Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts. 2018/12/24 02:49:11 fuzzer started 2018/12/24 02:49:13 dialing manager at 10.128.0.26:33943 [ 42.494732] ld (6071) used greatest stack depth: 15200 bytes left 2018/12/24 02:49:13 syscalls: 1 2018/12/24 02:49:13 code coverage: enabled 2018/12/24 02:49:13 comparison tracing: enabled 2018/12/24 02:49:13 setuid sandbox: enabled 2018/12/24 02:49:13 namespace sandbox: enabled 2018/12/24 02:49:13 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 02:49:13 fault injection: enabled 2018/12/24 02:49:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 02:49:13 net packet injection: enabled 2018/12/24 02:49:13 net device setup: enabled 02:51:33 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x0, 0x0) clone(0x802182001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe4c4, 0xd3, 0x0, 0xfffffffffffffbff, 0x0, 0x0, 0x1d5b, 0x0, 0x0, 0x0, 0x3, 0x0, 0x7, 0x101, 0x0, 0x50f1, 0x5, 0xf8, 0x1, 0x6991, 0x80000000000, 0x0, 0x0, 0x4, 0x0, 0x20, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0x0, 0xec, 0x7, 0xb7, 0xfffffffffffffff9}, 0x0, 0x0, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x24, &(0x7f0000001000)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d030100000000009500000000000000712600000000000035060000ff000000bf25000000000000070500000e0000000f65000000000000bf5400000000000007040000040000003d4301000000000095000000000000006154000000000000bf250000000000000f65000000000000070500000e000000bf5400000000000007040000040000003d43010000000000950000000000000061540000000000006b25000000000000070500000e0000000f6500000000000007050000040000000f65000000000000bf5400000000000007040000040000003d3201000000000095000000000000004d54000000000000b7000000000000009500000000000000"], 0x0}, 0x48) syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x6, 0x2000) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) exit(0x5853) [ 183.097167] IPVS: ftp: loaded support on port[0] = 21 02:51:34 executing program 1: semtimedop(0x0, &(0x7f0000000040), 0x0, 0x0) syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) select(0x40, &(0x7f0000000140), 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(0xffffffffffffffff, 0x408c5333, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) lsetxattr$security_smack_entry(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='security.SMACK64MMAP\x00', 0x0, 0x0, 0x3) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000007c0)={"a523fb9656eb871ffcd7ffeb51d84e738a55eba841ae487e33cdd921e8a51ce6c924020f0ac3562dd8cdeb31deac16f46da4ac16ee8165bce439eddce671c5b0a1103ea3f86a43cbb78504f6f9c77c2f09dc27632ec6036ee52a87e321e707c0cfe15576c26d52d0334c8d4693e127b3a046a5ed7796c9c5017cfd58ec871ed76369846fea9ebfa2f7f96496abf4ef57ed1ecd930eb9e13396875f01e932804ffe8a34c8fbedd97cdfb3176ec59fbbfd20a6ff17795431c3908530e4f5f703480a5211cc6a7e2084e4a9b6aedf60b7b8084b00ca2cbed255b4cc4679c967432fea5e95119f9635e94794aab6ef54f290677fa08d0ee2cc8eae468efd02417055d3f3ccc86b629dfb878c4d115c16c75fe352cffa93648cf49577256b5d2faf0634335c97ffff966ae90cbf81250df3613c25d2789c869c9cc95a6e9d364c4c684059c593f9950e66cf81cd9f36d73fade4f0cbb795010364d13ff32c12efd91d0ebb6533700945f2db6113a630bd521eec89a74c46e1733b72d6e4d2ccee3b40f99809a9a4fb5fc2d1c53e1366d455bcbe81893100ab56b2556b55c1a0c5787356b464c3bf7011488e55f587a6d4420d46d69a74ee5bbfbcb0d6cb00aae8c3dfd6dd2e9f76d7a542f20553207b668dce69f1b463ee9166e81bb109f461b8885f15c9e525d72260ccdbd69e3345612158114780b9409ea856cb724faa6ed27ba836b35c10e7c7d43f2fa34f98f16a00f31565e16a213eaf4a7f438c89733ebe6d16328b930fd942bc64d631dd1f2aa1cc2ccdaff2324076c83e1ba4d2a0e40e010c96b42e7a4a76cd7a89ef592b9b3030f62d9fbd565ee5908ab90b42620b61e5d1e08621a31d21003cd12a450461636472fa64a7e1b98778bfb482fb4b4da31b42ee98b10f9c0f4c085d08c37ee2e3a9e4a5aff72a0ab844fcbfa224842c85f6cdfd25829c44760e3859624f891df4824f7d17938ac2def6721639176fad9512ee9b4c5de1412cf3083e1d5ee2d29b63267ccba535409da7bef05d3fa79a3ef037ee609e01ad345ee17f48b5e8510f767de35df4dfb856f7533ad88866c6b01fe345107ba7191a8809e2e014492acf9c4f35cad664198a65c55f884490f4b30b4526324be842c393f336f16bea2bf6c6b917fdb751e12ff689ab4ffa44625a8b2bc1de4e88682abe5ce9d1942792747681ad23c31046d825140987f19a9cf10323c3f50a20f35a6d1dd8ca6758296b4537a0da1a853011b777623c8774b3689897cf9264a7782470847f36a8093faee04114663438ab39d8a777fb3e10cb4a2402a939a98d387087c5ca5fd8fbc4d96ae698b5bb84a0a8484e2b85743e623a033eb5b1889ccfb4b95885bc69d4c1cb819b95e7923e557c9ec9ec10e94d1e1295fc2f256fa095036f6cfc04c414fc57fc72c120614a586089c93741e97a61c466"}) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0xefff) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, &(0x7f0000000380)="0f0766b818008ed80f20e035000040000f22e00faea66647000066ba2000b801000000efc4c13565d4b805000000b9f4ce05c80f01d9670f01750c66b8e3000f00d8c4c2e99626", 0x47}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 183.416210] IPVS: ftp: loaded support on port[0] = 21 02:51:34 