[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.306972] kauditd_printk_skb: 7 callbacks suppressed [ 28.306983] audit: type=1800 audit(1545621983.142:29): pid=5884 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.331852] audit: type=1800 audit(1545621983.152:30): pid=5884 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts. 2018/12/24 03:26:30 fuzzer started 2018/12/24 03:26:32 dialing manager at 10.128.0.26:33943 syzkaller login: [ 37.868040] ld (6046) used greatest stack depth: 15200 bytes left 2018/12/24 03:26:32 syscalls: 1 2018/12/24 03:26:32 code coverage: enabled 2018/12/24 03:26:32 comparison tracing: enabled 2018/12/24 03:26:32 setuid sandbox: enabled 2018/12/24 03:26:32 namespace sandbox: enabled 2018/12/24 03:26:32 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 03:26:32 fault injection: enabled 2018/12/24 03:26:32 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 03:26:32 net packet injection: enabled 2018/12/24 03:26:32 net device setup: enabled 03:28:55 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0xd01, 0x0, 0x0, 0x35}}, 0x0}, 0x48) [ 181.181316] IPVS: ftp: loaded support on port[0] = 21 03:28:56 executing program 1: r0 = socket$inet(0x2, 0x200000002, 0x88) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21}, 0x10) r1 = dup2(r0, r0) sendto$inet(r1, 0x0, 0x0, 0x8000, &(0x7f0000000100)={0x2, 0x4e21}, 0x10) setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f00000001c0)=0x1, 0x4) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00\x00\x00'], 0x1}}, 0x0) [ 181.420404] IPVS: ftp: loaded support on port[0] = 21 03:28:56 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000140)='cpuset.mem_exclusive\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0x1000000002, 0x12) [ 181.779914] IPVS: ftp: loaded support on port[0] = 21 03:28:56 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) 03:28:57 executing program 4: socketpair$unix(0x1, 0x400000000005, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x7, &(0x7f0000000080), 0x4) [ 182.175658] IPVS: ftp: loaded support on port[0] = 21 [ 182.419596] IPVS: ftp: loaded support on port[0] = 21 03:28:57 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x10) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000800)="480000001500197f09004b0101048c590188ffffcf5d3474bc9240e10520613057fff7e07900e0413ff26bb452cf9e8a62bf5b3b8c3cfe5f0028213ee20600d4ff5bffff00c7e5ed", 0x48}], 0x1) [ 182.778349] IPVS: ftp: loaded support on port[0] = 21 [ 183.061435] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.070106] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.084350] device bridge_slave_0 entered promiscuous mode [ 183.241056] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.247430] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.279824] device bridge_slave_1 entered promiscuous mode [ 183.420883] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.437315] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.448806] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.479349] device bridge_slave_0 entered promiscuous mode [ 183.528411] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.557861] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.575320] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.583929] device bridge_slave_1 entered promiscuous mode [ 183.747382] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.896979] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.993051] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.133705] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.217039] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.232779] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.241052] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.248861] device bridge_slave_0 entered promiscuous mode [ 184.342804] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.412761] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.422081] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.429864] device bridge_slave_1 entered promiscuous mode [ 184.439111] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.445987] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.462143] device bridge_slave_0 entered promiscuous mode [ 184.536216] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 184.561065] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 184.580535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.605781] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.618556] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.626980] device bridge_slave_1 entered promiscuous mode [ 184.675476] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 184.703653] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.722153] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.735152] device bridge_slave_0 entered promiscuous mode [ 184.744981] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 184.762189] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 184.780945] team0: Port device team_slave_0 added [ 184.794594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.810690] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 184.852215] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.877712] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.885755] device bridge_slave_1 entered promiscuous mode [ 184.923499] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.942579] team0: