[info] Using makefile-style concurrent boot in runlevel 2. [ 27.085680] audit: type=1800 audit(1545627622.915:21): pid=5892 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.162' (ECDSA) to the list of known hosts. 2018/12/24 05:00:32 fuzzer started 2018/12/24 05:00:34 dialing manager at 10.128.0.26:33943 2018/12/24 05:00:34 syscalls: 1 2018/12/24 05:00:34 code coverage: enabled 2018/12/24 05:00:34 comparison tracing: enabled 2018/12/24 05:00:34 setuid sandbox: enabled 2018/12/24 05:00:34 namespace sandbox: enabled 2018/12/24 05:00:34 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 05:00:34 fault injection: enabled 2018/12/24 05:00:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 05:00:34 net packet injection: enabled 2018/12/24 05:00:34 net device setup: enabled 05:02:53 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000340)={0x26, 'aead\x00', 0x0, 0x0, 'aegis256-generic\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) dup2(r1, r0) syzkaller login: [ 177.756263] IPVS: ftp: loaded support on port[0] = 21 05:02:53 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20010001, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) syz_execute_func(&(0x7f0000000040)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") r2 = dup2(r0, r0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000000)={0x77359400}, 0x10) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) write$eventfd(r2, 0x0, 0x0) tkill(r1, 0x1000000000016) [ 178.064713] IPVS: ftp: loaded support on port[0] = 21 05:02:54 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000000)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000180)={'syz0\x00', {}, 0x0, [0x8], [0x2], [], [0x7]}, 0x45c) [ 178.427881] IPVS: ftp: loaded support on port[0] = 21 05:02:54 executing program 3: clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000008c0)={0x0}, &(0x7f0000000900)=0xc) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000640)={0x2, 0x0, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000140), &(0x7f0000000080)=0xc) r2 = fcntl$getown(0xffffffffffffffff, 0x9) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a80)={0xffffffffffffffff, 0x50, &(0x7f0000000a00)={0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000ac0)={r2, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000880)='/dev/usbmon#\x00', r3}, 0x30) ioctl$VIDIOC_QUERY_DV_TIMINGS(0xffffffffffffffff, 0x80845663, &(0x7f0000000940)={0x0, @reserved}) syz_open_dev$dmmidi(&(0x7f0000000180)='/dev/dmmidi#\x00', 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x200000000000300, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80389}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x9}}], 0x48}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x0) r4 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x0, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f00000009c0)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @ib={0x1b, 0x0, 0x9, {"8aa70fe0aa0ede7c09c210101caa3dec"}, 0x1, 0x1af88dd4}, @ib={0x1b, 0x0, 0xfffffffffffffc00, {"85fd0808d02c405658db20b07f8916da"}, 0xfff, 0x3}}}, 0x118) setsockopt(r5, 0x0, 0x0, &(0x7f00000003c0)="3b58a920bf133167868ac62068fc4e462d4a07411fd71b0caed0cd834ee0dda2d8c7f84350d0f0417e40a74997367f288a17271e00d8d4b8dda68c21108edb69527a3c370d4e0f54ad77", 0x4a) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x0, 0x3ef, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x70, &(0x7f00000002c0)={0x0, @in, [0x5, 0x3, 0x10000, 0x0, 0x4, 0x0, 0x2, 0x0, 0x4, 0xf15, 0x555, 0x100, 0x9, 0x8]}, &(0x7f0000000080)=0x100) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local, @empty, @loopback, 0x3}) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000980)='/dev/full\x00', 0x101400, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r6, 0x84, 0x19, &(0x7f0000000740)={r0}, 0xffffffbe) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000340)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xfff, 0x5, 0x3, 0xffffffffffffffff}) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_mr_vif\x00') [ 178.868304] IPVS: ftp: loaded support on port[0] = 21 [ 179.042968] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.069362] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.076948] device bridge_slave_0 entered promiscuous mode 05:02:55 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x200, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x2, 0x0) dup2(r0, r1) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffff9c, 0x0) [ 179.267379] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.309654] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.317080] device bridge_slave_1 entered promiscuous mode [ 179.451970] IPVS: ftp: loaded support on port[0] = 21 [ 179.477943] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 05:02:55 executing program 5: r0 = socket(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth1_to_bridge\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000380)={@mcast2, @loopback, @loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}) [ 179.588413] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.790004] IPVS: ftp: loaded support on port[0] = 21 [ 180.032685] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.043794] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.051789] device bridge_slave_0 entered promiscuous mode [ 180.070697] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.157121] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.163860] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.171856] device bridge_slave_1 entered promiscuous mode [ 180.213996] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.320834] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.467699] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.669590] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.676246] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.684065] device