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = dup2(r0, r0) ioctl$sock_inet6_udp_SIOCINQ(r1, 0x541b, &(0x7f0000000000)) [ 183.772397] IPVS: ftp: loaded support on port[0] = 21 02:51:34 executing program 3: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') pread64(r0, &(0x7f0000001300)=""/4096, 0x1000, 0x0) [ 184.288971] IPVS: ftp: loaded support on port[0] = 21 02:51:35 executing program 4: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) syz_open_dev$amidi(0x0, 0x0, 0x0) syslog(0x3, &(0x7f00000000c0)=""/147, 0x37a8ec531be3c41f) open(&(0x7f0000000e00)='./file1\x00', 0x0, 0x0) mount(&(0x7f0000000280)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='mountstats\x00') sendfile(r0, r1, 0x0, 0x800000080000002) 02:51:35 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x0, 0x0) [ 184.728561] IPVS: ftp: loaded support on port[0] = 21 [ 184.767790] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.777919] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.785628] device bridge_slave_0 entered promiscuous mode [ 184.871548] IPVS: ftp: loaded support on port[0] = 21 [ 185.007197] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.016570] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.029265] device bridge_slave_1 entered promiscuous mode [ 185.173866] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 185.293856] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 185.488201] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.494972] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.503212] device bridge_slave_0 entered promiscuous mode [ 185.597389] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.612166] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.634400] device bridge_slave_1 entered promiscuous mode [ 185.691955] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.734959] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 185.809816] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.821388] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 186.032607] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.047237] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.054852] device bridge_slave_0 entered promiscuous mode [ 186.081701] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 186.099492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.175962] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.183857] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.191268] device bridge_slave_1 entered promiscuous mode [ 186.246296] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.280802] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 186.417799] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 186.438082] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.467813] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 186.494505] team0: Port device team_slave_0 added [ 186.595070] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 186.604081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.612780] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 186.624885] team0: Port device team_slave_1 added [ 186.775011] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.785275] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 186.823458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.831729] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.839736] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.854941] device bridge_slave_0 entered promiscuous mode [ 186.891818] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.944357] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.986816] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.993272] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.010371] device bridge_slave_1 entered promiscuous mode [ 187.019375] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.029684] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.037673] device bridge_slave_0 entered promiscuous mode [ 187.047311] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 187.068476] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.091657] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.109320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.155222] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.166123] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.172489] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.192978] device bridge_slave_1 entered promiscuous mode [ 187.201102] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 187.220018] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 187.254478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.264533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.287742] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.302675] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 187.310804] team0: Port device team_slave_0 added [ 