Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. 2018/12/23 23:23:47 fuzzer started 2018/12/23 23:23:49 dialing manager at 10.128.0.26:33943 2018/12/23 23:23:50 syscalls: 1 2018/12/23 23:23:50 code coverage: enabled 2018/12/23 23:23:50 comparison tracing: enabled 2018/12/23 23:23:50 setuid sandbox: enabled 2018/12/23 23:23:50 namespace sandbox: enabled 2018/12/23 23:23:50 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/23 23:23:50 fault injection: enabled 2018/12/23 23:23:50 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/23 23:23:50 net packet injection: enabled 2018/12/23 23:23:50 net device setup: enabled 23:26:02 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) set_mempolicy(0x4002, &(0x7f0000000140)=0x6, 0x9) readahead(0xffffffffffffffff, 0x8, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000680)='/dev/loop#\x00', 0x0, 0x800000000105082) ioctl$VT_WAITACTIVE(r0, 0x5607) r2 = memfd_create(&(0x7f0000000480)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r2, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendfile(r1, r2, 0x0, 0x102000000) ioctl$VT_SETMODE(r0, 0x5602, 0x0) mbind(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0) rt_sigqueueinfo(0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0) syzkaller login: [ 171.000046] IPVS: ftp: loaded support on port[0] = 21 23:26:02 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x8) ioctl(r1, 0x1000008912, &(0x7f0000000080)="0a5c2d023c126285718070") r2 = memfd_create(&(0x7f0000000100)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2) ioctl$LOOP_CLR_FD(r0, 0x4c01) [ 171.294993] IPVS: ftp: loaded support on port[0] = 21 23:26:03 executing program 2: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = socket$inet6(0xa, 0x803, 0x7) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) r2 = open(&(0x7f000000fffa)='./bus\x00', 0x14103e, 0x0) ftruncate(r1, 0x4000005) mmap(&(0x7f0000000000/0x600000)=nil, 0x600010, 0x800002, 0x4002011, r2, 0x0) [ 171.626127] IPVS: ftp: loaded support on port[0] = 21 23:26:03 executing program 3: r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x4000001, 0x182) r1 = memfd_create(&(0x7f0000000100)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) [ 171.904490] IPVS: ftp: loaded support on port[0] = 21 23:26:03 executing program 4: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000140)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "a845c9e93fa0ac86bd6977d41f86b07115091a48a76916e72695fd08b2bf39c6a5753d997ab2ad8297c8dc397ebf1482c43d9baf5fe7fe28e9a5ee87657814"}, 0x60) getpeername(r0, 0x0, &(0x7f000000a000)) [ 172.312769] IPVS: ftp: loaded support on port[0] = 21 23:26:04 executing program 5: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000040)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000080), 0x39a, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) [ 172.751305] IPVS: ftp: loaded support on port[0] = 21 [ 172.894289] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.901373] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.923066] device bridge_slave_0 entered promiscuous mode [ 173.068885] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.080814] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.088960] device bridge_slave_1 entered promiscuous mode [ 173.243648] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 173.366054] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.372419] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.385593] device bridge_slave_0 entered promiscuous mode [ 173.405966] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 173.561205] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.582796] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.590400] device bridge_slave_1 entered promiscuous mode [ 173.673693] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 173.825860] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 173.862307] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 173.962185] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.975944] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.983313] device bridge_slave_0 entered promiscuous mode [ 174.041051] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.121109] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.135320] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.142681] device bridge_slave_1 entered promiscuous mode [ 174.201725] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 174.227043] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 174.234035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 174.278072] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.296199] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.311638] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.319344] device bridge_slave_0 entered promiscuous mode [ 174.334491] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 174.377500] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 174.385007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.398086] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.507649] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.514017] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.523422] device