge_slave_1 entered promiscuous mode [ 179.531989] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.589455] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.615944] team0: Port device team_slave_0 added [ 179.622509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.638832] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.697633] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.771505] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.795242] team0: Port device team_slave_1 added [ 179.835033] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.950296] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.007018] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.091827] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.125888] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.177349] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.187550] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.195298] device bridge_slave_0 entered promiscuous mode [ 180.221651] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.228761] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.236959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.268500] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.281744] team0: Port device team_slave_0 added [ 180.289246] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 180.306832] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.321846] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.329260] device bridge_slave_1 entered promiscuous mode [ 180.342074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.355208] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.387848] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.404754] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.432062] team0: Port device team_slave_1 added [ 180.437996] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.452041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.475292] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.499290] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.514666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.534574] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.549772] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 180.564578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.579467] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.630830] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.640305] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.654940] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.679554] device bridge_slave_0 entered promiscuous mode [ 180.693241] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 180.733504] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.762648] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 180.774029] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.780383] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.790637] device bridge_slave_1 entered promiscuous mode [ 180.802838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.822012] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.861727] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.872825] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.885334] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.912490] team0: Port device team_slave_0 added [ 180.925843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.943486] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.951581] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.959592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.030022] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.060032] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.094606] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.103866] team0: Port device team_slave_1 added [ 181.111098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.121864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.168570] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.224087] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 181.230938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.239772] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.307237] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.335569] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.352585] team0: Port device team_slave_0 added [ 181.388287] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 181.405822] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.415669] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.447860] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.458077] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.469233] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.513979] team0: Port device team_slave_1 added [ 181.522297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.544480] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 181.568665] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.588797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.621831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.639423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.650515] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.666905] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 181.691137] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.701882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.752159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.772270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.779966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.826264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.909538] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.924564] team0: Port device team_slave_0 added [ 181.937197] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.973881] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.002601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.056252] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.072183] team0: Port device team_slave_1 added [ 182.103053] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.111020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.138994] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.171450] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.269787] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.281101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.299970] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.321882] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.328393] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.335512] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.341955] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.354224] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 182.365910] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.381223] team0: Port device team_slave_0 added [ 182.404686] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.420371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.436370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.481543] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.494830] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.512036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.558931] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.576455] team0: Port device team_slave_1 added [ 182.651796] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.658166] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.665003] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.671422] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.680710] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 