[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.344264] kauditd_printk_skb: 7 callbacks suppressed [ 29.344276] audit: type=1800 audit(1545629731.959:29): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.369753] audit: type=1800 audit(1545629731.959:30): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.187' (ECDSA) to the list of known hosts. 2018/12/24 05:35:43 fuzzer started 2018/12/24 05:35:45 dialing manager at 10.128.0.26:33943 2018/12/24 05:35:45 syscalls: 1 2018/12/24 05:35:45 code coverage: enabled 2018/12/24 05:35:45 comparison tracing: enabled 2018/12/24 05:35:45 setuid sandbox: enabled 2018/12/24 05:35:45 namespace sandbox: enabled 2018/12/24 05:35:45 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 05:35:45 fault injection: enabled 2018/12/24 05:35:45 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 05:35:45 net packet injection: enabled 2018/12/24 05:35:45 net device setup: enabled 05:38:01 executing program 0: clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = semget$private(0x0, 0x1, 0x0) semtimedop(r1, &(0x7f000001dfd6)=[{0x0, 0xfffffffffffffff7}], 0x1, 0x0) semtimedop(r1, &(0x7f0000033816)=[{0x0, 0x808d}], 0x1, 0x0) semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000fbd000)=[0x7fff]) syzkaller login: [ 178.955210] IPVS: ftp: loaded support on port[0] = 21 05:38:01 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x31, 0xffffffffffffffff, 0x0) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) [ 179.239027] IPVS: ftp: loaded support on port[0] = 21 05:38:01 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000100), 0x2) ioctl$KDENABIO(r1, 0x400448e7) [ 179.510875] IPVS: ftp: loaded support on port[0] = 21 05:38:02 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f00000015c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) io_setup(0x401, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000d00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x27d}]) [ 180.098000] IPVS: ftp: loaded support on port[0] = 21 05:38:02 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') read$FUSE(r0, 0x0, 0x0) open$dir(0x0, 0x0, 0x0) [ 180.406550] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.427426] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.435787] IPVS: ftp: loaded support on port[0] = 21 [ 180.443334] device bridge_slave_0 entered promiscuous mode [ 180.605935] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.627361] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.643282] device bridge_slave_1 entered promiscuous mode 05:38:03 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$vfat(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_read_part_table(0x0, 0x0, &(0x7f0000000200)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 180.821003] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.927385] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.020041] IPVS: ftp: loaded support on port[0] = 21 [ 181.288851] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.390076] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.404411] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.426916] device bridge_slave_0 entered promiscuous mode [ 181.446692] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.506510] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.547376] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.557810] device bridge_slave_1 entered promiscuous mode [ 181.677030] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.721363] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.742225] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.750395] device bridge_slave_0 entered promiscuous mode [ 181.761365] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.834795] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.850083] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.857513] device bridge_slave_1 entered promiscuous mode [ 181.949302] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.053179] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.096532] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.128582] team0: Port device team_slave_0 added [ 182.207604] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.245697] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.278324] team0: Port device team_slave_1 added [ 182.345141] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.393274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.462911] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.485457] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.493278] device bridge_slave_0 entered promiscuous mode [ 182.504934] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.519871] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.540314] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.552925] device bridge_slave_0 entered promiscuous mode [ 182.574311] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.608430] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.614801] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.638549] device bridge_slave_1 entered promiscuous mode [ 182.654503] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.712270] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.723692] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.731505] device bridge_slave_1 entered promiscuous mode [ 