[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.007819] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.218441] random: sshd: uninitialized urandom read (32 bytes read) [ 20.655276] random: sshd: uninitialized urandom read (32 bytes read) [ 21.445756] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.49' (ECDSA) to the list of known hosts. [ 26.860205] random: sshd: uninitialized urandom read (32 bytes read) 2018/07/09 06:12:55 fuzzer started [ 28.231220] random: cc1: uninitialized urandom read (8 bytes read) 2018/07/09 06:12:57 dialing manager at 10.128.0.26:37931 2018/07/09 06:13:01 syscalls: 1785 2018/07/09 06:13:01 code coverage: enabled 2018/07/09 06:13:01 comparison tracing: enabled 2018/07/09 06:13:01 setuid sandbox: enabled 2018/07/09 06:13:01 namespace sandbox: enabled 2018/07/09 06:13:01 fault injection: enabled 2018/07/09 06:13:01 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/07/09 06:13:01 net packed injection: enabled [ 33.421902] random: crng init done 06:13:53 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000380)="3ef20f017b7766b9a50b000066b80080000066ba000000000f30baf80c66b86c7efd8166efbafc0ced640f18d0d3c5baf80c66b80c25ca8966efbafc0c66ed660f38062b0f20c06635010000000f22c066b9f50a000066b89900000066ba000000000f30ba610066ed"}], 0x1, 0x0, &(0x7f0000000080), 0x1000000000000126) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000400)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"]) ioctl$KVM_TPR_ACCESS_REPORTING(r3, 0xc028ae92, &(0x7f00000002c0)={0x0, 0x7ff}) 06:13:53 executing program 2: r0 = syz_open_dev$sndctrl(&(0x7f0000000d00)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000000)) 06:13:53 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") msgsnd(0x0, &(0x7f0000000040)={0x2}, 0x8, 0x0) msgrcv(0x0, &(0x7f0000000080)={0x0, ""/106}, 0x72, 0x3, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f00000003c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x7}, 0x10000, 0x95, 0x9, 0x3, 0x8000000000, 0x3f}) msgsnd(0x0, &(0x7f00000001c0)={0x3}, 0x8, 0x0) 06:13:53 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/protocols\x00') pread64(r1, &(0x7f0000000180)=""/129, 0x81, 0x39) 06:13:53 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="025cc83d6d345f8f762070") r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00003e4000)={&(0x7f0000e87000)={0x10}, 0xc, &(0x7f0000a3bff8)={&(0x7f0000000400)=ANY=[@ANYBLOB="3800000012000902000000000000000000000000", @ANYBLOB="0000000000000000100012000c00f300757365727b00000008000a0000000000"], 0x2}, 0x1}, 0x0) 06:13:53 executing program 5: r0 = socket$inet(0x10, 0x2, 0x0) r1 = dup(r0) write$P9_RLERRORu(r1, &(0x7f00000000c0)={0x1fa, 0x7, 0x0, {{0xffffffffffffffb5}}}, 0xffa8) 06:13:53 executing program 6: mkdir(&(0x7f0000000440)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = getegid() fchown(r0, 0x0, r1) 06:13:53 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f00000000c0)="2d42d54e49c56aba707070f00884a26d003a2900bb8dacac76617d6b6e6823cb290fc8c03a9c631064eea98b4363ad899c6bdec5e936dd55a93dcd4a78aa8f7eb93061a9b2044b98933f8851f7d61da1ce8b19eaefe3abb6a52434d6fe370fe7d924ce20ab4eaec9bdd36740e127730e90f2cd72b828", 0x0) write(r0, &(0x7f0000000200)="a85883156f794c05e0b02a03983b5addde9e46e1145c5c3fcb185a36d20d52d097399fd15648c664ce2314b54922a2fd93ade167f14e4535bcf36199e09f537dba6e93a883417038", 0x48) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000317000), 0xff8) quotactl(0x0, &(0x7f0000000040)='./file0/file0\x00', 0x0, &(0x7f0000000100)) [ 84.808724] IPVS: ftp: loaded support on port[0] = 21 [ 84.850422] IPVS: ftp: loaded support on port[0] = 21 [ 84.864933] IPVS: ftp: loaded support on port[0] = 21 [ 84.912774] IPVS: ftp: loaded support on port[0] = 21 [ 84.958639] IPVS: ftp: loaded support on port[0] = 21 [ 84.973604] IPVS: ftp: loaded support on port[0] = 21 [ 84.980780] IPVS: ftp: loaded support on port[0] = 21 [ 85.044789] IPVS: ftp: loaded support on port[0] = 21 [ 86.569127] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.575554] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.602460] device bridge_slave_0 entered promiscuous mode [ 86.633431] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.639834] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.676147] device bridge_slave_0 entered promiscuous mode [ 86.694831] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.701237] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.711500] device bridge_slave_0 entered promiscuous mode [ 86.723703] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.730160] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.739580] device bridge_slave_0 entered promiscuous mode [ 86.753301] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.759692] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.784098] device bridge_slave_0 entered promiscuous mode [ 86.795954] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.802376] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.813356] device