182.745526] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.755922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.766500] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.891704] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.898584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.922049] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.970365] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.982059] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.001939] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.080151] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.096700] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.132259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.203724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.239195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.390379] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.396877] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.403676] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.410062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.418121] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.687885] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.694329] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.701018] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.707463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.723133] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.021082] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.027556] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.034278] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.040645] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.069806] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.211472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.218701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.242903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.640539] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.646998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.653729] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.660107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.682373] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.223136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.431922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.872928] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.917703] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 188.255707] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.277760] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 188.360690] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 188.371574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.378739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.655371] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 188.729175] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 188.752427] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.759534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.887925] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.911809] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.121969] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 189.143122] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.150257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.319478] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.330472] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 189.447206] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.621151] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.691806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.752949] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 189.759103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.771973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.832402] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.117664] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.176313] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.333245] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 190.352074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.359153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.569099] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 190.581576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.590528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.778015] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.034300] 8021q: adding VLAN 0 to HW filter on device team0 18:08:03 executing program 0: syz_open_dev$mice(0x0, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmmsg(r0, &(0x7f00000092c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=[{0x10, 0x1, 0x1}], 0x10}}], 0x1, 0x4000) 18:08:03 executing program 0: 18:08:03 executing program 0: 18:08:03 executing program 1: 18:08:03 executing program 0: 18:08:03 executing program 1: 18:08:03 executing program 2: 18:08:03 executing program 0: 18:08:03 executing program 2: [ 193.071490] hrtimer: interrupt took 53411 ns 18:08:04 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x80000002, 0x8972, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000aba000/0x1000)=nil, 0x1000, 0xe000, 0x3, &(0x7f0000bf8000/0xe000)=nil) madvise(&(0x7f0000a62000/0x1000)=nil, 0x1000, 0x10200000008) 18:08:04 executing program 4: 18:08:04 executing program 5: 18:08:04 executing program 1: 18:08:04 executing program 2: 18:08:04 executing program 0: 18:08:04 executing program 4: 18:08:04 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x80000002, 0x8972, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000aba000/0x1000)=nil, 0x1000, 0xe000, 0x3, &(0x7f0000bf8000/0xe000)=nil) madvise(&(0x7f0000a62000/0x1000)=nil, 0x1000, 0x10200000008) 18:08:04 executing program 0: 18:08:04 executing program 4: 18:08:04 executing program 2: 18:08:04 executing program 1: 18:08:04 executing program 5: 18:08:05 executing program 2: 18:08:05 executing program 4: 18:08:05 executing program 0: 18:08:05 executing program 1: 18:08:05 executing program 5: 18:08:05 executing program 2: ioctl$KDGETKEYCODE(0xffffffffffffffff, 0x4b4c, 0x0) getrandom(&(0x7f00000001c0)=""/130, 0x82, 0x3) 18:08:05 executing program 1: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setresgid(0x0, 0x0, r1) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) 18:08:05 executing program 4: r0 = socket(0x40000000015, 0x5, 0x0) recvmmsg(r0, &(0x7f00000052c0)=[{{&(0x7f0000002000)=@nfc_llcp, 0x80, &(0x7f0000000ac0)=[{&(0x7f0000002080)=""/75, 0x4b}], 0x1, 0x0, 0x0, 0x5}}, {{0x0, 0x0, &(0x7f0000005000)=[{0x0}], 0x1}}], 0x2, 0x0, 0x0) bind$inet(r0, &(0x7f0000000840)={0x2, 0x4e20, @loopback}, 0x10) r1 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") sendto$inet(r0, &(0x7f0000000000)='F', 0x1, 0x0, 0x0, 0x0) 18:08:05 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x80000002, 0x8972, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000aba000/0x1000)=nil, 0x1000, 0xe000, 0x3, &(0x7f0000bf8000/0xe000)=nil) madvise(&(0x7f0000a62000/0x1000)=nil, 0x1000, 0x10200000008) 18:08:05 executing program 5: getrandom(&(0x7f00000001c0)=""/130, 0x82, 0x3) 18:08:05 executing program 2: r0 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) setsockopt$inet_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000080), 0xffffffffffffff82) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000180)={{0x2, 0x1}, {0x20000000304, @link_local}, 0x4, {0x2, 0x0, @local}, '\x00\x00\x00\x00\x01\x00\x00\x01\x00'}) 18:08:05 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$hfs(&(0x7f0000000800)='hfs\x00', &(0x7f0000000840)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 194.109741] [ 194.111424] ====================================================== [ 194.117740] WARNING: possible circular locking dependency detected [ 194.120987] kobject: 'loop0' (000000005d04cfec): kobject_uevent_env [ 194.124053] 4.20.0-rc6-next-20181217+ #172 Not tainted [ 194.124060] ------------------------------------------------------ [ 194.124068] syz-executor2/7681 is trying to acquire lock: [ 194.124073] 00000000f2b8511c (&tbl->lock){+.