======================================================
WARNING: possible circular locking dependency detected
4.14.154 #0 Not tainted
------------------------------------------------------
syz-executor.2/28862 is trying to acquire lock:
 (&rp->fetch_lock){+.+.}, at: [<ffffffff83f7e82f>] mon_bin_vma_fault+0x6f/0x280 drivers/usb/mon/mon_bin.c:1236

but task is already holding lock:
 (&mm->mmap_sem){++++}, at: [<ffffffff8129e91a>] __do_page_fault+0x2ca/0xb80 arch/x86/mm/fault.c:1349

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&mm->mmap_sem){++++}:
       lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
       __might_fault mm/memory.c:4584 [inline]
       __might_fault+0x143/0x1d0 mm/memory.c:4569
       _copy_to_user+0x2c/0xd0 lib/usercopy.c:25
       copy_to_user include/linux/uaccess.h:155 [inline]
       mon_bin_get_event+0x10a/0x430 drivers/usb/mon/mon_bin.c:756
       mon_bin_ioctl+0x9b4/0xb50 drivers/usb/mon/mon_bin.c:1067
       vfs_ioctl fs/ioctl.c:46 [inline]
       file_ioctl fs/ioctl.c:500 [inline]
       do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
       SYSC_ioctl fs/ioctl.c:701 [inline]
       SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
       do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x42/0xb7

-> #0 (&rp->fetch_lock){+.+.}:
       check_prev_add kernel/locking/lockdep.c:1901 [inline]
       check_prevs_add kernel/locking/lockdep.c:2018 [inline]
       validate_chain kernel/locking/lockdep.c:2460 [inline]
       __lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
       lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
       mon_bin_vma_fault+0x6f/0x280 drivers/usb/mon/mon_bin.c:1236
       __do_fault+0x104/0x390 mm/memory.c:3223
       do_read_fault mm/memory.c:3633 [inline]
       do_fault mm/memory.c:3759 [inline]
       handle_pte_fault mm/memory.c:3989 [inline]
       __handle_mm_fault+0x2460/0x3470 mm/memory.c:4113
       handle_mm_fault+0x293/0x7c0 mm/memory.c:4150
       __do_page_fault+0x4c1/0xb80 arch/x86/mm/fault.c:1420
       do_page_fault+0x71/0x511 arch/x86/mm/fault.c:1495
       page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1122
       copy_user_generic_unrolled+0x86/0xc0 arch/x86/lib/copy_user_64.S:65
       copy_from_user include/linux/uaccess.h:147 [inline]
       SYSC_sendfile64 fs/read_write.c:1494 [inline]
       SyS_sendfile64+0x7b/0x110 fs/read_write.c:1488
       do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x42/0xb7

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&mm->mmap_sem);
                               lock(&rp->fetch_lock);
                               lock(&mm->mmap_sem);
  lock(&rp->fetch_lock);

 *** DEADLOCK ***

1 lock held by syz-executor.2/28862:
 #0:  (&mm->mmap_sem){++++}, at: [<ffffffff8129e91a>] __do_page_fault+0x2ca/0xb80 arch/x86/mm/fault.c:1349

stack backtrace:
CPU: 0 PID: 28862 Comm: syz-executor.2 Not tainted 4.14.154 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1901 [inline]
 check_prevs_add kernel/locking/lockdep.c:2018 [inline]
 validate_chain kernel/locking/lockdep.c:2460 [inline]
 __lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
 lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
 mon_bin_vma_fault+0x6f/0x280 drivers/usb/mon/mon_bin.c:1236
 __do_fault+0x104/0x390 mm/memory.c:3223
 do_read_fault mm/memory.c:3633 [inline]
 do_fault mm/memory.c:3759 [inline]
 handle_pte_fault mm/memory.c:3989 [inline]
 __handle_mm_fault+0x2460/0x3470 mm/memory.c:4113
 handle_mm_fault+0x293/0x7c0 mm/memory.c:4150
 __do_page_fault+0x4c1/0xb80 arch/x86/mm/fault.c:1420
 do_page_fault+0x71/0x511 arch/x86/mm/fault.c:1495
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1122
RIP: 0010:copy_user_generic_unrolled+0x86/0xc0 arch/x86/lib/copy_user_64.S:66
RSP: 0018:ffff8881f371fe40 EFLAGS: 00010202
RAX: ffffed103e6e3fd5 RBX: 0000000020000200 RCX: 0000000000000001
RDX: 0000000000000000 RSI: 0000000020000200 RDI: ffff8881f371fea0
RBP: ffff8881f371fe70 R08: 1ffff1103e6e3fd4 R09: ffffed103e6e3fd5
R10: ffffed103e6e3fd4 R11: ffff8881f371fea7 R12: 0000000000000008