bridge_slave_1 entered promiscuous mode [ 86.823511] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.829901] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.846793] device bridge_slave_0 entered promiscuous mode [ 86.853807] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.860175] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.869673] device bridge_slave_1 entered promiscuous mode [ 86.876800] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.883205] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.891327] device bridge_slave_1 entered promiscuous mode [ 86.899302] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.905670] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.913069] device bridge_slave_0 entered promiscuous mode [ 86.921345] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.927720] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.935072] device bridge_slave_1 entered promiscuous mode [ 86.942467] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.948887] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.958133] device bridge_slave_1 entered promiscuous mode [ 86.965147] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.971541] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.980443] device bridge_slave_0 entered promiscuous mode [ 86.988642] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 86.996878] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.005872] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.015823] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.022217] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.041768] device bridge_slave_1 entered promiscuous mode [ 87.056855] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.063237] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.070673] device bridge_slave_1 entered promiscuous mode [ 87.078700] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.085889] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.095075] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.105933] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.113150] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.119510] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.142746] device bridge_slave_1 entered promiscuous mode [ 87.164334] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.172659] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.180347] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.212761] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.226327] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.286143] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.294705] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.323493] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.404069] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.422679] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.434332] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.449836] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.507770] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.520421] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.543227] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.555538] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.585522] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.594192] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.646708] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.669624] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.679917] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.699384] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.728159] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.776558] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.819342] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 88.017214] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.026777] team0: Port device team_slave_0 added [ 88.045065] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.058157] team0: Port device team_slave_0 added [ 88.139361] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.158284] team0: Port device team_slave_1 added [ 88.169944] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.182547] team0: Port device team_slave_0 added [ 88.199028] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.210908] team0: Port device team_slave_0 added [ 88.220575] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.234568] team0: Port device team_slave_1 added [ 88.252072] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.259561] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.269963] team0: Port device team_slave_0 added [ 88.278876] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.294589] team0: Port device team_slave_1 added [ 88.304679] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.311940] team0: Port device team_slave_1 added [ 