[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.454307] kauditd_printk_skb: 8 callbacks suppressed [ 28.454319] audit: type=1800 audit(1545609756.475:29): pid=5891 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.483361] audit: type=1800 audit(1545609756.475:30): pid=5891 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.182' (ECDSA) to the list of known hosts. 2018/12/24 00:02:46 fuzzer started 2018/12/24 00:02:48 dialing manager at 10.128.0.26:33943 2018/12/24 00:02:49 syscalls: 1 2018/12/24 00:02:49 code coverage: enabled 2018/12/24 00:02:49 comparison tracing: enabled 2018/12/24 00:02:49 setuid sandbox: enabled 2018/12/24 00:02:49 namespace sandbox: enabled 2018/12/24 00:02:49 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 00:02:49 fault injection: enabled 2018/12/24 00:02:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 00:02:49 net packet injection: enabled 2018/12/24 00:02:49 net device setup: enabled 00:05:13 executing program 0: r0 = open(&(0x7f0000000300)='./file0\x00', 0x141042, 0x0) fallocate(r0, 0x1, 0x0, 0x8010000101) creat(&(0x7f0000000040)='./file0\x00', 0x0) syzkaller login: [ 185.089775] IPVS: ftp: loaded support on port[0] = 21 00:05:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x1000000000005, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x4, 0xffffffffffffffff}) dup2(r2, r4) [ 185.361395] IPVS: ftp: loaded support on port[0] = 21 00:05:13 executing program 2: seccomp(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) membarrier(0x0, 0x0) [ 185.698864] IPVS: ftp: loaded support on port[0] = 21 00:05:13 executing program 3: creat(&(0x7f0000000140)='./file0\x00', 0x0) mount$9p_rdma(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=r']) [ 185.958612] IPVS: ftp: loaded support on port[0] = 21 00:05:14 executing program 4: r0 = perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) move_pages(0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x8], &(0x7f0000000200)=[0x0, 0x0], 0x4) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xffd8) fcntl$getown(r0, 0x9) [ 186.458617] IPVS: ftp: loaded support on port[0] = 21 00:05:14 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0xf7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, 0x0) ioctl$DRM_IOCTL_AGP_FREE(0xffffffffffffffff, 0x40206435, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_PROT_MASK(0xffffffffffffffff, 0x40087705, 0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000340)={0x800000001}) open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) [ 186.994297] IPVS: ftp: loaded support on port[0] = 21 [ 187.114233] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.151004] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.159076] device bridge_slave_0 entered promiscuous mode [ 187.301140] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.329327] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.347470] device bridge_slave_1 entered promiscuous mode [ 187.549323] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.563799] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.571971] device bridge_slave_0 entered promiscuous mode [ 187.612758] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.737549] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.756793] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.764592] device bridge_slave_1 entered promiscuous mode [ 187.774622] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.880459] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.994109] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.158406] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.180158] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.196308] device bridge_slave_0 entered promiscuous mode [ 188.244664] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.298685] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.320434] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.331611] device bridge_slave_1 entered promiscuous mode [ 188.348427] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.357356] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.372941] device bridge_slave_0 entered promiscuous mode [ 188.443813] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.454049] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.469189] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.506876] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.522905] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.539141] device bridge_slave_1 entered promiscuous mode [ 188.549997] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.605558] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 188.633034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.652014] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.661113] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.680721] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 188.687692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.778313] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 188.798736] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 188.806580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.831056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.863469] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.890867] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.897272] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.914331] device bridge_slave_0 entered promiscuous mode [ 189.048102] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.064446] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.100655] device bridge_slave_1 entered promiscuous mode [ 189.111863] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.118334] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.126518] device bridge_slave_0 entered promiscuous mode [ 189.138328] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.168684] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.195812] team0: Port device team_slave_0 added [ 189.220738] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.248436] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.284035] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.300808] team0: Port device team_slave_0 added [ 189.308430] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.320444] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.331606] device bridge_slave_1 entered promiscuous mode [ 189.343894] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 189.355615] team0: Port device team_slave_1 added [ 189.396717] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.412632] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.439353] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.456543] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.495158] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 