R13: ffff8881f371fea0 R14: 00007ffffffff000 R15: 0000000020000208
 copy_from_user include/linux/uaccess.h:147 [inline]
 SYSC_sendfile64 fs/read_write.c:1494 [inline]
 SyS_sendfile64+0x7b/0x110 fs/read_write.c:1488
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a219
RSP: 002b:00007f8528f4dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a219
kobject: '0000:0000:84DCA804.010C' (ffff8881b283d638): kobject_uevent_env
RDX: 0000000020000200 RSI: 0000000000000003 RDI: 0000000000000003
kobject: '0000:0000:84DCA804.010C' (ffff8881b283d638): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.010C'
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000ff8 R11: 0000000000000246 R12: 00007f8528f4e6d4
R13: 00000000004c7f94 R14: 00000000004de3b0 R15: 00000000ffffffff
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: '0000:0000:84DCA804.010C' (ffff8881b283d638): kobject_cleanup, parent           (null)
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: '0000:0000:84DCA804.010C' (ffff8881b283d638): calling ktype release
kobject: '0000:0000:84DCA804.010C': free name
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'loop0' (ffff888097692660): kobject_uevent_env
kobject: 'loop0' (ffff888097692660): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: '0000:0000:84DCA804.010D' (ffff88820c0756b8): kobject_add_internal: parent: 'uhid', set: 'devices'
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: '0000:0000:84DCA804.010D' (ffff88820c0756b8): kobject_uevent_env
kobject: '0000:0000:84DCA804.010D' (ffff88820c0756b8): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.010D'
hid-generic 0000:0000:84DCA804.010D: item fetching failed at offset 0/1
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
hid-generic: probe of 0000:0000:84DCA804.010D failed with error -22
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: '0000:0000:84DCA804.010D' (ffff88820c0756b8): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: '0000:0000:84DCA804.010D' (ffff88820c0756b8): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.010D'
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=28924 comm=syz-executor.3
kobject: '0000:0000:84DCA804.010D' (ffff88820c0756b8): kobject_cleanup, parent           (null)
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=28924 comm=syz-executor.3
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=28935 comm=syz-executor.3
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: '0000:0000:84DCA804.010D' (ffff88820c0756b8): calling ktype release
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: '0000:0000:84DCA804.010D': free name
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
net_ratelimit: 20 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop4' (ffff8880a4a86160): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a86160): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: '0000:0000:84DCA804.010E' (ffff88820c6b4278): kobject_add_internal: parent: 'uhid', set: 'devices'
kobject: '0000:0000:84DCA804.010E' (ffff88820c6b4278): kobject_uevent_env
kobject: '0000:0000:84DCA804.010E' (ffff88820c6b4278): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.010E'
hid-generic 0000:0000:84DCA804.010E: item fetching failed at offset 0/1
hid-generic: probe of 0000:0000:84DCA804.010E failed with error -22
kobject: 'loop0' (ffff888097692660): kobject_uevent_env
kobject: 'loop0' (ffff888097692660): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'ip6tnl1' (ffff8881f859e5f0): kobject_add_internal: parent: 'net', set: 'devices'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'ip6tnl1' (ffff8881f859e5f0): kobject_uevent_env
kobject: 'ip6tnl1' (ffff8881f859e5f0): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1'
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'queues' (ffff8880a0804a48): kobject_add_internal: parent: 'ip6tnl1', set: '<NULL>'
kobject: 'queues' (ffff8880a0804a48): kobject_uevent_env
kobject: '0000:0000:84DCA804.010E' (ffff88820c6b4278): kobject_uevent_env
kobject: 'queues' (ffff8880a0804a48): kobject_uevent_env: filter function caused the event to drop!