Port device team_slave_1 added [ 184.949591] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 184.988724] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 185.063846] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.088379] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.106120] device bridge_slave_0 entered promiscuous mode [ 185.115443] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 185.127120] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 185.137626] team0: Port device team_slave_0 added [ 185.146269] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.199853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.231304] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.237731] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.250248] device bridge_slave_1 entered promiscuous mode [ 185.269521] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 185.299701] team0: Port device team_slave_1 added [ 185.315628] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.345213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.354748] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.373799] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 185.444604] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.480230] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.492402] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.512791] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 185.525465] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.559128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.570785] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 185.582619] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.595296] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 185.605803] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.628049] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.654751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.671262] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 185.681510] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.688902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.696768] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.719682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.728814] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.741750] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.779595] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.809297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.830852] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 185.844034] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.861432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.879423] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.903052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.957330] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 185.993862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.021631] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.083107] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 186.098010] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.137648] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.159997] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 186.167397] team0: Port device team_slave_0 added [ 186.266539] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 186.274526] team0: Port device team_slave_0 added [ 186.330399] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 186.346223] team0: Port device team_slave_1 added [ 186.388006] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 186.409307] team0: Port device team_slave_1 added [ 186.466607] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 186.480011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.490691] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.507355] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 186.528968] team0: Port device team_slave_0 added [ 186.538119] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 186.567171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.589527] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.628562] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 186.650699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.659464] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.669830] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 186.686472] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 186.700850] team0: Port device team_slave_1 added [ 186.706692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.715019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.754961] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 186.762930] team0: Port device team_slave_0 added [ 186.806128] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 186.814582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.851008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.863077] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 186.870244] team0: Port device team_slave_1 added [ 186.877882] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 186.893863] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 186.904682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.919158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.938787] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.956096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.978192] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 