88.319787] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.327323] team0: Port device team_slave_0 added [ 88.332332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.346760] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.360873] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.369237] team0: Port device team_slave_0 added [ 88.376474] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.383734] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.390954] team0: Port device team_slave_0 added [ 88.397731] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.404741] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.416658] team0: Port device team_slave_1 added [ 88.432118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.449555] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.459971] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.467639] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.476892] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.484227] team0: Port device team_slave_1 added [ 88.491320] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.498897] team0: Port device team_slave_1 added [ 88.505072] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.514281] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.521732] team0: Port device team_slave_1 added [ 88.528369] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 88.539684] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 88.548945] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.556576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.575577] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.598404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 88.611316] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.618850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 88.626616] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.634144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.641685] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.649633] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.656540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.664512] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.673330] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 88.681853] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.690138] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 88.701113] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 88.710510] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 88.718163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 88.740551] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.774435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.789371] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.796899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 88.804704] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.812278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.819756] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.827209] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 88.834876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 88.842716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 88.850393] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.858380] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 88.866850] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 88.873923] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 88.881972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 88.889768] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 88.898006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 88.908847] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 88.919067] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 88.927539] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 88.941352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 88.960817] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.971842] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 88.979590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 88.989872] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 88.997144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.005196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.015273] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 89.022549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 89.030259] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.050985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.063229] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 89.070933] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.078141] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.091506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.099467] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.107929] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.118456] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.127354] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.134539] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.143996] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.152838] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 