182.741094] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.777614] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.813930] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.848569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.859398] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.888052] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.895256] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.907108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.941386] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.001896] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.009630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.048107] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.137397] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.147827] team0: Port device team_slave_0 added [ 183.255784] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.263243] team0: Port device team_slave_1 added [ 183.358539] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.391474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.410043] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.416432] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.433612] device bridge_slave_0 entered promiscuous mode [ 183.444397] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.465585] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.488207] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.495485] team0: Port device team_slave_0 added [ 183.540837] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.560794] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.567165] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.578325] device bridge_slave_1 entered promiscuous mode [ 183.621248] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.650368] team0: Port device team_slave_1 added [ 183.659600] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.706214] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.727625] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.736415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.756713] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.803875] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.824822] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.848260] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.857177] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.874759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.896083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.912409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.933262] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.953722] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.969082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.985464] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.012102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.049879] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.065858] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.088419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.163919] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 184.188109] team0: Port device team_slave_0 added [ 184.195635] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.218268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.228559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.251404] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.269993] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.276462] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.283495] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.289887] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.301894] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.324767] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.339314] team0: Port device team_slave_1 added [ 184.407736] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.436287] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.465432] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 184.488458] team0: Port device team_slave_0 added [ 184.550242] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.611672] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.625883] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.657989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.671578] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.679782] team0: Port device team_slave_1 added [ 184.724613] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.748664] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.764289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.806588] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.847149] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.887592] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 184.894469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.904312] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.007982] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.015082] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.038030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.147544] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.154706] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.178075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.216507] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 185.229575] team0: Port device team_slave_0 added [ 185.367639] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 185.387728] team0: Port device team_slave_1 added [ 