bridge_slave_1 entered promiscuous mode [ 174.552029] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 174.565538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 174.624286] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.637120] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.644575] device bridge_slave_0 entered promiscuous mode [ 174.678841] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 174.715488] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 174.722605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.754220] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.768594] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.796126] device bridge_slave_1 entered promiscuous mode [ 174.807606] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 174.817042] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.847662] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 174.875978] team0: Port device team_slave_0 added [ 174.883175] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.901451] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.917394] device bridge_slave_0 entered promiscuous mode [ 174.928486] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.968658] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 174.988161] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.994597] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.010653] device bridge_slave_1 entered promiscuous mode [ 175.047720] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 175.066390] team0: Port device team_slave_1 added [ 175.089165] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 175.115937] team0: Port device team_slave_0 added [ 175.123106] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 175.131261] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 175.205124] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 175.211952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 175.235905] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 175.251278] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 175.261359] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 175.270566] team0: Port device team_slave_1 added [ 175.317590] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.331400] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 175.350974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 175.360932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 175.432526] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 175.443718] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.465141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 175.486127] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 175.507134] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 175.515434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.523338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 175.551614] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.567909] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 175.575866] team0: Port device team_slave_0 added [ 175.582815] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 175.623702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 175.646279] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 175.670707] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 175.681168] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 175.693094] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.720247] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 175.732805] team0: Port device team_slave_1 added [ 175.742135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 175.755440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.763418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 175.785854] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.799835] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 175.814590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 175.837505] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 175.859180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.882639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 175.915763] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 175.955333] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.966350] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.000112] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 176.015166] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.026840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.109028] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 176.125945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.144506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.205410] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 176.212808] team0: Port device team_slave_0 added [ 176.241091] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 176.261778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.305354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.327613] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 176.339760] team0: Port device team_slave_0 