89.160546] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.179519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.204802] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.216592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.224739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.233523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.241654] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.249442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.257080] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.264706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.273557] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.280763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.288968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.311336] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.327699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.341304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 90.185325] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.191854] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.198495] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.204844] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.231457] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 90.238222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 90.255708] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.262102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.268741] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.275097] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.282600] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 90.290485] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.296871] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.303478] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.309811] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.318421] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 90.335280] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.341671] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.348303] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.354745] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.396187] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 90.411479] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.417923] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.424548] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.430900] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.453564] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 90.461398] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.467773] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.474382] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.480754] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.488232] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 90.495889] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.502280] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.508922] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.515288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.522703] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 90.609553] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.615972] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.622632] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.629110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.636240] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 91.301134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 91.316409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 91.341646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 91.350613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 91.357874] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 91.365168] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 91.372377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.165512] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.208524] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.311937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.323320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.333244] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.364906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.437012] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.517991] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.531993] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.651575] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.670511] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.699424] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.714032] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.724906] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.798853] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.877926] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 94.884334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.894426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.913570] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 95.002792] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.009318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.019512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.038714] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.047125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.055763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.114468] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.121181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.131414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.147343] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.155733] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.161933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.169615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.177649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.193569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.290101] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.320442] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.330100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.344432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.364522] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.370750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.377947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.400444] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.512168] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.530893] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.546945] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.589920] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.699165] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.801900] 8021q: adding VLAN 0 to HW filter on device team0 06:14:05 executing program 3: pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) close(r0) perf_event_open(&(0x7f0000000040)={0x1, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000780)='9p\x00', 0x0, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) 06:14:05 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)={0x2, 0x2, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, [@sadb_x_filter={0x5, 0x1a, @in=@loopback=0x7f000001, @in6=@remote={0xfe, 0x80, [], 0xbb}}, @sadb_x_sec_ctx={0x1, 0x18}]}, 0x40}, 0x1}, 0x0) ioctl(r0, 0x8912, &(0x7f0000000040)="025cc83d6d345f8f762070") syz_emit_ethernet(0x3a, &(0x7f0000000000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv4={0x800, {{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x33, 0x0, @dev={0xac, 0x14, 0x14}, @remote={0xac, 0x14, 0x223, 0xbb}, {[@rr={0xffffff94, 0x3}]}}, @icmp=@timestamp_reply={0xe}}}}}, &(0x7f0000000100)) 06:14:06 executing program 7: syz_emit_ethernet(0x2a, &(0x7f0000000040)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, @loopback=0x7f000001, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, @loopback=0x7f000001}}}}, &(0x7f0000000000)) 06:14:06 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x1000000008912, &(0x7f0000000280)="024a903d6d345f8f762070") r1 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000001800010000000000000000000a00900000000000943f2e0000f9ffa9b5cb8db972c7febe63859807a86595f76e66"], 0x1}, 0x1}, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 06:14:06 executing program 7: r0 = syz_open_dev$evdev(&(0x7f00000009c0)='/dev/input/event#\x00', 0x0, 0x5) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000640)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) write$evdev(r0, &(0x7f0000000780), 0x0) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x1c9c380}}, &(0x7f0000000140)) tkill(r1, 0x1004000000016) 06:14:06 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$loop(&(0x7f000091dff5)='/dev/loop#\x00', 0x0, 0x0) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) 06:14:06 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.high\x00', 0x2, 0x0) io_setup(0x3ff, &(0x7f0000000380)=0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) io_submit(r3, 0x1c2, &(0x7f0000000380)) sendfile(r2, r2, &(0x7f0000000040), 0x1) 06:14:06 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = epoll_create(0x6) epoll_wait(r1, &(0x7f0000000240)=[{}], 0x1, 0xfffffffffffffff7) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x8003) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) [ 97.946765] ================================================================== [ 97.954190] BUG: KASAN: slab-out-of-bounds in find_first_bit+0xf7/0x100 [ 97.960940] Read of size 8 at addr ffff8801d68dcc50 by task syz-executor3/6564 [ 97.968282] [ 97.969908] CPU: 0 PID: 6564 Comm: syz-executor3 Not tainted 4.18.0-rc3-next-20180706+ #1 [ 97.978210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.987551] Call Trace: [ 97.990143] dump_stack+0x1c9/0x2b4 [ 97.993773] ? dump_stack_print_info.cold.2+0x52/0x52 [ 97.999043] ? printk+0xa7/0xcf [ 98.002316] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 98.007070] ? find_first_bit+0xf7/0x100 [ 98.011126] print_address_description+0x6c/0x20b [ 98.015964] ? find_first_bit+0xf7/0x100 [ 98.020022] kasan_report.cold.7+0x242/0x30d [ 98.024433] __asan_report_load8_noabort+0x14/0x20 [ 98.029385] find_first_bit+0xf7/0x100 [ 98.033272] shrink_slab+0x5d0/0xdb0 [ 98.036984] ? shrink_node_memcg+0xc91/0x18f0 [ 98.041484] ? trace_hardirqs_on+0x10/0x10 [ 98.045738] ? unregister_memcg_shrinker.isra.39+0x50/0x50 [ 98.051373] ? shrink_active_list+0x1830/0x1830 [ 98.056070] shrink_node+0x429/0x16a0 [ 98.059885] ? shrink_node_memcg+0x18f0/0x18f0 [ 98.064472] ? kvm_clock_read+0x25/0x30 [ 98.068455] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 98.073479] ? ktime_get_raw_ts64+0x4f0/0x4f0 [ 98.077983] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 98.083002] do_try_to_free_pages+0x3e7/0x1290 [ 98.087586] ? shrink_node+0x16a0/0x16a0 [ 98.091645] ? lock_release+0xa30/0xa30 [ 98.095613] ? check_same_owner+0x340/0x340 [ 98.099928] ? lock_downgrade+0x8f0/0x8f0 [ 98.104071] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.109605] ? _parse_integer+0x13b/0x190 [ 98.113751] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 98.119286] try_to_free_mem_cgroup_pages+0x49d/0xc90 [ 98.124481] ? pointer_string+0x1b0/0x1b0 [ 98.128626] ? __mutex_lock+0x6c4/0x1680 [ 98.132682] ? try_to_free_pages+0xb80/0xb80 [ 98.137091] ? memparse+0x171/0x1d0 [ 98.140713] ? get_options+0x380/0x380 [ 98.144618] ? kasan_kmalloc+0xc4/0xe0 [ 98.148496] ? __kmalloc+0x14e/0x760 [ 98.152202] ? kernfs_fop_write+0x33d/0x480 [ 98.156519] ? __vfs_write+0x117/0x9f0 [ 98.160396] ? __kernel_write+0x10c/0x370 [ 98.164541] ? write_pipe_buf+0x181/0x240 [ 98.168688] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 98.174226] ? page_counter_memparse+0xb5/0x1e0 [ 98.178896] ? page_counter_set_low+0x180/0x180 [ 98.183566] ? cgroup_control+0x180/0x180 [ 98.187722] memory_high_write+0x283/0x310 [ 98.191956] ? mem_cgroup_css_released+0x140/0x140 [ 98.196880] ? lock_downgrade+0x8f0/0x8f0 [ 98.201024] ? lock_release+0xa30/0xa30 [ 98.205021] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 98.210211] cgroup_file_write+0x31f/0x840 [ 98.214446] ? mem_cgroup_css_released+0x140/0x140 [ 98.219371] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 98.224295] ? __kmalloc+0x315/0x760 [ 98.228004] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 98.233553] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 98.238489] kernfs_fop_write+0x2ba/0x480 [ 98.242633] __vfs_write+0x117/0x9f0 [ 98.246341] ? kernfs_fop_open+0x1020/0x1020 [ 98.250767] ? kernel_read+0x120/0x120 [ 98.254648] ? default_file_splice_read+0x864/0xb10 [ 98.259657] ? splice_direct_to_actor+0x6fc/0x8f0 [ 98.264493] ? do_splice_direct+0x2d4/0x420 [ 98.268807] ? do_sendfile+0x62a/0xe20 [ 98.272692] ? __x64_sys_sendfile64+0x15d/0x250 [ 98.277358] ? iter_file_splice_write+0x1010/0x1010 [ 98.282370] ? check_same_owner+0x340/0x340 [ 98.286687] ? cache_grow_end.part.37+0x95/0x170 [ 98.291443] ? rcu_note_context_switch+0x730/0x730 [ 98.296360] __kernel_write+0x10c/0x370 [ 98.300321] write_pipe_buf+0x181/0x240 [ 98.304280] ? do_splice_direct+0x420/0x420 [ 98.308586] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.314108] ? splice_from_pipe_next.part.9+0x296/0x340 [ 98.319459] ? __ia32_sys_membarrier+0x150/0x150 [ 98.324202] __splice_from_pipe+0x38e/0x7c0 [ 98.328510] ? do_splice_direct+0x420/0x420 [ 98.332816] splice_from_pipe+0x1ea/0x340 [ 98.336962] ? do_splice_direct+0x420/0x420 [ 98.341268] ? splice_shrink_spd+0xd0/0xd0 [ 98.345493] ? security_file_permission+0x1c2/0x230 [ 98.350491] default_file_splice_write+0x3c/0x90 [ 98.355237] ? generic_splice_sendpage+0x50/0x50 [ 98.359976] direct_splice_actor+0x128/0x190 [ 98.364368] splice_direct_to_actor+0x318/0x8f0 [ 98.369025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.374545] ? pipe_to_sendpage+0x400/0x400 [ 98.378852] ? do_splice_to+0x190/0x190 [ 98.382812] ? security_file_permission+0x1c2/0x230 [ 98.387812] ? rw_verify_area+0x118/0x360 [ 98.391948] do_splice_direct+0x2d4/0x420 [ 98.396084] ? splice_direct_to_actor+0x8f0/0x8f0 [ 98.400914] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.406437] ? __sb_start_write+0x17f/0x300 [ 98.410744] do_sendfile+0x62a/0xe20 [ 98.414444] ? do_compat_pwritev64+0x1c0/0x1c0 [ 98.419019] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 98.424559] ? _copy_from_user+0xdf/0x150 [ 98.428692] __x64_sys_sendfile64+0x15d/0x250 [ 98.433184] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 98.437765] ? ksys_ioctl+0x81/0xd0 [ 98.441390] do_syscall_64+0x1b9/0x820 [ 98.445262] ? finish_task_switch+0x1d3/0x870 [ 98.449743] ? syscall_return_slowpath+0x5e0/0x5e0 [ 98.454669] ? syscall_return_slowpath+0x31d/0x5e0 [ 98.459583] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 98.464586] ? prepare_exit_to_usermode+0x291/0x3b0 [ 98.469590] ? perf_trace_sys_enter+0xb10/0xb10 [ 98.474256] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 98.479089] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.484264] RIP: 0033:0x455e29 [ 98.487433] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 98.506604] RSP: 002b:00007fb2d208ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 98.514297] RAX: ffffffffffffffda RBX: 00007fb2d208b6d4 RCX: 0000000000455e29 [ 98.521549] RDX: 0000000020000040 RSI: 0000000000000015 RDI: 0000000000000015 [ 98.528812] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 98.536062] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000ffffffff [ 98.543316] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000000 [ 98.550581] [ 98.552209] Allocated by task 4481: [ 98.555823] save_stack+0x43/0xd0 [ 98.559260] kasan_kmalloc+0xc4/0xe0 [ 98.562955] __kmalloc_node+0x47/0x70 [ 98.566739] kvmalloc_node+0x65/0xf0 [ 98.570435] mem_cgroup_css_online+0x169/0x3c0 [ 98.575004] online_css+0x10c/0x350 [ 98.578620] cgroup_apply_control_enable+0x777/0xe90 [ 98.583708] cgroup_mkdir+0x88a/0x1170 [ 98.587578] kernfs_iop_mkdir+0x159/0x1e0 [ 98.591720] vfs_mkdir+0x42e/0x6b0 [ 98.595254] do_mkdirat+0x27b/0x310 [ 98.598864] __x64_sys_mkdir+0x5c/0x80 [ 98.602735] do_syscall_64+0x1b9/0x820 [ 98.606607] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.611772] [ 98.613378] Freed by task 1: [ 98.616392] save_stack+0x43/0xd0 [ 98.619831] __kasan_slab_free+0x11a/0x170 [ 98.624046] kasan_slab_free+0xe/0x10 [ 98.627828] kfree+0xd9/0x260 [ 98.630927] acpi_ns_get_node_unlocked+0x2b9/0x309 [ 98.635835] acpi_ns_get_node+0x4d/0x6b [ 98.639804] acpi_get_handle+0x15b/0x263 [ 98.643848] acpi_has_method+0x70/0xb0 [ 98.647721] acpi_ata_match+0x52/0xa0 [ 98.651513] acpi_bay_match+0x131/0x150 [ 98.655474] acpi_bus_check_add+0x710/0xb60 [ 98.659777] acpi_ns_walk_namespace+0x224/0x400 [ 98.664428] acpi_walk_namespace+0xf2/0x12c [ 98.668729] acpi_bus_scan+0x146/0x170 [ 98.672602] acpi_scan_init+0x403/0x8fe [ 98.676558] acpi_init+0x941/0xa19 [ 98.680083] do_one_initcall+0x127/0x913 [ 98.684127] kernel_init_freeable+0x49b/0x58e [ 98.688612] kernel_init+0x11/0x1b3 [ 98.692222] ret_from_fork+0x3a/0x50 [ 98.695922] [ 98.697533] The buggy address belongs to the object at ffff8801d68dcc40 [ 98.697533] which belongs to the cache kmalloc-32 of size 32 [ 98.710005] The buggy address is located 16 bytes inside of [ 98.710005] 32-byte region [ffff8801d68dcc40, ffff8801d68dcc60) [ 98.721706] The buggy address belongs to the page: [ 98.726646] page:ffffea00075a3700 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801d68dcfc1 [ 98.736092] flags: 0x2fffc0000000100(slab) [ 98.740344] raw: 02fffc0000000100 ffffea00075a3588 ffffea00075a3808 ffff8801da8001c0 [ 98.748212] raw: ffff8801d68dcfc1 ffff8801d68dc000 000000010000003f 0000000000000000 [ 98.756070] page dumped because: kasan: bad access detected [ 98.761771] [ 98.763386] Memory state around the buggy address: [ 98.768297] ffff8801d68dcb00: 00 00 03 fc fc fc fc fc 00 04 fc fc fc fc fc fc [ 98.775636] ffff8801d68dcb80: 00 03 fc fc fc fc fc fc 00 03 fc fc fc fc fc fc [ 98.782986] >ffff8801d68dcc00: 00 07 fc fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 98.790325] ^ [ 98.796280] ffff8801d68dcc80: 00 06 fc fc fc fc fc fc 00 02 fc fc fc fc fc fc [ 98.803621] ffff8801d68dcd00: 07 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc [ 98.811304] ================================================================== [ 98.819451] Kernel panic - not syncing: panic_on_warn set ... [ 98.819451] [ 98.826838] CPU: 0 PID: 6564 Comm: syz-executor3 Tainted: G B 4.18.0-rc3-next-20180706+ #1 [ 98.836525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 98.845870] Call Trace: [ 98.848446] dump_stack+0x1c9/0x2b4 [ 98.852061] ? dump_stack_print_info.cold.2+0x52/0x52 [ 98.857237] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 98.861980] panic+0x238/0x4e7 [ 98.865178] ? add_taint.cold.5+0x16/0x16 [ 98.869313] ? do_raw_spin_unlock+0xa7/0x2f0 [ 98.873716] ? do_raw_spin_unlock+0xa7/0x2f0 [ 98.878114] ? find_first_bit+0xf7/0x100 [ 98.882177] kasan_end_report+0x47/0x4f [ 98.886135] kasan_report.cold.7+0x76/0x30d [ 98.890454] __asan_report_load8_noabort+0x14/0x20 [ 98.895368] find_first_bit+0xf7/0x100 [ 98.899239] shrink_slab+0x5d0/0xdb0 [ 98.902939] ? shrink_node_memcg+0xc91/0x18f0 [ 98.907984] ? trace_hardirqs_on+0x10/0x10 [ 98.912213] ? unregister_memcg_shrinker.isra.39+0x50/0x50 [ 98.917825] ? shrink_active_list+0x1830/0x1830 [ 98.922491] shrink_node+0x429/0x16a0 [ 98.926284] ? shrink_node_memcg+0x18f0/0x18f0 [ 98.930852] ? kvm_clock_read+0x25/0x30 [ 98.934823] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 98.939826] ? ktime_get_raw_ts64+0x4f0/0x4f0 [ 98.944317] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 