INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.91' (ECDSA) to the list of known hosts. 2018/09/23 13:38:43 fuzzer started 2018/09/23 13:38:45 dialing manager at 10.128.0.26:46055 2018/09/23 13:38:45 syscalls: 1 2018/09/23 13:38:45 code coverage: enabled 2018/09/23 13:38:45 comparison tracing: enabled 2018/09/23 13:38:45 setuid sandbox: enabled 2018/09/23 13:38:45 namespace sandbox: enabled 2018/09/23 13:38:45 Android sandbox: /sys/fs/selinux/policy does not exist 2018/09/23 13:38:45 fault injection: enabled 2018/09/23 13:38:45 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/09/23 13:38:45 net packed injection: enabled 2018/09/23 13:38:45 net device setup: enabled 13:41:51 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r3, 0xc028ae92) 13:41:51 executing program 2: clone(0x200, &(0x7f00000001c0), &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000040)) mknod(&(0x7f0000000200)='./file0\x00', 0x103e, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000140), &(0x7f00000001c0)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0x151) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) clone(0x3102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) prctl$intptr(0x1d, 0xfffffffffffff82d) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000300)='./file0\x00', 0xa000000000068802, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000700)=""/159) prctl$intptr(0x80400000000001e, 0x0) ioctl$KDGETLED(r1, 0x4b31, &(0x7f0000000000)) 13:41:51 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448f0, &(0x7f0000002b80)={0x0, &(0x7f0000002900)}) 13:41:51 executing program 3: clone(0x200, &(0x7f0000000300), &(0x7f0000000080), &(0x7f0000000100), &(0x7f0000000180)) mknod(&(0x7f0000000000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000380), &(0x7f0000000640)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f00000000c0)='./file0\x00', 0x845, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000440)=""/159) set_thread_area(&(0x7f0000000200)) clock_nanosleep(0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000400)) 13:41:51 executing program 5: clone(0x200, &(0x7f0000000300), &(0x7f0000000080), &(0x7f0000000100), &(0x7f0000000180)) mknod(&(0x7f0000000000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000380), &(0x7f0000000640)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)) prctl$intptr(0x1d, 0xfffffffffffffa6a) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f00000000c0)='./file0\x00', 0x845, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000440)=""/159) prctl$intptr(0x1e, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') 13:41:51 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001cc0)={&(0x7f0000000000)={0x10, 0x9effffff, 0x8100000000000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000380)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_TXQLEN={0x8, 0x14}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") openat$userio(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/userio\x00', 0x0, 0x0) syz_open_dev$adsp(&(0x7f0000000700)='/dev/adsp#\x00', 0x41, 0x80002) bind$packet(0xffffffffffffffff, &(0x7f0000000000), 0x14) syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) syzkaller login: [ 220.740595] IPVS: ftp: loaded support on port[0] = 21 [ 220.741178] IPVS: ftp: loaded support on port[0] = 21 [ 220.765531] IPVS: ftp: loaded support on port[0] = 21 [ 220.791058] IPVS: ftp: loaded support on port[0] = 21 [ 220.816285] IPVS: ftp: loaded support on port[0] = 21 [ 220.819818] IPVS: ftp: loaded support on port[0] = 21 [ 223.045271] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.065289] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.073842] device bridge_slave_0 entered promiscuous mode [ 223.115420] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.136843] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.144503] device bridge_slave_0 entered promiscuous mode [ 223.176293] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.182840] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.190780] device bridge_slave_0 entered promiscuous mode [ 223.209508] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.215883] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.237598] device bridge_slave_1 entered promiscuous mode [ 223.262952] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.274829] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.283070] device bridge_slave_1 entered promiscuous mode [ 223.303926] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.327384] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.334904] device bridge_slave_0 entered promiscuous mode [ 223.361116] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.370057] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.378505] device bridge_slave_1 entered promiscuous mode [ 223.387693] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 223.396749] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 223.431559] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.448732] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.476914] device bridge_slave_0 entered promiscuous mode [ 223.495791] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.504390] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.516771] device bridge_slave_1 entered promiscuous mode [ 223.526015] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 223.542948] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 223.561713] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 223.589324] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.595807] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.617214] device bridge_slave_1 entered promiscuous mode [ 223.638732] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.645105] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.657325] device bridge_slave_0 entered promiscuous mode [ 223.666244] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 223.699008] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 223.735433] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.766704] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.786590] device bridge_slave_1 entered promiscuous mode [ 223.818660] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 223.825967] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 223.920340] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 223.961880] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 223.985987] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 224.025168] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.090321] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 224.149019] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.170856] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 224.195179] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 224.227223] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.289016] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 224.334913] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 224.396228] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.461701] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 224.490302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 224.565582] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 224.588208] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 224.609077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 224.651171] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 224.667843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 224.681514] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 224.696571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 224.717998] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.777983] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 224.787564] team0: Port device team_slave_0 added [ 224.829004] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 224.837076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 224.873265] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 224.898156] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 224.907304] team0: Port device team_slave_0 added [ 224.982159] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 224.999533] team0: Port device team_slave_1 added [ 225.019031] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 225.040353] team0: Port device team_slave_1 added [ 225.048548] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 225.058562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.096669] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 225.107240] team0: Port device team_slave_0 added [ 225.126127] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 225.147391] team0: Port device team_slave_0 added [ 225.192320] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.233923] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.252892] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 225.261416] team0: Port device team_slave_1 added [ 225.273041] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 225.288074] team0: Port device team_slave_0 added [ 