bridge_slave_0 entered promiscuous mode [ 180.820241] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.826724] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.846071] device bridge_slave_1 entered promiscuous mode [ 180.868913] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.877664] team0: Port device team_slave_0 added [ 180.895289] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.983332] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.019085] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.039237] team0: Port device team_slave_1 added [ 181.062201] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.106017] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.204277] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.222066] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.228454] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.244452] device bridge_slave_0 entered promiscuous mode [ 181.253306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.273035] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.389261] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.451001] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.459138] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.466634] device bridge_slave_1 entered promiscuous mode [ 181.532310] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.548385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.564976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.624134] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.660359] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.667987] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.676323] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.693641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.785833] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.817587] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.839410] team0: Port device team_slave_0 added [ 181.850443] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.856905] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.872691] device bridge_slave_0 entered promiscuous mode [ 181.890209] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.923247] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.945014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.960826] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.969485] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.988988] device bridge_slave_1 entered promiscuous mode [ 181.997790] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.015408] team0: Port device team_slave_1 added [ 182.061411] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.072984] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.084119] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.102894] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.118767] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.138141] device bridge_slave_0 entered promiscuous mode [ 182.159171] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.166283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.189901] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.235553] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.254198] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.278792] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.286254] device bridge_slave_1 entered promiscuous mode [ 182.322311] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.384158] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.413548] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.432632] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.468891] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.476901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.526962] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.539952] team0: Port device team_slave_0 added [ 182.547325] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.561642] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.597604] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.630818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.639065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.671881] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.684379] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.693632] team0: Port device team_slave_1 added [ 182.713324] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 182.738811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.790878] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.809881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.817683] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.836610] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.849231] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.864599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.925140] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.938840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.949534] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.963137] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.002681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.024733] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.095209] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.103068] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.116211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.137013] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.179087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.203798] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.229916] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.240871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.249987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.261910] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.290533] team0: Port device team_slave_0 added [ 183.406796] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.413334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.420333] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.426709] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.450482] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.502779] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.529678] team0: Port device team_slave_1 added [ 183.585963] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.593790] team0: Port device team_slave_0 added [ 183.636972] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.660393] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.717764] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.736642] team0: Port device team_slave_1 added [ 183.769970] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.789484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.810132] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.832114] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.855488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.866580] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.921225] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.928394] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.949466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.970293] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.977758] team0: Port device team_slave_0 added [ 184.003021] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 184.019485] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.029493] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.051678] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.064300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.081466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.119273] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.130539] team0: Port device team_slave_1 added [ 184.159111] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.166750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.189534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.252620] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 184.266392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.281693] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.308832] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.329392] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.339725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.355184] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.361665] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.368334] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.374747] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.384901] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.470865] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.519776] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.526947] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.539816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.597076] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.617287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.628150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.662631] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.892894] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.899353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.906021] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.912467] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.930147] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.687212] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.693707] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.700495] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.706904] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.733613] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.745862] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.761849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.902290] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.908751] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.915428] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.921875] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.930398] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.048134] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.054608] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.061345] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.067716] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.077516] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.769139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.778635] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.759960] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.298533] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 189.707510] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 189.729344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.746416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.909919] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.165562] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.187109] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.315568] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.700300] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.776665] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 190.801838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.811464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.981305] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.100714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.150203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.179711] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 