189.510841] team0: Port device team_slave_1 added [ 189.521780] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.541337] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 189.550170] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.566736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.600510] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 189.607512] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.629550] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.665149] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 189.696854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.707048] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.753828] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.764781] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 189.782496] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.801111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.809105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.857193] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 189.868033] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 189.881258] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.888421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.921837] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.961183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.970911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.978721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.004100] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.013382] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.043314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.061416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.100814] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.108287] team0: Port device team_slave_0 added [ 190.125009] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.154203] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.164260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.191958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.202078] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.324959] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.332763] team0: Port device team_slave_1 added [ 190.365041] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.385437] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.411159] team0: Port device team_slave_0 added [ 190.444943] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.549352] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 190.556800] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.571035] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.590544] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.598022] team0: Port device team_slave_1 added [ 190.623014] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 190.630440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.709742] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.717549] team0: Port device team_slave_0 added [ 190.726481] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.738080] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 190.763001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.791473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.799465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.831683] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.853640] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.876576] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 190.901941] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.921039] team0: Port device team_slave_1 added [ 190.926932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.937643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.952115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.960088] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.032899] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.045011] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 191.061676] team0: Port device team_slave_0 added [ 191.068054] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.078405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.106020] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 191.131221] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.139128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.161546] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.169263] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.195543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.234354] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.244613] team0: Port device team_slave_1 added [ 191.269421] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.389181] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.418978] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.429097] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.465218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.501389] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.541204] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.578875] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.587646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.605364] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.638295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.685249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.716407] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.755641] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.762256] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.769372] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.775822] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.798112] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 191.804947] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.822116] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.851431] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.857862] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.864661] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.871090] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.904778] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.306773] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.313244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.319952] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.326422] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.359893] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.543600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.556102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.584129] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.752979] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.759403] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.766164] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.772596] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.780871] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.078970] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.085434] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.092192] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.098583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.124140] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.279063] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.285541] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.292767] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.299165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.322572] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.581096] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.591055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.611109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 