-.}, at: neigh_change_state+0x1dc/0x7a0 [ 194.124116] [ 194.124116] but task is already holding lock: [ 194.161326] 00000000067de8bb (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0 [ 194.168611] [ 194.168611] which lock already depends on the new lock. [ 194.168611] [ 194.176927] [ 194.176927] the existing dependency chain (in reverse order) is: [ 194.184534] [ 194.184534] -> #1 (&n->lock){++--}: [ 194.189644] _raw_write_lock+0x2d/0x40 [ 194.194047] neigh_periodic_work+0x3c0/0xc30 [ 194.198991] process_one_work+0xc90/0x1c40 [ 194.203741] worker_thread+0x17f/0x1390 [ 194.208229] kthread+0x35a/0x440 [ 194.212111] ret_from_fork+0x3a/0x50 [ 194.216349] [ 194.216349] -> #0 (&tbl->lock){+.-.}: [ 194.221635] lock_acquire+0x1ed/0x520 [ 194.225951] _raw_write_lock_bh+0x31/0x40 [ 194.230632] neigh_change_state+0x1dc/0x7a0 [ 194.235502] __neigh_update+0x478/0x1eb0 [ 194.240092] neigh_update+0x37/0x50 [ 194.244241] arp_req_set+0x54c/0xaa0 [ 194.248464] arp_ioctl+0x48b/0xae0 [ 194.252532] inet_ioctl+0x237/0x360 [ 194.256674] sock_do_ioctl+0xeb/0x420 [ 194.261018] sock_ioctl+0x313/0x690 [ 194.265185] do_vfs_ioctl+0x1de/0x1790 [ 194.269590] ksys_ioctl+0xa9/0xd0 [ 194.273560] __x64_sys_ioctl+0x73/0xb0 [ 194.277980] do_syscall_64+0x1b9/0x820 [ 194.282386] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.288083] [ 194.288083] other info that might help us debug this: [ 194.288083] [ 194.296221] Possible unsafe locking scenario: [ 194.296221] [ 194.302268] CPU0 CPU1 [ 194.306928] ---- ---- [ 194.311579] lock(&n->lock); [ 194.314675] lock(&tbl->lock); [ 194.320466] lock(&n->lock); [ 194.326080] lock(&tbl->lock); [ 194.329364] [ 194.329364] *** DEADLOCK *** [ 194.329364] [ 194.335423] 2 locks held by syz-executor2/7681: [ 194.340078] #0: 00000000ef620e61 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 194.347357] #1: 00000000067de8bb (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0 [ 194.355071] [ 194.355071] stack backtrace: [ 194.359569] CPU: 0 PID: 7681 Comm: syz-executor2 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 194.368046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.377406] Call Trace: [ 194.380003] dump_stack+0x244/0x39d [ 194.383629] ? dump_stack_print_info.cold.1+0x20/0x20 [ 194.388820] ? vprintk_func+0x85/0x181 [ 194.392737] print_circular_bug.isra.36.cold.58+0x1bd/0x27d [ 194.398446] ? save_trace+0xe0/0x290 [ 194.402160] __lock_acquire+0x3399/0x4c20 [ 194.406309] ? mark_held_locks+0x130/0x130 [ 194.410543] ? kasan_check_read+0x11/0x20 [ 194.414706] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 194.419984] ? arp_constructor+0x3a5/0xd80 [ 194.424233] ? lock_downgrade+0x900/0x900 [ 194.428396] ? check_preemption_disabled+0x48/0x280 [ 194.433414] ? mark_held_locks+0x130/0x130 [ 194.437646] ? mark_held_locks+0xc7/0x130 [ 194.441790] ? __local_bh_enable_ip+0x160/0x260 [ 194.446457] ? __local_bh_enable_ip+0x160/0x260 [ 194.451141] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 194.455739] ? trace_hardirqs_on+0xbd/0x310 [ 194.460063] ? trace_hardirqs_off_caller+0x310/0x310 [ 194.465167] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.470698] ? ___neigh_create+0x1704/0x2630 [ 194.475101] ? ___neigh_create+0x1704/0x2630 [ 194.479504] lock_acquire+0x1ed/0x520 [ 194.483331] ? neigh_change_state+0x1dc/0x7a0 [ 194.487831] ? lock_release+0xa00/0xa00 [ 194.491808] _raw_write_lock_bh+0x31/0x40 [ 194.495955] ? neigh_change_state+0x1dc/0x7a0 [ 194.500448] neigh_change_state+0x1dc/0x7a0 [ 194.504768] ? neigh_parms_alloc+0x6d0/0x6d0 [ 194.509173] ? mark_held_locks+0xc7/0x130 [ 194.513320] ? kasan_check_write+0x14/0x20 [ 194.517557] ? do_raw_write_lock+0x14f/0x310 [ 194.521971] ? do_raw_read_unlock+0x70/0x70 [ 194.526304] ? neigh_lookup+0x586/0x7c0 [ 194.530279] ? trace_hardirqs_off_caller+0x310/0x310 [ 194.535402] __neigh_update+0x478/0x1eb0 [ 194.539460] ? __local_bh_enable_ip+0x160/0x260 [ 194.544134] ? arp_key_eq+0x10/0xa0 [ 194.547760] ? __neigh_notify+0x160/0x160 [ 194.551917] ? ip_route_output_key_hash_rcu+0x3490/0x3490 [ 194.557453] ? find_held_lock+0x36/0x1c0 [ 194.561522] neigh_update+0x37/0x50 [ 194.565162] arp_req_set+0x54c/0xaa0 [ 194.568876] ? arp_req_delete+0x870/0x870 [ 194.573031] ? apparmor_cred_prepare+0x5a0/0x5a0 [ 194.577812] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.583355] arp_ioctl+0x48b/0xae0 [ 194.586890] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 194.592090] ? arp_constructor+0xd80/0xd80 [ 194.596323] ? futex_wake+0x304/0x760 [ 194.600129] inet_ioctl+0x237/0x360 [ 194.603752] ? inet_stream_connect+0xa0/0xa0 [ 194.608159] ? mark_held_locks+0x130/0x130 [ 194.612404] ? graph_lock+0x270/0x270 [ 194.616230] ? do_futex+0x249/0x26d0 [ 194.619981] ? kmem_cache_alloc_trace+0x356/0x740 [ 194.624820] ? lockdep_init_map+0x105/0x590 [ 194.629137] ? lockdep_init_map+0x105/0x590 [ 194.633478] ? find_held_lock+0x36/0x1c0 [ 194.637555] sock_do_ioctl+0xeb/0x420 [ 194.641372] ? compat_ifr_data_ioctl+0x170/0x170 [ 194.646125] ? check_preemption_disabled+0x48/0x280 [ 194.651137] ? kasan_check_read+0x11/0x20 [ 194.655282] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 194.660582] ? rcu_read_unlock_special+0x370/0x370 [ 194.665517] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 194.670708] sock_ioctl+0x313/0x690 [ 194.674333] ? dlci_ioctl_set+0x40/0x40 [ 194.678306] ? ksys_dup3+0x680/0x680 [ 194.682026] ? __might_fault+0x12b/0x1e0 [ 194.686091] ? lock_downgrade+0x900/0x900 [ 194.690239] ? lock_release+0xa00/0xa00 [ 194.694217] ? perf_trace_sched_process_exec+0x860/0x860 [ 194.699665] ? dlci_ioctl_set+0x40/0x40 [ 194.703639] do_vfs_ioctl+0x1de/0x1790 [ 194.707525] ? ioctl_preallocate+0x300/0x300 [ 194.711940] ? __fget_light+0x2e9/0x430 [ 194.715931] ? fget_raw+0x20/0x20 [ 194.719377] ? _copy_to_user+0xc8/0x110 [ 194.723353] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.728888] ? put_timespec64+0x10f/0x1b0 [ 194.733068] ? nsecs_to_jiffies+0x30/0x30 [ 194.737213] ? do_syscall_64+0x9a/0x820 [ 194.741199] ? do_syscall_64+0x9a/0x820 [ 194.745168] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 194.749751] ? security_file_ioctl+0x94/0xc0 [ 194.754163] ksys_ioctl+0xa9/0xd0 [ 194.757619] __x64_sys_ioctl+0x73/0xb0 [ 194.761507] do_syscall_64+0x1b9/0x820 [ 194.765392] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 194.770755] ? syscall_return_slowpath+0x5e0/0x5e0 [ 194.775681] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 194.780525] ? trace_hardirqs_on_caller+0x310/0x310 [ 194.785545] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 194.790559] ? prepare_exit_to_usermode+0x291/0x3b0 [ 194.795577] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 194.800422] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.805967] RIP: 0033:0x457669 [ 194.809192] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.828103] RSP: 002b:00007f3d99305c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 194.835808] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 194.843329] RDX: 0000000020000180 RSI: 0000000000008955 RDI: 0000000000000003 [ 194.850592] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 18:08:06 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSBRK(r0, 0x5427) 18:08:06 executing program 5: getrandom(&(0x7f00000001c0)=""/130, 0x82, 0x3) [ 194.857857] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d993066d4 [ 194.865146] R13: 00000000004c2747 R14: 00000000004d46f8 R15: 00000000ffffffff [ 194.884234] kobject: 'loop0' (000000005d04cfec): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 194.904568] kobject: 'loop5' (00000000ba08c955): kobject_uevent_env [ 194.911515] kobject: 'loop5' (00000000ba08c955): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 194.921081] hfs: can't find a HFS filesystem on dev loop0 [ 194.929710] kobject: 