191.185962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.194412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.324319] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.528997] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 191.542961] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 191.627469] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 191.637759] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.045262] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.060470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.069929] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.081535] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.087712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.103593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.121465] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.133273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.142193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.529411] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.547921] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.558252] 8021q: adding VLAN 0 to HW filter on device team0 05:03:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f00000012c0)=""/115, 0x73}], 0x1}}], 0x1, 0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/fib_trie\x00') getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000080)={'filter\x00'}, &(0x7f0000000000)=0x54) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000100)=0x0) ptrace$pokeuser(0x6, r2, 0x8000, 0x20) preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x0) [ 193.250807] hrtimer: interrupt took 30093 ns 05:03:09 executing program 0: 05:03:09 executing program 0: 05:03:09 executing program 0: 05:03:09 executing program 0: 05:03:09 executing program 0: 05:03:09 executing program 0: 05:03:11 executing program 2: 05:03:11 executing program 0: 05:03:11 executing program 5: 05:03:11 executing program 3: 05:03:11 executing program 1: 05:03:11 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x200, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x2, 0x0) dup2(r0, r1) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffff9c, 0x0) 05:03:11 executing program 0: 05:03:11 executing program 2: 05:03:11 executing program 5: 05:03:11 executing program 3: 05:03:11 executing program 2: 05:03:11 executing program 1: 05:03:11 executing program 5: 05:03:11 executing program 3: 05:03:11 executing program 0: 05:03:11 executing program 4: 05:03:11 executing program 2: 05:03:11 executing program 1: 05:03:11 executing program 5: 05:03:11 executing program 0: 05:03:11 executing program 3: 05:03:11 executing program 2: 05:03:11 executing program 0: 05:03:11 executing program 5: 05:03:11 executing program 4: 05:03:11 executing program 1: 05:03:11 executing program 3: 05:03:11 executing program 2: 05:03:11 executing program 4: 05:03:11 executing program 0: 05:03:11 executing program 1: 05:03:11 executing program 5: 05:03:11 executing program 3: 05:03:11 executing program 2: 05:03:11 executing program 1: 05:03:11 executing program 0: 05:03:11 executing program 5: 05:03:12 executing program 4: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0a5c2d023c126285718070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r1, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, 0x0, 0x1, 0xb7, &(0x7f0000000440)=""/183}, 0x48) r3 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000100)={r1, r2}) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f00000000c0)={0xffffffffffffffff}) write$binfmt_elf32(r4, &(0x7f0000000240)=ANY=[], 0xfe91) 05:03:12 executing program 3: 05:03:12 executing program 2: 05:03:12 executing program 0: 05:03:12 executing program 1: [ 196.276773] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 05:03:12 executing program 3: 05:03:12 executing program 2: 05:03:12 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000480)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(0xffffffffffffffff, 0x0, 0x0) mkdir(0x0, 0x0) lstat(&(0x7f0000000600)='./file0/file0/file0\x00', 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$GETVAL(0x0, 0x0, 0xc, 0x0) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) lstat(&(0x7f0000000000)='./file0/file0\x00', 0x0) 05:03:12 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)={0x13, 0x10, 0xa2}, 0x2c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0xb, 0x5, &(0x7f00000003c0)=@framed={{}, [@map={0x18, 0x0, 0x1, 0x0, r0}]}, &(0x7f0000000440)='syzkaller\x00', 0x5, 0x401, &(0x7f0000000200)=""/144}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x0, 0xe, 0x0, &(0x7f0000000380)="0f098c178ec08544dfbe020447b3", 0x0, 0x2a0}, 0x28) 05:03:12 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000280)={0x77, 0x0, [0x40000021]}) 05:03:12 executing program 2: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0a5c2d023c126285718070") socket$kcm(0x11, 0x2, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a40fe00000000850000000d000000b7000000000000009500000000000000"], 0x0}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="46f1263ab0e2d21caa642b2a88a8", 0x0}, 0x28) 05:03:12 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/11, 0xfffffe11) prctl$PR_SET_TIMERSLACK(0x1d, 0xfffffffffffff631) prctl$PR_GET_TIMERSLACK(0x1e) syz_execute_func(&(0x7f0000000040)="3666440f9bf56664400f9f3241c3c4e2c9975842c4c3654c69000b3e0f11581010196f04cd04cd0f2902") [ 196.489853] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 196.538080] ================================================================== [ 196.545658] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 196.552257] Write of size 832 at addr ffff8881c4b22bc0 by task syz-executor1/7739 [ 196.559889] [ 196.561531] CPU: 0 PID: 7739 Comm: syz-executor1 