kobject: '0000:0000:84DCA804.010E' (ffff88820c6b4278): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.010E'
kobject: 'rx-0' (ffff8880a923df10): kobject_add_internal: parent: 'queues', set: 'queues'
kobject: 'rx-0' (ffff8880a923df10): kobject_uevent_env
kobject: 'rx-0' (ffff8880a923df10): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1/queues/rx-0'
kobject: 'tx-0' (ffff88805ebf4318): kobject_add_internal: parent: 'queues', set: 'queues'
kobject: 'tx-0' (ffff88805ebf4318): kobject_uevent_env
kobject: 'tx-0' (ffff88805ebf4318): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1/queues/tx-0'
kobject: '0000:0000:84DCA804.010E' (ffff88820c6b4278): kobject_cleanup, parent           (null)
kobject: 'rx-0' (ffff8880a923df10): kobject_cleanup, parent ffff8880a0804a48
kobject: '0000:0000:84DCA804.010E' (ffff88820c6b4278): calling ktype release
kobject: 'rx-0' (ffff8880a923df10): auto cleanup 'remove' event
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: 'rx-0' (ffff8880a923df10): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'rx-0' (ffff8880a923df10): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1/queues/rx-0'
kobject: '0000:0000:84DCA804.010E': free name
kobject: 'rx-0' (ffff8880a923df10): auto cleanup kobject_del
kobject: 'rx-0' (ffff8880a923df10): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (ffff88805ebf4318): kobject_cleanup, parent ffff8880a0804a48
kobject: 'tx-0' (ffff88805ebf4318): auto cleanup 'remove' event
kobject: 'tx-0' (ffff88805ebf4318): kobject_uevent_env
kobject: 'tx-0' (ffff88805ebf4318): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1/queues/tx-0'
kobject: 'tx-0' (ffff88805ebf4318): auto cleanup kobject_del
kobject: 'tx-0' (ffff88805ebf4318): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (ffff8880a0804a48): kobject_cleanup, parent           (null)
kobject: 'queues' (ffff8880a0804a48): calling ktype release
kobject: 'queues' (ffff8880a0804a48): kset_release
kobject: 'queues': free name
kobject: 'ip6tnl1' (ffff8881f859e5f0): kobject_uevent_env
kobject: 'ip6tnl1' (ffff8881f859e5f0): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1'
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'ip6tnl1' (ffff8881f859e5f0): kobject_cleanup, parent           (null)
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'ip6tnl1' (ffff8881f859e5f0): calling ktype release
kobject: 'ip6tnl1': free name
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
audit: type=1400 audit(1573745560.030:6887): avc:  denied  { map } for  pid=28973 comm="syz-executor.2" path="socket:[329850]" dev="sockfs" ino=329850 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_route_socket permissive=1
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'loop4' (ffff8880a4a86160): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a86160): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a86160): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a86160): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: '0000:0000:84DCA804.010F' (ffff88820b5dc178): kobject_add_internal: parent: 'uhid', set: 'devices'
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: '0000:0000:84DCA804.010F' (ffff88820b5dc178): kobject_uevent_env
kobject: '0000:0000:84DCA804.010F' (ffff88820b5dc178): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.010F'
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
hid-generic 0000:0000:84DCA804.010F: item fetching failed at offset 0/1
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
hid-generic: probe of 0000:0000:84DCA804.010F failed with error -22
kobject: 'loop0' (ffff888097692660): kobject_uevent_env
kobject: 'loop0' (ffff888097692660): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: '0000:0000:84DCA804.010F' (ffff88820b5dc178): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: '0000:0000:84DCA804.010F' (ffff88820b5dc178): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.010F'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: '0000:0000:84DCA804.010F' (ffff88820b5dc178): kobject_cleanup, parent           (null)
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: '0000:0000:84DCA804.010F' (ffff88820b5dc178): calling ktype release
kobject: '0000:0000:84DCA804.010F': free name
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: '0000:0000:84DCA804.0110' (ffff888213fb1938): kobject_add_internal: parent: 'uhid', set: 'devices'
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: '0000:0000:84DCA804.0110' (ffff888213fb1938): kobject_uevent_env
audit: type=1804 audit(1573745561.060:6888): pid=29081 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir661833702/syzkaller.yvnTf3/4035/file0" dev="sda1" ino=16795 res=1
kobject: '0000:0000:84DCA804.0110' (ffff888213fb1938): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.0110'
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
hid-generic 0000:0000:84DCA804.0110: item fetching failed at offset 0/1
kobject: 'ip6tnl1' (ffff88820b45ccb0): kobject_add_internal: parent: 'net', set: 'devices'
hid-generic: probe of 0000:0000:84DCA804.0110 failed with error -22
kobject: 'ip6tnl1' (ffff88820b45ccb0): kobject_uevent_env
kobject: '0000:0000:84DCA804.0110' (ffff888213fb1938): kobject_uevent_env
kobject: 'ip6tnl1' (ffff88820b45ccb0): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1'
kobject: '0000:0000:84DCA804.0110' (ffff888213fb1938): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.0110'
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'queues' (ffff8880a0862448): kobject_add_internal: parent: 'ip6tnl1', set: '<NULL>'
kobject: 'queues' (ffff8880a0862448): kobject_uevent_env
kobject: 'queues' (ffff8880a0862448): kobject_uevent_env: filter function caused the event to drop!