197.283157] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.319553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.621117] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.754962] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 197.882683] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 197.995134] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.060511] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.195422] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.206178] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.231758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.238957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.272371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.279570] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.302075] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 198.432579] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 198.588411] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 198.656695] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.706845] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.780433] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.836516] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.848139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.859290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.894145] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.905396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.940854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.118034] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.129896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.151515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.185026] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.397247] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.430706] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.542867] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.757657] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.770388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.791195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.252394] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.641803] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 00:05:29 executing program 1: ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0xc0305302, 0x0) socket$inet(0x2, 0x0, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x3) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001a40)=[{{&(0x7f00000001c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f00000018c0), 0x0, &(0x7f0000001980)=""/185, 0xb9}}], 0x1, 0x0, &(0x7f0000001ac0)) socketpair$unix(0x1, 0x6, 0x0, &(0x7f0000000040)) close(r1) r2 = accept4(r0, 0x0, &(0x7f0000000340)=0xff92, 0x0) write$binfmt_misc(r2, &(0x7f0000000880)=ANY=[@ANYBLOB="8de63bb75df0db2e5adf12aff77eb28c091a8169ad228b5e4d8aafc492b8b385993e0af7ead4785ddffb4506dfd3353e595796cb0dc142ef6cc2181dd45fd73317a9cc66eb984bc875bf4700cfb88b0000000000000027585c766d3dd65eaa42b5f41a06b96ed77a5ca3a4f3cd6a2d335c23e35dad518ec9cd8283bb16ec9e965aa645b0dc79b88b68898bf6601e186e96cb98e19823485786fc94d2c61b5b152a6833baf15fb241c7c08a8880cc783734ca45ac6f191a144f647add707b46149c6ead830182b90d0fe856df3207492a741117faad1b4b8c16f21c1c807a9deeaafce9a4b4c1b08b14d44bb6f515590e77b46d820a6b0dfedc63dad739bd16dcb8d3fb38d3d7a67975f9fe8a5c3b590aad2fe00f28461ebf5238ef525bd91543e61922fb0afef32208df1067cc533dce4d4300645a8209d7ce12ab86430c9b5ba2a05b1a3ca535f5ffbf5493e699e00b8df957fb067ad3871a0ae8a04c5120e03b977447dcc58c7d4ceb0fb94f26426e25b64b9e6cc436930782f6f7d80ee8253ea5f4a7215b86a44f462e88e8c330f04ed9c3d56c58703cfb6bcb497aa035"], 0x19f) [ 201.878580] sctp: failed to load transform for md5: -2 00:05:30 executing program 1: 00:05:30 executing program 1: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x2, 0x0) write$binfmt_elf32(r0, &(0x7f0000000780)=ANY=[@ANYBLOB="b4"], 0x1) mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000002, 0x1013, r0, 0x0) ioctl$int_in(r0, 0x80000000005008, 0x0) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 00:05:30 executing program 0: r0 = openat$cgroup_procs(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.threads\x00', 0x2, 0x0) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x3) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e23, @rand_addr=0x3}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)='veth0_to_bond\x00', 0x10) r2 = memfd_create(&(0x7f0000000000)='Pev ', 0x0) ftruncate(r2, 0x200739) sendfile(r1, r2, 0x0, 0xa00004000000004) 00:05:30 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xfffffffffffffffc, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)}, 0x0) socketpair$unix(0x1, 0x20000000001, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000000)) [ 202.511956] 9pnet: Could not find request transport: r [ 202.541409] hrtimer: interrupt took 57942 ns 00:05:30 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) write$binfmt_elf64(r0, 0x0, 0x0) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) [ 202.620543] audit: type=1326 audit(1545609930.635:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7641 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 00:05:30 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg(r0, &(0x7f000000d8c0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)='#', 0x1}], 0x1}}], 0x1, 0x0) recvfrom(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 00:05:30 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xfffffffffffffffc, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)}, 0x0) socketpair$unix(0x1, 0x20000000001, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000000)) 00:05:31 executing program 0: 00:05:31 executing program 3: 00:05:31 executing program 1: 00:05:31 executing program 2: 00:05:31 executing program 5: 00:05:31 executing program 4: r0 = perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) move_pages(0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x8], &(0x7f0000000200)=[0x0, 