[ 26.279914] audit: type=1800 audit(1540238172.436:27): pid=5454 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 26.300916] audit: type=1800 audit(1540238172.446:28): pid=5454 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 26.900482] audit: type=1800 audit(1540238173.146:29): pid=5454 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 26.919951] audit: type=1800 audit(1540238173.146:30): pid=5454 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts. 2018/10/22 19:56:28 fuzzer started 2018/10/22 19:56:31 dialing manager at 10.128.0.26:46507 2018/10/22 19:56:31 syscalls: 1 2018/10/22 19:56:31 code coverage: enabled 2018/10/22 19:56:31 comparison tracing: enabled 2018/10/22 19:56:31 setuid sandbox: enabled 2018/10/22 19:56:31 namespace sandbox: enabled 2018/10/22 19:56:31 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/22 19:56:31 fault injection: enabled 2018/10/22 19:56:31 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/22 19:56:31 net packed injection: enabled 2018/10/22 19:56:31 net device setup: enabled 20:00:03 executing program 0: r0 = socket$inet6(0xa, 0xf, 0x0) tee(r0, r0, 0x81, 0x2) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80040000000002, &(0x7f00000000c0)=0x65, 0x4) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000001c0)={0x0, 0x1, 0x5, 0x100000000, 0x0, 0x6, 0x8, 0x1, 0x1, 0x0, 0xf3c4}) bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e23, @broadcast}, 0x10) r2 = getpgid(0x0) perf_event_open(&(0x7f0000000300)={0x0, 0x70, 0x0, 0x1ff, 0x200, 0x0, 0x0, 0x0, 0x8800, 0x0, 0x4, 0x5, 0x1, 0x5, 0x76, 0x7, 0x8, 0x0, 0x5977, 0x171, 0x101, 0xf472, 0x8, 0x1ff, 0x8, 0xfffffffffffffffc, 0x0, 0x3f, 0xfff, 0x10c00000000000, 0x40, 0x101, 0x0, 0xffffffffffff5a18, 0x1, 0xabd9, 0x1, 0x0, 0x0, 0x7, 0x4, @perf_config_ext={0x4, 0xfffffffffffffffd}, 0x20c00, 0x0, 0xfff, 0x2, 0x3, 0x0, 0x400040000000}, r2, 0xd, 0xffffffffffffffff, 0x2) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='illinois\x00', 0xd470041877f0fcc9) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20004000, &(0x7f0000e68000)={0x2, 0x4004e23, @local, [0x0, 0x0, 0x1802000000000000]}, 0x10) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x3f, &(0x7f00000002c0)=0xc4, 0x4) r3 = syz_open_dev$adsp(&(0x7f0000000140)='/dev/adsp#\x00', 0x101, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000004c0)={0x2, 0x0, 0x3, 0x9, 0x7, 0xfffffffffffffffa, 0x1, 0x1, 0x0}, &(0x7f0000000500)=0x20) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000540)={r4}, 0x8) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f0000000280)={0x30, 0x5, 0x0, {0x0, 0x0, 0x4, 0x3}}, 0x30) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000380)='trusted.overlay.upper\x00', &(0x7f00000003c0)={0x0, 0xfb, 0xc1, 0x0, 0x3, "f16214d7eb6cabf7ff5681ef76f381c3", "793061c76366d5cdfa502143354793f08b784c132fe81aa2814cb26de14299ceb337fad30b9e128a344264e1a18e73f683077a6214df28cf21c8a8662ddfa2473d43e7fd1f361b64d5904f7d123c1b4eb947232011ff34493e307c25c14022bce636955ce5893511086a1cb2fcf700564d3d9e73f793968a69561527054481c75d660e5edaaf9a3acb7c971533ce8a47c3fae563510a574dcb14c5423f5745552f061bc25612ee03f22ebe29"}, 0xc1, 0x1) accept$alg(0xffffffffffffffff, 0x0, 0x0) shutdown(r1, 0x1) syzkaller login: [ 257.228474] IPVS: ftp: loaded support on port[0] = 21 20:00:03 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x800000100000004) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000180)="480000001400199009004b0101048c01010000ebbd2e2ab9af030000632379eb000000000000551f5f0028213ee20607000000000000003f6666a6e74558a5ff5290315aa474a8bf", 0x48}], 0x1) [ 257.536156] IPVS: ftp: loaded support on port[0] = 21 20:00:04 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) r1 = dup(r0) read(r0, &(0x7f0000000000)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f0000000180)={0x0, 0x7530}, 0x10) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) [ 257.927250] IPVS: ftp: loaded support on port[0] = 21 20:00:04 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) r1 = socket$inet6(0xa, 0x200000000000803, 0x8) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x2, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_udp_int(r0, 0x11, 0x67, &(0x7f0000000100), &(0x7f00000025c0)=0xffffffc5) [ 258.455696] IPVS: ftp: loaded support on port[0] = 21 [ 258.597570] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.604430] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.626333] device bridge_slave_0 entered promiscuous mode 20:00:05 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x0, 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f000002b000)="1f0000000202fffffd3b54c007110000f30501000b000600000423ca0000cf", 0x1f) pread64(0xffffffffffffffff, &(0x7f0000000240)=""/104, 0x68, 0x30) [ 258.763503] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.776663] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.784168] device bridge_slave_1 entered promiscuous mode [ 258.965744] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 259.071639] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 259.087894] IPVS: ftp: loaded support on port[0] = 21 [ 259.466296] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 259.488258] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.494704] bridge0: port 1(bridge_slave_0) entered disabled state [ 259.497224] ip (5757) used greatest stack depth: 14712 bytes left [ 259.530386] device bridge_slave_0 entered promiscuous mode 20:00:05 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000080)) r0 = socket(0xa, 0x3, 0x8) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={"6272696467653000000100"}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000100)={'bridge0\x00', 0xfffffffffffffffd}) [ 259.630125] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 259.662574] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.671172] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.685610] device bridge_slave_1 entered promiscuous mode [ 259.828590] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 259.906121] IPVS: ftp: loaded support on port[0] = 21 [ 259.970858] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 260.078147] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.084530] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.096330] device bridge_slave_0 entered promiscuous mode [ 260.211343] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 260.227140] team0: Port device team_slave_0 added [ 260.235698] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.242130] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.254390] device bridge_slave_1 entered promiscuous mode [ 260.388624] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 260.406288] team0: Port device team_slave_1 added [ 260.415778] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 260.425504] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 260.531482] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 260.571020] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 260.584115] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 260.605837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 260.625610] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 260.654716] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.678080] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.692636] device bridge_slave_0 entered promiscuous mode [ 260.725183] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 260.733057] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 260.755590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 260.763740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 260.795891] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 260.840056] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.863818] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.886305] device bridge_slave_1 entered promiscuous mode [ 260.898515] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 260.921957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 260.936702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 261.002215] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 261.037808] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 261.070164] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 261.089243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 261.133419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 261.150059] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 261.206092] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 261.292115] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 261.321536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 261.374655] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 261.398467] team0: Port device team_slave_0 added [ 261.406749] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.413104] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.433091] device bridge_slave_0 entered promiscuous mode [ 261.455228] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 261.478539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 261.591511] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 261.599384] team0: Port device team_slave_1 added [ 261.606746] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.613331] bridge0: port 2(bridge_slave_1) entered disabled state [ 261.622056] device bridge_slave_1 entered promiscuous mode [ 261.677424] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 261.703046] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 261.733267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 261.756319] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 261.809881] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 261.828064] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 261.843839] team0: Port device team_slave_0 added [ 261.853730] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 261.903748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 261.928021] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 261.982719] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 261.991581] team0: Port device team_slave_1 added [ 262.055753] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 262.062914] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 262.076061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 262.126341] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 262.187914] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 262.205174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 262.215327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 262.250475] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 262.284330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 262.300888] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 262.386125] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 262.397206] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 262.409662] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 262.426128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 262.494420] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 262.530616] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.546232] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.553536] device bridge_slave_0 entered promiscuous mode [ 262.574313] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 262.589534] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 262.601133] team0: Port device team_slave_0 added [ 262.608767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 262.625991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 262.653650] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 262.669314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 262.688021] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.694576] bridge0: port 2(bridge_slave_1) entered forwarding state [ 