kobject: '0000:0000:84DCA804.0110' (ffff888213fb1938): kobject_cleanup, parent           (null)
kobject: 'rx-0' (ffff8880a8d8d910): kobject_add_internal: parent: 'queues', set: 'queues'
kobject: '0000:0000:84DCA804.0110' (ffff888213fb1938): calling ktype release
kobject: 'rx-0' (ffff8880a8d8d910): kobject_uevent_env
kobject: '0000:0000:84DCA804.0110': free name
kobject: 'rx-0' (ffff8880a8d8d910): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1/queues/rx-0'
kobject: 'tx-0' (ffff888085494098): kobject_add_internal: parent: 'queues', set: 'queues'
kobject: 'tx-0' (ffff888085494098): kobject_uevent_env
kobject: 'tx-0' (ffff888085494098): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1/queues/tx-0'
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: 'rx-0' (ffff8880a8d8d910): kobject_cleanup, parent ffff8880a0862448
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'rx-0' (ffff8880a8d8d910): auto cleanup 'remove' event
kobject: 'rx-0' (ffff8880a8d8d910): kobject_uevent_env
kobject: 'rx-0' (ffff8880a8d8d910): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1/queues/rx-0'
kobject: 'rx-0' (ffff8880a8d8d910): auto cleanup kobject_del
kobject: 'rx-0' (ffff8880a8d8d910): calling ktype release
kobject: 'loop4' (ffff8880a4a86160): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a86160): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'rx-0': free name
kobject: 'tx-0' (ffff888085494098): kobject_cleanup, parent ffff8880a0862448
kobject: 'tx-0' (ffff888085494098): auto cleanup 'remove' event
kobject: 'tx-0' (ffff888085494098): kobject_uevent_env
kobject: 'tx-0' (ffff888085494098): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1/queues/tx-0'
kobject: 'tx-0' (ffff888085494098): auto cleanup kobject_del
kobject: 'tx-0' (ffff888085494098): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (ffff8880a0862448): kobject_cleanup, parent           (null)
kobject: 'queues' (ffff8880a0862448): calling ktype release
kobject: 'queues' (ffff8880a0862448): kset_release
kobject: 'queues': free name
kobject: 'ip6tnl1' (ffff88820b45ccb0): kobject_uevent_env
kobject: 'ip6tnl1' (ffff88820b45ccb0): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1'
kobject: '0000:0000:84DCA804.0111' (ffff8882025699b8): kobject_add_internal: parent: 'uhid', set: 'devices'
kobject: 'ip6tnl1' (ffff88820b45ccb0): kobject_cleanup, parent           (null)
kobject: '0000:0000:84DCA804.0111' (ffff8882025699b8): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: '0000:0000:84DCA804.0111' (ffff8882025699b8): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.0111'
kobject: 'ip6tnl1' (ffff88820b45ccb0): calling ktype release
kobject: 'loop0' (ffff888097692660): kobject_uevent_env
audit: type=1804 audit(1573745561.700:6889): pid=29122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir661833702/syzkaller.yvnTf3/4036/bus" dev="sda1" ino=17362 res=1
kobject: 'loop0' (ffff888097692660): fill_kobj_path: path = '/devices/virtual/block/loop0'
hid-generic 0000:0000:84DCA804.0111: item fetching failed at offset 0/1
hid-generic: probe of 0000:0000:84DCA804.0111 failed with error -22
kobject: 'ip6tnl1': free name
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
audit: type=1804 audit(1573745561.700:6890): pid=29122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir661833702/syzkaller.yvnTf3/4036/bus" dev="sda1" ino=17362 res=1
kobject: 'ip6tnl1' (ffff88820bd84970): kobject_add_internal: parent: 'net', set: 'devices'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'ip6tnl1' (ffff88820bd84970): kobject_uevent_env
audit: type=1804 audit(1573745561.910:6891): pid=29122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir661833702/syzkaller.yvnTf3/4036/bus" dev="sda1" ino=17362 res=1
kobject: 'ip6tnl1' (ffff88820bd84970): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1'
kobject: 'queues' (ffff8880a07c2948): kobject_add_internal: parent: 'ip6tnl1', set: '<NULL>'
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'queues' (ffff8880a07c2948): kobject_uevent_env
kobject: 'queues' (ffff8880a07c2948): kobject_uevent_env: filter function caused the event to drop!