185.448488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.559302] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.566116] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.572857] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.579267] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.608285] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.634628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.768454] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.775524] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.788284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.817526] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.823883] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.830632] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.837021] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.845061] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.875775] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.891101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.917367] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.926380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.938029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.164194] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.170612] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.177327] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.183695] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.192815] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.664362] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.670845] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.677576] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.683940] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.699272] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.961336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.979553] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.151607] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.158019] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.164758] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.171231] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.187703] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.991058] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.447761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.988468] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.485067] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 190.502198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.509889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.621280] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.929964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.009126] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.020739] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 191.391663] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.410023] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 191.531698] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 191.545179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.560147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.591762] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.803369] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.823867] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 191.838004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.846698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.939570] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.034401] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.130402] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.216666] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.295312] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.363246] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.377596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.392956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.637890] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.644069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.653242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.709937] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.716100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.725171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.774738] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.108654] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.129987] 8021q: adding VLAN 0 to HW filter on device team0 05:38:16 executing program 0: clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) semtimedop(0x0, &(0x7f000001dfd6)=[{0x0, 0xfffffffffffffff7}], 0x1, 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000fbd000)=[0x7fff]) 05:38:16 executing program 0: 05:38:16 executing program 0: 05:38:16 executing program 0: 05:38:16 executing program 0: 05:38:16 executing program 0: 05:38:17 executing program 0: 05:38:18 executing program 1: 05:38:18 executing program 0: 05:38:18 executing program 2: 05:38:18 executing program 4: [ 196.060139] __loop_clr_fd: partition scan of loop5 failed (rc=-22) 05:38:18 executing program 5: 05:38:18 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f00000015c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) io_setup(0x401, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000d00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x27d}]) 05:38:18 executing program 2: 05:38:18 executing program 0: 05:38:18 executing program 1: 05:38:18 executing program 4: 05:38:18 executing program 0: 05:38:18 executing program 4: 05:38:18 executing program 2: 05:38:18 executing program 1: 05:38:18 executing program 5: 05:38:18 