added [ 176.368569] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 176.383043] team0: Port device team_slave_1 added [ 176.462362] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 176.469610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.486100] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.522677] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 176.544647] team0: Port device team_slave_1 added [ 176.557921] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 176.596707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.604635] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.645147] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 176.661597] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 176.669267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.696230] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.703841] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.730184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.752799] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 176.760789] team0: Port device team_slave_0 added [ 176.771001] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 176.786675] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 176.794148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.815470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.855245] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.880107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.906254] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 176.919662] team0: Port device team_slave_1 added [ 176.927686] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 176.943800] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.966742] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.074293] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.094094] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.115482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.144274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.200601] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.331744] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 177.339177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.354505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.397412] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.403907] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.410975] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.417379] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.428582] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 177.487923] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.506421] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.525350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.809756] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.816199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.822845] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.829263] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.865914] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 177.876853] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.883238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.890059] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.896513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.906160] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 178.215139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.222609] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.243489] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.261865] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.268268] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.275050] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.281429] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.292347] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 178.567061] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.573423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.580240] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.586689] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.603214] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 178.838411] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.844776] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.851494] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.857895] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.872556] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.255878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.269310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.283950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.546903] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.870531] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.005724] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 183.054407] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.146998] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.371957] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 183.423180] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 183.468913] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 