[info] Using makefile-style concurrent boot in runlevel 2. [ 26.294049] audit: type=1800 audit(1545644665.498:21): pid=5848 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts. 2018/12/24 09:44:42 fuzzer started 2018/12/24 09:44:44 dialing manager at 10.128.0.26:34681 2018/12/24 09:44:44 syscalls: 1 2018/12/24 09:44:44 code coverage: enabled 2018/12/24 09:44:44 comparison tracing: enabled 2018/12/24 09:44:44 setuid sandbox: enabled 2018/12/24 09:44:44 namespace sandbox: enabled 2018/12/24 09:44:44 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 09:44:44 fault injection: enabled 2018/12/24 09:44:44 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 09:44:44 net packet injection: enabled 2018/12/24 09:44:44 net device setup: enabled 09:46:54 executing program 0: openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0) link(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00') ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syzkaller login: [ 175.446544] IPVS: ftp: loaded support on port[0] = 21 09:46:54 executing program 1: openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0) link(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00') ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 175.737141] IPVS: ftp: loaded support on port[0] = 21 09:46:55 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000480)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000000)={0x28}, 0x28) [ 176.056952] IPVS: ftp: loaded support on port[0] = 21 09:46:55 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$bt_sco(r0, &(0x7f0000000000), 0x8) 09:46:55 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB=',rootmode=00000000000020700040020']) [ 176.545793] IPVS: ftp: loaded support on port[0] = 21 [ 176.757318] IPVS: ftp: loaded support on port[0] = 21 09:46:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300de56b5000000000000000000080000000000000008000500ac14141b080003000100000f01"], 0x1}}, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00b60000000000000325"], 0x1}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$urandom(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0) link(&(0x7f0000000100)='./file0\x00', 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 177.109791] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.147536] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.159413] device bridge_slave_0 entered promiscuous mode [ 177.203943] IPVS: ftp: loaded support on port[0] = 21 [ 177.371537] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.391038] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.399084] device bridge_slave_1 entered promiscuous mode [ 177.525263] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 177.658832] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.039279] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.058065] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.065456] device bridge_slave_0 entered promiscuous mode [ 178.077617] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.135915] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.153311] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.161019] device bridge_slave_1 entered promiscuous mode [ 178.226593] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.245836] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 178.421617] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.433598] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.441488] device bridge_slave_0 entered promiscuous mode [ 178.456667] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.544071] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.553831] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.561671] device bridge_slave_1 entered promiscuous mode [ 178.689554] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.791585] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.822844] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 178.834148] team0: Port device team_slave_0 added [ 178.988226] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.047358] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.075681] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.094295] team0: Port device team_slave_1 added [ 179.112348] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.122226] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.130154] device bridge_slave_0 entered promiscuous mode [ 179.140341] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.146778] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.154693] device bridge_slave_0 entered promiscuous mode [ 179.169523] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.181293] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.205926] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.253734] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.266915] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.274193] device bridge_slave_1 entered promiscuous mode [ 179.285226] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.299967] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.308316] device bridge_slave_1 entered promiscuous mode [ 179.319947] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.335434] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.349945] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.358703] device bridge_slave_0 entered promiscuous mode [ 179.422751] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.434080] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.463372] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 