262.701597] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.708151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 262.725373] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 262.733100] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.740749] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.748982] device bridge_slave_1 entered promiscuous mode [ 262.759912] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 262.768050] team0: Port device team_slave_1 added [ 262.854710] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 262.931192] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 263.000748] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 263.092012] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 263.178229] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 263.202289] team0: Port device team_slave_0 added [ 263.215500] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 263.222686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 263.236545] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 263.255773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 263.314294] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 263.338287] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 263.348173] team0: Port device team_slave_1 added [ 263.365587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 263.383016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 263.451556] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 263.509104] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 263.525074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 263.533012] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 263.561351] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 263.648434] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 263.667235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 263.683189] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 263.709257] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 263.723474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 263.766274] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 263.773412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 263.785978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 263.837795] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.844190] bridge0: port 2(bridge_slave_1) entered forwarding state [ 263.850934] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.857347] bridge0: port 1(bridge_slave_0) entered forwarding state [ 263.883985] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 263.904221] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 263.930296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 263.956344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 264.204683] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.211157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 264.217934] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.224328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 264.238669] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 264.268766] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 264.279135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 264.339458] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 264.348260] team0: Port device team_slave_0 added [ 264.484804] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 264.492507] team0: Port device team_slave_1 added [ 264.655357] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 264.663949] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 264.686310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 264.773363] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 264.796004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 264.812125] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 264.918365] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 264.934414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 264.950130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 264.979194] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.985641] bridge0: port 2(bridge_slave_1) entered forwarding state [ 264.992317] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.998765] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.025412] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 265.041737] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 265.062827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 265.095908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 265.275071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 265.314674] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.321125] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.327856] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.334225] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.399728] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 266.305326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 266.393286] bridge0: port 2(bridge_slave_1) entered blocking state [ 266.399724] bridge0: port 2(bridge_slave_1) entered forwarding state [ 266.406462] bridge0: port 1(bridge_slave_0) entered blocking state [ 266.412824] bridge0: port 1(bridge_slave_0) entered forwarding state [ 266.440167] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 267.355471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 268.390377] 8021q: adding VLAN 0 to HW filter on device bond0 [ 268.945250] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 269.118903] 8021q: adding VLAN 0 to HW filter on device bond0 [ 269.436357] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 269.442682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 269.450385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 269.554046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 269.638837] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 269.906666] 8021q: adding VLAN 0 to HW filter on device team0 [ 