183.484364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.499516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.542320] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 183.638890] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.728003] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.852232] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 183.864970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.880076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.898971] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 183.914916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.925211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.938017] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.066237] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 184.094593] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 184.109095] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.122735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.226503] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 184.325152] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.346083] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.507373] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 184.513589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.522681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.571711] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.673458] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 184.680454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.694464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.902622] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.109565] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.688723] hrtimer: interrupt took 26599 ns 23:26:18 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) set_mempolicy(0x4002, &(0x7f0000000140)=0x6, 0x9) readahead(0xffffffffffffffff, 0x8, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000680)='/dev/loop#\x00', 0x0, 0x800000000105082) ioctl$VT_WAITACTIVE(r0, 0x5607) r2 = memfd_create(&(0x7f0000000480)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r2, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendfile(r1, r2, 0x0, 0x102000000) ioctl$VT_SETMODE(r0, 0x5602, 0x0) mbind(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0) rt_sigqueueinfo(0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0) 23:26:19 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) set_mempolicy(0x4002, &(0x7f0000000140)=0x6, 0x9) readahead(0xffffffffffffffff, 0x8, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000680)='/dev/loop#\x00', 0x0, 0x800000000105082) ioctl$VT_WAITACTIVE(r0, 0x5607) r2 = memfd_create(&(0x7f0000000480)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r2, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendfile(r1, r2, 0x0, 0x102000000) ioctl$VT_SETMODE(r0, 0x5602, 0x0) mbind(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0) rt_sigqueueinfo(0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0) 23:26:19 executing program 2: 23:26:19 executing program 1: r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) 23:26:19 executing program 2: clone(0x80008000010ff7e, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() mknod(&(0x7f00000000c0)='./file0\x00', 0x1048, 0x0) execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ptrace(0x10, r0) fcntl$setownex(0xffffffffffffffff, 0xf, 0x0) syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) pipe(0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) tkill(r0, 0x22) 23:26:19 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) set_mempolicy(0x4002, &(0x7f0000000140)=0x6, 0x9) readahead(0xffffffffffffffff, 0x8, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000680)='/dev/loop#\x00', 0x0, 0x800000000105082) ioctl$VT_WAITACTIVE(r0, 0x5607) r2 = memfd_create(&(0x7f0000000480)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r2, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendfile(r1, r2, 0x0, 0x102000000) ioctl$VT_SETMODE(r0, 0x5602, 0x0) mbind(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0) rt_sigqueueinfo(0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0) 23:26:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000011e00fb000100c0"]) 23:26:19 executing program 1: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = socket$inet6(0xa, 0x803, 0x7) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(0xffffffffffffffff, 0x2401, 0x0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) r2 = open(&(0x7f000000fffa)='./bus\x00', 0x14103e, 0x0) ftruncate(r1, 0x4000005) mmap(&(0x7f0000000000/0x600000)=nil, 0x600010, 0x800002, 0x4002011, r2, 0x0) mkdir(0x0, 0x0) 23:26:19 executing program 3: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r0 = socket$inet6(0xa, 0x803, 0x7) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") socket(0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(0xffffffffffffffff, 0x2401, 0x0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) r2 = open(&(0x7f000000fffa)='./bus\x00', 0x14103e, 0x0) ftruncate(r1, 0x4000005) mmap(&(0x7f0000000000/0x600000)=nil, 0x600010, 0x800002, 0x4002011, r2, 0x0) mkdir(0x0, 