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f00000015c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) io_setup(0x401, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000d00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x27d}]) 05:38:18 executing program 4: 05:38:18 executing program 2: 05:38:19 executing program 0: 05:38:19 executing program 1: 05:38:19 executing program 5: 05:38:19 executing program 2: 05:38:19 executing program 5: 05:38:19 executing program 4: 05:38:19 executing program 0: 05:38:19 executing program 1: 05:38:19 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f00000015c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) io_setup(0x401, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000d00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x27d}]) 05:38:19 executing program 4: 05:38:19 executing program 5: 05:38:19 executing program 2: 05:38:19 executing program 0: 05:38:19 executing program 1: 05:38:19 executing program 5: 05:38:19 executing program 0: 05:38:19 executing program 4: 05:38:19 executing program 2: 05:38:19 executing program 1: 05:38:19 executing program 4: 05:38:19 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f00000015c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) io_submit(0x0, 0x1, &(0x7f0000000d00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x27d}]) 05:38:19 executing program 0: 05:38:19 executing program 1: 05:38:19 executing program 5: 05:38:19 executing program 2: 05:38:19 executing program 4: 05:38:19 executing program 0: 05:38:19 executing program 1: 05:38:19 executing program 5: 05:38:19 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f00000015c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) io_setup(0x401, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000d00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x27d}]) 05:38:19 executing program 4: 05:38:19 executing program 2: 05:38:19 executing program 0: 05:38:19 executing program 1: 05:38:19 executing program 5: 05:38:19 executing program 4: 05:38:19 executing program 2: 05:38:19 executing program 1: 05:38:19 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f00000015c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) io_setup(0x401, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000d00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x27d}]) 05:38:20 executing program 0: 05:38:20 executing program 4: 05:38:20 executing program 5: 05:38:20 executing program 2: 05:38:20 executing program 0: 05:38:20 executing program 1: 05:38:20 executing program 5: 05:38:20 executing program 4: 05:38:20 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f00000015c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) io_setup(0x401, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000d00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x27d}]) 05:38:20 executing program 2: 05:38:20 executing program 0: 05:38:20 executing program 4: 05:38:20 executing program 5: 05:38:20 executing program 1: 05:38:20 executing program 0: 05:38:20 executing program 2: 05:38:20 executing program 4: 05:38:20 executing program 1: 05:38:20 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f00000015c0)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) io_setup(0x401, &(0x7f00000000c0)=0x0) io_submit(r0, 0x1, &(0x7f0000000d00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x27d}]) 05:38:20 executing program 5: 05:38:20 executing program 4: 05:38:20 executing program 5: 05:38:20 executing program 0: 05:38:20 executing program 2: socketpair$unix(0x1, 0x100000000001, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x100000000002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 05:38:20 executing program 0: 05:38:20 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) io_setup(0x401, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000d00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x27d}]) 05:38:20 executing program 1: 05:38:20 executing program 4: 05:38:20 executing program 5: 05:38:20 executing program 2: 05:38:20 executing program 0: 05:38:20 executing program 4: 05:38:20 executing program 1: 05:38:20 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) io_setup(0x401, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000d00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x27d}]) 05:38:20 executing program 5: 05:38:20 executing program 1: 05:38:20 executing program 2: 05:38:20 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = fcntl$dupfd(r1, 0x0, r1) bind$bt_rfcomm(r2, &(0x7f0000000100), 0x2) ioctl$KDENABIO(r2, 0x800448d5) 05:38:20 executing program 4: timer_create(0xfffffffffffffffd, 0x0, &(0x7f0000044000)) timer_settime(0x0, 0x0, 0x0, &(0x7f0000046000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000d43000)) 05:38:21 executing program 1: r0 = socket$inet(0x10, 0x2, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, 0x0, 0x0) close(r0) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0) socket$unix(0x1, 0x5, 0x0) rt_sigqueueinfo(0x0, 0x0, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x0, 0x0, 0x0) 05:38:21 executing program 5: r0 = inotify_init() r1 = creat(&(0x7f0000000200)='./bus\x00', 0xffffffffffffffff) inotify_add_watch(r0, &(0x7f0000000280)='.