270.028385] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 270.173233] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 270.198236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 270.210938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 270.460550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 270.500159] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 270.516392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 270.531230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 270.669840] 8021q: adding VLAN 0 to HW filter on device team0 [ 270.844825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 270.925815] 8021q: adding VLAN 0 to HW filter on device team0 [ 270.942362] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 271.224287] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 271.401859] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 271.417485] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 271.428423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 271.711105] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 271.733491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 271.752081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 271.865136] 8021q: adding VLAN 0 to HW filter on device bond0 [ 271.893108] 8021q: adding VLAN 0 to HW filter on device team0 [ 272.151885] 8021q: adding VLAN 0 to HW filter on device team0 [ 272.292397] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 272.878872] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 272.899786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 272.916030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 272.946155] hrtimer: interrupt took 31839 ns 20:00:19 executing program 0: r0 = socket(0x10, 0x2, 0x0) getsockname$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev}, &(0x7f00000001c0)=0x1c) syslog(0x3, &(0x7f00000000c0)=""/147, 0x37a8ec531be3c41f) open(&(0x7f0000000e00)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(&(0x7f0000000140), &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, &(0x7f0000000080)="4268c4559c9a37914de45a3a258f8d3a5c00069d647f1ca88a") r1 = syz_open_procfs(0x0, &(0x7f0000000200)='mounts\x00') sendfile(r0, r1, &(0x7f0000000000), 0x800000080000002) [ 273.429979] 8021q: adding VLAN 0 to HW filter on device team0 20:00:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000180)="2e65f32efe0a6766c7442400008000006766c7442402000000006766c744240600000000670f011c24b866000f00d066b88044a2b20f23c80f21f866350400d0000f23f80f0766b80500000066b9080000000f01c10f0766b8010000000f01c10f01dfb835008ee0", 0x68}], 0x1, 0x0, &(0x7f00000000c0), 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000007c0)={"a523fb9656eb871ffcd7ffeb51d84e738a55eba841ae487e33cdd921e8a51ce6c924020f0ac3562dd8cdeb31deac16f46da4ac16ee8165bce439eddce671c5b0a1103ea3f86a43cbb78504f6f9c77c2f09dc27632ec6036ee52a87e321e707c0cfe15576c26d52d0334c8d4693e127b3a046a5ed7796c9c5017cfd58ec871ed76369846fea9ebfa2f7f96496abf4ef57ed1ecd930eb9e13396875f01e932804ffe8a34c8fbedd97cdfb3176ec59fbbfd20a6ff17795431c3908530e4f5f703480a5211cc6a7e2084e4a9b6aedf60b7b8084b00ca2cbed255b4cc4679c967432fea5e95119f9635e94794aab6ef54f290677fa08d0ee2cc8eae468efd02417055d3f3ccc86b629dfb878c4d115c16c75fe352cffa93648cf49577256b5d2faf0634335c97ffff966ae90cbf81250df3613c25d2789c869c9cc95a6e9d364c4c684059c593f9950e66cf81cd9f36d73fade4f0cbb795010364d13ff32c12efd91d0ebb6533700945f2db6113a630bd521eec89a74c46e1733b72d6e4d2ccee3b40f99809a9a4fb5fc2d1c53e1366d455bcbe81893100ab56b2556b55c1a0c5787356b464c3bf7011488e55f587a6d4420d46d69a74ee5bbfbcb0d6cb00aae8c3dfd6dd2e9f76d7a542f20553207b668dce69f1b463ee9166e81bb109f461b8885f15c9e525d72260ccdbd69e3345612158114780b9409ea856cb724faa6ed27ba836b35c10e7c7d43f2fa34f98f16a00f31565e16a213eaf4a7f438c89733ebe6d16328b930fd942bc64d631dd1f2aa1cc2ccdaff2324076c83e1ba4d2a0e40e010c96b42e7a4a76cd7a89ef592b9b3030f62d9fbd565ee5908ab90b42620b61e5d1e08621a31d21003cd12a450461636472fa64a7e1b98778bfb482fb4b4da31b42ee98b10f9c0f4c085d08c37ee2e3a9e4a5aff72a0ab844fcbfa224842c85f6cdfd25829c44760e3859624f891df4824f7d17938ac2def6721639176fad9512ee9b4c5de1412cf3083e1d5ee2d29b63267ccba535409da7bef05d3fa79a3ef037ee609e01ad345ee17f48b5e8510f767de35df4dfb856f7533ad88866c6b01fe345107ba7191a8809e2e014492acf9c4f35cad664198a65c55f884490f4b30b4526324be842c393f336f16bea2bf6c6b917fdb751e12ff689ab4ffa44625a8b2bc1de4e88682abe5ce9d1942792747681ad23c31046d825140987f19a9cf10323c3f50a20f35a6d1dd8ca6758296b4537a0da1a853011b777623c8774b3689897cf9264a7782470847f36a8093faee04114663438ab39d8a777fb3e10cb4a2402a939a98d387087c5ca5fd8fbc4d96ae698b5bb84a0a8484e2b85743e623a033eb5b1889ccfb4b95885bc69d4c1cb819b95e7923e557c9ec9ec10e94d1e1295fc2f256fa095036f6cfc04c414fc57fc72c120614a586089c93741e97a61c466"}) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0xefff) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, &(0x7f00000000c0), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$amidi(&(0x7f0000000340)='/dev/amidi#\x00', 0x0, 0x0) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000480)) ioctl$KVM_RUN(r2, 0xae80, 0x0) shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) 20:00:20 executing program 1: clone(0xfffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) exit_group(0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f00000002c0), 0xffffffffffffffff) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000001000)={{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x800000200000, @remote}, 0x0, [0x0, 0x0, 0x4, 0x0, 0x0, 0x5]}, 0x5c) lsetxattr$security_ima(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.ima\x00', &(0x7f0000001080)=@v2={0x5, 0x0, 0x0, 0x0, 0x2e, "6c54d2934abcd2d01cba4641b208ffcf59a14c0f5999b509bd781e5b343113aa7f685a0eadb63c7b5e40e3230030"}, 0x38, 0x0) setsockopt$inet_int(r0, 0x0, 0x40, &(0x7f0000000ffc), 0x4) [ 273.736498] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 20:00:20 executing program 1: r0 = socket$inet6(0xa, 0xf, 