187.318476] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.335866] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.343585] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.351093] device bridge_slave_0 entered promiscuous mode [ 187.377438] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 187.392661] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.406666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.469213] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.479096] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 187.487258] team0: Port device team_slave_1 added [ 187.516462] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.537337] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.550988] device bridge_slave_1 entered promiscuous mode [ 187.663304] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 187.671093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.684114] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.710801] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.720216] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 187.729692] team0: Port device team_slave_0 added [ 187.772989] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.786385] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.830408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.854365] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 187.884295] team0: Port device team_slave_1 added [ 187.893978] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.927385] ip (6427) used greatest stack depth: 15112 bytes left [ 187.933859] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 187.942090] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.964442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.993019] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.038379] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 188.058196] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.069919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.113983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.134849] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.145208] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 188.156443] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 188.167103] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 188.187794] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.195892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.224033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.231881] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.269083] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.283504] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 188.293515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.309340] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 188.326186] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 188.338246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.360408] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.388679] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.408328] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.432884] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 188.469652] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.490673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.527132] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 188.540923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.657165] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 188.665913] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.722322] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 188.737138] team0: Port device team_slave_0 added [ 188.745963] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 188.764459] team0: Port device team_slave_0 added [ 188.896799] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 188.904087] team0: Port device team_slave_1 added [ 188.917362] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.923893] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.930797] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.937221] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.952409] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 188.971591] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 188.981594] team0: Port device team_slave_1 added [ 189.056314] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.101570] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.126055] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.135228] team0: Port device team_slave_0 added [ 189.140743] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.152199] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.209977] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 