225.295344] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 225.305309] team0: Port device team_slave_1 added [ 225.337269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.359230] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.395781] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 225.407611] team0: Port device team_slave_1 added [ 225.440821] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.448971] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.467420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.501748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.517437] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.527478] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.548976] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.562293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.571979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.607482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.615654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.635244] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 225.644560] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.657863] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.668468] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 225.676584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.684525] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.712220] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 225.733461] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 225.767548] team0: Port device team_slave_0 added [ 225.773029] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.797178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.813673] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.823858] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.839437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.853353] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 225.864033] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.873821] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.892547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.903029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.937409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.947682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.962812] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.970771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.981638] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 225.989182] team0: Port device team_slave_1 added [ 226.003278] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 226.012950] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 226.037734] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 226.052532] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 226.067968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 226.107138] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 226.122281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 226.137507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 226.151967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 226.186135] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 226.207164] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 226.215107] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 226.249522] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 226.273112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 226.294220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 226.319593] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 226.472077] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 226.490905] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 226.507879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 226.632226] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 226.645100] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 226.671492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 227.257653] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.264254] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.271335] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.277780] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.328718] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 227.500212] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.506762] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.513450] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.519898] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.554924] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 227.561631] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 227.574331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 227.610142] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.616605] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.623322] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.629799] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.648237] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 227.654653] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.661072] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.667777] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.674152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.692033] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 227.761640] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.768116] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.774804] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.781257] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.819624] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 228.176105] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.182616] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.189352] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.195753] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.219421] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 228.646669] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 228.654560] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 228.670817] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 228.688149] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 232.786862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.851552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.877841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.076648] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.182655] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 233.326886] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.364062] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 233.427838] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 233.576715] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 233.600140] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.752703] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 233.768609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 233.776909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 233.825755] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 233.840906] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 233.867159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 233.877139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 233.958077] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 233.964304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 233.982259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 234.066164] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 234.087143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 234.107102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 234.206894] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 234.291277] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 234.307966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 234.323682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 234.368189] 8021q: adding VLAN 0 to HW filter on device team0 [ 234.385693] 8021q: adding VLAN 0 to HW filter on device team0 [ 234.528910] 8021q: adding VLAN 0 to HW filter on device team0 [ 234.647383] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 234.672157] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 234.682466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 234.712264] 8021q: adding VLAN 0 to HW filter on device team0 [ 234.746267] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.070972] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.418991] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 13:42:08 executing program 0: clone(0x200, &(0x7f00000001c0), &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000040)) mknod(&(0x7f0000000000)='./file0\x00', 0x103e, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000140), &(0x7f00000001c0)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000001c0)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) clone(0x3102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) prctl$intptr(0x1d, 0xfffffffffffff82c) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000040)='./file0\x00', 