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'rx-0' (ffff88809bd7b3d0): kobject_add_internal: parent: 'queues', set: 'queues'
audit: type=1804 audit(1573745561.910:6892): pid=29126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir661833702/syzkaller.yvnTf3/4036/bus" dev="sda1" ino=17362 res=1
kobject: 'rx-0' (ffff88809bd7b3d0): kobject_uevent_env
kobject: 'rx-0' (ffff88809bd7b3d0): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1/queues/rx-0'
kobject: 'tx-0' (ffff8880a1814318): kobject_add_internal: parent: 'queues', set: 'queues'
audit: type=1804 audit(1573745562.180:6893): pid=29144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir661833702/syzkaller.yvnTf3/4037/bus" dev="sda1" ino=17138 res=1
kobject: '0000:0000:84DCA804.0111' (ffff8882025699b8): kobject_uevent_env
kobject: 'tx-0' (ffff8880a1814318): kobject_uevent_env
kobject: 'tx-0' (ffff8880a1814318): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1/queues/tx-0'
audit: type=1804 audit(1573745562.220:6894): pid=29144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir661833702/syzkaller.yvnTf3/4037/bus" dev="sda1" ino=17138 res=1
kobject: '0000:0000:84DCA804.0111' (ffff8882025699b8): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.0111'
kobject: 'rx-0' (ffff88809bd7b3d0): kobject_cleanup, parent ffff8880a07c2948
kobject: 'rx-0' (ffff88809bd7b3d0): auto cleanup 'remove' event
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: 'rx-0' (ffff88809bd7b3d0): kobject_uevent_env
kobject: 'rx-0' (ffff88809bd7b3d0): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1/queues/rx-0'
kobject: 'rx-0' (ffff88809bd7b3d0): auto cleanup kobject_del
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'rx-0' (ffff88809bd7b3d0): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (ffff8880a1814318): kobject_cleanup, parent ffff8880a07c2948
kobject: 'tx-0' (ffff8880a1814318): auto cleanup 'remove' event
kobject: 'tx-0' (ffff8880a1814318): kobject_uevent_env
kobject: 'tx-0' (ffff8880a1814318): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1/queues/tx-0'
kobject: 'tx-0' (ffff8880a1814318): auto cleanup kobject_del
kobject: 'tx-0' (ffff8880a1814318): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (ffff8880a07c2948): kobject_cleanup, parent           (null)
kobject: '0000:0000:84DCA804.0111' (ffff8882025699b8): kobject_cleanup, parent           (null)
kobject: 'queues' (ffff8880a07c2948): calling ktype release
kobject: 'queues' (ffff8880a07c2948): kset_release
kobject: '0000:0000:84DCA804.0111' (ffff8882025699b8): calling ktype release
kobject: '0000:0000:84DCA804.0111': free name
kobject: 'queues': free name
kobject: 'ip6tnl1' (ffff88820bd84970): kobject_uevent_env
kobject: 'ip6tnl1' (ffff88820bd84970): fill_kobj_path: path = '/devices/virtual/net/ip6tnl1'
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'ip6tnl1' (ffff88820bd84970): kobject_cleanup, parent           (null)
kobject: 'ip6tnl1' (ffff88820bd84970): calling ktype release
audit: type=1400 audit(1573745562.570:6895): avc:  denied  { map } for  pid=29148 comm="syz-executor.2" path="socket:[330809]" dev="sockfs" ino=330809 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=socket permissive=1
kobject: 'loop0' (ffff888097692660): kobject_uevent_env
kobject: 'ip6tnl1': free name
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'loop0' (ffff888097692660): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop4' (ffff8880a4a86160): kobject_uevent_env
kobject: '0000:0000:84DCA804.0112' (ffff8881b0c89a78): kobject_add_internal: parent: 'uhid', set: 'devices'
kobject: 'loop4' (ffff8880a4a86160): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: '0000:0000:84DCA804.0112' (ffff8881b0c89a78): kobject_uevent_env
kobject: '0000:0000:84DCA804.0112' (ffff8881b0c89a78): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.0112'
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
hid-generic 0000:0000:84DCA804.0112: item fetching failed at offset 0/1
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
hid-generic: probe of 0000:0000:84DCA804.0112 failed with error -22
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
audit: type=1804 audit(1573745562.870:6896): pid=29175 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir661833702/syzkaller.yvnTf3/4038/bus" dev="sda1" ino=17362 res=1
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