189.241849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.250047] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.269039] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.293842] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.302049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.331165] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 189.338964] team0: Port device team_slave_1 added [ 189.359967] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.375712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.391936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.440774] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.452049] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 189.462223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.494084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.501920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.516131] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.531095] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.541695] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 189.557403] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.581158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.605267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.626708] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.687286] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.713686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.729777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.778181] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.784608] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.791279] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.797678] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.805474] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 189.821056] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.844229] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.853895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.096866] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.103261] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.109978] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.116373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.134707] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 190.143433] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.150596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.930270] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.936890] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.943601] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.949976] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.970637] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 191.098733] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.105178] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.111846] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.118289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.138547] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 191.146911] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.153281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.160050] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.166502] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.174574] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 191.192943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.210237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.234410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.570941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.030961] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.066352] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 195.292059] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.464961] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 195.541290] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 195.560468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.593926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.839685] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 195.961327] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.987470] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.005448] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 196.011738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.033289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.046491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.089205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.250404] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 196.263908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.278417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.514041] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 196.531059] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.542691] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 196.559352] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 196.754109] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.931325] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 196.937722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.947786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.065132] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 197.079881] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 197.087031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.114004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.121067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.134678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.314029] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.524072] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.565362] 8021q: adding VLAN 0 to HW filter on device team0 02:51:49 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)='\x00\x00\x00\x00z', 0x5) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0xffffffbf) recvmmsg(r1, &(0x7f0000000100)=[{{0x0, 0xb4, &(0x7f0000000140)=[{&(0x7f0000000480)=""/66, 0xfffffc7c}], 0x1, 0x0, 0xfffffd1d}}], 0xca13baae19ed2d, 0x0, 0x0) [ 198.884285] hrtimer: interrupt took 30187 ns 02:51:50 executing program 0: capset(&(0x7f0000002ffa)={0x120080522}, &(0x7f0000000000)) r0 = socket$netlink(0x10, 0x3, 0x4) write(r0, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) 02:51:50 executing program 0: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r0, &(0x7f00000017c0)=0x2, 0x12) 02:51:50 executing program 0: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r0, &(0x7f00000017c0)=0x2, 0x12) 02:51:50 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x4, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000000)={0x20000000002, 0x0, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x1f}}) [ 199.405650] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 02:51:50 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x56aa, 0x11, 0x0, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000007000/0x2000)=nil, 0x2000, 0x0, 0x6012, r1, 0x4000) [ 199.477051] ================================================================== [ 199.484526] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 199.491113] Write of size 832 at addr ffff8881b79babc0 by task syz-executor1/7585 [ 199.498724] [ 199.498745] CPU: 0 PID: 7585 Comm: syz-executor1 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 199.498755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.498762] Call Trace: [ 199.498787] dump_stack+0x244/0x39d [ 199.518397] ? dump_stack_print_info.cold.1+0x20/0x20 [ 199.518412] ? printk+0xa7/0xcf [ 199.518430] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 199.537895] print_address_description.cold.4+0x9/0x1ff [ 199.543279] ? fpstate_init+0x50/0x160 [ 199.547180] kasan_report.cold.5+0x1b/0x39 [ 199.551426] ? fpstate_init+0x50/0x160 [ 199.555329] ? fpstate_init+0x50/0x160 [ 199.559226] check_memory_region+0x13e/0x1b0 [ 199.559923] ion_mmap: failure mapping buffer to userspace [ 199.563643] memset+0x23/0x40 [ 199.563662] fpstate_init+0x50/0x160 [ 199.563680] kvm_arch_vcpu_init+0x3e9/0x870 [ 199.563701] kvm_vcpu_init+0x2fa/0x420 [ 199.563718] ? vcpu_stat_get+0x300/0x300 [ 199.563741] ? kmem_cache_alloc+0x33f/0x730 [ 199.563768] vmx_create_vcpu+0x1b7/0x2695 [ 199.576510] ion_mmap: failure mapping buffer to userspace [ 199.580501] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 199.580516] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 199.580544] ? preempt_schedule+0x4d/0x60 [ 199.616249] ? preempt_schedule_common+0x1f/0xe0 [ 199.621016] ? vmx_exec_control+0x210/0x210 02:51:50 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x56aa, 0x11, 0x0, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000007000/0x2000)=nil, 0x2000, 0x0, 0x6012, r1, 0x4000) [ 199.625346] ? ___preempt_schedule+0x16/0x18 [ 199.629768] ? kasan_check_write+0x14/0x20 [ 199.634012] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 199.638960] ? wait_for_completion+0x8a0/0x8a0 [ 199.643559] ? print_usage_bug+0xc0/0xc0 [ 199.647639] ? migrate_swap_stop+0x8a0/0x8a0 [ 199.652068] kvm_arch_vcpu_create+0xe5/0x220 [ 199.656485] ? kvm_arch_vcpu_free+0x90/0x90 [ 199.660834] kvm_vm_ioctl+0x526/0x2030 [ 199.664761] ? kvm_unregister_device_ops+0x70/0x70 [ 199.669704] ? mark_held_locks+0x130/0x130 [ 199.673957] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 199.679181] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 199.684327] ? futex_wake+0x304/0x760 [ 199.688154] ? __lock_acquire+0x62f/0x4c20 [ 199.692403] ? unwind_get_return_address+0x61/0xa0 [ 199.697354] ? mark_held_locks+0x130/0x130 [ 199.701591] ? graph_lock+0x270/0x270 [ 199.705394] ? do_futex+0x249/0x26d0 [ 199.709110] ? save_stack+0x43/0xd0 [ 199.712741] ? __kasan_slab_free+0x102/0x150 [ 199.717160] ? kasan_slab_free+0xe/0x10 [ 199.719028] ion_mmap: failure mapping buffer to userspace [ 199.721167] ? kmem_cache_free+0x83/0x290 [ 199.721181] ? putname+0xf2/0x130 [ 199.721209] ? filename_lookup+0x39a/0x520 [ 199.721228] ? user_path_at_empty+0x40/0x50 [ 199.742904] ? path_setxattr+0xd6/0x230 [ 199.746889] ? __x64_sys_lsetxattr+0xc1/0x150 [ 199.751426] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.756808] ? find_held_lock+0x36/0x1c0 [ 199.760907] ? __fget+0x4aa/0x740 [ 199.764391] ? lock_downgrade+0x900/0x900 [ 199.768549] ? check_preemption_disabled+0x48/0x280 [ 199.773580] ? kasan_check_read+0x11/0x20 [ 199.777757] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 199.783044] ? rcu_read_unlock_special+0x370/0x370 [ 199.788014] ? __fget+0x4d1/0x740 [ 199.791517] ? ksys_dup3+0x680/0x680 [ 199.795257] ? __might_fault+0x12b/0x1e0 [ 199.799328] ? lock_downgrade+0x900/0x900 [ 199.803484] ? lock_release+0xa00/0xa00 [ 199.807481] ? perf_trace_sched_process_exec+0x860/0x860 [ 199.812953] ? kvm_unregister_device_ops+0x70/0x70 [ 199.817899] do_vfs_ioctl+0x1de/0x1790 [ 199.821817] ? ioctl_preallocate+0x300/0x300 [ 199.826246] ? __fget_light+0x2e9/0x430 [ 199.830235] ? fget_raw+0x20/0x20 [ 199.833716] ? _copy_to_user+0xc8/0x110 [ 199.837712] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.843259] ? put_timespec64+0x10f/0x1b0 [ 199.847423] ? nsecs_to_jiffies+0x30/0x30 [ 199.851581] ? do_syscall_64+0x9a/0x820 [ 199.855566] ? do_syscall_64+0x9a/0x820 [ 199.859546] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 199.864139] ? security_file_ioctl+0x94/0xc0 [ 199.868579] ksys_ioctl+0xa9/0xd0 [ 199.872069] __x64_sys_ioctl+0x73/0xb0 [ 199.875977] do_syscall_64+0x1b9/0x820 [ 199.879879] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 199.885270] ? syscall_return_slowpath+0x5e0/0x5e0 [ 199.890214] ? trace_hardirqs_on_caller+0x310/0x310 [ 199.895245] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 199.900278] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 199.906990] ? __switch_to_asm+0x40/0x70 [ 199.911067] ? __switch_to_asm+0x34/0x70 [ 199.915159] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 199.920020] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.925230] RIP: 0033:0x457669 [ 199.928446] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.947356] RSP: 002b:00007f08b4fabc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 199.955073] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 199.962352] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 199.969629] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 199.976901] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f08b4fac6d4 [ 199.984175] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 199.991452] [ 199.993090] Allocated by task 7585: [ 199.996716] save_stack+0x43/0xd0 [ 200.000184] kasan_kmalloc+0xcb/0xd0 [ 200.003897] kasan_slab_alloc+0x12/0x20 [ 200.007893] kmem_cache_alloc+0x130/0x730 [ 200.012057] vmx_create_vcpu+0x110/0x2695 [ 200.016225] kvm_arch_vcpu_create+0xe5/0x220 [ 200.020632] kvm_vm_ioctl+0x526/0x2030 [ 200.024526] do_vfs_ioctl+0x1de/0x1790 [ 200.028413] ksys_ioctl+0xa9/0xd0 [ 200.031863] __x64_sys_ioctl+0x73/0xb0 [ 200.035749] do_syscall_64+0x1b9/0x820 [ 200.039649] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.044861] [ 200.046479] Freed by task 0: [ 200.049483] (stack is not available) [ 200.053180] [ 200.054820] The buggy address belongs to the object at ffff8881b79bab80 [ 200.054820] which belongs to the cache x86_fpu of size 832 [ 200.067151] The buggy address is located 64 bytes inside of [ 200.067151] 832-byte region [ffff8881b79bab80, ffff8881b79baec0) [ 200.078934] The buggy address belongs to the page: [ 200.083863] page:ffffea0006de6e80 count:1 mapcount:0 mapping:ffff8881d7af0380 index:0x0 [ 200.091999] flags: 0x2fffc0000000200(slab) [ 200.096234] raw: 02fffc0000000200 ffff8881d5145a48 ffff8881d5145a48 ffff8881d7af0380 [ 200.104116] raw: 0000000000000000 ffff8881b79ba040 0000000100000004 0000000000000000 [ 200.111982] page dumped because: kasan: bad access detected [ 200.117688] [ 200.119320] Memory state around the buggy address: [ 200.124247] ffff8881b79bad80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 200.131614] ffff8881b79bae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 200.138980] >ffff8881b79bae80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 200.146343] ^ [ 200.151802] ffff8881b79baf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 200.159193] ffff8881b79baf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 200.166552] ================================================================== [ 200.173901] Disabling lock debugging due to kernel taint [ 200.227798] Kernel panic - not syncing: panic_on_warn set ... [ 200.233747] CPU: 0 PID: 7585 Comm: syz-executor1 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 200.243619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.252971] Call Trace: [ 200.255559] dump_stack+0x244/0x39d [ 200.259197] ? dump_stack_print_info.cold.1+0x20/0x20 [ 200.264417] ? fpstate_init+0x30/0x160 [ 200.268316] panic+0x2ad/0x632 [ 200.271515] ? add_taint.cold.5+0x16/0x16 [ 200.275677] ? preempt_schedule+0x4d/0x60 [ 200.276178] kobject: 'loop2' (00000000f2b0f892): kobject_uevent_env [ 200.279845] ? ___preempt_schedule+0x16/0x18 [ 200.291053] ? trace_hardirqs_on+0xb4/0x310 [ 200.293576] kobject: 'loop2' (00000000f2b0f892): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 200.295381] ? fpstate_init+0x50/0x160 [ 200.308701] end_report+0x47/0x4f [ 200.312162] kasan_report.cold.5+0xe/0x39 [ 200.316317] ? fpstate_init+0x50/0x160 [ 200.320219] ? fpstate_init+0x50/0x160 [ 200.324107] check_memory_region+0x13e/0x1b0 [ 200.328511] memset+0x23/0x40 [ 200.331612] fpstate_init+0x50/0x160 [ 200.335326] kvm_arch_vcpu_init+0x3e9/0x870 [ 200.339650] kvm_vcpu_init+0x2fa/0x420 [ 200.343537] ? vcpu_stat_get+0x300/0x300 [ 200.347610] ? kmem_cache_alloc+0x33f/0x730 [ 200.351966] vmx_create_vcpu+0x1b7/0x2695 [ 200.356127] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 200.361226] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 200.365811] ? preempt_schedule+0x4d/0x60 [ 200.370034] ? preempt_schedule_common+0x1f/0xe0 [ 200.374794] ? vmx_exec_control+0x210/0x210 [ 200.379126] ? ___preempt_schedule+0x16/0x18 [ 200.383534] ? kasan_check_write+0x14/0x20 [ 200.387776] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 200.392704] ? wait_for_completion+0x8a0/0x8a0 [ 200.397285] ? print_usage_bug+0xc0/0xc0 [ 200.401346] ? migrate_swap_stop+0x8a0/0x8a0 [ 200.405763] kvm_arch_vcpu_create+0xe5/0x220 [ 200.410164] ? kvm_arch_vcpu_free+0x90/0x90 [ 200.414493] kvm_vm_ioctl+0x526/0x2030 [ 200.418378] ? kvm_unregister_device_ops+0x70/0x70 [ 200.423307] ? mark_held_locks+0x130/0x130 [ 200.427547] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 200.432734] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 200.437855] ? futex_wake+0x304/0x760 [ 200.441690] ? __lock_acquire+0x62f/0x4c20 [ 200.445952] ? unwind_get_return_address+0x61/0xa0 [ 200.450890] ? mark_held_locks+0x130/0x130 [ 200.455122] ? graph_lock+0x270/0x270 [ 200.458920] ? do_futex+0x249/0x26d0 [ 200.462646] ? save_stack+0x43/0xd0 [ 200.466266] ? __kasan_slab_free+0x102/0x150 [ 200.470667] ? kasan_slab_free+0xe/0x10 [ 200.474637] ? kmem_cache_free+0x83/0x290 [ 200.478796] ? putname+0xf2/0x130 [ 200.482264] ? filename_lookup+0x39a/0x520 [ 200.486508] ? user_path_at_empty+0x40/0x50 [ 200.490849] ? path_setxattr+0xd6/0x230 [ 200.494819] ? __x64_sys_lsetxattr+0xc1/0x150 [ 200.499341] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.504708] ? find_held_lock+0x36/0x1c0 [ 200.508781] ? __fget+0x4aa/0x740 [ 200.512232] ? lock_downgrade+0x900/0x900 [ 200.516405] ? check_preemption_disabled+0x48/0x280 [ 200.521418] ? kasan_check_read+0x11/0x20 [ 200.525575] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 200.530856] ? rcu_read_unlock_special+0x370/0x370 [ 200.535789] ? __fget+0x4d1/0x740 [ 200.539270] ? ksys_dup3+0x680/0x680 [ 200.543013] ? __might_fault+0x12b/0x1e0 [ 200.547075] ? lock_downgrade+0x900/0x900 [ 200.551243] ? lock_release+0xa00/0xa00 [ 200.555218] ? perf_trace_sched_process_exec+0x860/0x860 [ 200.560669] ? kvm_unregister_device_ops+0x70/0x70 [ 200.565623] do_vfs_ioctl+0x1de/0x1790 [ 200.569523] ? ioctl_preallocate+0x300/0x300 [ 200.573954] ? __fget_light+0x2e9/0x430 [ 200.577947] ? fget_raw+0x20/0x20 [ 200.581399] ? _copy_to_user+0xc8/0x110 [ 200.585391] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.590946] ? put_timespec64+0x10f/0x1b0 [ 200.595120] ? nsecs_to_jiffies+0x30/0x30 [ 200.599267] ? do_syscall_64+0x9a/0x820 [ 200.603240] ? do_syscall_64+0x9a/0x820 [ 200.607216] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 200.611799] ? security_file_ioctl+0x94/0xc0 [ 200.616218] ksys_ioctl+0xa9/0xd0 [ 200.619688] __x64_sys_ioctl+0x73/0xb0 [ 200.623573] do_syscall_64+0x1b9/0x820 [ 200.627456] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 200.632851] ? syscall_return_slowpath+0x5e0/0x5e0 [ 200.637781] ? trace_hardirqs_on_caller+0x310/0x310 [ 200.642791] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 200.647812] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 200.654482] ? __switch_to_asm+0x40/0x70 [ 200.658536] ? __switch_to_asm+0x34/0x70 [ 200.662613] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.667455] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.672636] RIP: 0033:0x457669 [ 200.675822] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.694724] RSP: 002b:00007f08b4fabc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 200.702424] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 200.709688] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 200.716955] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 200.724235] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f08b4fac6d4 [ 200.731528] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 200.739952] Kernel Offset: disabled [ 200.743573] Rebooting in 86400 seconds..