0xa000000000068805, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f00000002c0)=""/159) prctl$intptr(0x80000000000001e, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, &(0x7f0000000240)) 13:42:08 executing program 1: clone(0x200, &(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000100), &(0x7f00000001c0)) mknod(&(0x7f0000000080)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), &(0x7f0000000640)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000600), &(0x7f0000000300)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x0, 0x0) read(r1, &(0x7f0000000200)=""/11, 0xb) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) prctl$intptr(0x8800020000001d, 0xfffffffffffffabe) clone(0x801fff, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) r2 = fcntl$dupfd(r1, 0x0, r1) open$dir(&(0x7f0000000180)='./file0\x00', 0x68802, 0x0) ioctl$EVIOCGBITKEY(r2, 0x80404521, &(0x7f00000007c0)=""/159) clone(0x3102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r3 = fcntl$dupfd(r0, 0x0, r0) ioctl$EVIOCGVERSION(r3, 0x80044501, &(0x7f0000000000)=""/32) ioctl$EVIOCGBITKEY(r3, 0x80404521, &(0x7f00000002c0)=""/159) prctl$intptr(0x1e, 0x0) ioctl$PIO_FONT(r2, 0x4b61, &(0x7f0000000400)) [ 237.825251] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 237.851645] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 13:42:08 executing program 4: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0xa3, 0xfa00, {0x0, &(0x7f00000003c0)}}, 0x20) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000000080)={0x6, 0x785571bb, 0x7, 0x6}) getresuid(&(0x7f0000000400), &(0x7f0000000440)=0x0, &(0x7f0000000480)) write$P9_RGETATTR(r0, &(0x7f00000004c0)={0xa0, 0x19, 0x2, {0x2, {0x10, 0x2}, 0x40, r2, 0x0, 0x1, 0x5, 0x0, 0x0, 0x9, 0x7, 0x5e, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffa, 0x100, 0x9}}, 0xa0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000240)={&(0x7f0000ffd000/0x2000)=nil, 0x2000}) ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f00000000c0)={0xfffffffffffffff8, 0x5}) read$eventfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) getpgrp(0x0) sched_setscheduler(0x0, 0x7, &(0x7f0000000280)=0xc925) sync_file_range(r0, 0x0, 0x7fff, 0x2) r3 = getuid() write$FUSE_ENTRY(r1, &(0x7f00000002c0)={0x90, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, {0x5, 0x9, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x9, 0x0, 0x0, 0x3, r3, 0x0, 0xfffffffffffffc00, 0xfe}}}, 0x90) sendfile(r1, r1, &(0x7f0000000380), 0x1000000020000) [ 238.162160] FAT-fs (loop4): error, invalid access to FAT (entry 0x000006d4) [ 238.169661] FAT-fs (loop4): Filesystem has been set read-only [ 238.175876] FAT-fs (loop4): error, invalid access to FAT (entry 0x000006d4) [ 238.184233] FAT-fs (loop4): error, invalid access to FAT (entry 0x000006d4) [ 238.191780] FAT-fs (loop4): error, invalid access to FAT (entry 0x000006d4) 13:42:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000012fc7)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f0000000200)=[@transaction={0x40406300, {0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000100)}}], 0x0, 0x0, &(0x7f0000000280)}) 13:42:09 executing program 2: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) read$eventfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) llistxattr(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)=""/103, 0x67) 13:42:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000001c0)={[{0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000008f00)={"626f6e643000000000f98b00"}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000040)="0f425f69f20f38f10b650feda5000066b9800000c00f326635004000000f30b80d008ec86666de3c0f01cf260f01cb2665660f3a618c0060540fc76b39", 0x3d}], 0x1, 0x0, &(0x7f00000002c0), 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="65d9f3ba2000b0e1eed9ff66b8c4b800000f23c00f21f86635000005000f23f80f01d1baf80c66b8a322e48266efbafc0cb09dee6726670f32670fb2aec1cb0000ff22c02200", 0x46}], 0x1, 0x0, &(0x7f00000000c0), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0x0, 0x80) [ 238.425568] binder: 7191:7192 got transaction to invalid handle [ 238.457232] binder: 7191:7192 transaction failed 29201/-22, size 0-0 line 2834 13:42:09 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) [ 238.472121] binder: 7191:7199 got transaction to invalid handle [ 238.480153] binder: 7191:7199 transaction failed 29201/-22, size 0-0 line 2834 [ 238.508787] binder: undelivered TRANSACTION_ERROR: 29201 [ 238.512118] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 238.515697] binder: undelivered TRANSACTION_ERROR: 29201 13:42:09 executing program 2: clone(0x200, &(0x7f0000000140), &(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000500)) mknod(&(0x7f0000000000)='./file0\x00', 0x103e, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000140), &(0x7f00000001c0)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)) prctl$intptr(0x1d, 0xfffffffffffff2f3) clone(0x3102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000380), 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000180)='./file0\x00', 0x68802, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000500)=""/159) prctl$intptr(0x1e, 0x0) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000200)) 13:42:09 executing program 0: clone(0x200, &(0x7f00000001c0), &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000040)) mknod(&(0x7f0000000200)='./file0\x00', 0x103e, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000140), &(0x7f00000001c0)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0x151) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) clone(0x3102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) prctl$intptr(0x1d, 0xfffffffffffff82d) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000300)='./file0\x00', 0xa000000000068802, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000700)=""/159) prctl$intptr(0x80400000000001e, 0x0) ioctl$KDMKTONE(r0, 0x4b30, 0x0) 13:42:09 executing program 4: clone(0x200, &(0x7f0000000240), &(0x7f0000000400), &(0x7f0000000100), &(0x7f00000001c0)) mknod(&(0x7f0000000080)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), &(0x7f0000000480)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000000)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) clone(0x3102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000540)='./file0\x00', 0x68802, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f00000002c0)=""/159) lsetxattr$trusted_overlay_opaque(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='trusted.overlay.opaque\x00', &(0x7f0000000380)='y\x00', 0x2, 0x0) prctl$intptr(0x1d, 0xfffffffffffff798) prctl$getreaper(0x40400000000001e, &(0x7f0000000040)) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000440)) [ 238.615525] *** Guest State *** [ 238.628927] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 238.669405] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 238.700603] CR3 = 0x0000000000000000 [ 238.704733] RSP = 0x0000000000000f80 RIP = 0x0000000000000000 13:42:09 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0xfa) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) r1 = dup(r0) sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000007a0e040000000000"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000005640)=[{{&(0x7f0000000240)=@rc, 0x80, &(0x7f0000000080)=[{&(0x7f00000002c0)=""/156, 0x9c}], 0x1, 0x0, 0x0, 0x10001}, 0x29a}, {{&(0x7f00000003c0)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000440)=""/246, 0xf6}, {&(0x7f0000000540)=""/86, 0x56}, {&(0x7f00000005c0)=""/234, 0xea}, {&(0x7f00000006c0)=""/119, 0x77}, {&(0x7f0000000740)=""/242, 0xf2}], 0x5, 0x0, 0x0, 0x9}, 0xf7}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000840)=""/47, 0x2f}], 0x1, &(0x7f00000008c0)=""/46, 0x2e}, 0xfffffffffffffff9}, {{0x0, 0x0, &(0x7f0000002cc0)}}], 0x4, 0x0, &(0x7f00000000c0)={0x0, 0x1c9c380}) 13:42:09 executing program 1: clone(0x200, &(0x7f0000000140), &(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000500)) mknod(&(0x7f0000000000)='./file0\x00', 0x103e, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000140), &(0x7f00000001c0)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000000c0)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) prctl$intptr(0x1d, 0xfffffffffffff2f7) clone(0x3102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000380), 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000180)='./file0\x00', 0x68802, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000400)=""/159) prctl$intptr(0x1e, 0x0) ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f00000001c0)=""/241) [ 238.746349] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 238.804177] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 238.826638] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 238.838634] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 238.850879] SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000 [ 238.863883] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 238.873228] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 238.883555] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 238.892582] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 