audit: type=1804 audit(1573745562.940:6897): pid=29169 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir661833702/syzkaller.yvnTf3/4038/bus" dev="sda1" ino=17362 res=1
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: '0000:0000:84DCA804.0112' (ffff8881b0c89a78): kobject_uevent_env
kobject: '0000:0000:84DCA804.0112' (ffff8881b0c89a78): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.0112'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: '0000:0000:84DCA804.0112' (ffff8881b0c89a78): kobject_cleanup, parent           (null)
kobject: '0000:0000:84DCA804.0112' (ffff8881b0c89a78): calling ktype release
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
audit: type=1804 audit(1573745563.480:6898): pid=29202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir661833702/syzkaller.yvnTf3/4039/bus" dev="sda1" ino=17362 res=1
kobject: '0000:0000:84DCA804.0112': free name
kobject: 'loop0' (ffff888097692660): kobject_uevent_env
kobject: 'loop0' (ffff888097692660): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop4' (ffff8880a4a86160): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a86160): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop4' (ffff8880a4a86160): kobject_uevent_env
syz-executor.1: page allocation failure: order:0, mode:0x14000c4(GFP_KERNEL|GFP_DMA32), nodemask=(null)
kobject: 'loop4' (ffff8880a4a86160): fill_kobj_path: path = '/devices/virtual/block/loop4'
syz-executor.1 cpuset=syz1 mems_allowed=0-1
CPU: 1 PID: 29260 Comm: syz-executor.1 Not tainted 4.14.154 #0
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 warn_alloc.cold+0x96/0x1af mm/page_alloc.c:3248
 __alloc_pages_slowpath+0x23c6/0x2930 mm/page_alloc.c:4095
 __alloc_pages_nodemask+0x62c/0x7a0 mm/page_alloc.c:4198
 alloc_pages_current+0xec/0x1e0 mm/mempolicy.c:2113
 alloc_pages include/linux/gfp.h:520 [inline]
 alloc_mmu_pages arch/x86/kvm/mmu.c:5142 [inline]
 kvm_mmu_create+0xdf/0x1e0 arch/x86/kvm/mmu.c:5160
 kvm_arch_vcpu_init+0x29c/0x8e0 arch/x86/kvm/x86.c:8285
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
 kvm_vcpu_init+0x272/0x360 arch/x86/kvm/../../../virt/kvm/kvm_main.c:300
 vmx_create_vcpu+0xfc/0x29c0 arch/x86/kvm/vmx.c:10048
 kvm_arch_vcpu_create+0x8c/0xc0 arch/x86/kvm/x86.c:7998
 kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2529 [inline]
 kvm_vm_ioctl+0x501/0x1600 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3037
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a219
RSP: 002b:00007f9dae5bbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
kobject: 'loop4' (ffff8880a4a86160): kobject_uevent_env
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
kobject: 'loop4' (ffff8880a4a86160): fill_kobj_path: path = '/devices/virtual/block/loop4'
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9dae5bc6d4
R13: 00000000004c3475 R14: 00000000004d76f0 R15: 00000000ffffffff
net_ratelimit: 20 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
Mem-Info:
active_anon:812791 inactive_anon:5112 isolated_anon:0
 active_file:7656 inactive_file:11544 isolated_file:0
 unevictable:512 dirty:45 writeback:1 unstable:0
 slab_reclaimable:16298 slab_unreclaimable:127948
 mapped:61628 shmem:3125 pagetables:12220 bounce:0
 free:533877 free_pcp:513 free_cma:0
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
Node 0 active_anon:1936528kB inactive_anon:20412kB active_file:12kB inactive_file:4kB unevictable:2048kB isolated(anon):0kB isolated(file):0kB mapped:220388kB dirty:8kB writeback:0kB shmem:12464kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1157120kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
Node 1 active_anon:1314836kB inactive_anon:36kB active_file:30612kB inactive_file:46172kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:26124kB dirty:272kB writeback:4kB shmem:36kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 20480kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
kobject: 'loop0' (ffff888097692660): kobject_uevent_env
Node 0 DMA free:10520kB min:216kB low:268kB high:320kB active_anon:4840kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2580 2580 2580