187.004402] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 187.012963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.038597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.049373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.072293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.088696] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.145535] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 187.168675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.176563] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.228912] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.297921] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 187.318591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.329009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.344146] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.350711] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.357639] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.364050] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.372278] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.402000] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 187.411760] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 187.439073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.458763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.478987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.499962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.508145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.548503] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 187.564561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.619917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.691564] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.697928] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.704649] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.711051] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.730719] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 188.388313] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.394694] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.401492] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.407908] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.416912] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 188.435639] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.442057] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.448830] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.455197] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.475261] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 188.528978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.536108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.578977] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.730616] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.736971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.743656] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.750071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.803409] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 189.229155] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.235534] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.242256] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.248656] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.288806] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 189.589038] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.599022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.373718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.823986] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.860270] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 193.238854] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 193.268619] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.334646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.364249] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 193.384491] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.399062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.717269] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 193.729027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.754769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.776970] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.803021] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 193.812895] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.830637] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 194.181160] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 194.216373] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.278444] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.285492] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.292385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.314596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.358627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.375377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.404509] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.665576] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.672672] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.687765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.717940] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.776584] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.883934] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 195.094454] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.399459] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 195.405861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.414845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.981213] 8021q: adding VLAN 0 to HW filter on device team0 03:29:11 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x3, 0x10000) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x40000, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = memfd_create(&(0x7f0000000080)='\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00', 0x0) write$binfmt_elf32(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="7f454c460000000000000000000000000300060000000000000000003800000000000000000000000000200002"], 0x2d) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'nr0\x00', 0x2}) 03:29:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d5, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000900)='/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') r1 = creat(&(0x7f00000005c0)='./bus\x00', 0x0) sendfile(r1, r0, 0x0, 0x1000) fcntl$setstatus(r1, 0x4, 0x86100) sendfile(r1, r0, &(0x7f0000000180)=0x1400, 0x100000005) [ 196.869541] hrtimer: interrupt took 30079 ns 03:29:11 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}]}) chdir(&(0x7f0000000340)='./file0\x00') creat(&(0x7f0000000040)='./file0\x00', 0x0) link(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file1\x00') setxattr$system_posix_acl(&(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x0, 0x0) [ 197.100833] syz-executor0 (7523) used greatest stack depth: 14808 bytes left 03:29:12 executing program 1: r0 = syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x180184132, 0x0) 03:29:12 executing program 1: r0 = syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x140044160, &(0x7f0000000000)) [ 197.236896] overlayfs: './file0' not a directory 03:29:12 executing program 0: getitimer(0x1, &(0x7f0000000000)) 03:29:12 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) flock(r0, 0x2) flock(r0, 0x10ffffffffffffff) 03:29:12 executing program 0: pipe(0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xffffffea) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ppoll(&(0x7f0000000140)=[{}, {}], 0x2000000000000056, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 03:29:12 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") syz_emit_ethernet(0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60b40900ffe0000080000000000000000026ffffe0000002ff02000000000000000000880090780009040060b680fa0000000000000000000000c40000ffffffffffff00000000000000000000ffffac14ffbb0000000000"], 0x0) 03:29:13 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x100004148, 0x0) 03:29:13 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x4, 0x4, 0x4, 0x9}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x10020000000, 0x0}, 0x2c) 03:29:13 executing program 2: msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(0x0, 0x0) 03:29:13 executing program 4: r0 = syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x1c0884113, &(0x7f0000000000)) 03:29:13 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xfb) bind$inet(r0, &(0x7f0000738ff0)={0x2, 0x4e21, @broadcast}, 0x10) 03:29:13 executing program 0: utimes(0x0, &(0x7f0000000080)={{}, {0x100000000000000}}) msgrcv(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="07ff2016"], 0x1, 0x0, 0x0) r0 = socket$inet6(0x18, 0x1, 0x0) connect(r0, &(0x7f0000000080)=@un=@abs={0x25af90167d5e1800}, 0x1c) setsockopt$sock_int(r0, 0xffff, 0x40004000001001, &(0x7f0000000180), 0x4) setsockopt$sock_int(r0, 0xffff, 0x1, &(0x7f0000000000)=0x9, 0x4) setsockopt$sock_int(r0, 0xffff, 0x0, 0x0, 0x0) sendto(r0, &(0x7f00000002c0)="6908108ff084987d1a5073511273b0d9588c1feff37a6885df32eb87f92d1d3af0e2425600df9c97eead91dbec4bcf4afe137f03fb5e83ada4fb3606be28104c134f9a1e0753201176fb8b748cb7bf2ea36198f3b6cd608c6057e685907ce9bc047883fa4c82beb30d1ca3e71b850b78cdc10d77931859bf29168b10fca85aaa043041e41c453a0000d59598123d710fea246cfed35ee081e66b7409ad2abc8999dcdbded2ec1434eac06eabf9b5a2a9b3863a97963333937671d84ff8e52cb7c2ecdb8c31f56355e313c8d1ded4363c08ced2efdced415de675dc949de0f903ff88978abfdea0e448b9d1f123a33e33a8", 0xf1, 0x3, 0x0, 0x0) 03:29:13 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha256\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='net/packet\x00\xc8\xc3\xbe\x1d\xb9\n\xbdV\x86av\x8e+\t\xc9\x8c\xf5\xa2\xf1[\xf0\x96.\'\x1d\xfb\x12\n\xd0+\xf2)\xb0K\x8e!M\xb4EX\xbe\xff\x00\x00\x00-\xaaA6\xdfR(S\xce\xd8\xa4E\xf0j\xe0\xa9\xcb\xd7\x89t\xf2\x8f\x145\x90\xb2\x05d\x05\xa7\xaa9\n\x8aZ\x02\x16\xba\x7f\xecr\x94D\xaa\f\x92\x89;\xc7\xa7\xeb\xee7\xdf\xee\xcf\xf7\x15\xd5\x19\xa3\x8e:\xcb\xf7.\x0e\x12\xba\x9b8\x1f+U\xd6P\x10\x8b\xdc\x99\xee\x97-\xa3\x8c5\xe1s\xc7\x9f\xcaWos\xca\xe2\xb0`\xd5\xbf\xfa:\x16\xa8 4\xf0\xbe\xf4`Q\x13\xcb\xc3\x17\x91\xad\x1f\xdf\x12\x9e\x01\xe6\xc0\xfb\xdf\xe6\x1a\\x\xc2\xc8\xad\xe5C\x93a\xb1;\x8bR\x9c\xe2\"\x82B\x1bg\'-\x027\xef\xe5\x14\x8c\xfdP\xfaK\xd2\x0f\x93\x04\x82\xf5\x19J^\xa4\xd4\xf2\xb1\xa1Ed\xdb\x7f\xd0\xf8\x00\"u\x14Y\xa6\xe7\xd8^+\x9d\x00\xd9n1Xnb\xdc\xa5[\x83g\xa29\xcc\x1b\xc1\xbd\xa7\x02\xb7\xe1\xe4\x93\xaa\xf7\x11\x1b\xd0\xa1j<\xa6\x97O\x86\x02\x17\x0f@\x88\xc0\xf2:\a\\C{\xa0\x8d\xb1<.