\x00', 0x20fe) utimes(&(0x7f0000000000)='./bus\x00', 0x0) write$P9_RAUTH(r1, &(0x7f0000000100)={0x14}, 0x14) 05:38:21 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) io_setup(0x401, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000d00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x27d}]) 05:38:21 executing program 2: r0 = perf_event_open(&(0x7f0000000280)={0x2000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000000c0)={0x8, 0x70, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, r0, 0x0) 05:38:21 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x400000009) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setgroups(0x2a7, &(0x7f0000000140)) 05:38:21 executing program 0: r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) getsockopt$llc_int(r0, 0x10c, 0x5, &(0x7f00000002c0), &(0x7f0000000300)=0x4) 05:38:21 executing program 1: seccomp(0x1, 0x0, &(0x7f0000007ff0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) syz_execute_func(&(0x7f0000000080)="0faef24029450f264333c73e901c1c64458196d2925f20c68209df0f3800b50f00000092a443f443f40d67653e2641a1a7275b9c0000b00089d04b23666636660f3a22e861") syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x2) 05:38:21 executing program 2: socket$alg(0x26, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlock2(&(0x7f0000dfe000/0x200000)=nil, 0x200000, 0x0) madvise(&(0x7f000079c000/0x800000)=nil, 0x800000, 0xc) madvise(&(0x7f00002f8000/0xc00000)=nil, 0xc00000, 0xd) socket$can_raw(0x1d, 0x3, 0x1) write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100)={0x10}, 0x10) 05:38:21 executing program 0: r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) getsockopt$llc_int(r0, 0x10c, 0x5, &(0x7f00000002c0), &(0x7f0000000300)=0x4) 05:38:21 executing program 3: mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) io_setup(0x401, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000d00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x27d}]) 05:38:21 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = dup2(r0, r1) getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x61, &(0x7f0000000080)={'filter\x00'}, 0x0) [ 198.598286] hrtimer: interrupt took 29515 ns [ 198.709631] __loop_clr_fd: partition scan of loop4 failed (rc=-22) 05:38:21 executing program 0: r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) getsockopt$llc_int(r0, 0x10c, 0x5, &(0x7f00000002c0), &(0x7f0000000300)=0x4) 05:38:21 executing program 3: mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) io_setup(0x401, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000d00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x27d}]) 05:38:21 executing program 4: openat$full(0xffffffffffffff9c, &(0x7f0000000340)='/dev/full\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) dup(r0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socket$alg(0x26, 0x5, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x0, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/nullb0\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, 0x0, 0x0) pipe(&(0x7f0000000000)) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:38:21 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f00000006c0)={0x1, &(0x7f0000000440)=[{}]}) 05:38:21 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = fcntl$dupfd(r1, 0x0, r1) bind$bt_rfcomm(r2, &(0x7f0000000100), 0x2) ioctl$KDENABIO(r2, 0x400448e6) [ 198.900135] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 05:38:21 executing program 5: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f000000dfaa)="5500000018007f5f00fe01b2a4a280930a06000000a84306910000005f00090035000c00060000001900150003000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) 05:38:21 executing program 0: r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) getsockopt$llc_int(r0, 0x10c, 0x5, &(0x7f00000002c0), &(0x7f0000000300)=0x4) 05:38:21 executing program 3: mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) io_setup(0x401, &(0x7f00000000c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000d00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x27d}]) [ 199.049809] ================================================================== [ 199.057335] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 199.057354] Write of size 832 at addr ffff8881ba284bc0 by task syz-executor4/7964 [ 199.057358] [ 199.057377] CPU: 1 PID: 7964 Comm: syz-executor4 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 199.057392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.057399] Call Trace: [ 199.057420] dump_stack+0x244/0x39d [ 199.057442] ? dump_stack_print_info.cold.1+0x20/0x20 [ 199.071736] ? printk+0xa7/0xcf [ 199.071754] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 199.071780] print_address_description.cold.4+0x9/0x1ff [ 199.071799] ? fpstate_init+0x50/0x160 [ 199.076863] netlink: 57 bytes leftover after parsing attributes in process `syz-executor5'. [ 199.081898] kasan_report.cold.5+0x1b/0x39 [ 199.081913] ? fpstate_init+0x50/0x160 [ 199.081931] ? fpstate_init+0x50/0x160 [ 199.081949] check_memory_region+0x13e/0x1b0 [ 199.081963] memset+0x23/0x40 [ 199.081982] fpstate_init+0x50/0x160 [ 199.151693] kvm_arch_vcpu_init+0x3e9/0x870 [ 199.156042] kvm_vcpu_init+0x2fa/0x420 [ 199.159935] ? vcpu_stat_get+0x300/0x300 [ 199.164019] ? kmem_cache_alloc+0x33f/0x730 [ 199.164046] vmx_create_vcpu+0x1b7/0x2695 [ 199.164064] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 199.164082] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 199.172569] ? preempt_schedule+0x4d/0x60 [ 199.172591] ? preempt_schedule_common+0x1f/0xe0 [ 199.172608] ? vmx_exec_control+0x210/0x210 [ 199.172630] ? ___preempt_schedule+0x16/0x18 [ 199.199941] ? kasan_check_write+0x14/0x20 [ 199.204193] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 199.209173] ? wait_for_completion+0x8a0/0x8a0 [ 199.213769] ? print_usage_bug+0xc0/0xc0 [ 199.217861] ? migrate_swap_stop+0x8a0/0x8a0 [ 199.222305] kvm_arch_vcpu_create+0xe5/0x220 [ 199.226735] ? kvm_arch_vcpu_free+0x90/0x90 [ 199.231072] kvm_vm_ioctl+0x526/0x2030 [ 199.235000] ? kvm_unregister_device_ops+0x70/0x70 [ 199.239956] ? mark_held_locks+0x130/0x130 [ 199.244205] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 199.249410] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 199.254535] ? futex_wake+0x304/0x760 [ 199.258358] ? __lock_acquire+0x62f/0x4c20 [ 199.262626] ? mark_held_locks+0x130/0x130 [ 199.266876] ? graph_lock+0x270/0x270 [ 199.270699] ? do_futex+0x249/0x26d0 [ 199.274463] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.280015] ? find_held_lock+0x36/0x1c0 [ 199.284095] ? __fget+0x4aa/0x740 [ 199.287582] ? lock_downgrade+0x900/0x900 [ 199.291752] ? check_preemption_disabled+0x48/0x280 [ 199.296816] ? kasan_check_read+0x11/0x20 [ 199.301026] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 199.306331] ? rcu_read_unlock_special+0x370/0x370 [ 199.311286] ? __fget+0x4d1/0x740 [ 199.314758] ? ksys_dup3+0x680/0x680 [ 199.318491] ? __might_fault+0x12b/0x1e0 [ 199.322572] ? lock_downgrade+0x900/0x900 [ 199.326737] ? lock_release+0xa00/0xa00 [ 199.330729] ? perf_trace_sched_process_exec+0x860/0x860 [ 199.336194] ? kvm_unregister_device_ops+0x70/0x70 [ 199.341153] do_vfs_ioctl+0x1de/0x1790 [ 199.345079] ? ioctl_preallocate+0x300/0x300 [ 199.349507] ? __fget_light+0x2e9/0x430 [ 199.353493] ? fget_raw+0x20/0x20 [ 199.356990] ? _copy_to_user+0xc8/0x110 [ 199.361009] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.366578] ? put_timespec64+0x10f/0x1b0 [ 199.370746] ? nsecs_to_jiffies+0x30/0x30 [ 199.374909] ? do_syscall_64+0x9a/0x820 [ 199.378914] ? do_syscall_64+0x9a/0x820 [ 199.382915] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 199.387516] ? security_file_ioctl+0x94/0xc0 [ 199.391955] ksys_ioctl+0xa9/0xd0 [ 199.395425] __x64_sys_ioctl+0x73/0xb0 [ 199.399326] do_syscall_64+0x1b9/0x820 [ 199.403231] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 199.408604] ? syscall_return_slowpath+0x5e0/0x5e0 [ 199.413551] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 199.418411] ? trace_hardirqs_on_caller+0x310/0x310 [ 199.423456] ? prepare_exit_to_usermode+0x291/0x3b0 [ 199.428491] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 199.433369] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.438563] RIP: 0033:0x457669 [ 199.438581] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.438590] RSP: 002b:00007f977f410c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 199.438606] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 199.438615] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 000000000000000d [ 199.438625] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 199.438634] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f977f4116d4 [ 199.438653] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 199.438677] [ 199.460765] Allocated by task 7964: [ 199.460780] save_stack+0x43/0xd0 [ 199.460792] kasan_kmalloc+0xcb/0xd0 [ 199.460805] kasan_slab_alloc+0x12/0x20 [ 199.460822] kmem_cache_alloc+0x130/0x730 [ 199.460836] vmx_create_vcpu+0x110/0x2695 [ 199.460849] kvm_arch_vcpu_create+0xe5/0x220 [ 199.460861] kvm_vm_ioctl+0x526/0x2030 [ 199.460874] do_vfs_ioctl+0x1de/0x1790 [ 199.460887] ksys_ioctl+0xa9/0xd0 [ 199.460905] __x64_sys_ioctl+0x73/0xb0 [ 199.549195] do_syscall_64+0x1b9/0x820 [ 199.553094] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.558288] [ 199.559959] Freed by task 0: [ 199.562974] (stack is not available) [ 199.566695] [ 199.566708] The buggy address belongs to the object at ffff8881ba284b80 [ 199.566708] which belongs to the cache x86_fpu of size 832 [ 199.566721] The buggy address is located 64 bytes inside of [ 199.566721] 832-byte region [ffff8881ba284b80, ffff8881ba284ec0) [ 199.566727] The buggy address belongs to the page: [ 199.566741] page:ffffea0006e8a100 count:1 mapcount:0 mapping:ffff8881d79fb380 index:0x0 [ 199.566755] flags: 0x2fffc0000000200(slab) [ 199.566775] raw: 02fffc0000000200 ffff8881d7105148 ffff8881d7105148 ffff8881d79fb380 [ 199.566793] raw: 0000000000000000 ffff8881ba284040 0000000100000004 0000000000000000 [ 199.592523] page dumped because: kasan: bad access detected [ 199.592528] [ 199.592533] Memory state around the buggy address: [ 199.592546] ffff8881ba284d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 199.592559] ffff8881ba284e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05:38:22 executing program 2: socket$alg(0x26, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlock2(&(0x7f0000dfe000/0x200000)=nil, 0x200000, 0x0) madvise(&(0x7f000079c000/0x800000)=nil, 0x800000, 0xc) madvise(&(0x7f00002f8000/0xc00000)=nil, 0xc00000, 0xd) socket$can_raw(0x1d, 0x3, 0x1) write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100)={0x10}, 0x10) 05:38:22 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) getsockopt$llc_int(r0, 0x10c, 0x3, &(0x7f00000002c0), &(0x7f0000000300)=0x4) 05:38:22 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_read_part_table(0xfffffffffffffffe, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="000000000000000000000000000000000000000000000000e0e51532000000000200880126000100000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}]) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 05:38:22 executing program 0: getsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x5, &(0x7f00000002c0), &(0x7f0000000300)=0x4) 