'loop1' (0000000079d5e6b0): kobject_uevent_env [ 194.937197] kobject: 'loop1' (0000000079d5e6b0): fill_kobj_path: path = '/devices/virtual/block/loop1' 18:08:06 executing program 1: syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000000)="02004200000001000000ff07000000000000000000000000000000000000ffffffc9", 0x22, 0x1c0}]) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 18:08:06 executing program 5: getrandom(&(0x7f00000001c0)=""/130, 0x82, 0x3) [ 194.962009] kobject: 'loop0' (000000005d04cfec): kobject_uevent_env [ 194.979477] kobject: 'loop0' (000000005d04cfec): fill_kobj_path: path = '/devices/virtual/block/loop0' 18:08:06 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x6) fdatasync(r0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="000000004000000254e72d5d345018a35e678fdf2fd40a37d61c0c7ef4938a6daf421a7846819748fd98a87ec6994b620253b36303bbb6f158fffffffffffffffa7d4fb65082b3b24134ae9af28cf5631f661ef5b03b67e6cdd6ba00b7beb2ad76c1c50aa5f6157b7bf8eda4235fd9a23f10ce7e464c6377a67af84f3c9bf02af98270dddd1060d3bacf9f3409b15c7935bc00b9e0653a7d48143b0a173c8892d9a059ba27aa6d1d7a02840ddd2219ace7107b0d2edda429b816e485760dbe99bb7f21813f2cbaa826640c14ad3eba8b8e241fc9dd4a5047191c4256320f9692b423f72c8b8b11b55a9ee683dffa27e7409d5d0f27ae699fabbd3867ef6907cc2bd1c4d272d861e347051cdf0bb9d958d680a521e75543afef443bd31e2918986eeb9b0bee6aa0f9e2434b930ed2301e34b2cd4a8a61c044b41e9bb664b10c3fc3b406c020283106b78231bca7e2d9d4898500896b91263c"], 0x1}}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000200)='net/fib_triestat\x00') fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) r4 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r5 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r4, 0x6) setsockopt(r5, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r5, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) r6 = accept(r4, 0x0, &(0x7f0000000080)=0xfe0f) sendmsg$alg(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000980)="3cf5048e7163ea27da961b58abc6fdd726a3e3c95cad1de31c363355c8e1713e51fe7f59651cc3ac45abe4d057f5137c675ed1994a77351dee893cd34df281c9a23f002a9478039ed67f7b156245f27916f826813ec250d85c0192c16f21dd81efe95b0b969ce99dbf198ee2555098027269016440658583e3662d46fe23e2f3d45c0bc9e61731c225d30af8b12b7608313d88f7a0bdcc6fbdb3c103d6c7ecb56197a96d2c5bdeb8105bab16f495a2016c4eac846d256f43ecfe3604edd6e6c3166a78125ac00878f6e74eebf28e9f31e2eea3ae45c16456ddee6203708bad5a11d90a06dad500942c3c7de6c7e2e6ea754ffce452d745214d4e010f4be714a9ece73e14d28ed7cf52fcebaf48deff2638488d1eddcbdc9aea0d5750bc0b88a8ee86f08747e8817fd62d0c5dccd4006c529949725bbfcca2686601f5d220eb6312ee9b5a4550ad2b7e635cc741cf3981965a252825924fd94f0f0f187653512e74217df2d079465950ab782c00861fd93814a32b59cb33213e2e12f790a331a8cc402208b9da2079efa3e880f69c2836b713245e3c4d0aa7c241469ae701e88c3db83f24a7fe1af322f8821fb3fec1497fb9c6f1ea1c0732d8d9f7c6e1e671a7f4eecc4391bb1d4cbaed353d3e56d6ffd2f21b8bc5368bb85ec382ce13f92aa9f1b242a19db0ce84c822a246a949156187fe0176c3d58f8e012aa17fa0988cbcd85e8d928a3f491e81e2f943f2dad5c1f5c9a7890bf05d78a2be476c52aa75569f28c1144a7bac3465cba51b81b034fca3a9034c64ded7615e8a3a0712c45e0eb0f936ea6bbe35deae994ca8a5e48d74520900e295e55af7c5f893249a230a76779ae8978b10ba296f6a68bbdf732b77d258ebda9fed5d628f8401400e72c471d8b76e08471c7778cc22ff69eca42099069eda6d80eff70e032c7735727866ca75b83db9d740ece0263d56a9dfda7bff84643a7de6f7d677f5b5baf1409080b132dac45d8dd4b9c64b66bc4d177ae8e311f6520ca8173e01b3e8343461214aaa5cddbc01a3f6f9b18c68bb33f98a025ce67aaae25e69208b378925780d96fe76f8306b2dd1a28ea0eaad4095144399f80a85e2fbb8f982361cb7e7e61ad89deb2c6ddc014a14685360f1aa39fbf2dc574543d606d6afd18922c8cf16a62e0a45d6adafde216473039edc7001e9f8aed45eaddd89c2b1df832dafa9988fba8e795c911ed2706db4adf3b1a7db02994a43be04b9c66268aba436c6ba24c6671b19fec3e032c2216d33909ce1cd140fde160a222acac813bfdfdecd18d289d8073287a2f920bd2e1a75725ff4b805acf9fc249be0634c26193bf03555ccfc3008ef2001570bf72d5127236de2bb776069b9c5d6051e28c0f5f7f55d5e4cf04822b52434ff0ce7c9912ea49b692bd1895701be813cf94fad9dbbf3d303a234e2164014259e51e1795d4383baa8d977cfe07e2fbf215549d9d4667ae273227b85ea8de7d7c874b6d5463d2451f4253df0d86fde47f8a138d6cdc616e2bfbd32269bcd0a87e473b7a4349aacc40e795fbc909143d72472b4b1f3742e3f5b119a75b48632eb3f67c90bcf606526f39b72647c8343031b29c2cde6576c3a1dfa8677efea6c7f1904410f9c1170dce23bd4fb64bec2010f44109a83cbbdcaa3f391731e8e0f410c9588fef26e792b76beb6174d5a3b87848f051825e06d06838edc102271970d326c74065089a658f0354027a8da470bdcf7f9548fe1ab24adf12d3bd1427134de4c3aa039c11af4c74bf111e12953ffa17ffbded8945b1cd1dba33753cdb9fc3a14393b8ec4f8497ce27cafe19ba44fa38549b8f052f83dace969f7801358f41caf2a02a01fcd362f8a9c6469fb843ae4718cf5d7f92558865546879b344d9a489c983187592fd116b94835828247b46a43ddd8306c23d23c1b0f5e3388c1af04f5144252dd216fd56f54336ebf0c15e6f7614c42eb184c0d0e741050a8f01f05663e2b214649167419ec62cf342d4286f0b31398bfd93ff2896ade403a6b72e031a9839d21a82ecc8cec3f477c3cedcacf466881201d22c305794491a9ec595af5fcbac6189114e285282753e17651d395d51fab8750607db79c5b41a69d273d9f186688207e8cf1c2000b52db649bfea760fa80178f33c65123f84369cb4c1f5ead16544af44fd5d7889d347868995f873b53777ff94e167813859f019cfb5a9bb29bdf14bfdbf82349d2b146e95e1245701ffa957d2b8320d3bf198e2f8346cb3a1d237c958f8357df9e8859b68a94974a36ed7b2c32744b9b5e7597a7e5064bbd3a1bb326ccabb4ebefdd6348e3054dcfe9a8ccbf959151f43fc15697d4899dcda889663d0d724afe4c802ff0e9c13d3c0bf2372909d4a640882fd9bc12b63d94e7ad4583e8b95245fa7084118fe594e39cf8cb61033f6602a1c679687b5594db16c9e74611be366af5c8d4ad07831dc3e2123253af0f68fd1711bf608f5515a471301b64329c51b2011a03a8ad6c4e399b3245eb218083351e9a621d713187a65368f94205f17d6870527ff14fdc2577d2f6c15077deb2e7ab0ecc869a05d48d8cdc1dd7ea8456a0bb60e70d78f253ef417d8a386dcc255f1b14227ac7ab4de5a9e0158945767431b5e86c8dd00342aa12b27f98676a278f326b4256f19ecdd3d8fae6c4a815f1fb7df919e74b6a5003ae8d14f1d2b614ac6b02355765922f506f097602ee202eb55e3b45907b461692a4a1afbec463b9d19a81cdc93885596ec465220840c21cdbc30a778e26569416c454d117c003c8b0788332341685fad7357a1a3a3672949a7161d28f4f73b7e01d01e133541f3246bb9eb8f4b26dc149e4295b49c7c8fbcacd4c3e02e77f08283d310a5b56bc0630f33b857589de15d2d6bdda73b7ae6dc37d9bd64fe84178f02873861b060b6ac2f91a3ed84c44d8e03deb87d632fd06d93b8c841d5a2fdaf338142d7e54a120b2e162fe0e4b170bb97762fb172a30cc31b1f679be796f0b4865c0704850969a6c741eb3b9ad2fb059fe5da6cf6d3ef3c4c4aad4dbb578da214a57f334db2128769a7f961542e61cece3c24cefe9f6ffe75db1ec936aaa034e4a0486a1850ff4edceed6ac9d6468033b620373e421b42575af337585ed0d08f5b3f91557c8b5e7b515bb15c957213ce31787a9ec274eeb88ddbcc15396355e37f0239b0cc8867d35bc7f8a719ec415f69833feea59e1d7ec6ea8ea2b5efaacd3b1b53651e6e0983faa60950b92514f0d582b4f214a80101a0784d155b1dc2b2cba21fddb31eb10e8af70352a47c1c8eb90fba97d93d75608acdc8465c6907bbf36f3f36e59bfb1eeafbed14726fd34c2354785f1aa65422cce50bac7a9a51a7ecbd4d1d97ae65ebcc1414eaf000165fb15e037539cdfe0bbff3100395d2a6834fbfae1dad1f269ed290316ee18a0666fe682fdeb832c2e4d7818c0f0896d55e696dfababb0f561afc802cb43fb88fac2f5f8ecc18fa40a9d53b7a3bcc19f193e535b89ea96aab74c39c4928f72ba3a88941043a6a6e87db746b42fcc7e575c25c45694d54d6205abbc33331a869b4c4ecf50528d0fa3dc50ea15873ed2f7ee500194203525f70b70094b4c7280e5e6e325d2493273b4acc8d71352fa64d3bd944a79975f5dd597a85d2ad639b55f5f72ce6dd554f48b9236f5d8652c65b5c3a909b420eb60b8330fe43c17ab31eb2ebe54fb906ffe166c86b29fed4947a97117d2eafce1b20d6485d525b948a906c2864c63005cc0571e386a263fc2b68f03ed2377a0a81a48ff726fecc5c476eb3e36fd796e11bb4f8612b57ad8b9ebc7d3e7a2be68380d9e4a447d590d82713504dc0658525ea88400811753fa6234a01f46d9fa7df62b266b5c889f5286b7c72eff18b0425dd9c2e6f1f9778ffa1d14ceeff7d76e05c93e5215a0b8084e2e4d25984a835534453bd7e0ca7579edbabb8fec973978b37c4e70cb2796a2fba6e6235063857851f94b7cbab38ec1297f89dbaaec4b3a11f86b69b273fcecaa1ba1c6c52bf455be9e495e75651e8e6c7f03874f96596a9deb61c14eb68049f3f07bac5becf8ae8add48a4a1b8ce5776a5debee0738b4d7750865606e747ab7f9a86b6d933220c4771d2277c1ab68b6b24d4238ca83a3e4247d13fcda8af5087848f7aa4d8ccf5347f7041ac5