0x0) 23:26:19 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) set_mempolicy(0x4002, &(0x7f0000000140)=0x6, 0x9) readahead(0xffffffffffffffff, 0x8, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000680)='/dev/loop#\x00', 0x0, 0x800000000105082) ioctl$VT_WAITACTIVE(r0, 0x5607) r2 = memfd_create(&(0x7f0000000480)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r2, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendfile(r1, r2, 0x0, 0x102000000) ioctl$VT_SETMODE(r0, 0x5602, 0x0) mbind(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0) rt_sigqueueinfo(0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) [ 187.891253] encrypted_key: insufficient parameters specified 23:26:19 executing program 4: 23:26:19 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x4200, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) set_mempolicy(0x4002, &(0x7f0000000140)=0x6, 0x9) readahead(0xffffffffffffffff, 0x8, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000680)='/dev/loop#\x00', 0x0, 0x800000000105082) ioctl$VT_WAITACTIVE(r0, 0x5607) r2 = memfd_create(&(0x7f0000000480)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r2, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendfile(r1, r2, 0x0, 0x102000000) ioctl$VT_SETMODE(r0, 0x5602, 0x0) mbind(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0) rt_sigqueueinfo(0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0) [ 187.979585] encrypted_key: insufficient parameters specified [ 188.041274] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 23:26:19 executing program 4: 23:26:19 executing program 4: [ 188.179003] ================================================================== [ 188.186589] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 188.193175] Write of size 832 at addr ffff8881b81dfbc0 by task syz-executor2/7681 [ 188.200824] [ 188.202500] CPU: 0 PID: 7681 Comm: syz-executor2 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 188.211000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.220354] Call Trace: [ 188.222952] dump_stack+0x244/0x39d [ 188.226584] ? dump_stack_print_info.cold.1+0x20/0x20 [ 188.231782] ? printk+0xa7/0xcf [ 188.235074] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 188.239843] print_address_description.cold.4+0x9/0x1ff [ 188.245237] ? fpstate_init+0x50/0x160 [ 188.249135] kasan_report.cold.5+0x1b/0x39 [ 188.253374] ? fpstate_init+0x50/0x160 [ 188.257270] ? fpstate_init+0x50/0x160 [ 188.261171] check_memory_region+0x13e/0x1b0 [ 188.265623] memset+0x23/0x40 [ 188.268742] fpstate_init+0x50/0x160 [ 188.272480] kvm_arch_vcpu_init+0x3e9/0x870 [ 188.276816] kvm_vcpu_init+0x2fa/0x420 [ 188.280716] ? vcpu_stat_get+0x300/0x300 [ 188.284780] ? kmem_cache_alloc+0x33f/0x730 [ 188.289114] vmx_create_vcpu+0x1b7/0x2695 [ 188.293270] ? perf_trace_sched_process_exec+0x860/0x860 [ 188.298728] ? do_raw_spin_unlock+0xa7/0x330 [ 188.303148] ? vmx_exec_control+0x210/0x210 [ 188.307484] ? kasan_check_write+0x14/0x20 [ 188.311777] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 188.316711] ? futex_wait_queue_me+0x55d/0x840 [ 188.321302] ? wait_for_completion+0x8a0/0x8a0 [ 188.325899] ? print_usage_bug+0xc0/0xc0 [ 188.329974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.335523] ? get_futex_value_locked+0xcb/0xf0 [ 188.340219] kvm_arch_vcpu_create+0xe5/0x220 [ 188.344653] ? kvm_arch_vcpu_free+0x90/0x90 [ 188.348996] kvm_vm_ioctl+0x526/0x2030 [ 188.352892] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 188.358016] ? futex_wait+0x5ec/0xa50 [ 188.361842] ? kvm_unregister_device_ops+0x70/0x70 [ 188.366778] ? mark_held_locks+0x130/0x130 [ 188.371011] ? kfree+0x11e/0x230 [ 188.374387] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 188.379590] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 188.384701] ? futex_wake+0x304/0x760 [ 188.388560] ? __lock_acquire+0x62f/0x4c20 [ 188.392820] ? mark_held_locks+0x130/0x130 [ 188.397061] ? graph_lock+0x270/0x270 [ 188.400886] ? do_futex+0x249/0x26d0 [ 188.404637] ? rcu_read_unlock_special+0x370/0x370 [ 188.409591] ? rcu_softirq_qs+0x20/0x20 [ 188.413565] ? unwind_dump+0x190/0x190 [ 188.417466] ? find_held_lock+0x36/0x1c0 [ 188.421548] ? __fget+0x4aa/0x740 [ 188.425028] ? lock_downgrade+0x900/0x900 [ 188.429181] ? check_preemption_disabled+0x48/0x280 [ 188.434231] ? kasan_check_read+0x11/0x20 [ 188.438386] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 188.443669] ? rcu_read_unlock_special+0x370/0x370 [ 188.448621] ? __fget+0x4d1/0x740 [ 188.452090] ? ksys_dup3+0x680/0x680 [ 188.455808] ? __might_fault+0x12b/0x1e0 [ 188.459880] ? lock_downgrade+0x900/0x900 [ 188.464031] ? lock_release+0xa00/0xa00 [ 188.468039] ? perf_trace_sched_process_exec+0x860/0x860 [ 188.473493] ? kvm_unregister_device_ops+0x70/0x70 [ 188.478466] do_vfs_ioctl+0x1de/0x1790 [ 188.482373] ? ioctl_preallocate+0x300/0x300 [ 188.486795] ? __fget_light+0x2e9/0x430 [ 188.490781] ? fget_raw+0x20/0x20 [ 188.494236] ? _copy_to_user+0xc8/0x110 [ 188.498240] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.503781] ? put_timespec64+0x10f/0x1b0 [ 188.507952] ? nsecs_to_jiffies+0x30/0x30 [ 188.512110] ? do_syscall_64+0x9a/0x820 [ 