Node 0 DMA32 free:36068kB min:36468kB low:45584kB high:54700kB active_anon:1931688kB inactive_anon:20412kB active_file:12kB inactive_file:4kB unevictable:2048kB writepending:8kB present:3129332kB managed:2644872kB mlocked:2048kB kernel_stack:12192kB pagetables:33272kB bounce:0kB free_pcp:1112kB local_pcp:696kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 1 Normal free:2089092kB min:53420kB low:66772kB high:80124kB active_anon:1314836kB inactive_anon:36kB active_file:30612kB inactive_file:46172kB unevictable:0kB writepending:324kB present:3932160kB managed:3870204kB mlocked:0kB kernel_stack:7584kB pagetables:15896kB bounce:0kB free_pcp:768kB local_pcp:624kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 12*4kB (UMEH) 11*8kB (UMH) 9*16kB (UMEH) 6*32kB (UH) 7*64kB (UMEH) 3*128kB (MEH) 6*256kB (UEH) 1*512kB (E) 3*1024kB (UME) 2*2048kB (UE) 0*4096kB = 10520kB
Node 0 DMA32: 1067*4kB (UMEH) 1425*8kB (UMH) 481*16kB (UMH) 397*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36068kB
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 1 Normal: 309*4kB (UME) 2481*8kB (UME) 2218*16kB (UME) 1496*32kB (UME) 372*64kB (UME) 53*128kB (UME) 27*256kB (UME) 11*512kB (UME) 4*1024kB (UME) 0*2048kB 473*4096kB (M) = 2089084kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
22322 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
kobject: 'loop0' (ffff888097692660): fill_kobj_path: path = '/devices/virtual/block/loop0'
Total swap = 0kB
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: '0000:0000:84DCA804.0113' (ffff8882078b9b38): kobject_add_internal: parent: 'uhid', set: 'devices'
kobject: '0000:0000:84DCA804.0113' (ffff8882078b9b38): kobject_uevent_env
kobject: '0000:0000:84DCA804.0113' (ffff8882078b9b38): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.0113'
kobject: 'loop0' (ffff888097692660): kobject_uevent_env
hid-generic 0000:0000:84DCA804.0113: item fetching failed at offset 0/1
hid-generic: probe of 0000:0000:84DCA804.0113 failed with error -22
kobject: 'loop0' (ffff888097692660): fill_kobj_path: path = '/devices/virtual/block/loop0'
1965979 pages RAM
0 pages HighMem/MovableOnly
333233 pages reserved
0 pages cma reserved
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'loop0' (ffff888097692660): kobject_uevent_env
kobject: 'loop0' (ffff888097692660): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: '0000:0000:84DCA804.0113' (ffff8882078b9b38): kobject_uevent_env
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: '0000:0000:84DCA804.0113' (ffff8882078b9b38): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.0113'
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: '0000:0000:84DCA804.0113' (ffff8882078b9b38): kobject_cleanup, parent           (null)
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: '0000:0000:84DCA804.0113' (ffff8882078b9b38): calling ktype release
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'loop0' (ffff888097692660): kobject_uevent_env
kobject: 'loop0' (ffff888097692660): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: '0000:0000:84DCA804.0113': free name
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: '0000:0000:84DCA804.0114' (ffff888205f0d0b8): kobject_add_internal: parent: 'uhid', set: 'devices'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: '0000:0000:84DCA804.0114' (ffff888205f0d0b8): kobject_uevent_env
kobject: '0000:0000:84DCA804.0114' (ffff888205f0d0b8): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.0114'
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
hid-generic 0000:0000:84DCA804.0114: item fetching failed at offset 0/1
hid-generic: probe of 0000:0000:84DCA804.0114 failed with error -22
kobject: '0000:0000:84DCA804.0114' (ffff888205f0d0b8): kobject_uevent_env
kobject: '0000:0000:84DCA804.0114' (ffff888205f0d0b8): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.0114'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop0' (ffff888097692660): kobject_uevent_env
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: 'loop0' (ffff888097692660): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'loop0' (ffff888097692660): kobject_uevent_env
kobject: 'loop0' (ffff888097692660): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: '0000:0000:84DCA804.0114' (ffff888205f0d0b8): kobject_cleanup, parent           (null)
kobject: 'loop0' (ffff888097692660): kobject_uevent_env
kobject: 'loop0' (ffff888097692660): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: '0000:0000:84DCA804.0114' (ffff888205f0d0b8): calling ktype release
kobject: '0000:0000:84DCA804.0114': free name