0x0) tee(r0, r0, 0x81, 0x2) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80040000000002, &(0x7f00000000c0)=0x65, 0x4) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000001c0)={0x0, 0x1, 0x5, 0x100000000, 0x0, 0x6, 0x8, 0x1, 0x1, 0x0, 0xf3c4}) bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e23, @broadcast}, 0x10) r2 = getpgid(0x0) perf_event_open(&(0x7f0000000300)={0x0, 0x70, 0x0, 0x1ff, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x5, 0x0, 0x5, 0x76, 0x7, 0x8, 0x0, 0x5977, 0x171, 0x101, 0xf472, 0x8, 0x1ff, 0x8, 0xfffffffffffffffc, 0x0, 0x3f, 0xfff, 0x10c00000000000, 0x40, 0x101, 0x0, 0xffffffffffff5a18, 0x1, 0xabd9, 0x1, 0x9, 0x0, 0x7, 0x4, @perf_config_ext={0x0, 0xfffffffffffffffd}, 0x20c00, 0x4, 0xfff, 0x2, 0x3, 0x8, 0x400040000000}, r2, 0xd, 0xffffffffffffffff, 0x2) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='illinois\x00', 0xd470041877f0fcc9) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20004000, &(0x7f0000e68000)={0x2, 0x4004e23, @local, [0x0, 0x0, 0x1802000000000000]}, 0x10) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000004c0)={0x2, 0x0, 0x3, 0x9, 0x7, 0x0, 0x1, 0x1, 0x0}, &(0x7f0000000500)=0x20) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000540)={r3}, 0x8) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f0000000280)={0x30, 0x5, 0x0, {0x0, 0x0, 0x4, 0x3}}, 0x30) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000380)='trusted.overlay.upper\x00', &(0x7f00000003c0)={0x0, 0xfb, 0xac, 0x0, 0x3, "f16214d7eb6cabf7ff5681ef76f381c3", "793061c76366d5cdfa502143354793f08b784c132fe81aa2814cb26de14299ceb337fad30b9e128a344264e1a18e73f683077a6214df28cf21c8a8662ddfa2473d43e7fd1f361b64d5904f7d123c1b4eb947232011ff34493e307c25c14022bce636955ce5893511086a1cb2fcf700564d3d9e73f793968a69561527054481c75d660e5edaaf9a3acb7c971533ce8a47c3fae563510a57"}, 0xac, 0x1) accept$alg(0xffffffffffffffff, 0x0, 0x0) shutdown(r1, 0x1) 20:00:20 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1, 0x5, 0x4239, 0x1}, 0x140) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r0, &(0x7f00000001c0)}, 0x10) 20:00:20 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0x232) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000100)={@dev, 0x0, 0x2}, 0x20) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)) 20:00:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x2e, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000'], 0x0, 0x0, &(0x7f0000000300)}) [ 274.407031] binder: 7154:7155 got transaction with invalid offsets ptr [ 274.421395] binder: 7154:7155 transaction failed 29201/-14, size 0-12288 line 3001 [ 274.447728] binder_alloc: binder_alloc_mmap_handler: 7154 20001000-20004000 already mapped failed -16 [ 274.502049] binder_alloc: 7154: binder_alloc_buf, no vma [ 274.511780] binder: BINDER_SET_CONTEXT_MGR already set [ 274.521598] binder: 7154:7167 ioctl 40046207 0 returned -16 [ 274.525831] binder: 7154:7160 transaction failed 29189/-3, size 0-12288 line 2973 [ 274.561767] binder: undelivered TRANSACTION_ERROR: 29201 [ 274.584484] binder: undelivered TRANSACTION_ERROR: 29189 20:00:20 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f00000004c0), 0xc, &(0x7f0000000900)={&(0x7f0000000580)=ANY=[]}}, 0x0) r1 = openat$cgroup_type(r0, &(0x7f00000001c0)='cgroup.type\x00', 0x2, 0x0) readv(r1, &(0x7f0000000540), 0x10000000000002f4) 20:00:20 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip_tables_matches\x00') r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) dup3(r1, r0, 0x0) 20:00:20 executing program 3: shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x406000) shmctl$IPC_RMID(0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070") remap_file_pages(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0) [ 274.775047] mmap: syz-executor3 (7192) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. 20:00:21 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x0, 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f000002b000)="1f0000000202fffffd3b54c007110000f30501000b000600000423ca0000cf", 0x1f) pread64(0xffffffffffffffff, &(0x7f0000000240)=""/104, 0x68, 0x30) 20:00:21 executing program 5: 20:00:21 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x9d) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f00000001c0), 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r2, 0x1800000036000000, 0xe, 0x29, &(0x7f0000000000)="b90703e6680d698cb89e40f00800", &(0x7f00000000c0)=""/41, 0x100, 0x3b8a}, 0x28) 20:00:21 executing program 2: ioctl(0xffffffffffffffff, 0x0, &(0x7f00000001c0)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x0, 0x0) ioctl$SG_SCSI_RESET(r1, 0x2284, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, &(0x7f0000000000)={'HL\x00'}, &(0x7f00000000c0)=0x1e) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='yeah\x00', 0x5) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf6, &(0x7f0000000500)=[{&(0x7f0000003ac0)=""/4096, 0xfffffe44}], 0x1, &(0x7f0000000200)=""/20, 0xd2}, 0x100) 20:00:21 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000000180)}}], 0xbc, 0x0, &(0x7f0000000080)) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='auxv\x00') preadv(r0, &(0x7f00000017c0), 0x1b2, 0x0) 20:00:21 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x0, 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f000002b000)="1f0000000202fffffd3b54c007110000f30501000b000600000423ca0000cf", 0x1f) pread64(0xffffffffffffffff, &(0x7f0000000240)=""/104, 0x68, 0x30) 20:00:21 executing program 0: [ 275.357225] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.363994] bridge0: port 1(bridge_slave_0) entered disabled state 20:00:21 executing program 0: [ 275.467090] ODEBUG: object 0000000095b937a1 is on stack 00000000afdb047c, but NOT annotated. [ 275.473701] ------------[ cut here ]------------ [ 275.478560] WARNING: CPU: 1 PID: 7252 at lib/debugobjects.c:369 __debug_object_init.cold.14+0x51/0xdf [ 275.482886] downgrading a read lock [ 275.482992] WARNING: CPU: 0 PID: 