179.487137] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.507891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.544967] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.578518] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.584921] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.601492] device bridge_slave_1 entered promiscuous mode [ 179.611311] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 179.627424] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.635024] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.677761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.730670] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.833691] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.853806] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.883863] team0: Port device team_slave_0 added [ 179.902478] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.913154] team0: Port device team_slave_0 added [ 179.935746] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.001612] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.009037] team0: Port device team_slave_1 added [ 180.028789] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.036056] team0: Port device team_slave_1 added [ 180.052178] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.070312] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 180.091742] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.118004] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.141126] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.178937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.197544] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 180.207046] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.219619] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.243115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.267439] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.302173] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.329658] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.342303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.367747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.387724] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.396061] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.427389] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.457642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.498054] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.509343] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.516698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.525610] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.534336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.542994] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.677572] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.684414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.764881] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.778384] team0: Port device team_slave_0 added [ 180.862487] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.882276] team0: Port device team_slave_0 added [ 180.898357] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.905802] team0: Port device team_slave_1 added [ 180.999327] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 181.006377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.017792] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.030262] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.037822] team0: Port device team_slave_1 added [ 181.053998] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.087822] team0: Port device team_slave_0 added [ 181.109333] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 181.117502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.125350] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.200383] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 181.208755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.232681] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.249256] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.256579] team0: Port device team_slave_1 added [ 181.269917] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.307530] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.315483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.332740] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.339247] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.346195] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.352626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.368976] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.400212] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.457657] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.474234] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.489215] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.497667] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.505640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.525644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.541225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.572282] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.637231] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.644406] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.657657] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.668109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.689927] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.715348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.741815] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.839082] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.875320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.887753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.977132] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.983524] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.990234] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.996611] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.021404] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 