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop4' (ffff8880a4a86160): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a86160): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: '0000:0000:84DCA804.0115' (ffff8881b238cff8): kobject_add_internal: parent: 'uhid', set: 'devices'
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: '0000:0000:84DCA804.0115' (ffff8881b238cff8): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: '0000:0000:84DCA804.0115' (ffff8881b238cff8): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.0115'
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
hid-generic 0000:0000:84DCA804.0115: item fetching failed at offset 0/1
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
hid-generic: probe of 0000:0000:84DCA804.0115 failed with error -22
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: '0000:0000:84DCA804.0115' (ffff8881b238cff8): kobject_uevent_env
kobject: '0000:0000:84DCA804.0115' (ffff8881b238cff8): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.0115'
kobject: '0000:0000:84DCA804.0115' (ffff8881b238cff8): kobject_cleanup, parent           (null)
kobject: '0000:0000:84DCA804.0115' (ffff8881b238cff8): calling ktype release
kobject: '0000:0000:84DCA804.0115': free name
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: '0000:0000:84DCA804.0116' (ffff8881fafcc5b8): kobject_add_internal: parent: 'uhid', set: 'devices'
kobject: '0000:0000:84DCA804.0116' (ffff8881fafcc5b8): kobject_uevent_env
kobject: '0000:0000:84DCA804.0116' (ffff8881fafcc5b8): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.0116'
hid-generic 0000:0000:84DCA804.0116: item fetching failed at offset 0/1
hid-generic: probe of 0000:0000:84DCA804.0116 failed with error -22
kobject: '0000:0000:84DCA804.0116' (ffff8881fafcc5b8): kobject_uevent_env
kobject: '0000:0000:84DCA804.0116' (ffff8881fafcc5b8): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.0116'
kobject: 'loop0' (ffff888097692660): kobject_uevent_env
kobject: 'loop0' (ffff888097692660): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: '0000:0000:84DCA804.0116' (ffff8881fafcc5b8): kobject_cleanup, parent           (null)
kobject: 'loop5' (ffff8880a4abea60): kobject_uevent_env
kobject: 'loop5' (ffff8880a4abea60): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: '0000:0000:84DCA804.0116' (ffff8881fafcc5b8): calling ktype release
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: '0000:0000:84DCA804.0116': free name
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kauditd_printk_skb: 15 callbacks suppressed
audit: type=1804 audit(1573745567.070:6914): pid=29414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir661833702/syzkaller.yvnTf3/4047/bus" dev="sda1" ino=17314 res=1
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
audit: type=1804 audit(1573745567.070:6915): pid=29414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir661833702/syzkaller.yvnTf3/4047/bus" dev="sda1" ino=17314 res=1
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop4' (ffff8880a4a86160): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a86160): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop4' (ffff8880a4a86160): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a86160): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: '0000:0000:84DCA804.0117' (ffff88820b2551b8): kobject_add_internal: parent: 'uhid', set: 'devices'
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: '0000:0000:84DCA804.0117' (ffff88820b2551b8): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: '0000:0000:84DCA804.0117' (ffff88820b2551b8): fill_kobj_path: path = '/devices/virtual/misc/uhid/0000:0000:84DCA804.0117'
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'
kobject: 'loop2' (ffff8881b2b2c3e0): kobject_uevent_env
kobject: 'loop2' (ffff8881b2b2c3e0): fill_kobj_path: path = '/devices/virtual/block/loop2'
hid-generic 0000:0000:84DCA804.0117: item fetching failed at offset 0/1
hid-generic: probe of 0000:0000:84DCA804.0117 failed with error -22
kobject: 'loop3' (ffff8880a4a2f220): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a2f220): fill_kobj_path: path = '/devices/virtual/block/loop3'
audit: type=1804 audit(1573745567.710:6916): pid=29448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir661833702/syzkaller.yvnTf3/4048/bus" dev="sda1" ino=17233 res=1
kobject: 'kvm' (ffff888219fd6e10): kobject_uevent_env
kobject: 'kvm' (ffff888219fd6e10): fill_kobj_path: path = '/devices/virtual/misc/kvm'