\xc9\xbb\xff\xd3\x14\xb3\xb3K\x98\xdd9}\xa8\xfbm\xd8\xa6\xc2BU') sendfile(r1, r2, 0x0, 0x7ffff000) 03:29:13 executing program 1: creat(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getcwd(0x0, 0xfcf8) utimes(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)={{0x77359400}}) 03:29:13 executing program 5: seccomp(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0xffffffff}]}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_execute_func(&(0x7f00000001c0)="cd8075fcb0b06969ef69dc00d9c4017d50ee8adcd0d01192000880410fd1b0b5d90000797c2a0f0fcdc4e3a95fd965eae23c3b4d4d408064797f41dfdf400f01efe5e59d7d2f2f1c0a1a63460fc4c161fccddfde9f") 03:29:13 executing program 0: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000140)={0x1, 0x0, [0x0]}) 03:29:13 executing program 3: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x0, 0x0) clone(0x400002102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCSSOFTCAR(r0, 0x40046103, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000200), 0x0) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, 0x0) 03:29:13 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x100004144, 0x0) [ 198.747429] QAT: failed to copy from user. 03:29:13 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000000)=0x2, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) socket$unix(0x1, 0x5, 0x0) socket(0x200000000000011, 0x4000000000080002, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x10000014c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) 03:29:13 executing program 4: r0 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000900)='/proc/thread-self/attr/current\x00', 0x2, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff}) io_setup(0x4, &(0x7f0000000100)=0x0) r4 = dup2(r0, r1) io_submit(r3, 0x2, &(0x7f0000001680)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x800001, 0x0, r4, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff9c}]) [ 198.793286] QAT: failed to copy from user. [ 198.803668] audit: type=1326 audit(1545622153.642:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7684 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 03:29:13 executing program 2: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xffffffea) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 03:29:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0xfc5f) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000240)) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000000)) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) setsockopt$bt_hci_HCI_TIME_STAMP(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0) 03:29:13 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x1c1004111, &(0x7f0000000000)="bb29f1074548bbf350") 03:29:13 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/snmp\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0) unshare(0x40000000) link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00') ioctl$LOOP_SET_FD(r1, 0x4c00, 0xffffffffffffffff) unlink(0x0) r2 = openat(r1, 0x0, 0x0, 0x4) openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x200000000135102, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="154cb63104581a1ec96a2d925b0a0e87d47000300000fe800000000000000000000000000000ff000000000000000000ffffac1414bb0300907800000000609210400000000000000000000000000000000000000000ff0100000000000000000000000000014f9de805f3f154eb91e633d0c9a5717374cb97e195d582ef06709fa217191f"], 0x0) write$P9_RREADDIR(0xffffffffffffffff, 0x0, 0x0) chown(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$int_in(r2, 0x5421, 0x0) get_thread_area(0x0) setsockopt$IP_VS_SO_SET_EDIT(r1, 0x0, 0x483, &(0x7f00000004c0)={0x0, @broadcast, 0x0, 0x1, 'lblcr\x00', 0x2, 0x7, 0x40}, 0x2c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x2000)=nil, 0x2000}, &(0x7f00000000c0)=0x1) inotify_init1(0x80000) r3 = getpgid(0x0) ptrace$setopts(0xffffffffffffffff, r3, 0x4d, 0x100060) ptrace(0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'yam0\x00\x01\x17\x8b\x00', 0x8001}) tkill(0x0, 0x1a) syz_genetlink_get_family_id$nbd(&(0x7f0000000240)='nbd\x00') r4 = openat$zero(0xffffffffffffff9c, 0x0, 0x288000, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$PERF_EVENT_IOC_RESET(r4, 0x2403, 0x4) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x88000, 0x0) sched_setattr(0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x9917, 0xffef}, 0x0) 03:29:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300140006000000000000000000000000000000000008000500ac14141a080003000100000f010008"], 0x1}}, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)={0x14, 0x0, 0x0, 0x0, 0x25dfdbfc}, 0x14}}, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)=0x204080c8) syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 199.156930] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 199.251075] ================================================================== [ 199.258602] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 199.265201] Write of size 832 at addr ffff8881be5b5bc0 by task syz-executor0/7727 [ 199.265208] [ 199.265225] CPU: 0 PID: 7727 Comm: syz-executor0 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 199.265236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.265241] Call Trace: [ 199.265262] dump_stack+0x244/0x39d [ 199.265283] ? dump_stack_print_info.cold.1+0x20/0x20 [ 199.265304] ? printk+0xa7/0xcf [ 199.307019] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 199.311797] print_address_description.cold.4+0x9/0x1ff [ 