238.903257] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 238.912116] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 238.920960] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 238.929258] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 238.939029] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 238.947438] Interruptibility = 00000000 ActivityState = 00000000 13:42:09 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448f0, &(0x7f0000002b80)={0x0, &(0x7f0000002900)}) [ 238.953820] *** Host State *** [ 238.966969] RIP = 0xffffffff81212522 RSP = 0xffff880190d8f350 [ 238.979526] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 238.986110] FSBase=00007fe8609c4700 GSBase=ffff8801dac00000 TRBase=fffffe0000033000 [ 238.994129] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 238.994221] CR0=0000000080050033 CR3=00000001c5c25000 CR4=00000000001426f0 [ 238.994302] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 239.014819] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 239.022563] *** Control State *** [ 239.026173] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000cb [ 239.033171] EntryControls=0000d1ff ExitControls=002fefff [ 239.039085] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 239.046120] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 239.053038] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 239.060959] reason=80000021 qualification=0000000000000000 [ 239.067467] IDTVectoring: info=00000000 errcode=00000000 [ 239.079941] TSC Offset = 0xffffff7e5d880da4 [ 239.084604] TPR Threshold = 0x00 [ 239.088160] EPT pointer = 0x00000001d8c9e01e [ 239.095786] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns 13:42:09 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000002000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:09 executing program 5: r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) ioctl$KVM_TPR_ACCESS_REPORTING(r0, 0xc028ae92, &(0x7f0000000340)={0x0, 0x3}) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='nfs\x00', 0x0, &(0x7f0000000000)) 13:42:09 executing program 5: clone(0x200, &(0x7f00000001c0), &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000040)) mknod(&(0x7f0000000000)='./file0\x00', 0x103e, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000140), &(0x7f00000001c0)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000280)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) clone(0x3102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) prctl$intptr(0x1d, 0xfffffffffffff82c) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000040)='./file0\x00', 0xa000000000068805, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f00000002c0)=""/159) prctl$intptr(0x80000000000001e, 0x0) ioctl$KDGKBTYPE(r1, 0x4b33, &(0x7f0000000200)) 13:42:10 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000002000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:10 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000002000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:10 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448f0, &(0x7f0000002b80)={0x0, &(0x7f0000002900)}) 13:42:10 executing program 2: clone(0x200, &(0x7f0000000400), &(0x7f0000000280), &(0x7f0000000040), &(0x7f0000000440)) mknod(&(0x7f0000000080)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000040), &(0x7f0000000300)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) prctl$intptr(0x1001010000001d, 0xfffffffffffff2e6) clone(0x3102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000180)='./file0\x00', 0x68802, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000540)=""/159) prctl$intptr(0x1e, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000000)) 13:42:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000001c0)={[{0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000008f00)={"626f6e643000000000f98b00"}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000040)="0f425f69f20f38f10b650feda5000066b9800000c00f326635004000000f30b80d008ec86666de3c0f01cf260f01cb2665660f3a618c0060540fc76b39", 0x3d}], 0x1, 0x0, &(0x7f00000002c0), 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='statm\x00') syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="65d9f3ba2000b0e1eed9ff66b8c4b800000f23c00f21f86635000005000f23f80f01d1baf80c66b8a322e48266efbafc0cb09dee6726670f32670fb2aec1cb0000ff22c02200", 0x46}], 0x1, 0x0, &(0x7f00000000c0), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0x87, 0x80) 13:42:10 executing program 4: 13:42:10 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000002000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) [ 239.667018] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns 13:42:10 executing program 1: 13:42:10 executing program 4: 13:42:10 executing program 4: 13:42:10 executing program 1: [ 239.787144] pit: kvm: requested 56990 ns i8254 timer period limited to 200000 ns [ 239.817928] pit: kvm: requested 43580 ns i8254 timer period limited to 200000 ns [ 239.871180] pit: kvm: requested 30171 ns i8254 timer period limited to 200000 ns [ 239.889501] pit: kvm: requested 30171 ns i8254 timer period limited to 200000 ns [ 239.925622] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns 13:42:10 executing program 5: 13:42:10 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000002000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) 13:42:10 executing program 4: syz_mount_image$jfs(&(0x7f0000000080)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000740), 0x0, &(0x7f0000000800)={[{@discard_size={'discard'}}]}) 13:42:10 executing program 1: [ 240.194723] JFS: discard option not supported on device [ 240.238249] JFS: discard option not supported on device 13:42:11 executing program 0: 13:42:11 executing program 1: 13:42:11 executing program 5: 13:42:11 executing program 2: 13:42:11 executing program 4: 13:42:11 executing program 0: 13:42:11 executing program 5: 13:42:11 executing program 1: 13:42:11 executing program 4: 13:42:11 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000002000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) write$FUSE_ENTRY(r0, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:11 executing program 2: 13:42:11 executing program 5: 13:42:11 executing program 1: 13:42:11 executing program 0: 13:42:11 executing program 4: 13:42:11 executing program 5: 13:42:11 executing program 4: 13:42:11 executing program 0: 13:42:11 executing program 2: 13:42:11 executing program 1: 13:42:11 executing program 2: 13:42:12 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000002000), 0x1000) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:12 executing program 5: 13:42:12 executing program 0: 13:42:12 executing program 4: 13:42:12 executing program 1: 13:42:12 executing program 2: 13:42:12 executing program 0: 13:42:12 executing program 2: 13:42:12 executing program 4: 13:42:12 executing program 5: 13:42:12 executing program 1: 13:42:12 executing program 2: 13:42:13 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:13 executing program 0: 13:42:13 executing program 4: 13:42:13 executing program 5: 13:42:13 executing program 1: 13:42:13 executing program 2: 13:42:13 executing program 2: 13:42:13 executing program 0: 13:42:13 executing program 4: 13:42:13 executing program 1: 13:42:13 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000140), 0xc) r1 = fcntl$dupfd(r0, 0x0, r0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000240)=0x14) 13:42:13 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x400448e2, &(0x7f0000002b80)={0x0, &(0x7f0000002900)}) 13:42:14 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) read$FUSE(r0, &(0x7f0000002000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:14 executing program 0: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) getpid() ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000040)={0x2, 0x0, 0x4, 0x5, 0x9}) 13:42:14 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000002b80)={0x351, &(0x7f0000000100)=[{}]}) 13:42:14 executing program 4: clone(0x200, &(0x7f0000000140), &(0x7f00000001c0), &(0x7f0000000040), &(0x7f0000000640)) mknod(&(0x7f00000000c0)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000180), &(0x7f0000000300)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000380)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)) clone(0x3102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000240)='./file0\x00', 0x845, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000580)=""/159) prctl$intptr(0x20000001d, 0xfffffffffffffe85) prctl$void(0x1e) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000080)) 13:42:14 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000140), 0xc) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000180)=""/12) 13:42:14 executing program 2: syz_emit_ethernet(0x23c, &(0x7f0000000040)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "06f526", 0x8, 0x6, 0x0, @empty={[0x0, 0x86ddffff]}, @mcast2, {[], @udp={0x0, 0x0, 0x8}}}}}}, &(0x7f0000775000)) 13:42:14 executing program 0: clone(0x8000000000000200, &(0x7f0000000140), &(0x7f0000000040), &(0x7f00000005c0), &(0x7f0000000640)) mknod(&(0x7f0000000140)='./file0\x00', 