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 196.570029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.579371] Call Trace: [ 196.581975] dump_stack+0x244/0x39d [ 196.585594] ? dump_stack_print_info.cold.1+0x20/0x20 [ 196.590796] ? printk+0xa7/0xcf [ 196.594080] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 196.598844] print_address_description.cold.4+0x9/0x1ff [ 196.604198] ? fpstate_init+0x50/0x160 [ 196.608090] kasan_report.cold.5+0x1b/0x39 [ 196.612334] ? fpstate_init+0x50/0x160 [ 196.616227] ? fpstate_init+0x50/0x160 [ 196.620107] check_memory_region+0x13e/0x1b0 [ 196.624522] memset+0x23/0x40 [ 196.627623] fpstate_init+0x50/0x160 [ 196.631340] kvm_arch_vcpu_init+0x3e9/0x870 [ 196.635670] kvm_vcpu_init+0x2fa/0x420 [ 196.639557] ? vcpu_stat_get+0x300/0x300 [ 196.643624] ? kmem_cache_alloc+0x33f/0x730 [ 196.647942] vmx_create_vcpu+0x1b7/0x2695 [ 196.652095] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 196.657293] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 196.661883] ? preempt_schedule+0x4d/0x60 [ 196.666023] ? preempt_schedule_common+0x1f/0xe0 [ 196.670797] ? vmx_exec_control+0x210/0x210 [ 196.675114] ? ___preempt_schedule+0x16/0x18 [ 196.679523] ? kasan_check_write+0x14/0x20 [ 196.683758] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 196.688716] ? wait_for_completion+0x8a0/0x8a0 [ 196.693301] ? print_usage_bug+0xc0/0xc0 [ 196.697369] ? migrate_swap_stop+0x8a0/0x8a0 [ 196.701801] kvm_arch_vcpu_create+0xe5/0x220 [ 196.706205] ? kvm_arch_vcpu_free+0x90/0x90 [ 196.710530] kvm_vm_ioctl+0x526/0x2030 [ 196.714422] ? kvm_unregister_device_ops+0x70/0x70 [ 196.719378] ? mark_held_locks+0x130/0x130 [ 196.723624] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 196.728811] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 196.733931] ? futex_wake+0x304/0x760 [ 196.737741] ? __lock_acquire+0x62f/0x4c20 [ 196.741988] ? mark_held_locks+0x130/0x130 [ 196.746228] ? graph_lock+0x270/0x270 [ 196.750042] ? do_futex+0x249/0x26d0 [ 196.753745] ? rcu_read_unlock_special+0x370/0x370 [ 196.758674] ? rcu_softirq_qs+0x20/0x20 [ 196.762649] ? unwind_dump+0x190/0x190 [ 196.766539] ? find_held_lock+0x36/0x1c0 [ 196.770595] ? __fget+0x4aa/0x740 [ 196.774044] ? lock_downgrade+0x900/0x900 [ 196.778203] ? check_preemption_disabled+0x48/0x280 [ 196.783210] ? kasan_check_read+0x11/0x20 [ 196.787355] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 196.792634] ? rcu_read_unlock_special+0x370/0x370 [ 196.797565] ? __fget+0x4d1/0x740 [ 196.801011] ? ksys_dup3+0x680/0x680 [ 196.804728] ? __might_fault+0x12b/0x1e0 [ 196.808800] ? lock_downgrade+0x900/0x900 [ 196.812962] ? lock_release+0xa00/0xa00 [ 196.816942] ? perf_trace_sched_process_exec+0x860/0x860 [ 196.822412] ? kvm_unregister_device_ops+0x70/0x70 [ 196.827378] do_vfs_ioctl+0x1de/0x1790 [ 196.831262] ? ioctl_preallocate+0x300/0x300 [ 196.835659] ? __fget_light+0x2e9/0x430 [ 196.839652] ? fget_raw+0x20/0x20 [ 196.843097] ? _copy_to_user+0xc8/0x110 [ 196.847113] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.852642] ? put_timespec64+0x10f/0x1b0 [ 196.856829] ? nsecs_to_jiffies+0x30/0x30 [ 196.860998] ? do_syscall_64+0x9a/0x820 [ 196.864982] ? do_syscall_64+0x9a/0x820 [ 196.869118] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 196.873718] ? security_file_ioctl+0x94/0xc0 [ 196.878140] ksys_ioctl+0xa9/0xd0 [ 196.881599] __x64_sys_ioctl+0x73/0xb0 [ 196.885508] do_syscall_64+0x1b9/0x820 [ 196.889407] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 196.894802] ? syscall_return_slowpath+0x5e0/0x5e0 [ 196.899735] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 196.904589] ? trace_hardirqs_on_caller+0x310/0x310 [ 196.909598] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 196.914613] ? prepare_exit_to_usermode+0x291/0x3b0 [ 196.919628] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 196.924464] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.929643] RIP: 0033:0x457669 [ 196.932838] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.951731] RSP: 002b:00007f3f639a6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 196.959428] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 196.966685] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 196.973941] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 196.981198] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3f639a76d4 [ 196.988454] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 196.995717] [ 196.997339] Allocated by task 7739: [ 197.000959] save_stack+0x43/0xd0 [ 197.004413] kasan_kmalloc+0xcb/0xd0 [ 197.008115] kasan_slab_alloc+0x12/0x20 [ 197.012089] kmem_cache_alloc+0x130/0x730 [ 197.016241] vmx_create_vcpu+0x110/0x2695 [ 197.020375] kvm_arch_vcpu_create+0xe5/0x220 [ 197.024769] kvm_vm_ioctl+0x526/0x2030 [ 197.028656] do_vfs_ioctl+0x1de/0x1790 [ 197.032542] ksys_ioctl+0xa9/0xd0 [ 197.035981] __x64_sys_ioctl+0x73/0xb0 [ 197.039861] do_syscall_64+0x1b9/0x820 [ 197.043753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.048942] [ 197.050566] Freed by task 0: [ 197.053577] (stack is not available) [ 197.057305] [ 197.058931] The buggy address belongs to the object at ffff8881c4b22b80 [ 197.058931] which belongs to the cache x86_fpu of size 832 [ 197.071227] The buggy address is located 64 bytes inside of [ 197.071227] 832-byte region [ffff8881c4b22b80, ffff8881c4b22ec0) [ 197.083131] The buggy address belongs to the page: [ 197.088086] page:ffffea000712c880 count:1 mapcount:0 mapping:ffff8881d638a940 index:0x0 [ 197.096242] flags: 0x2fffc0000000200(slab) [ 197.100530] raw: 02fffc0000000200 ffff8881d6392d48 ffff8881d6392d48 ffff8881d638a940 [ 197.108428] raw: 0000000000000000 ffff8881c4b22040 0000000100000004 0000000000000000 [ 197.116315] page dumped because: kasan: bad access detected [ 197.122024] [ 197.123659] Memory state around the buggy