ee4429c64f2aa653ae0e7b7c16d2e35d186b20fa7109a193f38a002ad5fbb18a52810b7278ba3c0a0d831dd350730c1c255f2fa639aab2537115e1ac60be26a9d88c8bfa1100c2ae9fa9b245033b010050065a89a7384a572f5b2f121e77bca3e71a881ab8433bc77f63f0629a6eb9ff395b96576a57e75e583fb085786ebd482db53648ab02486abfd600efca097a68f561e43d3ba027fcb2fe1d0fa6612b066a3c95b0177c78b2bb0c99310a3f51ab8a8290507bb5256afe8e67a31b7c2bb643dbf2cfbeedbbde00d3dc481d8c8bdfcf540e85c9cc1d4c2bccdb13bfd5f3d2a4a320043582af152ca716a1d097a7496e0e040ba7446e1ea8d9f22cdda1835960ddbc64d4828745909b865fcb28025d8769f847783b10f50db50e5de2de3e0c5bedff9b928387cf43c1a621001d5903e5e60c9bdfa01f023b134f224533faaf7f218b9797787ceacd7b96853c58e4247634d4faadf56f9a4480c4673d656758aedca41707e6b3753db3db09f7c3be9233bf429c6a0603a14ca44d78a3a3802e3edf7fe1595fc5870637a262eb2e36473e5520b3ba9af4d46fe5b49d1e3a2812e1f502b58a2aa0a472925ab1f4c8bc3687ef1f7a82700021e70f50edef894bf902285e3c087a7f980289c62c8b282fa52072966131f3f3f33686f270ffe938c3cce1eb0623837ae1ffcceb62c95bfc33a06e45db21a2d46e5a8891fa37b8edf93255d6f4441c3ed4b551b7a949f28cec5e001cc31f9a4057cf79485bea15438f42fed35633674249a9e52b17c2434db28612e7a8060016baef0739c34478df046c9c9959de176ba3a52037cc36410d84a5889ad48e42c509ba21c38d8a561ed2689ffa232554491ea9c0fddb", 0xdfa}], 0x1}, 0x800) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x2710}, 0x10) r7 = syz_open_dev$adsp(&(0x7f0000000240)='/dev/adsp#\x00', 0x101, 0x40000) fcntl$getown(r1, 0x9) getgid() getpgid(0xffffffffffffffff) lstat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000002240)) fcntl$getownex(r2, 0x10, &(0x7f0000000300)) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000940), &(0x7f00000022c0)=0xc) ioctl$TIOCGPGRP(r7, 0x540f, &(0x7f0000002300)) fstat(r6, &(0x7f00000000c0)) fcntl$getown(r2, 0x9) getgroups(0x3, &(0x7f00000023c0)=[0xee00, 0xee00, 0xffffffffffffffff]) getpgrp(0xffffffffffffffff) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) sendmmsg(r5, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0) sendfile(r6, r3, &(0x7f0000000180), 0x10000014e) 18:08:06 executing program 4: r0 = socket(0x40000000015, 0x5, 0x0) recvmmsg(r0, &(0x7f00000052c0)=[{{&(0x7f0000002000)=@nfc_llcp, 0x80, &(0x7f0000000ac0)=[{&(0x7f0000002080)=""/75, 0x4b}], 0x1, 0x0, 0x0, 0x5}}, {{0x0, 0x0, &(0x7f0000005000)=[{0x0}], 0x1}}], 0x2, 0x0, 0x0) bind$inet(r0, &(0x7f0000000840)={0x2, 0x4e20, @loopback}, 0x10) r1 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") sendto$inet(r0, &(0x7f0000000000)='F', 0x1, 0x0, 0x0, 0x0) [ 195.039932] kobject: 'loop1' (0000000079d5e6b0): kobject_uevent_env [ 195.056613] kobject: 'loop1' (0000000079d5e6b0): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 195.080874] kobject: 'loop2' (00000000b62a6b4c): kobject_uevent_env 18:08:06 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$hfs(&(0x7f0000000800)='hfs\x00', &(0x7f0000000840)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 18:08:06 executing program 5: getrandom(&(0x7f00000001c0)=""/130, 0x82, 0x3) [ 195.091387] kobject: 'loop2' (00000000b62a6b4c): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 195.138430] Dev loop1: unable to read RDB block 1 [ 195.145740] loop1: AHDI p1 p3 [ 195.147480] kobject: 'loop4' (00000000b5a2f5fe): kobject_uevent_env [ 195.155298] loop1: partition table partially beyond EOD, truncated [ 195.167956] kobject: 'loop1' (0000000079d5e6b0): kobject_uevent_env [ 195.182426] kobject: 'loop0' (000000005d04cfec): kobject_uevent_env [ 195.190276] kobject: 'loop1' (0000000079d5e6b0): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 195.198239] kobject: 'loop4' (00000000b5a2f5fe): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 195.202243] kobject: 'loop0' (000000005d04cfec): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 195.228040] kobject: 'loop0' (000000005d04cfec): kobject_uevent_env [ 195.234707] kobject: 'loop0' (000000005d04cfec): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 195.244763] kobject: 'loop5' (00000000ba08c955): kobject_uevent_env [ 195.251495] kobject: 'loop5' (00000000ba08c955): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 195.261630] kobject: 'loop1' (0000000079d5e6b0): kobject_uevent_env [ 195.273683] kobject: 'loop1' (0000000079d5e6b0): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 195.314709] hfs: can't find a HFS filesystem on dev loop0 [ 195.331188] __loop_clr_fd: partition scan of loop1 failed (rc=-22) 18:08:06 executing program 5: getrandom(0x0, 0x0, 0x3) 18:08:06 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x80000002, 0x8972, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000a62000/0x1000)=nil, 0x1000, 0x10200000008) 18:08:06 executing program 5: getrandom(0x0, 0x0, 0x3) 18:08:06 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$hfs(&(0x7f0000000800)='hfs\x00', &(0x7f0000000840)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 195.361785] kobject: 'loop0' (000000005d04cfec): kobject_uevent_env [ 195.368482] kobject: 'loop0' (000000005d04cfec): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 195.386115] kobject: 'loop1' (0000000079d5e6b0): kobject_uevent_env [ 195.398301] kobject: 'loop1' (0000000079d5e6b0): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 195.454215] kobject: 'loop3' (000000001448887d): kobject_uevent_env [ 195.460686] kobject: 'loop3' (000000001448887d): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 195.463865] kobject: 'loop0' (000000005d04cfec): kobject_uevent_env [ 195.477588] kobject: 'loop0' (000000005d04cfec): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 195.490043] hfs: can't find a HFS filesystem on dev loop0 [ 195.496529] Dev loop1: unable to read RDB block 1 18:08:06 executing program 5: getrandom(0x0, 0x0, 0x3) [ 195.501660] loop1: AHDI p1 p3 [ 195.506663] kobject: 'loop5' (00000000ba08c955): kobject_uevent_env [ 195.513992] loop1: partition table partially beyond EOD, truncated [ 195.525742] kobject: 'loop5' (00000000ba08c955): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 195.537063] kobject: 'loop1' (0000000079d5e6b0): kobject_uevent_env [ 195.543917] kobject: 'loop0' (000000005d04cfec): kobject_uevent_env 18:08:06 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x80000002, 0x8972, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000a62000/0x1000)=nil, 0x1000, 0x10200000008) 18:08:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000240)='./file0\x00', 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) r4 = fanotify_init(0x0, 0x0) fanotify_mark(r4, 0x11, 0x2, r3, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) 18:08:06 executing program 5: getrandom(&(0x7f00000001c0)=""/130, 0x82, 0x0) [ 195.550728] kobject: 'loop0' (000000005d04cfec): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 195.557688] kobject: 'loop1' (0000000079d5e6b0): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 195.651379] kobject: 'loop1' (0000000079d5e6b0): kobject_uevent_env [ 195.657856] kobject: 'loop1' (0000000079d5e6b0): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 195.675273] kobject: 'loop3' (000000001448887d): kobject_uevent_env [ 195.687983] kobject: 'loop3' (000000001448887d): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 195.688394] __loop_clr_fd: partition scan of loop1 failed (rc=-22) [ 195.722239] kobject: 'loop0' (000000005d04cfec): kobject_uevent_env [ 195.734282] kobject: 'loop0' (000000005d04cfec): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 195.746598] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 195.751594] kobject: 'loop5' (00000000ba08c955): kobject_uevent_env [ 195.767643] kobject: 'loop5' (00000000ba08c955): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 195.784497] kobject: 'kvm' (00000000775532bb): kobject_uevent_env [ 195.796107] kobject: 'loop3' (000000001448887d): kobject_uevent_env [ 195.802711] kobject: 'loop3' (000000001448887d): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 