7253 at kernel/locking/lockdep.c:3556 lock_downgrade+0x4d7/0x900 [ 275.492231] Kernel panic - not syncing: panic_on_warn set ... [ 275.495843] Modules linked in: [ 275.504848] CPU: 1 PID: 7252 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 275.510719] CPU: 0 PID: 7253 Comm: modprobe Not tainted 4.19.0-rc8-next-20181019+ #98 [ 275.513899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 275.522286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 275.530237] Call Trace: [ 275.539630] RIP: 0010:lock_downgrade+0x4d7/0x900 [ 275.548972] dump_stack+0x244/0x39d [ 275.551540] Code: 00 00 fc ff df 41 c6 44 05 00 f8 e9 1b ff ff ff 48 c7 c7 a0 5a 0b 88 4c 89 9d 58 ff ff ff 48 89 85 60 ff ff ff e8 39 76 e7 ff <0f> 0b 48 8b 85 60 ff ff ff 4c 8d 4d d8 4c 89 e9 48 ba 00 00 00 00 [ 275.556284] ? dump_stack_print_info.cold.1+0x20/0x20 [ 275.559893] RSP: 0018:ffff880188287b70 EFLAGS: 00010086 [ 275.578800] panic+0x2ad/0x55c [ 275.583973] RAX: 0000000000000000 RBX: 1ffff10031050f74 RCX: 0000000000000000 [ 275.589334] ? add_taint.cold.5+0x16/0x16 [ 275.592507] RDX: 0000000000000000 RSI: ffffffff816585a5 RDI: 0000000000000006 [ 275.599770] ? __warn.cold.8+0x5/0x45 [ 275.604391] RBP: ffff880188287c28 R08: ffff8801c2528640 R09: fffffbfff12720d4 [ 275.611664] ? __debug_object_init.cold.14+0x51/0xdf [ 275.615448] R10: fffffbfff12720d4 R11: ffffffff893906a3 R12: ffffffff8aebc520 [ 275.622720] __warn.cold.8+0x20/0x45 [ 275.627804] R13: ffff880188287bc0 R14: 0000000000000001 R15: ffff8801c2528640 [ 275.635076] ? __debug_object_init.cold.14+0x51/0xdf [ 275.638774] FS: 00007f30eb7ef700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 275.646039] report_bug+0x254/0x2d0 [ 275.651127] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 275.659343] do_error_trap+0x11b/0x200 [ 275.662955] CR2: 00007ffd15c6a7c8 CR3: 00000001bb44c000 CR4: 00000000001406f0 [ 275.668825] do_invalid_op+0x36/0x40 [ 275.672689] Call Trace: [ 275.679966] ? __debug_object_init.cold.14+0x51/0xdf [ 275.683676] ? __do_munmap+0xcd3/0xf80 [ 275.686264] invalid_op+0x14/0x20 [ 275.691358] ? lock_set_class+0x770/0x770 [ 275.695240] RIP: 0010:__debug_object_init.cold.14+0x51/0xdf [ 275.698681] ? perf_trace_sched_process_exec+0x860/0x860 [ 275.702821] Code: ea 03 80 3c 02 00 75 7c 49 8b 54 24 18 48 89 de 48 c7 c7 c0 f1 40 88 4c 89 85 d0 fd ff ff e8 09 8c d1 fd 4c 8b 85 d0 fd ff ff <0f> 0b e9 09 d6 ff ff 41 83 c4 01 b8 ff ff 37 00 44 89 25 b7 4e 66 [ 275.708517] downgrade_write+0x76/0x270 [ 275.713962] RSP: 0018:ffff880187f0f308 EFLAGS: 00010086 [ 275.732861] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 275.736817] RAX: 0000000000000050 RBX: ffff880187f0faf8 RCX: ffffc90003e8a000 [ 275.742171] ? up_read+0x2c0/0x2c0 [ 275.747740] RDX: 0000000000000000 RSI: ffffffff816585a5 RDI: 0000000000000005 [ 275.755033] ? vma_compute_subtree_gap+0x160/0x240 [ 275.758564] RBP: ffff880187f0f560 R08: ffff8801cbe7c128 R09: ffffed003b5e5008 [ 275.765829] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 275.770737] R10: ffffed003b5e5008 R11: ffff8801daf28047 R12: ffff8801cda96540 [ 275.778013] __do_munmap+0xcd3/0xf80 [ 275.783048] R13: 0000000000045540 R14: ffff8801cda96540 R15: ffff8801cbe7c118 [ 275.790310] __vm_munmap+0x138/0x1f0 [ 275.794013] ? vprintk_func+0x85/0x181 [ 275.801266] ? __do_munmap+0xf80/0xf80 [ 275.804970] ? __debug_object_init.cold.14+0x4a/0xdf [ 275.808845] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 275.812735] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 275.817836] ? trace_hardirqs_off_caller+0x300/0x300 [ 275.823203] ? debug_object_free+0x690/0x690 [ 275.827768] __x64_sys_munmap+0x65/0x80 [ 275.832870] ? unwind_get_return_address+0x61/0xa0 [ 275.837282] do_syscall_64+0x1b9/0x820 [ 275.841260] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 275.846178] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 275.850052] ? depot_save_stack+0x292/0x470 [ 275.855142] ? syscall_return_slowpath+0x5e0/0x5e0 [ 275.860497] ? save_stack+0xa9/0xd0 [ 275.864795] ? trace_hardirqs_on_caller+0x310/0x310 [ 275.869711] ? save_stack+0x43/0xd0 [ 275.873332] ? prepare_exit_to_usermode+0x291/0x3b0 [ 275.878328] ? kasan_kmalloc+0xc7/0xe0 [ 275.881984] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 275.886984] ? bpf_test_init.isra.10+0x98/0x100 [ 275.890856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 275.895687] ? zap_class+0x640/0x640 [ 275.900339] RIP: 0033:0x7f30eb5ee417 [ 275.905519] ? do_syscall_64+0x1b9/0x820 [ 275.909232] Code: f0 ff ff 73 01 c3 48 8d 0d 8a ad 20 00 31 d2 48 29 c2 89 11 48 83 c8 ff eb eb 90 90 90 90 90 90 90 90 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d 5d ad 20 00 31 d2 48 29 c2 89 [ 275.912936] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 275.916982] RSP: 002b:00007ffe69394198 EFLAGS: 00000203 ORIG_RAX: 000000000000000b [ 275.935885] ? find_held_lock+0x36/0x1c0 [ 275.941231] RAX: ffffffffffffffda RBX: 00007f30eb7f91c8 RCX: 00007f30eb5ee417 [ 275.948939] debug_object_init+0x16/0x20 [ 275.952979] RDX: 00000000043bcc00 RSI: 00000000000033ef RDI: 00007f30eb7f1000 [ 275.960245] init_timer_key+0xa9/0x480 [ 275.964289] RBP: 00007ffe69394300 R08: 0000000000000001 R09: 0000000000000007 [ 275.971563] ? init_timer_on_stack_key+0xe0/0xe0 [ 275.975455] R10: 00007f30eb5e8a0b R11: 0000000000000203 R12: 00000000161ce8a8 [ 275.982740] ? __might_fault+0x12b/0x1e0 [ 275.987472] R13: 00000096161ce8a8 R14: 0000009611e2a008 R15: 00007f30eb7ef700 [ 275.994743] ? __lockdep_init_map+0x105/0x590 [ 275.998806] irq event stamp: 904 [ 276.006073] ? __lockdep_init_map+0x105/0x590 [ 276.010570] hardirqs last enabled at (903): [] preempt_schedule_irq+0x90/0x140 [ 276.014187] ? lockdep_init_map+0x9/0x10 [ 276.018673] hardirqs last disabled at (904): [] __schedule+0x21e/0x21d0 [ 276.027667] sock_init_data+0xe1/0xdc0 [ 276.031717] softirqs last enabled at (0): [] copy_process+0x22a1/0x8770 [ 276.040013] ? sk_stop_timer+0x50/0x50 [ 276.043891] softirqs last