address: [ 197.128583] ffff8881c4b22d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 197.135933] ffff8881c4b22e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 197.143282] >ffff8881c4b22e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 197.150627] ^ [ 197.156095] ffff8881c4b22f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 197.163486] ffff8881c4b22f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 197.170865] ================================================================== [ 197.178217] Disabling lock debugging due to kernel taint [ 197.188859] Kernel panic - not syncing: panic_on_warn set ... [ 197.194779] CPU: 1 PID: 7739 Comm: syz-executor1 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 197.199153] kobject: 'loop5' (00000000df2373c5): kobject_uevent_env [ 197.204656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.204662] Call Trace: [ 197.204682] dump_stack+0x244/0x39d [ 197.204701] ? dump_stack_print_info.cold.1+0x20/0x20 [ 197.231915] ? fpstate_init+0x30/0x160 [ 197.232532] kobject: 'loop5' (00000000df2373c5): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 197.235814] panic+0x2ad/0x632 [ 197.235835] ? add_taint.cold.5+0x16/0x16 [ 197.252609] ? preempt_schedule+0x4d/0x60 [ 197.256774] ? ___preempt_schedule+0x16/0x18 [ 197.261195] ? trace_hardirqs_on+0xb4/0x310 [ 197.265535] ? fpstate_init+0x50/0x160 [ 197.269434] end_report+0x47/0x4f [ 197.272904] kasan_report.cold.5+0xe/0x39 [ 197.277059] ? fpstate_init+0x50/0x160 [ 197.280963] ? fpstate_init+0x50/0x160 [ 197.284871] check_memory_region+0x13e/0x1b0 [ 197.289293] memset+0x23/0x40 [ 197.292431] fpstate_init+0x50/0x160 [ 197.294704] kobject: '0:46' (0000000021054cbb): kobject_add_internal: parent: 'bdi', set: 'devices' [ 197.296165] kvm_arch_vcpu_init+0x3e9/0x870 [ 197.309674] kvm_vcpu_init+0x2fa/0x420 [ 197.313578] ? vcpu_stat_get+0x300/0x300 [ 197.317659] ? kmem_cache_alloc+0x33f/0x730 [ 197.322005] vmx_create_vcpu+0x1b7/0x2695 [ 197.326164] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 197.326707] kobject: '0:46' (0000000021054cbb): kobject_uevent_env [ 197.331278] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 197.331295] ? preempt_schedule+0x4d/0x60 [ 197.331313] ? preempt_schedule_common+0x1f/0xe0 [ 197.331332] ? vmx_exec_control+0x210/0x210 [ 197.347229] kobject: '0:46' (0000000021054cbb): fill_kobj_path: path = '/devices/virtual/bdi/0:46' [ 197.351127] ? ___preempt_schedule+0x16/0x18 [ 197.351144] ? kasan_check_write+0x14/0x20 [ 197.351159] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 197.351176] ? wait_for_completion+0x8a0/0x8a0 [ 197.373472] kobject: 'loop5' (00000000df2373c5): kobject_uevent_env [ 197.378189] ? print_usage_bug+0xc0/0xc0 [ 197.393295] ? migrate_swap_stop+0x8a0/0x8a0 [ 197.397737] kvm_arch_vcpu_create+0xe5/0x220 [ 197.402156] ? kvm_arch_vcpu_free+0x90/0x90 [ 197.406496] kvm_vm_ioctl+0x526/0x2030 [ 197.410426] ? kvm_unregister_device_ops+0x70/0x70 [ 197.415368] ? mark_held_locks+0x130/0x130 [ 197.419614] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 197.424822] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 197.429951] ? futex_wake+0x304/0x760 [ 197.433777] ? __lock_acquire+0x62f/0x4c20 [ 197.438036] ? mark_held_locks+0x130/0x130 [ 197.442287] ? graph_lock+0x270/0x270 [ 197.446100] ? do_futex+0x249/0x26d0 [ 197.449839] ? rcu_read_unlock_special+0x370/0x370 [ 197.454778] ? rcu_softirq_qs+0x20/0x20 [ 197.458761] ? unwind_dump+0x190/0x190 [ 197.462670] ? find_held_lock+0x36/0x1c0 [ 197.466750] ? __fget+0x4aa/0x740 [ 197.470212] ? lock_downgrade+0x900/0x900 [ 197.474368] ? check_preemption_disabled+0x48/0x280 [ 197.479405] ? kasan_check_read+0x11/0x20 [ 197.483562] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 197.488846] ? rcu_read_unlock_special+0x370/0x370 [ 197.493796] ? __fget+0x4d1/0x740 [ 197.497266] ? ksys_dup3+0x680/0x680 [ 197.500993] ? __might_fault+0x12b/0x1e0 [ 197.505070] ? lock_downgrade+0x900/0x900 [ 197.509232] ? lock_release+0xa00/0xa00 [ 197.513241] ? perf_trace_sched_process_exec+0x860/0x860 [ 197.518702] ? kvm_unregister_device_ops+0x70/0x70 [ 197.523654] do_vfs_ioctl+0x1de/0x1790 [ 197.527557] ? ioctl_preallocate+0x300/0x300 [ 197.531977] ? __fget_light+0x2e9/0x430 [ 197.536569] ? fget_raw+0x20/0x20 [ 197.540029] ? _copy_to_user+0xc8/0x110 [ 197.544015] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.549588] ? put_timespec64+0x10f/0x1b0 [ 197.553743] ? nsecs_to_jiffies+0x30/0x30 [ 197.557908] ? do_syscall_64+0x9a/0x820 [ 197.561892] ? do_syscall_64+0x9a/0x820 [ 197.565871] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 197.570464] ? security_file_ioctl+0x94/0xc0 [ 197.574892] ksys_ioctl+0xa9/0xd0 [ 197.578373] __x64_sys_ioctl+0x73/0xb0 [ 197.582274] do_syscall_64+0x1b9/0x820 [ 197.586183] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 197.591566] ? syscall_return_slowpath+0x5e0/0x5e0 [ 197.596508] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 197.601364] ? trace_hardirqs_on_caller+0x310/0x310 [ 197.606391] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 197.611419] ? prepare_exit_to_usermode+0x291/0x3b0 [ 197.616474] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 197.621343] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.626541] RIP: 0033:0x457669 [ 197.629748] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.648660] RSP: 002b:00007f3f639a6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 197.656383] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 197.663660] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 197.670936] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 197.678220] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3f639a76d4 [ 197.685518] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 197.693852] Kernel Offset: disabled [ 197.697492] Rebooting in 86400 seconds..