195.802928] kobject: 'kvm' (00000000775532bb): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 195.832144] kauditd_printk_skb: 9 callbacks suppressed [ 195.832158] audit: type=1804 audit(1545588487.099:31): pid=7759 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir755563280/syzkaller.uBteja/9/file0" dev="sda1" ino=16534 res=1 [ 195.864817] kobject: 'kvm' (00000000775532bb): kobject_uevent_env [ 195.871094] kobject: 'kvm' (00000000775532bb): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 195.893371] ================================================================== [ 195.900747] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 195.907336] Write of size 832 at addr ffff8881c17c6bc0 by task syz-executor1/7759 [ 195.914949] [ 195.916585] CPU: 1 PID: 7759 Comm: syz-executor1 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 195.925064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.934404] Call Trace: [ 195.937465] dump_stack+0x244/0x39d [ 195.941125] ? dump_stack_print_info.cold.1+0x20/0x20 [ 195.946113] audit: type=1804 audit(1545588487.169:32): pid=7756 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor1" name="/root/syzkaller-testdir755563280/syzkaller.uBteja/9/file0" dev="sda1" ino=16534 res=1 [ 195.946319] ? printk+0xa7/0xcf [ 195.972574] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 195.977338] print_address_description.cold.4+0x9/0x1ff [ 195.982703] ? fpstate_init+0x50/0x160 [ 195.986592] kasan_report.cold.5+0x1b/0x39 [ 195.990818] ? fpstate_init+0x50/0x160 [ 195.994702] ? fpstate_init+0x50/0x160 [ 195.998587] check_memory_region+0x13e/0x1b0 [ 196.003025] memset+0x23/0x40 [ 196.006147] fpstate_init+0x50/0x160 [ 196.009860] kvm_arch_vcpu_init+0x3e9/0x870 [ 196.014181] ? kvm_vcpu_init+0x210/0x420 [ 196.018241] kvm_vcpu_init+0x2fa/0x420 [ 196.022124] ? vcpu_stat_get+0x300/0x300 [ 196.026203] vmx_create_vcpu+0x1b7/0x2695 [ 196.030353] ? preempt_schedule+0x4d/0x60 [ 196.034497] ? perf_trace_sched_process_exec+0x860/0x860 [ 196.039950] ? preempt_schedule_common+0x1f/0xe0 [ 196.044702] ? vmx_exec_control+0x210/0x210 [ 196.049023] ? kasan_check_write+0x14/0x20 [ 196.053256] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 196.058189] ? futex_wait_queue_me+0x55d/0x840 [ 196.062771] ? wait_for_completion+0x8a0/0x8a0 [ 196.067360] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.072904] ? get_futex_value_locked+0xcb/0xf0 [ 196.077571] kvm_arch_vcpu_create+0xe5/0x220 [ 196.081979] ? kvm_arch_vcpu_free+0x90/0x90 [ 196.086303] kvm_vm_ioctl+0x526/0x2030 [ 196.090189] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 196.095287] ? futex_wait+0x5ec/0xa50 [ 196.099085] ? kvm_unregister_device_ops+0x70/0x70 [ 196.104019] ? mark_held_locks+0x130/0x130 [ 196.108286] ? retint_kernel+0x2d/0x2d [ 196.112173] ? trace_hardirqs_on_caller+0xc0/0x310 [ 196.117102] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.121856] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 196.127300] ? futex_wake+0x304/0x760 [ 196.131136] ? mark_held_locks+0x130/0x130 [ 196.135369] ? do_futex+0x249/0x26d0 [ 196.139081] ? kasan_check_read+0x11/0x20 [ 196.143450] ? rcu_read_unlock_special+0x370/0x370 [ 196.148376] ? rcu_softirq_qs+0x20/0x20 [ 196.152348] ? unwind_dump+0x190/0x190 [ 196.156235] ? exit_robust_list+0x280/0x280 [ 196.160553] ? kernel_text_address+0x79/0xf0 [ 196.164963] ? __fget+0x4aa/0x740 [ 196.168419] ? lock_downgrade+0x900/0x900 [ 196.172567] ? lock_release+0xa00/0xa00 [ 196.176541] ? rcu_read_unlock_special+0x370/0x370 [ 196.181477] ? save_stack+0x43/0xd0 [ 196.185101] ? __kasan_slab_free+0x102/0x150 [ 196.189537] ? kasan_slab_free+0xe/0x10 [ 196.193513] ? __fget+0x4d1/0x740 [ 196.196970] ? ksys_dup3+0x680/0x680 [ 196.200692] ? __might_fault+0x12b/0x1e0 [ 196.204756] ? lock_downgrade+0x900/0x900 [ 196.208912] ? lock_release+0xa00/0xa00 [ 196.212886] ? perf_trace_sched_process_exec+0x860/0x860 [ 196.218365] ? kvm_unregister_device_ops+0x70/0x70 [ 196.223325] do_vfs_ioctl+0x1de/0x1790 [ 196.227244] ? ioctl_preallocate+0x300/0x300 [ 196.231652] ? __fget_light+0x2e9/0x430 [ 196.235628] ? fget_raw+0x20/0x20 [ 196.239076] ? _copy_to_user+0xc8/0x110 [ 196.243054] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.248588] ? put_timespec64+0x10f/0x1b0 [ 196.252750] ? nsecs_to_jiffies+0x30/0x30 [ 196.256921] ? security_file_ioctl+0x94/0xc0 [ 196.261365] ksys_ioctl+0xa9/0xd0 [ 196.264819] __x64_sys_ioctl+0x73/0xb0 [ 196.268721] do_syscall_64+0x1b9/0x820 [ 196.272626] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 196.278001] ? syscall_return_slowpath+0x5e0/0x5e0 [ 196.282928] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 196.287772] ? trace_hardirqs_on_caller+0x310/0x310 [ 196.292812] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 196.297826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.303366] ? prepare_exit_to_usermode+0x291/0x3b0 [ 196.308387] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 196.313269] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.318451] RIP: 0033:0x457669 [ 196.321655] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.340550] RSP: 002b:00007ff8be9e3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 196.348273] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 196.355549] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 196.362831] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 196.370097] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff8be9e46d4 [ 196.377359] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 196.384643] [ 196.386267] Allocated by task 7759: [ 196.389893] save_stack+0x43/0xd0 [ 196.393348] kasan_kmalloc+0xcb/0xd0 [ 196.397073] kasan_slab_alloc+0x12/0x20 [ 196.401048] kmem_cache_alloc+0x130/0x730 [ 196.405198] vmx_create_vcpu+0x110/0x2695 [ 196.409340] kvm_arch_vcpu_create+0xe5/0x220 [ 196.413747] kvm_vm_ioctl+0x526/0x2030 [ 196.417628] do_vfs_ioctl+0x1de/0x1790 [ 196.421532] ksys_ioctl+0xa9/0xd0 [ 196.425008] __x64_sys_ioctl+0x73/0xb0 [ 196.428902] do_syscall_64+0x1b9/0x820 [ 196.432809] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.437984] [ 196.439601] Freed by task 0: [ 196.442610] (stack is not available) [ 196.446310] [ 196.447936] The buggy address belongs to the object at ffff8881c17c6b80 [ 196.447936] which belongs to the cache x86_fpu of size 832 [ 196.460244] The buggy address is located 64 bytes inside of [ 196.460244] 832-byte region [ffff8881c17c6b80, ffff8881c17c6ec0) [ 196.472023] The buggy address belongs to the page: [ 196.476947] page:ffffea000705f180 count:1 mapcount:0 mapping:ffff8881d7acf500 index:0x0 [ 196.485085] flags: 0x2fffc0000000200(slab) [ 196.489324] raw: 02fffc0000000200 ffff8881d5161f48 ffff8881d5161f48 ffff8881d7acf500 [ 196.497203] raw: 0000000000000000 ffff8881c17c6040 0000000100000004 0000000000000000 [ 196.505074] page dumped because: kasan: bad access detected [ 196.510770] [ 196.512385] Memory state around the buggy address: [ 196.517312] ffff8881c17c6d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 196.524664] ffff8881c17c6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 196.532020] >ffff8881c17c6e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 196.539378] ^ [ 196.544825] ffff8881c17c6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 196.552182] ffff8881c17c6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 196.559540] ================================================================== [ 196.575655] kobject: 'loop4' (00000000b5a2f5fe): kobject_uevent_env [ 196.578996] Kernel panic - not syncing: panic_on_warn set ... [ 196.582163] kobject: 'loop4' (00000000b5a2f5fe): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 196.587973] CPU: 0 PID: 7759 Comm: syz-executor1 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 196.597729] audit: type=1804 audit(1545588487.169:33): pid=7761 