0x4000103e, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000000), &(0x7f0000000380)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) prctl$intptr(0x1d, 0xfffffffffffff9be) clone(0x3102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000300), 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000180)='./file0\x00', 0x68802, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000440)=""/159) prctl$intptr(0x1e, 0x0) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f00000000c0)) 13:42:14 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r3, 0x8080aea1) 13:42:14 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x400448df, &(0x7f0000002b80)={0x0, &(0x7f0000002900)}) 13:42:14 executing program 1: clone(0x200, &(0x7f00000003c0), &(0x7f0000000240), &(0x7f0000000140), &(0x7f00000001c0)) mknod(&(0x7f0000000000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280), &(0x7f0000000440)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000000c0)=""/11, 0xfffffee3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) prctl$intptr(0x8800020000001d, 0xfffffffffffffb01) clone(0x801fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000b40), 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000180)='./file0\x00', 0x68802, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000300)=""/159) prctl$intptr(0x1e, 0x0) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f00000001c0)) 13:42:14 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) read$FUSE(r0, &(0x7f0000002000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:14 executing program 5: clone(0x200, &(0x7f0000000300), &(0x7f0000000080), &(0x7f0000000100), &(0x7f0000000180)) mknod(&(0x7f0000000000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000380), &(0x7f0000000640)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)) prctl$intptr(0x1d, 0xfffffffffffffa6a) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f00000000c0)='./file0\x00', 0x845, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000440)=""/159) prctl$intptr(0x1e, 0x0) ioctl$GIO_UNIMAP(r0, 0x4b66, &(0x7f0000000240)={0x0, &(0x7f0000000200)}) 13:42:14 executing program 2: clone(0x200, &(0x7f0000000140), &(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000500)) mknod(&(0x7f0000000000)='./file0\x00', 0x103e, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000140), &(0x7f00000001c0)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) prctl$intptr(0x1d, 0xfffffffffffff2f2) clone(0x3102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000380), 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000180)='./file0\x00', 0x68802, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f00000001c0)=""/159) prctl$intptr(0x1e, 0x0) ioctl$sock_inet_SIOCDARP(r1, 0x8953, &(0x7f0000000400)={{0x2, 0x0, @broadcast}, {0x0, @local}, 0x0, {0x2, 0x0, @rand_addr}, 'tunl0\x00'}) 13:42:14 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) read$FUSE(r0, &(0x7f0000002000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:14 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(0xffffffffffffffff, &(0x7f0000002000), 0x1000) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:15 executing program 4: clone(0x200, &(0x7f0000000400), &(0x7f0000000280), &(0x7f0000000040), &(0x7f0000000440)) mknod(&(0x7f0000000080)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000040), &(0x7f0000000300)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) prctl$intptr(0x1001010000001d, 0xfffffffffffff2e3) clone(0x3102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000180)='./file0\x00', 0x68802, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000540)=""/159) prctl$intptr(0x1e, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r1, 0x8905, &(0x7f0000000000)) 13:42:15 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(0xffffffffffffffff, &(0x7f0000002000), 0x1000) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:15 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(0xffffffffffffffff, &(0x7f0000002000), 0x1000) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:15 executing program 0: prctl$intptr(0x1001010000001d, 0xfffffffffffff2e5) ioctl$EVIOCGBITKEY(0xffffffffffffffff, 0x80404521, &(0x7f00000002c0)=""/159) prctl$getreaper(0x40400000000001e, &(0x7f0000000040)) 13:42:15 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000002000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:15 executing program 1: clone(0x200, &(0x7f0000000440), &(0x7f0000000140), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f0000000000)='./file0\x00', 0x103e, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), &(0x7f0000000240)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000080)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) clone(0x1000003102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000400), 0xffffffffffffffff) prctl$intptr(0x40000000001d, 0xfffffffffffff2ba) r1 = dup2(r0, r0) open$dir(&(0x7f00000000c0)='./file0\x00', 0x68802, 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000300)={'veth0_to_bond\x00'}) prctl$intptr(0x1e, 0x0) ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f0000000180)) 13:42:15 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000002000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:15 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000002000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r2, 0x4040ae9e) 13:42:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r2, 0x4080aebf) 13:42:15 executing program 0: clone(0x200, &(0x7f0000000140), &(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000500)) mknod(&(0x7f0000000000)='./file0\x00', 0x103e, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000140), &(0x7f00000001c0)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)) prctl$intptr(0x1d, 0xfffffffffffff2f3) clone(0x3102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000380), 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000180)='./file0\x00', 0x68802, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000500)=""/159) prctl$intptr(0x1e, 0x0) ioctl$TIOCLINUX5(r1, 0x541c, &(0x7f0000000240)) 13:42:15 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000002000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) [ 245.191893] vmwrite error: reg 6c0a value fffffe0000033000 (err 262144) [ 245.199308] CPU: 1 PID: 7609 Comm: syz-executor2 Not tainted 4.19.0-rc4-next-20180921+ #77 [ 245.207775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 245.207799] Call Trace: [ 245.207914] dump_stack+0x1d3/0x2c4 [ 245.207943] ? dump_stack_print_info.cold.2+0x52/0x52 [ 245.228712] ? kvm_arch_vcpu_load+0x247/0x970 [ 245.228736] ? trace_hardirqs_off_caller+0x300/0x300 [ 245.228763] vmwrite_error+0x4c/0x60 [ 245.228783] vmx_vcpu_load+0xd10/0x1030 [ 245.228809] ? lock_downgrade+0x8b1/0x900 [ 245.250206] ? vmx_write_tsc_offset+0x670/0x670 [ 245.254902] ? print_usage_bug+0xc0/0xc0 [ 245.258980] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 245.264530] ? check_preemption_disabled+0x48/0x200 [ 245.269577] ? find_held_lock+0x36/0x1c0 [ 245.273675] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 245.279223] ? vmx_sched_in+0xe0/0x5f0 [ 245.283127] kvm_arch_vcpu_load+0x247/0x970 [ 245.287463] ? kvm_arch_dev_ioctl+0x630/0x630 [ 245.291971] ? trace_hardirqs_off_caller+0x300/0x300 [ 245.297095] kvm_sched_in+0x82/0xa0 [ 245.300737] finish_task_switch+0x3d7/0x900 [ 245.305148] ? __switch_to_asm+0x34/0x70 [ 245.309238] ? preempt_notifier_register+0x200/0x200 [ 245.314348] ? __switch_to_asm+0x34/0x70 [ 245.318428] ? __switch_to_asm+0x34/0x70 [ 245.322495] ? __switch_to_asm+0x40/0x70 [ 245.326559] ? __switch_to_asm+0x34/0x70 [ 245.330622] ? __switch_to_asm+0x40/0x70 [ 245.334687] ? __switch_to_asm+0x34/0x70 [ 245.338759] ? __switch_to_asm+0x40/0x70 [ 245.342823] ? __switch_to_asm+0x34/0x70 [ 245.346896] ? __switch_to_asm+0x34/0x70 [ 245.350966] ? __switch_to_asm+0x40/0x70 [ 245.355035] ? __switch_to_asm+0x34/0x70 [ 245.359105] ? __switch_to_asm+0x40/0x70 [ 245.363182] ? __switch_to_asm+0x34/0x70 [ 245.367255] ? __switch_to_asm+0x40/0x70 [ 245.371327] __schedule+0x874/0x1ed0 [ 245.375069] ? __sched_text_start+0x8/0x8 [ 245.379404] ? find_held_lock+0x36/0x1c0 [ 245.383481] ? mark_held_locks+0xc7/0x130 [ 245.387637] ? preempt_schedule_irq+0x5e/0x110 [ 245.392234] ? preempt_schedule_irq+0x5e/0x110 [ 245.396827] ? lockdep_hardirqs_on+0x421/0x5c0 [ 245.401419] ? trace_hardirqs_on+0xbd/0x310 [ 245.405747] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 245.411031] ? retint_kernel+0x1b/0x2d [ 245.414930] ? trace_hardirqs_off_caller+0x300/0x300 [ 245.420045] ? find_held_lock+0x36/0x1c0 [ 245.424117] preempt_schedule_irq+0x87/0x110 [ 245.428536] retint_kernel+0x1b/0x2d [ 245.432269] RIP: 0010:lock_release+0x504/0x970 [ 245.436860] Code: 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 a4 03 00 00 48 83 3d ab 64 12 08 00 0f 84 37 02 00 00 48 8b bd e0 fe ff ff 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 [ 245.455790] RSP: 0018:ffff88018cbb7378 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 245.463519] RAX: dffffc0000000000 RBX: 