188.516096] ? do_syscall_64+0x9a/0x820 [ 188.520078] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 188.524674] ? security_file_ioctl+0x94/0xc0 [ 188.529093] ksys_ioctl+0xa9/0xd0 [ 188.532559] __x64_sys_ioctl+0x73/0xb0 [ 188.536460] do_syscall_64+0x1b9/0x820 [ 188.540371] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 188.545749] ? syscall_return_slowpath+0x5e0/0x5e0 [ 188.550706] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 188.555561] ? trace_hardirqs_on_caller+0x310/0x310 [ 188.560592] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 188.566077] ? prepare_exit_to_usermode+0x291/0x3b0 [ 188.571113] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 188.575978] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.581218] RIP: 0033:0x457669 [ 188.584420] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.603321] RSP: 002b:00007f6afed51c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 188.611066] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 188.611078] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 188.611087] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 188.611096] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6afed526d4 [ 188.611105] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 188.611131] [ 188.611138] Allocated by task 7681: [ 188.611152] save_stack+0x43/0xd0 [ 188.656179] kasan_kmalloc+0xcb/0xd0 [ 188.659899] kasan_slab_alloc+0x12/0x20 [ 188.663870] kmem_cache_alloc+0x130/0x730 [ 188.668020] vmx_create_vcpu+0x110/0x2695 [ 188.672167] kvm_arch_vcpu_create+0xe5/0x220 [ 188.676598] kvm_vm_ioctl+0x526/0x2030 [ 188.680496] do_vfs_ioctl+0x1de/0x1790 [ 188.684377] ksys_ioctl+0xa9/0xd0 [ 188.687830] __x64_sys_ioctl+0x73/0xb0 [ 188.691719] do_syscall_64+0x1b9/0x820 [ 188.695609] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.700785] [ 188.702408] Freed by task 0: [ 188.705411] (stack is not available) [ 188.709112] [ 188.710741] The buggy address belongs to the object at ffff8881b81dfb80 [ 188.710741] which belongs to the cache x86_fpu of size 832 [ 188.723049] The buggy address is located 64 bytes inside of [ 188.723049] 832-byte region [ffff8881b81dfb80, ffff8881b81dfec0) [ 188.734831] The buggy address belongs to the page: [ 188.739758] page:ffffea0006e077c0 count:1 mapcount:0 mapping:ffff8881d48bae00 index:0x0 [ 188.747893] flags: 0x2fffc0000000200(slab) [ 188.752148] raw: 02fffc0000000200 ffff8881d5190248 ffff8881d5190248 ffff8881d48bae00 [ 188.760034] raw: 0000000000000000 ffff8881b81df040 0000000100000004 0000000000000000 [ 188.767909] page dumped because: kasan: bad access detected [ 188.773610] [ 188.775229] Memory state around the buggy address: [ 188.780154] ffff8881b81dfd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 188.787516] ffff8881b81dfe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 188.794919] >ffff8881b81dfe80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 188.802269] ^ [ 188.807719] ffff8881b81dff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 188.815074] ffff8881b81dff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 188.822439] ================================================================== 23:26:20 executing program 4: 23:26:20 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f00000000c0)='./file0\x00', 0x300, 0x0, 0x0, 0x0, 0x0) 23:26:20 executing program 3: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0) setsockopt(r1, 0x65, 0x1, &(0x7f0000000080), 0x1d0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x6, 0x80000) openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rfkill\x00', 0x0, 0x0) syz_open_dev$amidi(&(0x7f0000000240)='/dev/amidi#\x00', 0x6, 0x41) r2 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, 0x0, 0x0) modify_ldt$write2(0x11, &(0x7f0000000340)={0x1e900000000000, 0x0, 0x0, 0x0, 0xfffffffffffffa83, 0x0, 0x8, 0x0, 0x1, 0x4000000000fff}, 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) unshare(0x100) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0xfffffffffffffffb) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000001a00)={0x0}) recvmmsg(r2, &(0x7f0000001940)=[{{0x0, 0x0, &(0x7f0000000440)=[{0x0}], 0x1}, 0x3}], 0x1, 0x10000, &(0x7f0000001a40)={r3}) close(r1) sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) timer_delete(0x0) unshare(0x40000000) fcntl$getownex(r0, 0x10, 0x0) ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, 0x0) [ 188.829786] Disabling lock debugging due to kernel taint 23:26:20 executing program 4: [ 188.888340] attempt to access beyond end of device [ 188.900875] loop5: rw=2048, want=3, limit=1 [ 188.925236] hfsplus: unable to find HFS+ superblock [ 188.942467] Kernel panic - not syncing: panic_on_warn set ... [ 188.948382] CPU: 0 PID: 7681 Comm: syz-executor2 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 188.950948] IPVS: ftp: loaded support on port[0] = 21 [ 188.958266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.958271] Call Trace: [ 188.958290] dump_stack+0x244/0x39d [ 188.958306] ? dump_stack_print_info.cold.1+0x20/0x20 [ 188.958325] ? fpstate_init+0x30/0x160 [ 188.972685] kobject: 'lo' (0000000056cb3ebf): kobject_add_internal: parent: 'net', set: 'devices' [ 