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir755563280/syzkaller.uBteja/9/file0" dev="sda1" ino=16534 res=1 [ 196.607249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.607254] Call Trace: [ 196.607285] dump_stack+0x244/0x39d [ 196.607300] ? dump_stack_print_info.cold.1+0x20/0x20 [ 196.607320] ? fpstate_init+0x30/0x160 [ 196.650119] kobject: 'loop2' (00000000b62a6b4c): kobject_uevent_env [ 196.651515] panic+0x2ad/0x632 [ 196.651546] ? add_taint.cold.5+0x16/0x16 [ 196.651569] ? preempt_schedule+0x4d/0x60 [ 196.655459] kobject: 'loop2' (00000000b62a6b4c): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 196.661858] ? ___preempt_schedule+0x16/0x18 [ 196.661875] ? trace_hardirqs_on+0xb4/0x310 [ 196.661891] ? fpstate_init+0x50/0x160 18:08:07 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x6) fdatasync(r0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="000000004000000254e72d5d345018a35e678fdf2fd40a37d61c0c7ef4938a6daf421a7846819748fd98a87ec6994b620253b36303bbb6f158fffffffffffffffa7d4fb65082b3b24134ae9af28cf5631f661ef5b03b67e6cdd6ba00b7beb2ad76c1c50aa5f6157b7bf8eda4235fd9a23f10ce7e464c6377a67af84f3c9bf02af98270dddd1060d3bacf9f3409b15c7935bc00b9e0653a7d48143b0a173c8892d9a059ba27aa6d1d7a02840ddd2219ace7107b0d2edda429b816e485760dbe99bb7f21813f2cbaa826640c14ad3eba8b8e241fc9dd4a5047191c4256320f9692b423f72c8b8b11b55a9ee683dffa27e7409d5d0f27ae699fabbd3867ef6907cc2bd1c4d272d861e347051cdf0bb9d958d680a521e75543afef443bd31e2918986eeb9b0bee6aa0f9e2434b930ed2301e34b2cd4a8a61c044b41e9bb664b10c3fc3b406c020283106b78231bca7e2d9d4898500896b91263c"], 0x1}}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000200)='net/fib_triestat\x00') fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) r4 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r5 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r4, 0x6) setsockopt(r5, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r5, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) r6 = accept(r4, 0x0, &(0x7f0000000080)=0xfe0f) sendmsg$alg(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000980)="3cf5048e7163ea27da961b58abc6fdd726a3e3c95cad1de31c363355c8e1713e51fe7f59651cc3ac45abe4d057f5137c675ed1994a77351dee893cd34df281c9a23f002a9478039ed67f7b156245f27916f826813ec250d85c0192c16f21dd81efe95b0b969ce99dbf198ee2555098027269016440658583e3662d46fe23e2f3d45c0bc9e61731c225d30af8b12b7608313d88f7a0bdcc6fbdb3c103d6c7ecb56197a96d2c5bdeb8105bab16f495a2016c4eac846d256f43ecfe3604edd6e6c3166a78125ac00878f6e74eebf28e9f31e2eea3ae45c16456ddee6203708bad5a11d90a06dad500942c3c7de6c7e2e6ea754ffce452d745214d4e010f4be714a9ece73e14d28ed7cf52fcebaf48deff2638488d1eddcbdc9aea0d5750bc0b88a8ee86f08747e8817fd62d0c5dccd4006c529949725bbfcca2686601f5d220eb6312ee9b5a4550ad2b7e635cc741cf3981965a252825924fd94f0f0f187653512e74217df2d079465950ab782c00861fd93814a32b59cb33213e2e12f790a331a8cc402208b9da2079efa3e880f69c2836b713245e3c4d0aa7c241469ae701e88c3db83f24a7fe1af322f8821fb3fec1497fb9c6f1ea1c0732d8d9f7c6e1e671a7f4eecc4391bb1d4cbaed353d3e56d6ffd2f21b8bc5368bb85ec382ce13f92aa9f1b242a19db0ce84c822a246a949156187fe0176c3d58f8e012aa17fa0988cbcd85e8d928a3f491e81e2f943f2dad5c1f5c9a7890bf05d78a2be476c52aa75569f28c1144a7bac3465cba51b81b034fca3a9034c64ded7615e8a3a0712c45e0eb0f936ea6bbe35deae994ca8a5e48d74520900e295e55af7c5f893249a230a76779ae8978b10ba296f6a68bbdf732b77d258ebda9fed5d628f8401400e72c471d8b76e08471c7778cc22ff69eca42099069eda6d80eff70e032c7735727866ca75b83db9d740ece0263d56a9dfda7bff84643a7de6f7d677f5b5baf1409080b132dac45d8dd4b9c64b66bc4d177ae8e311f6520ca8173e01b3e8343461214aaa5cddbc01a3f6f9b18c68bb33f98a025ce67aaae25e69208b378925780d96fe76f8306b2dd1a28ea0eaad4095144399f80a85e2fbb8f982361cb7e7e61ad89deb2c6ddc014a14685360f1aa39fbf2dc574543d606d6afd18922c8cf16a62e0a45d6adafde216473039edc7001e9f8aed45eaddd89c2b1df832dafa9988fba8e795c911ed2706db4adf3b1a7db02994a43be04b9c66268aba436c6ba24c6671b19fec3e032c2216d33909ce1cd140fde160a222acac813bfdfdecd18d289d8073287a2f920bd2e1a75725ff4b805acf9fc249be0634c26193bf03555ccfc3008ef2001570bf72d5127236de2bb776069b9c5d6051e28c0f5f7f55d5e4cf04822b52434ff0ce7c9912ea49b692bd1895701be813cf94fad9dbbf3d303a234e2164014259e51e1795d4383baa8d977cfe07e2fbf215549d9d4667ae273227b85ea8de7d7c874b6d5463d2451f4253df0d86fde47f8a138d6cdc616e2bfbd32269bcd0a87e473b7a4349aacc40e795fbc909143d72472b4b1f3742e3f5b119a75b48632eb3f67c90bcf606526f39b72647c8343031b29c2cde6576c3a1dfa8677efea6c7f1904410f9c1170dce23bd4fb64bec2010f44109a83cbbdcaa3f391731e8e0f410c9588fef26e792b76beb6174d5a3b87848f051825e06d06838edc102271970d326c74065089a658f0354027a8da470bdcf7f9548fe1ab24adf12d3bd1427134de4c3aa039c11af4c74bf111e12953ffa17ffbded8945b1cd1dba33753cdb9fc3a14393b8ec4f8497ce27cafe19ba44fa38549b8f052f83dace969f7801358f41caf2a02a01fcd362f8a9c6469fb843ae4718cf5d7f92558865546879b344d9a489c983187592fd116b94835828247b46a43ddd8306c23d23c1b0f5e3388c1af04f5144252dd216fd56f54336ebf0c15e6f7614c42eb184c0d0e741050a8f01f05663e2b214649167419ec62cf342d4286f0b31398bfd93ff2896ade403a6b72e031a9839d21a82ecc8cec3f477c3cedcacf466881201d22c305794491a9ec595af5fcbac6189114e285282753e17651d395d51fab8750607db79c5b41a69d273d9f186688207e8cf1c2000b52db649bfea760fa80178f33c65123f84369cb4c1f5ead16544af44fd5d7889d347868995f873b53777ff94e167813859f019cfb5a9bb29bdf14bfdbf82349d2b146e95e1245701ffa957d2b8320d3bf198e2f8346cb3a1d237c958f8357df9e8859b68a94974a36ed7b2c32744b9b5e7597a7e5064bbd3a1bb326ccabb4ebefdd6348e3054dcfe9a8ccbf959151f43fc15697d4899dcda889663d0d724afe4c802ff0e9c13d3c0bf2372909d4a640882fd9bc12b63d94e7ad4583e8b95245fa7084118fe594e39cf8cb61033f6602a1c679687b5594db16c9e74611be366af5c8d4ad07831dc3e2123253af0f68fd1711bf608f5515a471301b64329c51b2011a03a8ad6c4e399b3245eb218083351e9a621d713187a65368f94205f17d6870527ff14fdc2577d2f6c15077deb2e7ab0ecc869a05d48d8cdc1dd7ea8456a0bb60e70d78f253ef417d8a386dcc255f1b14227ac7ab4de5a9e0158945767431b5e86c8dd00342aa12b27f98676a278f326b4256f19ecdd3d8fae6c4a815f1fb7df919e74b6a5003ae8d14f1d2b614ac6b02355765922f506f097602ee202eb55e3b45907b461692a4a1afbec463b9d19a81cdc93885596ec465220840c21cdbc30a778e26569416c454d117c003c8b0788332341685fad7357a1a3a3672949a7161d28f4f73b7e01d01e133541f3246bb9eb8f4b26dc149e4295b49c7c8fbcacd4c3e02e77f08283d310a5b56bc0630f33b857589de15d2d6bdda73b7ae6dc37d9bd64fe84178f02873861b060b6ac2f91a3ed84c44d8e03deb87d632fd06d93b8c841d5a2fdaf338142d7e54a120b2e162fe0e4b170bb97762fb172a30cc31b1f679be796f0b4865c0704850969a6c741eb3b9ad2fb059fe5da6cf6d3ef3c4c4aad4dbb578da214a57f334db2128769a7f961542e61cece3c24cefe9f6ffe75db1ec936aaa034e4a0486a1850ff4edceed6ac9d6468033b620373e421b42575af337585ed0d08f5b3f91557c8b5e7b515bb15c957213ce31787a9ec274eeb88ddbcc15396355e37f0239b0cc8867d35bc7f8a719ec415f69833feea59e1d7ec6ea8ea2b5efaacd3b1b53651e6e0983faa60950b92514f0d582b4f214a80101a0784d155b1dc2b2cba21fddb31eb10e8af70352a47c1c8eb90fba97d93d75608acdc8465c6907bbf36f3f36e59bfb1eeafbed14726fd34c2354785f1aa65422cce50bac7a9a51a7ecbd4d1d97ae65ebcc1414eaf000165fb15e037539cdfe0bbff3100395d2a6834fbfae1dad1f269ed290316ee18a0666fe682fdeb832c2e4d7818c0f0896d55e696dfababb0f561afc802cb43fb88fac2f5f8ecc18fa40a9d53b7a3bcc19f193e535b89ea96aab74c39c4928f72ba3a88941043a6a6e87db746b42fcc7e575c25c45694d54d6205abbc33331a869b4c4ecf50528d0fa3dc50ea15873ed2f7ee500194203525f70b70094b4c7280e5e6e325d2493273b4acc8d71352fa64d3bd944a79975f5dd597a85d2ad639b55f5f72ce6dd554f48b9236f5d8652c65b5c3a909b420eb60b8330fe43c17ab31eb2ebe54fb906ffe166c86b29fed4947a97117d2eafce1b20d6485d525b948a906c2864c63005cc0571e386a263fc2b68f03ed2377a0a81a48ff726fecc5c476eb3e36fd796e11bb4f8612b57ad8b9ebc7d3e7a2be68380d9e4a447d590d82713504dc0658525ea88400811753fa6234a01f46d9fa7df62b266b5c889f5286b7c72eff18b0425dd9c2e6f1f9778ffa1d14ceeff7d76e05c93e5215a0b8084e2e4d25984a835534453bd7e0ca7579edbabb8fec973978b37c4e70cb2796a2fba6e6235063857851f94b7cbab38ec1297f89dbaaec4b3a11f86b69b273fcecaa1ba1c6c52bf455be9e495e75651e8e6c7f03874f96596a9deb61c14eb68049f3f07bac5becf8ae8add48a4a1b8ce5776a5debee0738b4