05:38:22 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = fcntl$dupfd(r1, 0x0, r1) bind$bt_rfcomm(r2, &(0x7f0000000100), 0x2) ioctl$KDENABIO(r2, 0x400448e7) [ 199.592570] >ffff8881ba284e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 199.592577] ^ [ 199.592590] ffff8881ba284f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 199.592601] ffff8881ba284f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 199.592612] ================================================================== [ 199.687655] Disabling lock debugging due to kernel taint [ 199.694539] Kernel panic - not syncing: panic_on_warn set ... [ 199.700487] CPU: 0 PID: 7964 Comm: syz-executor4 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 199.708499] kobject: 'loop5' (000000002e63fddf): kobject_uevent_env [ 199.710406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.716823] kobject: 'loop5' (000000002e63fddf): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 199.726134] Call Trace: [ 199.726151] dump_stack+0x244/0x39d [ 199.726165] ? dump_stack_print_info.cold.1+0x20/0x20 [ 199.726184] ? fpstate_init+0x30/0x160 [ 199.726218] panic+0x2ad/0x632 [ 199.754115] ? add_taint.cold.5+0x16/0x16 [ 199.758296] ? preempt_schedule+0x4d/0x60 [ 199.762464] ? ___preempt_schedule+0x16/0x18 [ 199.763352] kobject: 'kvm' (000000008e33adca): kobject_uevent_env [ 199.766879] ? trace_hardirqs_on+0xb4/0x310 [ 199.766899] ? fpstate_init+0x50/0x160 [ 199.773238] kobject: 'kvm' (000000008e33adca): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 199.777433] end_report+0x47/0x4f [ 199.777448] kasan_report.cold.5+0xe/0x39 [ 199.777461] ? fpstate_init+0x50/0x160 [ 199.777479] ? fpstate_init+0x50/0x160 [ 199.805742] check_memory_region+0x13e/0x1b0 [ 199.810186] memset+0x23/0x40 [ 199.813296] fpstate_init+0x50/0x160 [ 199.817017] kvm_arch_vcpu_init+0x3e9/0x870 [ 199.821348] kvm_vcpu_init+0x2fa/0x420 [ 199.825243] ? vcpu_stat_get+0x300/0x300 [ 199.829315] ? kmem_cache_alloc+0x33f/0x730 [ 199.833654] vmx_create_vcpu+0x1b7/0x2695 [ 199.837829] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 199.842953] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 199.847559] ? preempt_schedule+0x4d/0x60 [ 199.851720] ? preempt_schedule_common+0x1f/0xe0 [ 199.856496] ? vmx_exec_control+0x210/0x210 [ 199.860822] ? ___preempt_schedule+0x16/0x18 [ 199.865232] ? kasan_check_write+0x14/0x20 [ 199.869471] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 199.874409] ? wait_for_completion+0x8a0/0x8a0 [ 199.878997] ? print_usage_bug+0xc0/0xc0 [ 199.883100] ? migrate_swap_stop+0x8a0/0x8a0 [ 199.887564] kvm_arch_vcpu_create+0xe5/0x220 [ 199.892020] ? kvm_arch_vcpu_free+0x90/0x90 [ 199.896354] kvm_vm_ioctl+0x526/0x2030 [ 199.900247] ? kvm_unregister_device_ops+0x70/0x70 [ 199.905185] ? mark_held_locks+0x130/0x130 [ 199.909432] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 199.914635] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 199.919757] ? futex_wake+0x304/0x760 [ 199.923585] ? __lock_acquire+0x62f/0x4c20 [ 199.927847] ? mark_held_locks+0x130/0x130 [ 199.932083] ? graph_lock+0x270/0x270 [ 199.935899] ? do_futex+0x249/0x26d0 [ 199.939612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.945163] ? find_held_lock+0x36/0x1c0 [ 199.949226] ? __fget+0x4aa/0x740 [ 199.952673] ? lock_downgrade+0x900/0x900 [ 199.956818] ? check_preemption_disabled+0x48/0x280 [ 199.961816] ? kasan_check_read+0x11/0x20 [ 199.965978] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 199.971237] ? rcu_read_unlock_special+0x370/0x370 [ 199.976173] ? __fget+0x4d1/0x740 [ 199.979611] ? ksys_dup3+0x680/0x680 [ 199.983310] ? __might_fault+0x12b/0x1e0 [ 199.987374] ? lock_downgrade+0x900/0x900 [ 199.991503] ? lock_release+0xa00/0xa00 [ 199.995477] ? perf_trace_sched_process_exec+0x860/0x860 [ 200.000908] ? kvm_unregister_device_ops+0x70/0x70 [ 200.005822] do_vfs_ioctl+0x1de/0x1790 [ 200.009708] ? ioctl_preallocate+0x300/0x300 [ 200.014115] ? __fget_light+0x2e9/0x430 [ 200.018087] ? fget_raw+0x20/0x20 [ 200.021521] ? _copy_to_user+0xc8/0x110 [ 200.025494] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.031029] ? put_timespec64+0x10f/0x1b0 [ 200.035158] ? nsecs_to_jiffies+0x30/0x30 [ 200.039294] ? do_syscall_64+0x9a/0x820 [ 200.043251] ? do_syscall_64+0x9a/0x820 [ 200.047207] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 200.051795] ? security_file_ioctl+0x94/0xc0 [ 200.056187] ksys_ioctl+0xa9/0xd0 [ 200.059624] __x64_sys_ioctl+0x73/0xb0 [ 200.063533] do_syscall_64+0x1b9/0x820 [ 200.067406] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 200.072755] ? syscall_return_slowpath+0x5e0/0x5e0 [ 200.077711] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.082554] ? trace_hardirqs_on_caller+0x310/0x310 [ 200.087598] ? prepare_exit_to_usermode+0x291/0x3b0 [ 200.092651] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.097513] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.102703] RIP: 0033:0x457669 [ 200.105883] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.124765] RSP: 002b:00007f977f410c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 200.132453] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 200.139711] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 000000000000000d [ 200.146961] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 200.154211] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f977f4116d4 [ 200.161461] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 200.169753] Kernel Offset: disabled [ 200.173376] Rebooting in 86400 seconds..