1ffff10031976e73 RCX: 1ffff1003a2af556 [ 245.471269] RDX: 1ffffffff12e44be RSI: 0000000000000002 RDI: 0000000000000282 [ 245.478544] RBP: ffff88018cbb74a0 R08: 0000000000000000 R09: ffffed003b5a5b57 [ 245.485818] R10: ffffed003b5a5b57 R11: ffff8801dad2dabb R12: ffff8801d157a240 [ 245.493092] R13: 5c6bfe5bcf2b11d2 R14: 0000000000000001 R15: ffff8801d157a240 [ 245.500409] ? rcu_read_unlock+0x16/0x60 [ 245.504486] ? lock_downgrade+0x900/0x900 [ 245.508646] ? check_preemption_disabled+0x48/0x200 [ 245.513672] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 245.518607] ? kasan_check_read+0x11/0x20 [ 245.522767] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 245.528049] ? rcu_softirq_qs+0x20/0x20 [ 245.532029] ? __lock_is_held+0xb5/0x140 [ 245.536110] rcu_read_unlock+0x33/0x60 [ 245.540008] memcg_kmem_get_cache+0x36c/0x900 [ 245.544517] ? mem_cgroup_handle_over_high+0x130/0x130 [ 245.549821] ? ttwu_stat+0x5c0/0x5c0 [ 245.553569] kmem_cache_alloc+0x193/0x730 [ 245.557740] alloc_inode+0xb2/0x190 [ 245.561386] new_inode_pseudo+0x71/0x1a0 [ 245.565457] ? prune_icache_sb+0x1c0/0x1c0 [ 245.569704] ? down_read+0x120/0x120 [ 245.573447] ? mntput+0x74/0xa0 [ 245.576742] new_inode+0x1c/0x40 [ 245.580206] debugfs_get_inode+0x19/0x120 [ 245.584373] __debugfs_create_file+0xb5/0x400 [ 245.588894] debugfs_create_file+0x57/0x70 [ 245.593143] kvm_dev_ioctl+0xc0a/0x1ae0 [ 245.597123] ? is_bpf_text_address+0xac/0x170 [ 245.601632] ? kvm_debugfs_release+0x90/0x90 [ 245.606046] ? graph_lock+0x170/0x170 [ 245.609851] ? do_futex+0x249/0x26d0 [ 245.613575] ? rcu_softirq_qs+0x20/0x20 [ 245.617555] ? rcu_softirq_qs+0x20/0x20 [ 245.621538] ? unwind_dump+0x190/0x190 [ 245.625442] ? find_held_lock+0x36/0x1c0 [ 245.629522] ? __fget+0x4aa/0x740 [ 245.632985] ? lock_downgrade+0x900/0x900 [ 245.637144] ? check_preemption_disabled+0x48/0x200 [ 245.642194] ? kasan_check_read+0x11/0x20 [ 245.646347] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 245.651665] ? rcu_softirq_qs+0x20/0x20 [ 245.655671] ? ksys_dup3+0x680/0x680 [ 245.659397] ? kasan_check_write+0x14/0x20 [ 245.663643] ? trace_hardirqs_off+0xb8/0x310 [ 245.668065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 245.673613] ? kvm_debugfs_release+0x90/0x90 [ 245.678032] do_vfs_ioctl+0x1de/0x1720 [ 245.681931] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 245.687483] ? ioctl_preallocate+0x300/0x300 [ 245.691902] ? __fget_light+0x2e9/0x430 [ 245.695892] ? fget_raw+0x20/0x20 [ 245.699365] ? putname+0xf2/0x130 [ 245.702832] ? rcu_read_lock_sched_held+0x108/0x120 [ 245.707858] ? kmem_cache_free+0x24f/0x290 [ 245.712115] ? __x64_sys_futex+0x47f/0x6a0 [ 245.716374] ? do_syscall_64+0x9a/0x820 [ 245.720369] ? do_syscall_64+0x9a/0x820 [ 245.724364] ? lockdep_hardirqs_on+0x421/0x5c0 [ 245.728962] ? security_file_ioctl+0x94/0xc0 [ 245.733402] ksys_ioctl+0xa9/0xd0 [ 245.736874] __x64_sys_ioctl+0x73/0xb0 [ 245.740797] do_syscall_64+0x1b9/0x820 [ 245.744693] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 245.750085] ? syscall_return_slowpath+0x5e0/0x5e0 [ 245.755039] ? trace_hardirqs_off+0x310/0x310 [ 245.759553] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 245.764589] ? recalc_sigpending_tsk+0x180/0x180 [ 245.769365] ? kasan_check_write+0x14/0x20 [ 245.773619] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 245.778484] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 245.783680] RIP: 0033:0x457679 [ 245.786887] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 245.805806] RSP: 002b:00007f8890ee9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 245.813531] RAX: ffffffffffffffda RBX: 00007f8890eea6d4 RCX: 0000000000457679 [ 245.820808] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000006 [ 245.828080] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 245.835351] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 245.842636] R13: 00000000004cfc28 R14: 00000000004bfd60 R15: 0000000000000000 [ 245.850093] vmwrite error: reg 6c0c value fffffe0000031000 (err 262144) [ 245.856927] CPU: 1 PID: 7609 Comm: syz-executor2 Not tainted 4.19.0-rc4-next-20180921+ #77 [ 245.865351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 245.874728] Call Trace: [ 245.877339] dump_stack+0x1d3/0x2c4 [ 245.881000] ? dump_stack_print_info.cold.2+0x52/0x52 [ 245.886216] ? trace_hardirqs_off_caller+0x300/0x300 [ 245.891341] vmwrite_error+0x4c/0x60 [ 245.895091] vmx_vcpu_load+0xcf9/0x1030 [ 245.899086] ? lock_downgrade+0x8b1/0x900 [ 245.903248] ? vmx_write_tsc_offset+0x670/0x670 [ 245.907927] ? print_usage_bug+0xc0/0xc0 [ 245.912004] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 245.917553] ? check_preemption_disabled+0x48/0x200 [ 245.922582] ? find_held_lock+0x36/0x1c0 [ 245.926661] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 245.932204] ? vmx_sched_in+0xe0/0x5f0 [ 245.936105] kvm_arch_vcpu_load+0x247/0x970 [ 245.940451] ? kvm_arch_dev_ioctl+0x630/0x630 [ 245.944955] ? trace_hardirqs_off_caller+0x300/0x300 [ 245.950073] kvm_sched_in+0x82/0xa0 [ 245.953709] finish_task_switch+0x3d7/0x900 [ 245.958039] ? __switch_to_asm+0x34/0x70 [ 245.962118] ? preempt_notifier_register+0x200/0x200 [ 245.967226] ? __switch_to_asm+0x34/0x70 [ 245.971293] ? __switch_to_asm+0x34/0x70 [ 245.975368] ? __switch_to_asm+0x40/0x70 [ 245.979436] ? __switch_to_asm+0x34/0x70 [ 245.983502] ? __switch_to_asm+0x40/0x70 [ 245.987568] ? __switch_to_asm+0x34/0x70 [ 245.991633] ? __switch_to_asm+0x40/0x70 [ 245.995697] ? __switch_to_asm+0x34/0x70 [ 245.999763] ? __switch_to_asm+0x34/0x70 [ 246.003826] ? __switch_to_asm+0x40/0x70 [ 246.007894] ? __switch_to_asm+0x34/0x70 [ 246.011960] ? __switch_to_asm+0x40/0x70 [ 246.016029] ? __switch_to_asm+0x34/0x70 [ 246.020094] ? __switch_to_asm+0x40/0x70 [ 246.024168] __schedule+0x874/0x1ed0 [ 246.027902] ? __sched_text_start+0x8/0x8 [ 246.032056] ? find_held_lock+0x36/0x1c0 [ 246.036143] ? mark_held_locks+0xc7/0x130 [ 246.040300] ? preempt_schedule_irq+0x5e/0x110 [ 246.044891] ? preempt_schedule_irq+0x5e/0x110 [ 246.049496] ? lockdep_hardirqs_on+0x421/0x5c0 [ 246.054102] ? trace_hardirqs_on+0xbd/0x310 [ 246.058461] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 246.063744] ? retint_kernel+0x1b/0x2d [ 246.067642] ? trace_hardirqs_off_caller+0x300/0x300 [ 246.072759] ? find_held_lock+0x36/0x1c0 [ 246.076835] preempt_schedule_irq+0x87/0x110 [ 246.081264] retint_kernel+0x1b/0x2d [ 246.084989] RIP: 0010:lock_release+0x504/0x970 [ 246.089586] Code: 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 a4 03 00 00 48 83 3d ab 64 12 08 00 0f 84 37 02 00 00 48 8b bd e0 fe ff ff 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 [ 246.108503] RSP: 0018:ffff88018cbb7378 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 246.116250] RAX: dffffc0000000000 RBX: 1ffff10031976e73 RCX: 1ffff1003a2af556 [ 246.123529] RDX: 1ffffffff12e44be RSI: 0000000000000002 RDI: 0000000000000282 [ 246.130808] RBP: ffff88018cbb74a0 R08: 0000000000000000 R09: ffffed003b5a5b57 [ 246.138081] R10: ffffed003b5a5b57 R11: ffff8801dad2dabb R12: ffff8801d157a240 [ 246.145365] R13: 5c6bfe5bcf2b11d2 R14: 0000000000000001 R15: ffff8801d157a240 [ 246.152681] ? rcu_read_unlock+0x16/0x60 [ 246.156755] ? lock_downgrade+0x900/0x900 [ 246.160909] ? check_preemption_disabled+0x48/0x200 [ 246.165937] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 246.170881] ? kasan_check_read+0x11/0x20 [ 246.175038] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 246.180320] ? rcu_softirq_qs+0x20/0x20 [ 246.184308] ? __lock_is_held+0xb5/0x140 [ 246.188408] rcu_read_unlock+0x33/0x60 [ 246.192307] memcg_kmem_get_cache+0x36c/0x900 [ 246.196814] ? mem_cgroup_handle_over_high+0x130/0x130 [ 246.202111] ? ttwu_stat+0x5c0/0x5c0 [ 246.205846] kmem_cache_alloc+0x193/0x730 [ 246.210024] alloc_inode+0xb2/0x190 [ 246.213659] new_inode_pseudo+0x71/0x1a0 [ 246.217727] ? prune_icache_sb+0x1c0/0x1c0 [ 246.221969] ? down_read+0x120/0x120 [ 246.225690] ? mntput+0x74/0xa0 [ 246.228980] new_inode+0x1c/0x40 [ 246.232365] debugfs_get_inode+0x19/0x120 [ 246.236528] __debugfs_create_file+0xb5/0x400 [ 246.241033] debugfs_create_file+0x57/0x70 [ 246.245293] kvm_dev_ioctl+0xc0a/0x1ae0 [ 246.249272] ? is_bpf_text_address+0xac/0x170 [ 246.253791] ? kvm_debugfs_release+0x90/0x90 [ 246.258206] ? graph_lock+0x170/0x170 [ 246.262020] ? do_futex+0x249/0x26d0 [ 246.265740] ? rcu_softirq_qs+0x20/0x20 [ 246.269722] ? rcu_softirq_qs+0x20/0x20 [ 246.273700] ? unwind_dump+0x190/0x190 [ 246.277603] ? find_held_lock+0x36/0x1c0 [ 246.281682] ? __fget+0x4aa/0x740 [ 246.285151] ? lock_downgrade+0x900/0x900 [ 246.289306] ? check_preemption_disabled+0x48/0x200 [ 246.294332] ? kasan_check_read+0x11/0x20 [ 246.298499] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 246.303876] ? rcu_softirq_qs+0x20/0x20 [ 246.307887] ? ksys_dup3+0x680/0x680 [ 246.311613] ? kasan_check_write+0x14/0x20 [ 246.315860] ? trace_hardirqs_off+0xb8/0x310 [ 246.320286] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.325836] ? kvm_debugfs_release+0x90/0x90 [ 246.330267] do_vfs_ioctl+0x1de/0x1720 [ 246.334166] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 246.339742] ? ioctl_preallocate+0x300/0x300 [ 