182.044011] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.050465] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.057186] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.063563] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.074371] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 182.657752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.665066] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.876633] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.883108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.889842] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.896205] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.908339] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.187757] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.194188] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.200910] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.207333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.216768] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.344183] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.350608] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.357329] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.363710] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.375452] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.707887] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.715265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.740091] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.671761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.133731] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.157727] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.307541] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.576320] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.594009] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.606989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.615907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.786464] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 188.036470] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.063256] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.093349] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 188.100978] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.117131] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.284077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.417914] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 188.424137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.443456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.479973] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 188.651042] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.745037] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 188.782983] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.882252] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.088409] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 189.094577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.107444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.264242] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 189.270798] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.280830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.434341] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 189.609639] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.747646] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 189.766868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.773916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.856688] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.225949] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.192956] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 191.287728] ================================================================== [ 191.295277] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 191.301867] Write of size 832 at addr ffff8881cdca2bc0 by task syz-executor0/7491 [ 191.309483] [ 191.311129] CPU: 0 PID: 7491 Comm: syz-executor0 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 191.319623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.329254] Call Trace: [ 191.331853] dump_stack+0x244/0x39d [ 191.335496] ? dump_stack_print_info.cold.1+0x20/0x20 [ 191.340698] ? printk+0xa7/0xcf [ 191.344035] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 191.348805] print_address_description.cold.4+0x9/0x1ff [ 191.348824] ? fpstate_init+0x50/0x160 [ 191.348841] kasan_report.cold.5+0x1b/0x39 [ 191.348859] ? fpstate_init+0x50/0x160 [ 191.348876] ? fpstate_init+0x50/0x160 [ 191.370197] check_memory_region+0x13e/0x1b0 [ 191.374647] memset+0x23/0x40 [ 191.377780] fpstate_init+0x50/0x160 [ 191.381508] kvm_arch_vcpu_init+0x3e9/0x870 [ 191.385865] kvm_vcpu_init+0x2fa/0x420 [ 191.389772] ? vcpu_stat_get+0x300/0x300 [ 191.393852] ? kmem_cache_alloc+0x33f/0x730 [ 191.398194] vmx_create_vcpu+0x1b7/0x2695 [ 191.398217] ? perf_trace_sched_process_exec+0x860/0x860 [ 191.398233] ? do_raw_spin_unlock+0xa7/0x330 [ 191.398253] ? vmx_exec_control+0x210/0x210 [ 191.407842] ? kasan_check_write+0x14/0x20 [ 191.407858] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 191.407875] ? futex_wait_queue_me+0x55d/0x840 [ 191.407892] ? wait_for_completion+0x8a0/0x8a0 [ 191.407913] ? print_usage_bug+0xc0/0xc0 [ 191.438994] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.444543] ? get_futex_value_locked+0xcb/0xf0 [ 191.449233] kvm_arch_vcpu_create+0xe5/0x220 [ 191.453761] ? kvm_arch_vcpu_free+0x90/0x90 [ 191.458105] kvm_vm_ioctl+0x526/0x2030 [ 191.462008] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 191.467132] ? futex_wait+0x5ec/0xa50 [ 191.470964] ? kvm_unregister_device_ops+0x70/0x70 [ 191.475915] ? mark_held_locks+0x130/0x130 [ 191.480149] ? kfree+0x11e/0x230 [ 191.483547] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 191.488752] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 191.493887] ? futex_wake+0x304/0x760 [ 191.497729] ? __lock_acquire+0x62f/0x4c20 [ 191.502002] ? mark_held_locks+0x130/0x130 [ 191.506240] ? graph_lock+0x270/0x270 [ 191.510054] ? do_futex+0x249/0x26d0 [ 191.513787] ? rcu_read_unlock_special+0x370/0x370 [ 191.518731] ? rcu_softirq_qs+0x20/0x20 [ 191.522711] ? unwind_dump+0x190/0x190 [ 191.526630] ? find_held_lock+0x36/0x1c0 [ 191.530731] ? __fget+0x4aa/0x740 [ 191.534198] ? lock_downgrade+0x900/0x900 [ 191.538380] ? check_preemption_disabled+0x48/0x280 [ 191.543417] ? kasan_check_read+0x11/0x20 [ 191.547588] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 191.552876] ? rcu_read_unlock_special+0x370/0x370 [ 191.557829] ? __fget+0x4d1/0x740 [ 191.561299] ? ksys_dup3+0x680/0x680 [ 191.565030] ? __might_fault+0x12b/0x1e0 [ 191.569101] ? lock_downgrade+0x900/0x900 [ 191.573262] ? lock_release+0xa00/0xa00 [ 191.577253] ? perf_trace_sched_process_exec+0x860/0x860 [ 191.582729] ? kvm_unregister_device_ops+0x70/0x70 [ 191.587678] do_vfs_ioctl+0x1de/0x1790 [ 191.591614] ? ioctl_preallocate+0x300/0x300 [ 191.596038] ? __fget_light+0x2e9/0x430 [ 191.600025] ? fget_raw+0x20/0x20 [ 191.603494] ? _copy_to_user+0xc8/0x110 [ 191.607486] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.613036] ? put_timespec64+0x10f/0x1b0 [ 191.617204] ? nsecs_to_jiffies+0x30/0x30 [ 191.621364] ? do_syscall_64+0x9a/0x820 [ 191.625348] ? do_syscall_64+0x9a/0x820 [ 191.629333] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 191.629353] ? security_file_ioctl+0x94/0xc0 [ 191.629375] ksys_ioctl+0xa9/0xd0 [ 191.629396] __x64_sys_ioctl+0x73/0xb0 [ 191.629416] do_syscall_64+0x1b9/0x820 [ 191.638402] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 191.638420] ? syscall_return_slowpath+0x5e0/0x5e0 [ 191.638436] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 191.638456] ? trace_hardirqs_on_caller+0x310/0x310 [ 191.638475] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 191.674802] ? prepare_exit_to_usermode+0x291/0x3b0 [ 191.679835] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 191.684727] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.689933] RIP: 0033:0x457669 [ 191.693151] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.712061] RSP: 002b:00007f5a851f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 191.719772] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 191.727055] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 191.734334] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 191.741636] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5a851f36d4 [ 191.748914] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 191.756200] [ 191.757844] Allocated by task 7491: [ 191.761520] save_stack+0x43/0xd0 [ 191.764988] kasan_kmalloc+0xcb/0xd0 [ 191.768730] kasan_slab_alloc+0x12/0x20 [ 191.772740] kmem_cache_alloc+0x130/0x730 [ 191.776901] vmx_create_vcpu+0x110/0x2695 [ 191.781055] kvm_arch_vcpu_create+0xe5/0x220 [ 191.785497] kvm_vm_ioctl+0x526/0x2030 [ 191.789416] do_vfs_ioctl+0x1de/0x1790 [ 191.793312] ksys_ioctl+0xa9/0xd0 [ 191.796776] __x64_sys_ioctl+0x73/0xb0 [ 191.800687] do_syscall_64+0x1b9/0x820 [ 191.804600] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.809814] [ 191.811439] Freed by task 0: [ 191.814484] (stack is not available) [ 191.818197] [ 191.819840] The buggy address belongs to the object at ffff8881cdca2b80 [ 191.819840] which belongs to the cache x86_fpu of size 832 [ 191.832154] The buggy address is located 64 bytes inside of [ 191.832154] 832-byte region [ffff8881cdca2b80, ffff8881cdca2ec0) [ 191.843942] The buggy address belongs to the page: [ 191.848881] page:ffffea0007372880 count:1 mapcount:0 mapping:ffff8881d519d4c0 index:0x0 [ 191.857045] flags: 0x2fffc0000000200(slab) [ 191.861325] raw: 02fffc0000000200 ffff8881d484eb48 ffffea0007392a08 ffff8881d519d4c0 [ 191.869210] raw: 0000000000000000 ffff8881cdca2040 0000000100000004 0000000000000000 [ 191.877105] page dumped because: kasan: bad access detected [ 191.882811] [ 191.884446] Memory state around the buggy address: [ 191.889384] ffff8881cdca2d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 191.896759] ffff8881cdca2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 191.904135] >ffff8881cdca2e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 191.911495] ^ [ 191.916951] ffff8881cdca2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 191.924319] ffff8881cdca2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 