98.949320] do_try_to_free_pages+0x3e7/0x1290 [ 98.953894] ? shrink_node+0x16a0/0x16a0 [ 98.957941] ? lock_release+0xa30/0xa30 [ 98.961900] ? check_same_owner+0x340/0x340 [ 98.966215] ? lock_downgrade+0x8f0/0x8f0 [ 98.970359] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.975894] ? _parse_integer+0x13b/0x190 [ 98.980028] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 98.985552] try_to_free_mem_cgroup_pages+0x49d/0xc90 [ 98.990728] ? pointer_string+0x1b0/0x1b0 [ 98.994866] ? __mutex_lock+0x6c4/0x1680 [ 98.998914] ? try_to_free_pages+0xb80/0xb80 [ 99.003313] ? memparse+0x171/0x1d0 [ 99.006926] ? get_options+0x380/0x380 [ 99.010799] ? kasan_kmalloc+0xc4/0xe0 [ 99.014670] ? __kmalloc+0x14e/0x760 [ 99.018370] ? kernfs_fop_write+0x33d/0x480 [ 99.022675] ? __vfs_write+0x117/0x9f0 [ 99.026543] ? __kernel_write+0x10c/0x370 [ 99.030678] ? write_pipe_buf+0x181/0x240 [ 99.034815] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 99.040336] ? page_counter_memparse+0xb5/0x1e0 [ 99.044990] ? page_counter_set_low+0x180/0x180 [ 99.049657] ? cgroup_control+0x180/0x180 [ 99.053791] memory_high_write+0x283/0x310 [ 99.058028] ? mem_cgroup_css_released+0x140/0x140 [ 99.062944] ? lock_downgrade+0x8f0/0x8f0 [ 99.067169] ? lock_release+0xa30/0xa30 [ 99.071128] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 99.076317] cgroup_file_write+0x31f/0x840 [ 99.080540] ? mem_cgroup_css_released+0x140/0x140 [ 99.085467] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 99.090379] ? __kmalloc+0x315/0x760 [ 99.094079] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 99.099603] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 99.104518] kernfs_fop_write+0x2ba/0x480 [ 99.108650] __vfs_write+0x117/0x9f0 [ 99.112363] ? kernfs_fop_open+0x1020/0x1020 [ 99.116754] ? kernel_read+0x120/0x120 [ 99.120636] ? default_file_splice_read+0x864/0xb10 [ 99.125636] ? splice_direct_to_actor+0x6fc/0x8f0 [ 99.130476] ? do_splice_direct+0x2d4/0x420 [ 99.134777] ? do_sendfile+0x62a/0xe20 [ 99.138652] ? __x64_sys_sendfile64+0x15d/0x250 [ 99.143310] ? iter_file_splice_write+0x1010/0x1010 [ 99.148316] ? check_same_owner+0x340/0x340 [ 99.152627] ? cache_grow_end.part.37+0x95/0x170 [ 99.157369] ? rcu_note_context_switch+0x730/0x730 [ 99.162288] __kernel_write+0x10c/0x370 [ 99.166249] write_pipe_buf+0x181/0x240 [ 99.170218] ? do_splice_direct+0x420/0x420 [ 99.174525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 99.180051] ? splice_from_pipe_next.part.9+0x296/0x340 [ 99.185398] ? __ia32_sys_membarrier+0x150/0x150 [ 99.190144] __splice_from_pipe+0x38e/0x7c0 [ 99.194452] ? do_splice_direct+0x420/0x420 [ 99.198758] splice_from_pipe+0x1ea/0x340 [ 99.202903] ? do_splice_direct+0x420/0x420 [ 99.207209] ? splice_shrink_spd+0xd0/0xd0 [ 99.211432] ? security_file_permission+0x1c2/0x230 [ 99.216431] default_file_splice_write+0x3c/0x90 [ 99.221180] ? generic_splice_sendpage+0x50/0x50 [ 99.225932] direct_splice_actor+0x128/0x190 [ 99.230324] splice_direct_to_actor+0x318/0x8f0 [ 99.234987] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 99.240513] ? pipe_to_sendpage+0x400/0x400 [ 99.244829] ? do_splice_to+0x190/0x190 [ 99.248788] ? security_file_permission+0x1c2/0x230 [ 99.253787] ? rw_verify_area+0x118/0x360 [ 99.257919] do_splice_direct+0x2d4/0x420 [ 99.262063] ? splice_direct_to_actor+0x8f0/0x8f0 [ 99.266906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 99.272426] ? __sb_start_write+0x17f/0x300 [ 99.276731] do_sendfile+0x62a/0xe20 [ 99.280431] ? do_compat_pwritev64+0x1c0/0x1c0 [ 99.284999] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 99.290522] ? _copy_from_user+0xdf/0x150 [ 99.294655] __x64_sys_sendfile64+0x15d/0x250 [ 99.299151] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 99.303717] ? ksys_ioctl+0x81/0xd0 [ 99.307335] do_syscall_64+0x1b9/0x820 [ 99.311210] ? finish_task_switch+0x1d3/0x870 [ 99.315694] ? syscall_return_slowpath+0x5e0/0x5e0 [ 99.320608] ? syscall_return_slowpath+0x31d/0x5e0 [ 99.325525] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 99.330531] ? prepare_exit_to_usermode+0x291/0x3b0 [ 99.335531] ? perf_trace_sys_enter+0xb10/0xb10 [ 99.340184] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 99.345017] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 99.350191] RIP: 0033:0x455e29 [ 99.353358] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 99.372524] RSP: 002b:00007fb2d208ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 99.380228] RAX: ffffffffffffffda RBX: 00007fb2d208b6d4 RCX: 0000000000455e29 [ 99.387494] RDX: 0000000020000040 RSI: 0000000000000015 RDI: 0000000000000015 [ 99.394746] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 99.401998] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000ffffffff [ 99.409263] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000000 [ 99.416970] Dumping ftrace buffer: [ 99.420500] (ftrace buffer empty) [ 99.424201] Kernel Offset: disabled [ 99.427807] Rebooting in 86400 seconds..