246.344176] ? __fget_light+0x2e9/0x430 [ 246.348174] ? fget_raw+0x20/0x20 [ 246.351642] ? putname+0xf2/0x130 [ 246.355111] ? rcu_read_lock_sched_held+0x108/0x120 [ 246.360383] ? kmem_cache_free+0x24f/0x290 [ 246.364634] ? __x64_sys_futex+0x47f/0x6a0 [ 246.368884] ? do_syscall_64+0x9a/0x820 [ 246.372865] ? do_syscall_64+0x9a/0x820 [ 246.376855] ? lockdep_hardirqs_on+0x421/0x5c0 [ 246.381457] ? security_file_ioctl+0x94/0xc0 [ 246.385891] ksys_ioctl+0xa9/0xd0 [ 246.389372] __x64_sys_ioctl+0x73/0xb0 [ 246.393274] do_syscall_64+0x1b9/0x820 [ 246.397178] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 246.402550] ? syscall_return_slowpath+0x5e0/0x5e0 [ 246.407493] ? trace_hardirqs_off+0x310/0x310 [ 246.411997] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 246.417024] ? recalc_sigpending_tsk+0x180/0x180 [ 246.421789] ? kasan_check_write+0x14/0x20 [ 246.426036] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 246.430903] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 246.436118] RIP: 0033:0x457679 [ 246.439320] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 246.458244] RSP: 002b:00007f8890ee9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 246.466416] RAX: ffffffffffffffda RBX: 00007f8890eea6d4 RCX: 0000000000457679 [ 246.473691] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000006 [ 246.480960] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 246.488233] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 246.495505] R13: 00000000004cfc28 R14: 00000000004bfd60 R15: 0000000000000000 [ 246.502942] vmwrite error: reg 6c10 value fffffe0000032200 (err 262144) [ 246.509770] CPU: 1 PID: 7609 Comm: syz-executor2 Not tainted 4.19.0-rc4-next-20180921+ #77 [ 246.518191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 246.527560] Call Trace: [ 246.530160] dump_stack+0x1d3/0x2c4 [ 246.533801] ? dump_stack_print_info.cold.2+0x52/0x52 [ 246.539005] ? trace_hardirqs_off_caller+0x300/0x300 [ 246.544126] vmwrite_error+0x4c/0x60 [ 246.547847] vmx_vcpu_load+0xd27/0x1030 [ 246.551841] ? lock_downgrade+0x8b1/0x900 [ 246.556006] ? vmx_write_tsc_offset+0x670/0x670 [ 246.560686] ? print_usage_bug+0xc0/0xc0 [ 246.564767] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.570313] ? check_preemption_disabled+0x48/0x200 [ 246.575337] ? find_held_lock+0x36/0x1c0 [ 246.579429] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 246.584971] ? vmx_sched_in+0xe0/0x5f0 [ 246.588898] kvm_arch_vcpu_load+0x247/0x970 [ 246.593232] ? kvm_arch_dev_ioctl+0x630/0x630 [ 246.597739] ? trace_hardirqs_off_caller+0x300/0x300 [ 246.602856] kvm_sched_in+0x82/0xa0 [ 246.606504] finish_task_switch+0x3d7/0x900 [ 246.610835] ? __switch_to_asm+0x34/0x70 [ 246.614908] ? preempt_notifier_register+0x200/0x200 [ 246.620032] ? __switch_to_asm+0x34/0x70 [ 246.624097] ? __switch_to_asm+0x34/0x70 [ 246.628179] ? __switch_to_asm+0x40/0x70 [ 246.632263] ? __switch_to_asm+0x34/0x70 [ 246.636326] ? __switch_to_asm+0x40/0x70 [ 246.640401] ? __switch_to_asm+0x34/0x70 [ 246.644466] ? __switch_to_asm+0x40/0x70 [ 246.648533] ? __switch_to_asm+0x34/0x70 [ 246.652601] ? __switch_to_asm+0x34/0x70 [ 246.656668] ? __switch_to_asm+0x40/0x70 [ 246.660734] ? __switch_to_asm+0x34/0x70 [ 246.664797] ? __switch_to_asm+0x40/0x70 [ 246.668878] ? __switch_to_asm+0x34/0x70 [ 246.672942] ? __switch_to_asm+0x40/0x70 [ 246.677008] __schedule+0x874/0x1ed0 [ 246.680748] ? __sched_text_start+0x8/0x8 [ 246.684900] ? find_held_lock+0x36/0x1c0 [ 246.688990] ? mark_held_locks+0xc7/0x130 [ 246.693141] ? preempt_schedule_irq+0x5e/0x110 [ 246.697722] ? preempt_schedule_irq+0x5e/0x110 [ 246.702312] ? lockdep_hardirqs_on+0x421/0x5c0 [ 246.706913] ? trace_hardirqs_on+0xbd/0x310 [ 246.711257] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 246.716541] ? retint_kernel+0x1b/0x2d [ 246.720437] ? trace_hardirqs_off_caller+0x300/0x300 [ 246.725552] ? find_held_lock+0x36/0x1c0 [ 246.729628] preempt_schedule_irq+0x87/0x110 [ 246.734057] retint_kernel+0x1b/0x2d [ 246.737784] RIP: 0010:lock_release+0x504/0x970 [ 246.742385] Code: 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 a4 03 00 00 48 83 3d ab 64 12 08 00 0f 84 37 02 00 00 48 8b bd e0 fe ff ff 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 [ 246.761306] RSP: 0018:ffff88018cbb7378 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 246.769034] RAX: dffffc0000000000 RBX: 1ffff10031976e73 RCX: 1ffff1003a2af556 [ 246.776304] RDX: 1ffffffff12e44be RSI: 0000000000000002 RDI: 0000000000000282 [ 246.783582] RBP: ffff88018cbb74a0 R08: 0000000000000000 R09: ffffed003b5a5b57 [ 246.790855] R10: ffffed003b5a5b57 R11: ffff8801dad2dabb R12: ffff8801d157a240 [ 246.798137] R13: 5c6bfe5bcf2b11d2 R14: 0000000000000001 R15: ffff8801d157a240 [ 246.805443] ? rcu_read_unlock+0x16/0x60 [ 246.809519] ? lock_downgrade+0x900/0x900 [ 246.813676] ? check_preemption_disabled+0x48/0x200 [ 246.818701] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 246.823637] ? kasan_check_read+0x11/0x20 [ 246.827792] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 246.833075] ? rcu_softirq_qs+0x20/0x20 [ 246.837065] ? __lock_is_held+0xb5/0x140 [ 246.841154] rcu_read_unlock+0x33/0x60 [ 246.845048] memcg_kmem_get_cache+0x36c/0x900 [ 246.849558] ? mem_cgroup_handle_over_high+0x130/0x130 [ 246.854852] ? ttwu_stat+0x5c0/0x5c0 [ 246.858593] kmem_cache_alloc+0x193/0x730 [ 246.862759] alloc_inode+0xb2/0x190 [ 246.866394] new_inode_pseudo+0x71/0x1a0 [ 246.870469] ? prune_icache_sb+0x1c0/0x1c0 [ 246.874797] ? down_read+0x120/0x120 [ 246.878513] ? mntput+0x74/0xa0 [ 246.881810] new_inode+0x1c/0x40 [ 246.885186] debugfs_get_inode+0x19/0x120 [ 246.889343] __debugfs_create_file+0xb5/0x400 [ 246.893862] debugfs_create_file+0x57/0x70 [ 246.898120] kvm_dev_ioctl+0xc0a/0x1ae0 [ 246.902103] ? is_bpf_text_address+0xac/0x170 [ 246.906616] ? kvm_debugfs_release+0x90/0x90 [ 246.911031] ? graph_lock+0x170/0x170 [ 246.914836] ? do_futex+0x249/0x26d0 [ 246.918559] ? rcu_softirq_qs+0x20/0x20 [ 246.922538] ? rcu_softirq_qs+0x20/0x20 [ 246.926519] ? unwind_dump+0x190/0x190 [ 246.930433] ? find_held_lock+0x36/0x1c0 [ 246.934516] ? __fget+0x4aa/0x740 [ 246.937977] ? lock_downgrade+0x900/0x900 [ 246.942148] ? check_preemption_disabled+0x48/0x200 [ 246.947197] ? kasan_check_read+0x11/0x20 [ 246.951350] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 246.956647] ? rcu_softirq_qs+0x20/0x20 [ 246.960648] ? ksys_dup3+0x680/0x680 [ 246.964378] ? kasan_check_write+0x14/0x20 [ 246.968631] ? trace_hardirqs_off+0xb8/0x310 [ 246.973052] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.978602] ? kvm_debugfs_release+0x90/0x90 [ 246.983022] do_vfs_ioctl+0x1de/0x1720 [ 246.986919] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 246.992484] ? ioctl_preallocate+0x300/0x300 [ 246.996909] ? __fget_light+0x2e9/0x430 [ 247.000894] ? fget_raw+0x20/0x20 [ 247.004350] ? putname+0xf2/0x130 [ 247.007826] ? rcu_read_lock_sched_held+0x108/0x120 [ 247.012851] ? kmem_cache_free+0x24f/0x290 [ 247.017105] ? __x64_sys_futex+0x47f/0x6a0 [ 247.021349] ? do_syscall_64+0x9a/0x820 [ 247.025345] ? do_syscall_64+0x9a/0x820 [ 247.029374] ? lockdep_hardirqs_on+0x421/0x5c0 [ 247.033971] ? security_file_ioctl+0x94/0xc0 [ 247.038400] ksys_ioctl+0xa9/0xd0 [ 247.041875] __x64_sys_ioctl+0x73/0xb0 [ 247.045775] do_syscall_64+0x1b9/0x820 [ 247.049677] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 247.055068] ? syscall_return_slowpath+0x5e0/0x5e0 [ 247.060038] ? trace_hardirqs_off+0x310/0x310 [ 247.064542] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 247.069568] ? recalc_sigpending_tsk+0x180/0x180 [ 247.074331] ? kasan_check_write+0x14/0x20 [ 247.078611] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 247.083471] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 247.088666] RIP: 0033:0x457679 [ 247.091873] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 247.110799] RSP: 002b:00007f8890ee9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 247.118521] RAX: ffffffffffffffda RBX: 00007f8890eea6d4 RCX: 0000000000457679 [ 247.125791] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000006 [ 247.133064] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 247.140337] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 247.147620] R13: 00000000004cfc28 R14: 00000000004bfd60 R15: 0000000000000000 [ 247.155085] kasan: CONFIG_KASAN_INLINE enabled [ 247.159942] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 247.167384] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 247.173634] CPU: 1 PID: 7609 Comm: syz-executor2 Not tainted 4.19.0-rc4-next-20180921+ #77 [ 247.182041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 247.191421] RIP: 0010:finish_task_switch+0x3a4/0x900 13:42:17 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x400448e1, &(0x7f0000002b80)={0x0, &(0x7f0000002900)}) 13:42:17 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000002000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open$dir(&(0x7f0000000180)='./file0/file0\x00', 0x189c40, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000340)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd4}}}, 0x90) 13:42:17 executing program 5: clone(0x200, &(0x7f00000001c0), &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000040)) mknod(&(0x7f0000000000)='./file0\x00', 0x103e, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000140), &(0x7f00000001c0)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000001c0)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) clone(0x3102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) prctl$intptr(0x1d, 0xfffffffffffff82c) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000040)='./file0\x00', 0xa000000000068805, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f00000002c0)=""/159) prctl$intptr(0x80000000000001e, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000004c0)) 13:42:17 executing program 1: clone(0x200, &(0x7f0000000400), &(0x7f0000000280), &(0x7f0000000040), &(0x7f0000000400)) mknod(&(0x7f0000000080)='./file0\x00', 0x1040, 0x0) execve(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000040), &(0x7f0000000300)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000600)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) prctl$intptr(0x1001010000001d, 0xfffffffffffff2e3) clone(0x3102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r1 = fcntl$dupfd(r0, 0x0, r0) open$dir(&(0x7f0000000180)='./file0\x00', 0x68802, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000540)=""/159) prctl$intptr(0x1e, 0x0) ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f0000000000)) [ 247.196531] Code: 3d 04 00 00 4d 8b bc 24 50 03 00 00 4d 85 ff 0f 84 ab fe ff ff 49 bc 00 00 00 00 00 fc ff df 49 8d 7f 10 48 89 f9 48 c1 e9 03 <42> 80 3c 21 00 0f 85 da 03 00 00 49 8b 4f 10 48 89 ce 48 c1 ee 03 [ 247.215475] RSP: 0018:ffff88018cbb6fb0 EFLAGS: 00010a06 [ 247.220882] RAX: 0000000000000000 RBX: ffff8801dad2cc40 RCX: 1bd5a00000000022 [ 247.228182] RDX: 0000000000040000 RSI: ffffffff810f018e RDI: dead000000000110 [ 247.235458] RBP: ffff88018cbb7098 R08: ffff8801d157a240 R09: 0000000000000006 [ 247.242822] R10: 0000000000000000 R11: ffff8801d157a240 R12: dffffc0000000000 [ 247.250108] R13: ffff8801b3326140 R14: 0000000000000000 R15: dead000000000100 [ 247.257436] FS: 00007f8890eea700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000 [ 247.265671] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 247.271571] CR2: 00007f88c25c6000 CR3: 00000001c8dcd000 CR4: 00000000001426e0 [ 247.278849] Call Trace: [ 247.281460] ? __switch_to_asm+0x34/0x70 [ 247.285535] ? preempt_notifier_register+0x200/0x200 [ 247.290680] ? __switch_to_asm+0x34/0x70 [ 247.294749] ? __switch_to_asm+0x34/0x70 [ 247.298842] ? __switch_to_asm+0x40/0x70 [ 247.302933] ? __switch_to_asm+0x34/0x70 [ 247.306999] ? __switch_to_asm+0x40/0x70 [ 247.311059] ? __switch_to_asm+0x34/0x70 [ 247.315126] ? __switch_to_asm+0x40/0x70 [ 247.319186] ? __switch_to_asm+0x34/0x70 [ 247.323250] ? __switch_to_asm+0x34/0x70 [ 247.327324] ? __switch_to_asm+0x40/0x70 [ 247.331400] ? __switch_to_asm+0x34/0x70 [ 247.335465] ? __switch_to_asm+0x40/0x70 [ 247.339529] ? __switch_to_asm+0x34/0x70 [ 247.343590] ? __switch_to_asm+0x40/0x70 [ 247.347657] __schedule+0x874/0x1ed0 [ 247.351388] ? __sched_text_start+0x8/0x8 [ 247.355555] ? find_held_lock+0x36/0x1c0 [ 247.359625] ? mark_held_locks+0xc7/0x130 [ 247.363778] ? preempt_schedule_irq+0x5e/0x110 [ 247.368369] ? preempt_schedule_irq+0x5e/0x110 [ 247.372958] ? lockdep_hardirqs_on+0x421/0x5c0 [ 247.377548] ? trace_hardirqs_on+0xbd/0x310 [ 247.381888] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 247.387185] ? retint_kernel+0x1b/0x2d [ 247.391094] ? trace_hardirqs_off_caller+0x300/0x300 [ 247.396300] ? find_held_lock+0x36/0x1c0 [ 247.400382] preempt_schedule_irq+0x87/0x110 [ 247.404801] retint_kernel+0x1b/0x2d [ 247.408523] RIP: 0010:lock_release+0x504/0x970 [ 247.413111] Code: 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 a4 03 00 00 48 83 3d ab 64 12 08 00 0f 84 37 02 00 00 48 8b bd e0 fe ff ff 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 [ 247.432024] RSP: 0018:ffff88018cbb7378 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 247.439749] RAX: dffffc0000000000 RBX: 1ffff10031976e73 RCX: 1ffff1003a2af556 [ 247.447029] RDX: 1ffffffff12e44be RSI: 0000000000000002 RDI: 0000000000000282 [ 247.454303] RBP: ffff88018cbb74a0 R08: 0000000000000000 R09: ffffed003b5a5b57 [ 247.461585] R10: ffffed003b5a5b57 R11: ffff8801dad2dabb R12: ffff8801d157a240 [ 247.469330] R13: 5c6bfe5bcf2b11d2 R14: 0000000000000001 R15: ffff8801d157a240 [ 247.476644] ? rcu_read_unlock+0x16/0x60 [ 247.480715] ? lock_downgrade+0x900/0x900 [ 247.484877] ? check_preemption_disabled+0x48/0x200 [ 247.489904] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 247.494838] ? kasan_check_read+0x11/0x20 [ 247.498998] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 247.504276] ? rcu_softirq_qs+0x20/0x20 [ 247.508263] ? __lock_is_held+0xb5/0x140 [ 247.512337] rcu_read_unlock+0x33/0x60 [ 247.516248] memcg_kmem_get_cache+0x36c/0x900 [ 247.520752] ? mem_cgroup_handle_over_high+0x130/0x130 [ 247.526037] ? ttwu_stat+0x5c0/0x5c0 [ 247.529762] kmem_cache_alloc+0x193/0x730 [ 247.533918] alloc_inode+0xb2/0x190 [ 247.537548] new_inode_pseudo+0x71/0x1a0 [ 247.541610] ? prune_icache_sb+0x1c0/0x1c0 [ 247.545848] ? down_read+0x120/0x120 [ 247.549578] ? mntput+0x74/0xa0 [ 247.552864] new_inode+0x1c/0x40 [ 247.556239] debugfs_get_inode+0x19/0x120 [ 247.560401] __debugfs_create_file+0xb5/0x400 [ 247.564906] debugfs_create_file+0x57/0x70 [ 247.569157] kvm_dev_ioctl+0xc0a/0x1ae0 [ 247.573133] ? is_bpf_text_address+0xac/0x170 [ 247.577635] ? kvm_debugfs_release+0x90/0x90 [ 247.582055] ? graph_lock+0x170/0x170 [ 247.585856] ? do_futex+0x249/0x26d0 [ 247.589577] ? rcu_softirq_qs+0x20/0x20 [ 247.593556] ? rcu_softirq_qs+0x20/0x20 [ 247.597531] ? unwind_dump+0x190/0x190 [ 247.601428] ? find_held_lock+0x36/0x1c0 [ 247.605499] ? __fget+0x4aa/0x740 [ 247.608958] ? lock_downgrade+0x900/0x900 [ 247.613109] ? check_preemption_disabled+0x48/0x200 [ 247.618132] ? kasan_check_read+0x11/0x20 [ 247.622281] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 247.627568] ? rcu_softirq_qs+0x20/0x20 [ 247.631560] ? ksys_dup3+0x680/0x680 [ 247.635275] ? kasan_check_write+0x14/0x20 [ 247.639515] ? trace_hardirqs_off+0xb8/0x310 [ 247.643953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 247.649514] ? kvm_debugfs_release+0x90/0x90 [ 247.653925] do_vfs_ioctl+0x1de/0x1720 [ 247.657819] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 247.663375] ? ioctl_preallocate+0x300/0x300 [ 247.667789] ? __fget_light+0x2e9/0x430 [ 247.671766] ? fget_raw+0x20/0x20 [ 247.675220] ? putname+0xf2/0x130 [ 247.678682] ? rcu_read_lock_sched_held+0x108/0x120 [ 247.683703] ? kmem_cache_free+0x24f/0x290 [ 247.687941] ? __x64_sys_futex+0x47f/0x6a0 [ 247.692180] ? do_syscall_64+0x9a/0x820 [ 247.696172] ? do_syscall_64+0x9a/0x820 [ 247.700157] ? lockdep_hardirqs_on+0x421/0x5c0 [ 247.704742] ? security_file_ioctl+0x94/0xc0 [ 247.709155] ksys_ioctl+0xa9/0xd0 [ 247.712615] __x64_sys_ioctl+0x73/0xb0 [ 247.716513] do_syscall_64+0x1b9/0x820 [ 247.720409] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 247.725776] ? syscall_return_slowpath+0x5e0/0x5e0 [ 247.730711] ? trace_hardirqs_off+0x310/0x310 [ 247.735223] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 247.740262] ? recalc_sigpending_tsk+0x180/0x180 [ 247.745020] ? kasan_check_write+0x14/0x20 [ 247.749271] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 247.754126] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 247.759328] RIP: 0033:0x457679 [ 247.762540] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 247.781442] RSP: 002b:00007f8890ee9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 247.789164] RAX: ffffffffffffffda RBX: 00007f8890eea6d4 RCX: 0000000000457679 [ 247.796439] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000006 [ 247.803715] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 247.811010] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 247.818284] R13: 00000000004cfc28 R14: 00000000004bfd60 R15: 0000000000000000 [ 247.825581] Modules linked in: [ 247.828900] ---[ end trace 92e831830012c0f4 ]--- [ 247.833689] RIP: 0010:finish_task_switch+0x3a4/0x900 [ 247.838847] Code: 3d 04 00 00 4d 8b bc 24 50 03 00 00 4d 85 ff 0f 84 ab fe ff ff 49 bc 00 00 00 00 00 fc ff df 49 8d 7f 10 48 89 f9 48 c1 e9 03 <42> 80 3c 21 00 0f 85 da 03 00 00 49 8b 4f 10 48 89 ce 48 c1 ee 03 [ 247.857806] RSP: 0018:ffff88018cbb6fb0 EFLAGS: 00010a06 [ 247.863211] RAX: 0000000000000000 RBX: ffff8801dad2cc40 RCX: 1bd5a00000000022 [ 247.870534] RDX: 0000000000040000 RSI: ffffffff810f018e RDI: dead000000000110 [ 247.877876] RBP: ffff88018cbb7098 R08: ffff8801d157a240 R09: 0000000000000006 [ 247.885162] R10: 0000000000000000 R11: ffff8801d157a240 R12: dffffc0000000000 [ 247.892488] R13: ffff8801b3326140 R14: 0000000000000000 R15: dead000000000100 [ 247.899821] FS: 00007f8890eea700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000 [ 247.908097] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 247.913991] CR2: 00007f88c25c6000 CR3: 00000001c8dcd000 CR4: 00000000001426e0 [ 247.921324] Kernel panic - not syncing: Fatal exception [ 247.927726] Kernel Offset: disabled [ 247.931361] Rebooting in 86400 seconds..