191.931696] ================================================================== [ 191.939065] Disabling lock debugging due to kernel taint [ 191.956053] Kernel panic - not syncing: panic_on_warn set ... [ 191.961969] CPU: 0 PID: 7491 Comm: syz-executor0 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 191.971854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.974408] kobject: 'loop2' (000000002b79e839): kobject_uevent_env [ 191.981216] Call Trace: [ 191.981235] dump_stack+0x244/0x39d [ 191.981251] ? dump_stack_print_info.cold.1+0x20/0x20 [ 191.981273] ? fpstate_init+0x30/0x160 [ 192.002932] panic+0x2ad/0x632 [ 192.006133] ? add_taint.cold.5+0x16/0x16 [ 192.010289] ? preempt_schedule+0x4d/0x60 [ 192.014459] ? ___preempt_schedule+0x16/0x18 [ 192.015494] kobject: 'loop2' (000000002b79e839): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 192.018875] ? trace_hardirqs_on+0xb4/0x310 [ 192.018892] ? fpstate_init+0x50/0x160 [ 192.018907] end_report+0x47/0x4f [ 192.018921] kasan_report.cold.5+0xe/0x39 [ 192.018939] ? fpstate_init+0x50/0x160 [ 192.048045] ? fpstate_init+0x50/0x160 [ 192.051943] check_memory_region+0x13e/0x1b0 [ 192.056370] memset+0x23/0x40 [ 192.059505] fpstate_init+0x50/0x160 [ 192.063234] kvm_arch_vcpu_init+0x3e9/0x870 [ 192.067567] kvm_vcpu_init+0x2fa/0x420 [ 192.071476] ? vcpu_stat_get+0x300/0x300 [ 192.075546] ? kmem_cache_alloc+0x33f/0x730 [ 192.079878] vmx_create_vcpu+0x1b7/0x2695 [ 192.084051] ? perf_trace_sched_process_exec+0x860/0x860 [ 192.089510] ? do_raw_spin_unlock+0xa7/0x330 [ 192.093943] ? vmx_exec_control+0x210/0x210 [ 192.098283] ? kasan_check_write+0x14/0x20 [ 192.102555] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 192.107489] ? futex_wait_queue_me+0x55d/0x840 [ 192.112096] ? wait_for_completion+0x8a0/0x8a0 [ 192.116713] ? print_usage_bug+0xc0/0xc0 [ 192.120800] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.126348] ? get_futex_value_locked+0xcb/0xf0 [ 192.131032] kvm_arch_vcpu_create+0xe5/0x220 [ 192.135460] ? kvm_arch_vcpu_free+0x90/0x90 [ 192.139800] kvm_vm_ioctl+0x526/0x2030 [ 192.143696] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 192.148833] ? futex_wait+0x5ec/0xa50 [ 192.152645] ? kvm_unregister_device_ops+0x70/0x70 [ 192.157581] ? mark_held_locks+0x130/0x130 [ 192.161631] kobject: 'kvm' (000000000bbe6025): kobject_uevent_env [ 192.161828] ? kfree+0x11e/0x230 [ 192.171414] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 192.176613] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 192.181735] ? futex_wake+0x304/0x760 [ 192.182527] kobject: 'kvm' (000000000bbe6025): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 192.185554] ? __lock_acquire+0x62f/0x4c20 [ 192.185580] ? mark_held_locks+0x130/0x130 [ 192.185600] ? graph_lock+0x270/0x270 [ 192.206871] ? do_futex+0x249/0x26d0 [ 192.210601] ? rcu_read_unlock_special+0x370/0x370 [ 192.215536] ? rcu_softirq_qs+0x20/0x20 [ 192.219529] ? unwind_dump+0x190/0x190 [ 192.223458] ? find_held_lock+0x36/0x1c0 [ 192.227532] ? __fget+0x4aa/0x740 [ 192.231013] ? lock_downgrade+0x900/0x900 [ 192.235185] ? check_preemption_disabled+0x48/0x280 [ 192.240220] ? kasan_check_read+0x11/0x20 [ 192.244382] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 192.249688] ? rcu_read_unlock_special+0x370/0x370 [ 192.254652] ? __fget+0x4d1/0x740 [ 192.258117] ? ksys_dup3+0x680/0x680 [ 192.261890] ? __might_fault+0x12b/0x1e0 [ 192.265990] ? lock_downgrade+0x900/0x900 [ 192.270152] ? lock_release+0xa00/0xa00 [ 192.273255] kobject: 'kvm' (000000000bbe6025): kobject_uevent_env [ 192.274166] ? perf_trace_sched_process_exec+0x860/0x860 [ 192.285834] ? kvm_unregister_device_ops+0x70/0x70 [ 192.290803] do_vfs_ioctl+0x1de/0x1790 [ 192.292400] kobject: 'kvm' (000000000bbe6025): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 192.294710] ? ioctl_preallocate+0x300/0x300 [ 192.294738] ? __fget_light+0x2e9/0x430 [ 192.294756] ? fget_raw+0x20/0x20 [ 192.315590] ? _copy_to_user+0xc8/0x110 [ 192.319599] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.325357] ? put_timespec64+0x10f/0x1b0 [ 192.329516] ? nsecs_to_jiffies+0x30/0x30 [ 192.333674] ? do_syscall_64+0x9a/0x820 [ 192.337680] ? do_syscall_64+0x9a/0x820 [ 192.341657] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 192.346329] ? security_file_ioctl+0x94/0xc0 [ 192.350762] ksys_ioctl+0xa9/0xd0 [ 192.354226] __x64_sys_ioctl+0x73/0xb0 [ 192.358133] do_syscall_64+0x1b9/0x820 [ 192.362033] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 192.367410] ? syscall_return_slowpath+0x5e0/0x5e0 [ 192.372351] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 192.377211] ? trace_hardirqs_on_caller+0x310/0x310 [ 192.382239] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 192.387268] ? prepare_exit_to_usermode+0x291/0x3b0 [ 192.392303] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 192.397167] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.402364] RIP: 0033:0x457669 [ 192.405569] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.409595] kobject: 'loop3' (00000000884365a2): kobject_uevent_env [ 192.424474] RSP: 002b:00007f5a851f2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 192.424489] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 192.424498] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 192.424507] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 192.424516] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5a851f36d4 [ 192.424524] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 192.431905] Kernel Offset: disabled [ 192.479428] Rebooting in 86400 seconds..