disabled at (0): [<0000000000000000>] (null) [ 276.052287] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 276.056145] ---[ end trace 61625703b73eafbc ]--- [ 276.063680] ? _copy_from_user+0xdf/0x150 [ 276.078085] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 276.083643] ? bpf_test_init.isra.10+0x70/0x100 [ 276.088339] bpf_prog_test_run_skb+0x255/0xc40 [ 276.092960] ? __lock_acquire+0x62f/0x4c20 [ 276.097243] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 276.099724] kobject: 'loop4' (000000005bc9dd02): kobject_uevent_env [ 276.102094] ? __lock_acquire+0x62f/0x4c20 [ 276.102188] ? fput+0x130/0x1a0 20:00:22 executing program 3: 20:00:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x0, 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f000002b000)="1f0000000202fffffd3b54c007110000f30501000b000600000423ca0000cf", 0x1f) pread64(0xffffffffffffffff, &(0x7f0000000240)=""/104, 0x68, 0x30) [ 276.111416] kobject: 'loop4' (000000005bc9dd02): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 276.112777] ? __bpf_prog_get+0x9b/0x290 [ 276.112796] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 276.112814] bpf_prog_test_run+0x130/0x1a0 [ 276.138628] __x64_sys_bpf+0x3d8/0x510 [ 276.141640] kobject: 'loop3' (000000009e77154e): kobject_uevent_env [ 276.142526] ? bpf_prog_get+0x20/0x20 [ 276.142561] do_syscall_64+0x1b9/0x820 [ 276.151266] kobject: 'loop3' (000000009e77154e): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 276.152748] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe 20:00:22 executing program 3: r0 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000040)='\f!vmnet0loproc{md5summd5sumem0posix_acl_access\x00') [ 276.152768] ? syscall_return_slowpath+0x5e0/0x5e0 [ 276.152788] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 276.181225] ? trace_hardirqs_on_caller+0x310/0x310 [ 276.186256] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 276.191288] ? prepare_exit_to_usermode+0x291/0x3b0 [ 276.196318] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 276.201180] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 276.206374] RIP: 0033:0x457569 20:00:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x0, 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f000002b000)="1f0000000202fffffd3b54c007110000f30501000b000600000423ca0000cf", 0x1f) [ 276.209577] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 276.212642] kobject: 'loop3' (000000009e77154e): kobject_uevent_env [ 276.228482] RSP: 002b:00007f60e1bb8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 276.228497] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 276.228507] RDX: 0000000000000028 RSI: 0000000020000140 RDI: 000000000000000a [ 276.228515] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 276.228531] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f60e1bb96d4 [ 276.271696] R13: 00000000004bd892 R14: 00000000004cc208 R15: 00000000ffffffff [ 276.278981] [ 276.278988] ====================================================== [ 276.278994] WARNING: possible circular locking dependency detected [ 276.278999] 4.19.0-rc8-next-20181019+ #98 Not tainted [ 276.279005] ------------------------------------------------------ [ 276.279010] syz-executor1/7252 is trying to acquire lock: [ 276.279014] 0000000039bb2ee5 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70 [ 276.279030] [ 276.279035] but task is already holding lock: [ 276.279039] 0000000066507921 (&obj_hash[i].lock){-.-.}, at: __debug_object_init+0x127/0x1290 [ 276.279055] [ 276.279060] which lock already depends on the new lock. [ 276.279063] [ 276.279065] [ 276.279071] the existing dependency chain (in reverse order) is: [ 276.279074] [ 276.279076] -> #3 (&obj_hash[i].lock){-.-.}: [ 276.279092] _raw_spin_lock_irqsave+0x99/0xd0 [ 276.279097] __debug_object_init+0x127/0x1290 [ 276.279114] debug_object_init+0x16/0x20 [ 276.279119] hrtimer_init+0x97/0x490 [ 276.279135] init_dl_task_timer+0x1b/0x50 [ 276.279139] __sched_fork+0x2ae/0x590 [ 276.279144] init_idle+0x75/0x740 [ 276.279148] sched_init+0xb33/0xc02 [ 276.279152] start_kernel+0x4be/0xa2b [ 276.279157] x86_64_start_reservations+0x2e/0x30 [ 276.279162] x86_64_start_kernel+0x76/0x79 [ 276.279166] secondary_startup_64+0xa4/0xb0 [ 276.279169] [ 276.279172] -> #2 (&rq->lock){-.-.}: [ 276.279186] _raw_spin_lock+0x2d/0x40 [ 276.279191] task_fork_fair+0xb0/0x6d0 [ 276.279195] sched_fork+0x443/0xba0 [ 276.279200] copy_process+0x2585/0x8770 [ 276.279204] _do_fork+0x1cb/0x11c0 [ 276.279208] kernel_thread+0x34/0x40 [ 276.279212] rest_init+0x28/0x372 [ 276.279217] arch_call_rest_init+0xe/0x1b [ 276.279221] start_kernel+0x9f0/0xa2b [ 276.279226] x86_64_start_reservations+0x2e/0x30 [ 276.279231] x86_64_start_kernel+0x76/0x79 [ 276.279236] secondary_startup_64+0xa4/0xb0 [ 276.279238] [ 276.279241] -> #1 (&p->pi_lock){-.-.}: [ 276.279270] _raw_spin_lock_irqsave+0x99/0xd0 [ 276.279274] try_to_wake_up+0xd2/0x12e0 [ 276.279292] wake_up_process+0x10/0x20 [ 276.279296] __up.isra.1+0x1c0/0x2a0 [ 276.279299] up+0x13c/0x1c0 [ 276.279316] __up_console_sem+0xbe/0x1b0 [ 276.279320] console_unlock+0x80c/0x1190 [ 276.279324] vprintk_emit+0x391/0x990 [ 276.279329] vprintk_default+0x28/0x30 [ 276.279333] vprintk_func+0x7e/0x181 [ 276.279337] printk+0xa7/0xcf [ 276.279341] do_exit.cold.18+0x57/0x16f [ 276.279345] do_group_exit+0x177/0x440 [ 276.279350] __x64_sys_exit_group+0x3e/0x50 [ 276.279367] do_syscall_64+0x1b9/0x820 [ 276.279372] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 276.279374] [ 276.279377] -> #0 ((console_sem).lock){-.-.