188.972889] panic+0x2ad/0x632 [ 188.976476] kobject: 'lo' (0000000056cb3ebf): kobject_uevent_env [ 188.979064] ? add_taint.cold.5+0x16/0x16 [ 188.979082] ? preempt_schedule+0x4d/0x60 [ 188.979096] ? ___preempt_schedule+0x16/0x18 [ 188.979117] ? trace_hardirqs_on+0xb4/0x310 [ 188.984664] kobject: 'lo' (0000000056cb3ebf): fill_kobj_path: path = '/devices/virtual/net/lo' [ 188.988161] ? fpstate_init+0x50/0x160 [ 188.988177] end_report+0x47/0x4f [ 188.988206] kasan_report.cold.5+0xe/0x39 [ 188.988224] ? fpstate_init+0x50/0x160 [ 188.999019] kobject: 'queues' (0000000026ec9eb4): kobject_add_internal: parent: 'lo', set: '' [ 189.000405] ? fpstate_init+0x50/0x160 [ 189.000421] check_memory_region+0x13e/0x1b0 [ 189.000436] memset+0x23/0x40 [ 189.006693] kobject: 'queues' (0000000026ec9eb4): kobject_uevent_env [ 189.010745] fpstate_init+0x50/0x160 [ 189.010760] kvm_arch_vcpu_init+0x3e9/0x870 [ 189.010780] kvm_vcpu_init+0x2fa/0x420 [ 189.015021] kobject: 'queues' (0000000026ec9eb4): kobject_uevent_env: filter function caused the event to drop! [ 189.019368] ? vcpu_stat_get+0x300/0x300 [ 189.019383] ? kmem_cache_alloc+0x33f/0x730 [ 189.019401] vmx_create_vcpu+0x1b7/0x2695 [ 189.023826] kobject: 'rx-0' (00000000b6bac806): kobject_add_internal: parent: 'queues', set: 'queues' [ 189.032462] ? perf_trace_sched_process_exec+0x860/0x860 [ 189.032477] ? do_raw_spin_unlock+0xa7/0x330 [ 189.032493] ? vmx_exec_control+0x210/0x210 [ 189.032509] ? kasan_check_write+0x14/0x20 [ 189.036890] kobject: 'rx-0' (00000000b6bac806): kobject_uevent_env [ 189.039818] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 189.039832] ? futex_wait_queue_me+0x55d/0x840 [ 189.039845] ? wait_for_completion+0x8a0/0x8a0 [ 189.039864] ? print_usage_bug+0xc0/0xc0 [ 189.044273] kobject: 'rx-0' (00000000b6bac806): fill_kobj_path: path = '/devices/virtual/net/lo/queues/rx-0' [ 189.047865] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.047880] ? get_futex_value_locked+0xcb/0xf0 [ 189.047896] kvm_arch_vcpu_create+0xe5/0x220 [ 189.047914] ? kvm_arch_vcpu_free+0x90/0x90 [ 189.190387] kvm_vm_ioctl+0x526/0x2030 [ 189.194276] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 189.199380] ? futex_wait+0x5ec/0xa50 [ 189.203203] ? kvm_unregister_device_ops+0x70/0x70 [ 189.208134] ? mark_held_locks+0x130/0x130 [ 189.212360] ? kfree+0x11e/0x230 [ 189.215728] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 189.220921] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 189.226022] ? futex_wake+0x304/0x760 [ 189.229826] ? __lock_acquire+0x62f/0x4c20 [ 189.234068] ? mark_held_locks+0x130/0x130 [ 189.238301] ? graph_lock+0x270/0x270 [ 189.242108] ? do_futex+0x249/0x26d0 [ 189.245816] ? rcu_read_unlock_special+0x370/0x370 [ 189.250763] ? rcu_softirq_qs+0x20/0x20 [ 189.254749] ? unwind_dump+0x190/0x190 [ 189.258637] ? find_held_lock+0x36/0x1c0 [ 189.262697] ? __fget+0x4aa/0x740 [ 189.266150] ? lock_downgrade+0x900/0x900 [ 189.270303] ? check_preemption_disabled+0x48/0x280 [ 189.275317] ? kasan_check_read+0x11/0x20 [ 189.279459] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 189.284730] ? rcu_read_unlock_special+0x370/0x370 [ 189.289696] ? __fget+0x4d1/0x740 [ 189.293169] ? ksys_dup3+0x680/0x680 [ 189.296890] ? __might_fault+0x12b/0x1e0 [ 189.300949] ? lock_downgrade+0x900/0x900 [ 189.305094] ? lock_release+0xa00/0xa00 [ 189.309065] ? perf_trace_sched_process_exec+0x860/0x860 [ 189.314513] ? kvm_unregister_device_ops+0x70/0x70 [ 189.319471] do_vfs_ioctl+0x1de/0x1790 [ 189.323362] ? ioctl_preallocate+0x300/0x300 [ 189.327771] ? __fget_light+0x2e9/0x430 [ 189.331745] ? fget_raw+0x20/0x20 [ 189.335207] ? _copy_to_user+0xc8/0x110 [ 189.339182] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.344743] ? put_timespec64+0x10f/0x1b0 [ 189.348900] ? nsecs_to_jiffies+0x30/0x30 [ 189.353048] ? do_syscall_64+0x9a/0x820 [ 189.357039] ? do_syscall_64+0x9a/0x820 [ 189.361009] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 189.365587] ? security_file_ioctl+0x94/0xc0 [ 189.370007] ksys_ioctl+0xa9/0xd0 [ 189.373471] __x64_sys_ioctl+0x73/0xb0 [ 189.377367] do_syscall_64+0x1b9/0x820 [ 189.381279] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 189.386640] ? syscall_return_slowpath+0x5e0/0x5e0 [ 189.391579] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 189.396417] ? trace_hardirqs_on_caller+0x310/0x310 [ 189.401428] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 189.406441] ? prepare_exit_to_usermode+0x291/0x3b0 [ 189.411481] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 189.416323] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.421519] RIP: 0033:0x457669 [ 189.424736] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.443648] RSP: 002b:00007f6afed51c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 189.451365] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 189.458642] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 189.465906] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 189.473171] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6afed526d4 [ 189.480477] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 189.488651] Kernel Offset: disabled [ 189.492274] Rebooting in 86400 seconds..