199.317182] ? fpstate_init+0x50/0x160 [ 199.321073] kasan_report.cold.5+0x1b/0x39 [ 199.325348] ? fpstate_init+0x50/0x160 [ 199.329286] ? fpstate_init+0x50/0x160 [ 199.333201] check_memory_region+0x13e/0x1b0 [ 199.337646] memset+0x23/0x40 [ 199.340765] fpstate_init+0x50/0x160 [ 199.344485] kvm_arch_vcpu_init+0x3e9/0x870 [ 199.348824] kvm_vcpu_init+0x2fa/0x420 [ 199.352715] ? vcpu_stat_get+0x300/0x300 [ 199.356798] ? kmem_cache_alloc+0x33f/0x730 [ 199.361137] vmx_create_vcpu+0x1b7/0x2695 [ 199.365310] ? perf_trace_sched_process_exec+0x860/0x860 [ 199.365325] ? do_raw_spin_unlock+0xa7/0x330 [ 199.365345] ? vmx_exec_control+0x210/0x210 [ 199.365363] ? kasan_check_write+0x14/0x20 [ 199.365377] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 199.365395] ? futex_wait_queue_me+0x55d/0x840 [ 199.393258] ? wait_for_completion+0x8a0/0x8a0 [ 199.396010] IPVS: ftp: loaded support on port[0] = 21 [ 199.397851] ? print_usage_bug+0xc0/0xc0 [ 199.397873] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.397888] ? get_futex_value_locked+0xcb/0xf0 [ 199.397909] kvm_arch_vcpu_create+0xe5/0x220 [ 199.397925] ? kvm_arch_vcpu_free+0x90/0x90 [ 199.397950] kvm_vm_ioctl+0x526/0x2030 [ 199.397965] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 199.397980] ? futex_wait+0x5ec/0xa50 [ 199.397999] ? kvm_unregister_device_ops+0x70/0x70 [ 199.443798] ? mark_held_locks+0x130/0x130 [ 199.448047] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 199.453266] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 199.458378] ? futex_wake+0x304/0x760 [ 199.462198] ? __lock_acquire+0x62f/0x4c20 [ 199.466461] ? mark_held_locks+0x130/0x130 [ 199.470704] ? graph_lock+0x270/0x270 [ 199.474510] ? do_futex+0x249/0x26d0 [ 199.478246] ? find_held_lock+0x36/0x1c0 [ 199.482354] ? __fget+0x4aa/0x740 [ 199.485823] ? lock_downgrade+0x900/0x900 [ 199.489992] ? check_preemption_disabled+0x48/0x280 [ 199.495036] ? kasan_check_read+0x11/0x20 [ 199.499192] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 199.504482] ? rcu_read_unlock_special+0x370/0x370 [ 199.509430] ? __fget+0x4d1/0x740 [ 199.512899] ? ksys_dup3+0x680/0x680 [ 199.516656] ? __might_fault+0x12b/0x1e0 [ 199.520734] ? lock_downgrade+0x900/0x900 [ 199.524890] ? lock_release+0xa00/0xa00 [ 199.528903] ? perf_trace_sched_process_exec+0x860/0x860 [ 199.534375] ? kvm_unregister_device_ops+0x70/0x70 [ 199.539314] do_vfs_ioctl+0x1de/0x1790 [ 199.543235] ? ioctl_preallocate+0x300/0x300 [ 199.547668] ? __fget_light+0x2e9/0x430 [ 199.551653] ? fget_raw+0x20/0x20 [ 199.555115] ? _copy_to_user+0xc8/0x110 [ 199.559109] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.564656] ? put_timespec64+0x10f/0x1b0 [ 199.568823] ? nsecs_to_jiffies+0x30/0x30 [ 199.573001] ? do_syscall_64+0x9a/0x820 [ 199.576983] ? do_syscall_64+0x9a/0x820 [ 199.580973] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 199.585594] ? security_file_ioctl+0x94/0xc0 [ 199.590021] ksys_ioctl+0xa9/0xd0 [ 199.593498] __x64_sys_ioctl+0x73/0xb0 [ 199.597405] do_syscall_64+0x1b9/0x820 [ 199.601311] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 199.606714] ? syscall_return_slowpath+0x5e0/0x5e0 [ 199.611654] ? trace_hardirqs_on_caller+0x310/0x310 [ 199.616673] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 199.621697] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 199.628366] ? __switch_to_asm+0x40/0x70 [ 199.632426] ? __switch_to_asm+0x34/0x70 [ 199.636490] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 199.641337] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.646523] RIP: 0033:0x457669 [ 199.649726] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.668646] RSP: 002b:00007f853e614c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 199.676354] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 199.683623] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 199.690888] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 199.698156] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f853e6156d4 [ 199.705451] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 199.712727] [ 199.714351] Allocated by task 7727: [ 199.717977] save_stack+0x43/0xd0 [ 199.721427] kasan_kmalloc+0xcb/0xd0 [ 199.725139] kasan_slab_alloc+0x12/0x20 [ 199.729112] kmem_cache_alloc+0x130/0x730 [ 199.733260] vmx_create_vcpu+0x110/0x2695 [ 199.737402] kvm_arch_vcpu_create+0xe5/0x220 [ 199.741805] kvm_vm_ioctl+0x526/0x2030 [ 199.745698] do_vfs_ioctl+0x1de/0x1790 [ 199.749587] ksys_ioctl+0xa9/0xd0 [ 199.753052] __x64_sys_ioctl+0x73/0xb0 [ 199.757137] do_syscall_64+0x1b9/0x820 [ 199.761028] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.766205] [ 199.767833] Freed by task 0: [ 199.770838] (stack is not available) [ 199.774537] [ 199.776165] The buggy address belongs to the object at ffff8881be5b5b80 [ 199.776165] which belongs to the cache x86_fpu of size 832 [ 199.788474] The buggy address is located 64 bytes inside of [ 199.788474] 832-byte region [ffff8881be5b5b80, ffff8881be5b5ec0) [ 199.800252] The buggy address belongs to the page: [ 199.805180] page:ffffea0006f96d40 count:1 mapcount:0 mapping:ffff8881d50c8940 index:0x0 [ 199.813319] flags: 0x2fffc0000000200(slab) [ 199.817560] raw: 02fffc0000000200 ffff8881d50ca948 ffff8881d50ca948 ffff8881d50c8940 [ 199.825456] raw: 0000000000000000 ffff8881be5b5040 0000000100000004 0000000000000000 [ 199.833325] page dumped because: kasan: bad access detected [ 199.839027] [ 199.840649] Memory state around the buggy