}: [ 276.279403] lock_acquire+0x1ed/0x520 [ 276.279408] _raw_spin_lock_irqsave+0x99/0xd0 [ 276.279412] down_trylock+0x13/0x70 [ 276.279430] __down_trylock_console_sem+0xae/0x1f0 [ 276.279434] console_trylock+0x15/0xa0 [ 276.279438] vprintk_emit+0x372/0x990 [ 276.279442] vprintk_default+0x28/0x30 [ 276.279452] vprintk_func+0x7e/0x181 [ 276.279455] printk+0xa7/0xcf [ 276.279460] __debug_object_init.cold.14+0x4a/0xdf [ 276.279464] debug_object_init+0x16/0x20 [ 276.279468] init_timer_key+0xa9/0x480 [ 276.279472] sock_init_data+0xe1/0xdc0 [ 276.279489] bpf_prog_test_run_skb+0x255/0xc40 [ 276.279493] bpf_prog_test_run+0x130/0x1a0 [ 276.279498] __x64_sys_bpf+0x3d8/0x510 [ 276.279502] do_syscall_64+0x1b9/0x820 [ 276.279507] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 276.279509] [ 276.279514] other info that might help us debug this: [ 276.279517] [ 276.279520] Chain exists of: [ 276.279523] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 276.279541] [ 276.279546] Possible unsafe locking scenario: [ 276.279548] [ 276.279553] CPU0 CPU1 [ 276.279557] ---- ---- [ 276.279560] lock(&obj_hash[i].lock); [ 276.279570] lock(&rq->lock); [ 276.279605] lock(&obj_hash[i].lock); [ 276.279614] lock((console_sem).lock); [ 276.279622] [ 276.279626] *** DEADLOCK *** [ 276.279628] [ 276.279633] 1 lock held by syz-executor1/7252: [ 276.279635] #0: 0000000066507921 (&obj_hash[i].lock){-.-.}, at: __debug_object_init+0x127/0x1290 [ 276.279669] [ 276.279673] stack backtrace: [ 276.279693] CPU: 1 PID: 7252 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 276.279701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 276.279704] Call Trace: [ 276.279708] dump_stack+0x244/0x39d [ 276.279713] ? dump_stack_print_info.cold.1+0x20/0x20 [ 276.279718] ? vprintk_func+0x85/0x181 [ 276.279736] print_circular_bug.isra.35.cold.54+0x1bd/0x27d [ 276.279740] ? save_trace+0xe0/0x290 [ 276.279744] __lock_acquire+0x3399/0x4c20 [ 276.279749] ? mark_held_locks+0x130/0x130 [ 276.279768] ? put_dec+0xf0/0xf0 [ 276.279773] ? mark_held_locks+0x130/0x130 [ 276.279777] ? zap_class+0x640/0x640 [ 276.279781] ? pointer_string+0x14e/0x1b0 [ 276.279784] ? number+0xca0/0xca0 [ 276.279788] ? print_usage_bug+0xc0/0xc0 [ 276.279792] ? ptr_to_id+0xd0/0x1d0 [ 276.279796] ? dentry_name+0x8f0/0x8f0 [ 276.279800] ? __lock_acquire+0x62f/0x4c20 [ 276.279804] ? zap_class+0x640/0x640 [ 276.279809] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 276.279813] lock_acquire+0x1ed/0x520 [ 276.279817] ? down_trylock+0x13/0x70 [ 276.279820] ? lock_release+0xa10/0xa10 [ 276.279825] ? trace_hardirqs_off+0xb8/0x310 [ 276.279829] ? vprintk_emit+0x1de/0x990 [ 276.279833] ? trace_hardirqs_on+0x310/0x310 [ 276.279837] ? trace_hardirqs_off+0xb8/0x310 [ 276.279841] ? log_store+0x344/0x4c0 [ 276.279845] ? vprintk_emit+0x372/0x990 [ 276.279850] _raw_spin_lock_irqsave+0x99/0xd0 [ 276.279854] ? down_trylock+0x13/0x70 [ 276.279857] down_trylock+0x13/0x70 [ 276.279862] __down_trylock_console_sem+0xae/0x1f0 [ 276.279866] console_trylock+0x15/0xa0 [ 276.279870] vprintk_emit+0x372/0x990 [ 276.279874] ? wake_up_klogd+0x180/0x180 [ 276.279878] ? zap_class+0x640/0x640 [ 276.279894] ? trace_hardirqs_off_caller+0x300/0x300 [ 276.279899] ? print_usage_bug+0xc0/0xc0 [ 276.279903] ? find_held_lock+0x36/0x1c0 [ 276.279907] vprintk_default+0x28/0x30 [ 276.279911] vprintk_func+0x7e/0x181 [ 276.279914] printk+0xa7/0xcf [ 276.279924] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 276.279929] __debug_object_init.cold.14+0x4a/0xdf [ 276.279934] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 276.279938] ? debug_object_free+0x690/0x690 [ 276.279943] ? unwind_get_return_address+0x61/0xa0 [ 276.279947] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 276.279952] ? depot_save_stack+0x292/0x470 [ 276.279956] ? save_stack+0xa9/0xd0 [ 276.279959] ? save_stack+0x43/0xd0 [ 276.279963] ? kasan_kmalloc+0xc7/0xe0 [ 276.279968] ? bpf_test_init.isra.10+0x98/0x100 [ 276.279972] ? zap_class+0x640/0x640 [ 276.279976] ? do_syscall_64+0x1b9/0x820 [ 276.279981] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 276.279985] ? find_held_lock+0x36/0x1c0 [ 276.279989] debug_object_init+0x16/0x20 [ 276.279994] init_timer_key+0xa9/0x480 [ 276.280011] ? init_timer_on_stack_key+0xe0/0xe0 [ 276.280015] ? __might_fault+0x12b/0x1e0 [ 276.280020] ? __lockdep_init_map+0x105/0x590 [ 276.280037] ? __lockdep_init_map+0x105/0x590 [ 276.280041] ? lockdep_init_map+0x9/0x10 [ 276.280046] sock_init_data+0xe1/0xdc0 [ 276.280050] ? sk_stop_timer+0x50/0x50 [ 276.280056] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 276.280060] ? _copy_from_user+0xdf/0x150 [ 276.280066] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 276.280071] ? bpf_test_init.isra.10+0x70/0x100 [ 276.280076] bpf_prog_test_run_skb+0x255/0xc40 [ 276.280080] ? __lock_acquire+0x62f/0x4c20 [ 276.280085] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 276.280090] ? __lock_acquire+0x62f/0x4c20 [ 276.280094] ? fput+0x130/0x1a0 [ 276.280098] ? __bpf_prog_get+0x9b/0x290 [ 276.280103] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 276.280108] bpf_prog_test_run+0x130/0x1a0 [ 276.280112] __x64_sys_bpf+0x3d8/0x510 [ 276.280116] ? bpf_prog_get+0x20/0x20 [ 276.280121] do_syscall_64+0x1b9/0x820 [ 276.280126] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 276.280131] ? syscall_return_slowpath+0x5e0/0x5e0 [ 276.280136] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 276.280141] ? trace_hardirqs_on_caller+0x310/0x310 [ 276.280146] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 276.280151] ? prepare_exit_to_usermode+0x291/0x3b0 [ 276.280156] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 276.280161] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 276.280165] RIP: 0033:0x457569 [ 276.280180] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 276.280185] RSP: 002b:00007f60e1bb8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 276.280196] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 276.280203] RDX: 0000000000000028 RSI: 0000000020000140 RDI: 000000000000000a [ 276.280209] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 276.280216] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f60e1bb96d4 [ 276.280222] R13: 00000000004bd892 R14: 00000000004cc208 R15: 00000000ffffffff [ 276.281052] Kernel Offset: disabled [ 277.179989] Rebooting in 86400 seconds..