d7750865606e747ab7f9a86b6d933220c4771d2277c1ab68b6b24d4238ca83a3e4247d13fcda8af5087848f7aa4d8ccf5347f7041ac5ee4429c64f2aa653ae0e7b7c16d2e35d186b20fa7109a193f38a002ad5fbb18a52810b7278ba3c0a0d831dd350730c1c255f2fa639aab2537115e1ac60be26a9d88c8bfa1100c2ae9fa9b245033b010050065a89a7384a572f5b2f121e77bca3e71a881ab8433bc77f63f0629a6eb9ff395b96576a57e75e583fb085786ebd482db53648ab02486abfd600efca097a68f561e43d3ba027fcb2fe1d0fa6612b066a3c95b0177c78b2bb0c99310a3f51ab8a8290507bb5256afe8e67a31b7c2bb643dbf2cfbeedbbde00d3dc481d8c8bdfcf540e85c9cc1d4c2bccdb13bfd5f3d2a4a320043582af152ca716a1d097a7496e0e040ba7446e1ea8d9f22cdda1835960ddbc64d4828745909b865fcb28025d8769f847783b10f50db50e5de2de3e0c5bedff9b928387cf43c1a621001d5903e5e60c9bdfa01f023b134f224533faaf7f218b9797787ceacd7b96853c58e4247634d4faadf56f9a4480c4673d656758aedca41707e6b3753db3db09f7c3be9233bf429c6a0603a14ca44d78a3a3802e3edf7fe1595fc5870637a262eb2e36473e5520b3ba9af4d46fe5b49d1e3a2812e1f502b58a2aa0a472925ab1f4c8bc3687ef1f7a82700021e70f50edef894bf902285e3c087a7f980289c62c8b282fa52072966131f3f3f33686f270ffe938c3cce1eb0623837ae1ffcceb62c95bfc33a06e45db21a2d46e5a8891fa37b8edf93255d6f4441c3ed4b551b7a949f28cec5e001cc31f9a4057cf79485bea15438f42fed35633674249a9e52b17c2434db28612e7a8060016baef0739c34478df046c9c9959de176ba3a52037cc36410d84a5889ad48e42c509ba21c38d8a561ed2689ffa232554491ea9c0fddb", 0xdfa}], 0x1}, 0x800) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x2710}, 0x10) r7 = syz_open_dev$adsp(&(0x7f0000000240)='/dev/adsp#\x00', 0x101, 0x40000) fcntl$getown(r1, 0x9) getgid() getpgid(0xffffffffffffffff) lstat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000002240)) fcntl$getownex(r2, 0x10, &(0x7f0000000300)) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000940), &(0x7f00000022c0)=0xc) ioctl$TIOCGPGRP(r7, 0x540f, &(0x7f0000002300)) fstat(r6, &(0x7f00000000c0)) fcntl$getown(r2, 0x9) getgroups(0x3, &(0x7f00000023c0)=[0xee00, 0xee00, 0xffffffffffffffff]) getpgrp(0xffffffffffffffff) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)) sendmmsg(r5, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0) sendfile(r6, r3, &(0x7f0000000180), 0x10000014e) 18:08:08 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$hfs(&(0x7f0000000800)='hfs\x00', &(0x7f0000000840)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 18:08:08 executing program 5: getrandom(&(0x7f00000001c0)=""/130, 0x82, 0x0) 18:08:08 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x80000002, 0x8972, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000a62000/0x1000)=nil, 0x1000, 0x10200000008) 18:08:08 executing program 4: r0 = socket(0x40000000015, 0x5, 0x0) recvmmsg(r0, &(0x7f00000052c0)=[{{&(0x7f0000002000)=@nfc_llcp, 0x80, &(0x7f0000000ac0)=[{&(0x7f0000002080)=""/75, 0x4b}], 0x1, 0x0, 0x0, 0x5}}, {{0x0, 0x0, &(0x7f0000005000)=[{0x0}], 0x1}}], 0x2, 0x0, 0x0) bind$inet(r0, &(0x7f0000000840)={0x2, 0x4e20, @loopback}, 0x10) r1 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") sendto$inet(r0, &(0x7f0000000000)='F', 0x1, 0x0, 0x0, 0x0) [ 196.661923] end_report+0x47/0x4f [ 196.661940] kasan_report.cold.5+0xe/0x39 [ 196.665436] kobject: 'kvm' (00000000775532bb): kobject_uevent_env [ 196.669267] ? fpstate_init+0x50/0x160 [ 196.678386] kobject: 'kvm' (00000000775532bb): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 196.682829] ? fpstate_init+0x50/0x160 [ 196.682844] check_memory_region+0x13e/0x1b0 [ 196.682857] memset+0x23/0x40 [ 196.682872] fpstate_init+0x50/0x160 [ 196.682890] kvm_arch_vcpu_init+0x3e9/0x870 [ 196.741567] ? kvm_vcpu_init+0x210/0x420 [ 196.745638] kvm_vcpu_init+0x2fa/0x420 [ 196.749552] ? vcpu_stat_get+0x300/0x300 [ 196.750924] kobject: 'loop0' (000000005d04cfec): kobject_uevent_env [ 196.753629] vmx_create_vcpu+0x1b7/0x2695 [ 196.753648] ? preempt_schedule+0x4d/0x60 [ 196.753665] ? perf_trace_sched_process_exec+0x860/0x860 [ 196.753681] ? preempt_schedule_common+0x1f/0xe0 [ 196.753699] ? vmx_exec_control+0x210/0x210 [ 196.760256] kobject: 'loop0' (000000005d04cfec): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 196.764237] ? kasan_check_write+0x14/0x20 [ 196.764251] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 196.764266] ? futex_wait_queue_me+0x55d/0x840 [ 196.764281] ? wait_for_completion+0x8a0/0x8a0 [ 196.764303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.764320] ? get_futex_value_locked+0xcb/0xf0 [ 196.774448] hfs: can't find a HFS filesystem on dev loop0 [ 196.778672] kvm_arch_vcpu_create+0xe5/0x220 [ 196.778687] ? kvm_arch_vcpu_free+0x90/0x90 [ 196.778708] kvm_vm_ioctl+0x526/0x2030 [ 196.839535] ? drop_futex_key_refs.isra.14+0x6d/0xe0 18:08:08 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000aba000/0x1000)=nil, 0x1000, 0xe000, 0x3, &(0x7f0000bf8000/0xe000)=nil) madvise(&(0x7f0000a62000/0x1000)=nil, 0x1000, 0x10200000008) 18:08:08 executing program 5: getrandom(&(0x7f00000001c0)=""/130, 0x82, 0x0) [ 196.844647] ? futex_wait+0x5ec/0xa50 [ 196.848457] ? kvm_unregister_device_ops+0x70/0x70 [ 196.853407] ? mark_held_locks+0x130/0x130 [ 196.857644] ? retint_kernel+0x2d/0x2d [ 196.861541] ? trace_hardirqs_on_caller+0xc0/0x310 [ 196.866483] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 196.871251] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 196.876710] ? futex_wake+0x304/0x760 [ 196.880541] ? mark_held_locks+0x130/0x130 [ 196.884788] ? do_futex+0x249/0x26d0 [ 196.888511] ? kasan_check_read+0x11/0x20 [ 196.892661] ? rcu_read_unlock_special+0x370/0x370 [ 196.897574] ? rcu_softirq_qs+0x20/0x20 [ 196.901530] ? unwind_dump+0x190/0x190 [ 196.905408] ? exit_robust_list+0x280/0x280 [ 196.909717] ? kernel_text_address+0x79/0xf0 [ 196.914119] ? __fget+0x4aa/0x740 [ 196.917552] ? lock_downgrade+0x900/0x900 [ 196.921694] ? lock_release+0xa00/0xa00 [ 196.925683] ? rcu_read_unlock_special+0x370/0x370 [ 196.930601] ? save_stack+0x43/0xd0 [ 196.934240] ? __kasan_slab_free+0x102/0x150 [ 196.938629] ? kasan_slab_free+0xe/0x10 [ 196.942588] ? __fget+0x4d1/0x740 [ 196.946026] ? ksys_dup3+0x680/0x680 [ 196.949733] ? __might_fault+0x12b/0x1e0 [ 196.953793] ? lock_downgrade+0x900/0x900 [ 196.957932] ? lock_release+0xa00/0xa00 [ 196.961893] ? perf_trace_sched_process_exec+0x860/0x860 [ 196.967341] ? kvm_unregister_device_ops+0x70/0x70 [ 196.972276] do_vfs_ioctl+0x1de/0x1790 [ 196.976166] ? ioctl_preallocate+0x300/0x300 [ 196.980588] ? __fget_light+0x2e9/0x430 [ 196.984735] ? fget_raw+0x20/0x20 [ 196.988183] ? _copy_to_user+0xc8/0x110 [ 196.992147] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.997671] ? put_timespec64+0x10f/0x1b0 [ 197.001806] ? nsecs_to_jiffies+0x30/0x30 [ 197.005943] ? security_file_ioctl+0x94/0xc0 [ 197.010360] ksys_ioctl+0xa9/0xd0 [ 197.013796] __x64_sys_ioctl+0x73/0xb0 [ 197.017669] do_syscall_64+0x1b9/0x820 [ 197.021558] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 197.026921] ? syscall_return_slowpath+0x5e0/0x5e0 [ 197.031844] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 197.036679] ? trace_hardirqs_on_caller+0x310/0x310 [ 197.041687] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 197.046711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.052256] ? prepare_exit_to_usermode+0x291/0x3b0 [ 197.057275] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 197.062105] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.067292] RIP: 0033:0x457669 [ 197.070500] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.089448] RSP: 002b:00007ff8be9e3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 197.097139] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 197.104389] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 197.111658] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 197.118918] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff8be9e46d4 [ 197.126170] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 197.134444] Kernel Offset: disabled [ 197.138081] Rebooting in 86400 seconds..