address: [ 199.845605] ffff8881be5b5d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 199.853005] ffff8881be5b5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 199.860358] >ffff8881be5b5e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 199.867707] ^ [ 199.873170] ffff8881be5b5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 199.880524] ffff8881be5b5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 199.887948] ================================================================== [ 199.895287] Disabling lock debugging due to kernel taint [ 199.905712] Kernel panic - not syncing: panic_on_warn set ... [ 199.911656] CPU: 1 PID: 7727 Comm: syz-executor0 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 199.921528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.921841] kobject: 'lo' (000000001c4d34ad): kobject_add_internal: parent: 'net', set: 'devices' [ 199.930897] Call Trace: [ 199.930917] dump_stack+0x244/0x39d [ 199.930934] ? dump_stack_print_info.cold.1+0x20/0x20 [ 199.930961] ? fpstate_init+0x30/0x160 [ 199.955220] panic+0x2ad/0x632 [ 199.958421] ? add_taint.cold.5+0x16/0x16 [ 199.962594] ? preempt_schedule+0x4d/0x60 [ 199.966750] ? ___preempt_schedule+0x16/0x18 [ 199.971194] ? trace_hardirqs_on+0xb4/0x310 [ 199.975539] ? fpstate_init+0x50/0x160 [ 199.979441] end_report+0x47/0x4f [ 199.982897] kasan_report.cold.5+0xe/0x39 [ 199.984680] kobject: 'lo' (000000001c4d34ad): kobject_uevent_env [ 199.987069] ? fpstate_init+0x50/0x160 [ 199.987086] ? fpstate_init+0x50/0x160 [ 199.987102] check_memory_region+0x13e/0x1b0 [ 199.987124] memset+0x23/0x40 [ 200.008519] fpstate_init+0x50/0x160 [ 200.012252] kvm_arch_vcpu_init+0x3e9/0x870 [ 200.016593] kvm_vcpu_init+0x2fa/0x420 [ 200.020521] ? vcpu_stat_get+0x300/0x300 [ 200.024622] ? kmem_cache_alloc+0x33f/0x730 [ 200.028994] vmx_create_vcpu+0x1b7/0x2695 [ 200.033174] ? perf_trace_sched_process_exec+0x860/0x860 [ 200.038637] ? do_raw_spin_unlock+0xa7/0x330 [ 200.043055] ? vmx_exec_control+0x210/0x210 [ 200.047380] ? kasan_check_write+0x14/0x20 [ 200.051615] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 200.056561] ? futex_wait_queue_me+0x55d/0x840 [ 200.061142] ? wait_for_completion+0x8a0/0x8a0 [ 200.065723] ? print_usage_bug+0xc0/0xc0 [ 200.069787] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.075364] ? get_futex_value_locked+0xcb/0xf0 [ 200.080032] kvm_arch_vcpu_create+0xe5/0x220 [ 200.084436] ? kvm_arch_vcpu_free+0x90/0x90 [ 200.088757] kvm_vm_ioctl+0x526/0x2030 [ 200.092642] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 200.097737] ? futex_wait+0x5ec/0xa50 [ 200.101536] ? kvm_unregister_device_ops+0x70/0x70 [ 200.106471] ? mark_held_locks+0x130/0x130 [ 200.110716] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 200.115926] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 200.121038] ? futex_wake+0x304/0x760 [ 200.124843] ? __lock_acquire+0x62f/0x4c20 [ 200.129101] ? mark_held_locks+0x130/0x130 [ 200.133335] ? graph_lock+0x270/0x270 [ 200.137229] ? do_futex+0x249/0x26d0 [ 200.140945] ? find_held_lock+0x36/0x1c0 [ 200.145009] ? __fget+0x4aa/0x740 [ 200.148488] ? lock_downgrade+0x900/0x900 [ 200.152629] ? check_preemption_disabled+0x48/0x280 [ 200.157645] ? kasan_check_read+0x11/0x20 [ 200.161790] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 200.167069] ? rcu_read_unlock_special+0x370/0x370 [ 200.171996] ? __fget+0x4d1/0x740 [ 200.175445] ? ksys_dup3+0x680/0x680 [ 200.179168] ? __might_fault+0x12b/0x1e0 [ 200.183237] ? lock_downgrade+0x900/0x900 [ 200.187443] ? lock_release+0xa00/0xa00 [ 200.191417] ? perf_trace_sched_process_exec+0x860/0x860 [ 200.196865] ? kvm_unregister_device_ops+0x70/0x70 [ 200.201792] do_vfs_ioctl+0x1de/0x1790 [ 200.205680] ? ioctl_preallocate+0x300/0x300 [ 200.210082] ? __fget_light+0x2e9/0x430 [ 200.214055] ? fget_raw+0x20/0x20 [ 200.217505] ? _copy_to_user+0xc8/0x110 [ 200.221492] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.227025] ? put_timespec64+0x10f/0x1b0 [ 200.231169] ? nsecs_to_jiffies+0x30/0x30 [ 200.235330] ? do_syscall_64+0x9a/0x820 [ 200.239300] ? do_syscall_64+0x9a/0x820 [ 200.243272] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 200.247851] ? security_file_ioctl+0x94/0xc0 [ 200.252269] ksys_ioctl+0xa9/0xd0 [ 200.255743] __x64_sys_ioctl+0x73/0xb0 [ 200.259691] do_syscall_64+0x1b9/0x820 [ 200.263591] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 200.268955] ? syscall_return_slowpath+0x5e0/0x5e0 [ 200.273880] ? trace_hardirqs_on_caller+0x310/0x310 [ 200.278891] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 200.283902] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 200.290570] ? __switch_to_asm+0x40/0x70 [ 200.294628] ? __switch_to_asm+0x34/0x70 [ 200.298685] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.303522] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.308712] RIP: 0033:0x457669 [ 200.311900] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.330793] RSP: 002b:00007f853e614c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 200.338522] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 200.345788] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 200.353047] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 200.360305] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f853e6156d4 [ 200.367571] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 200.375825] Kernel Offset: disabled [ 200.379451] Rebooting in 86400 seconds..