0x0], 0x4) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xffd8) fcntl$getown(r0, 0x9) [ 203.413938] audit: type=1326 audit(1545609931.435:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7641 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 00:05:31 executing program 3: 00:05:31 executing program 0: 00:05:31 executing program 1: 00:05:31 executing program 5: 00:05:31 executing program 3: 00:05:31 executing program 1: 00:05:31 executing program 5: 00:05:31 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) timer_create(0x0, &(0x7f0000000140)={0x0, 0x0, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000180)) timer_gettime(0x0, 0x0) 00:05:31 executing program 2: 00:05:31 executing program 3: 00:05:31 executing program 2: 00:05:32 executing program 4: 00:05:32 executing program 0: 00:05:32 executing program 5: 00:05:32 executing program 1: 00:05:32 executing program 2: 00:05:32 executing program 3: 00:05:32 executing program 2: 00:05:32 executing program 5: 00:05:32 executing program 3: 00:05:32 executing program 1: 00:05:32 executing program 0: 00:05:32 executing program 4: 00:05:32 executing program 5: 00:05:32 executing program 1: 00:05:32 executing program 3: 00:05:32 executing program 2: 00:05:32 executing program 0: 00:05:32 executing program 5: 00:05:32 executing program 4: 00:05:32 executing program 1: 00:05:32 executing program 3: 00:05:32 executing program 2: 00:05:32 executing program 0: 00:05:32 executing program 1: 00:05:32 executing program 5: 00:05:32 executing program 4: 00:05:32 executing program 3: 00:05:32 executing program 2: 00:05:32 executing program 0: 00:05:32 executing program 4: 00:05:32 executing program 1: 00:05:32 executing program 5: 00:05:33 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1, 0x2, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000f1ff0000000000"], 0x0, 0xe2, 0x1000, &(0x7f0000000700)=""/4096}, 0x48) 00:05:33 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x2, 0x0) ioctl$int_in(r1, 0x8000008004500f, 0x0) 00:05:33 executing program 0: 00:05:33 executing program 1: 00:05:33 executing program 4: 00:05:33 executing program 5: 00:05:33 executing program 3: r0 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) ioctl$IOC_PR_PREEMPT(r0, 0xc05c6104, &(0x7f0000000080)={0x100000000000000}) 00:05:33 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0xffdbc2ca) clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x2, 0x6d, 0x20000000000001, 0x0, 0x0}, 0xbe) unlink(&(0x7f0000000100)='./file0\x00') bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)={&(0x7f0000000080)='./file0\x00', r1}, 0x10) 00:05:33 executing program 1: syz_mount_image$jfs(&(0x7f0000000480)='jfs\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB='iocharset=m']) 00:05:33 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e23, @rand_addr=0x3}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x1000004e23, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) 00:05:33 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}) 00:05:33 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000a00)={0xffffffffffffffff}) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup2(r3, r2) sendmsg$netlink(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000019000), 0x0, &(0x7f0000000280)=[@rights={0x20, 0x1, 0x1, [r4, r4, r0]}, @rights={0x18, 0x1, 0x1, [r1]}], 0x38}, 0x0) dup(0xffffffffffffffff) 00:05:33 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x4b, 0x1e, 0x8000000001}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77ffff, 0x0, 0x10020000000, 0x0}, 0x2c) [ 205.316450] JFS: charset not found [ 205.362250] ================================================================== [ 205.369928] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 205.369946] Write of size 832 at addr ffff8881b5213bc0 by task syz-executor5/7812 [ 205.369951] [ 205.369972] CPU: 0 PID: 7812 Comm: syz-executor5 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 205.369989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.369996] Call Trace: [ 205.370020] dump_stack+0x244/0x39d [ 205.384307] ? dump_stack_print_info.cold.1+0x20/0x20 [ 205.415138] ? printk+0xa7/0xcf [ 205.418437] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 205.423223] print_address_description.cold.4+0x9/0x1ff [ 205.428603] ? fpstate_init+0x50/0x160 [ 205.432536] kasan_report.cold.5+0x1b/0x39 [ 205.436789] ? fpstate_init+0x50/0x160 [ 205.440698] ? fpstate_init+0x50/0x160 [ 205.444605] check_memory_region+0x13e/0x1b0 [ 205.449042] memset+0x23/0x40 [ 205.452170] fpstate_init+0x50/0x160 [ 205.455902] kvm_arch_vcpu_init+0x3e9/0x870 [ 205.460262] kvm_vcpu_init+0x2fa/0x420 [ 205.464188] ? vcpu_stat_get+0x300/0x300 [ 205.468274] ? kmem_cache_alloc+0x33f/0x730 [ 205.472630] vmx_create_vcpu+0x1b7/0x2695 [ 205.476797] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 205.481948] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 205.486569] ? preempt_schedule+0x4d/0x60 [ 205.490754] ? preempt_schedule_common+0x1f/0xe0 [ 205.495556] ? vmx_exec_control+0x210/0x210 [ 205.499893] ? ___preempt_schedule+0x16/0x18 [ 205.504317] ? kasan_check_write+0x14/0x20 [ 205.508571] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 205.513553] ? wait_for_completion+0x8a0/0x8a0 [ 205.518186] ? print_usage_bug+0xc0/0xc0 [ 205.522271] ? migrate_swap_stop+0x8a0/0x8a0 [ 205.526701] kvm_arch_vcpu_create+0xe5/0x220 [ 205.531122] ? kvm_arch_vcpu_free+0x90/0x90 [ 205.535474] kvm_vm_ioctl+0x526/0x2030 [ 205.539410] ? kvm_unregister_device_ops+0x70/0x70 [ 205.544363] ? mark_held_locks+0x130/0x130 [ 205.548631] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 205.553863] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 205.559016] ? futex_wake+0x304/0x760 [ 205.562846] ? __lock_acquire+0x62f/0x4c20 [ 205.567143] ? mark_held_locks+0x130/0x130 [ 205.571408] ? graph_lock+0x270/0x270 [ 205.575221] ? do_futex+0x249/0x26d0 [ 205.578969] ? rcu_read_unlock_special+0x370/0x370 [ 205.583913] ? rcu_softirq_qs+0x20/0x20 [ 205.587898] ? unwind_dump+0x190/0x190 [ 205.591819] ? find_held_lock+0x36/0x1c0 [ 205.595907] ? __fget+0x4aa/0x740 [ 205.599393] ? lock_downgrade+0x900/0x900 [ 205.603556] ? check_preemption_disabled+0x48/0x280 [ 205.608597] ? kasan_check_read+0x11/0x20 [ 205.612762] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 205.618057] ? rcu_read_unlock_special+0x370/0x370 [ 205.623020] ? __fget+0x4d1/0x740 [ 205.626522] ? ksys_dup3+0x680/0x680 [ 205.630254] ? __might_fault+0x12b/0x1e0 [ 205.634336] ? lock_downgrade+0x900/0x900 [ 205.638526] ? lock_release+0xa00/0xa00 [ 205.642560] ? perf_trace_sched_process_exec+0x860/0x860 [ 205.648025] ? kvm_unregister_device_ops+0x70/0x70 [ 205.652973] do_vfs_ioctl+0x1de/0x1790 [ 205.656889] ? ioctl_preallocate+0x300/0x300 [ 205.661316] ? __fget_light+0x2e9/0x430 [ 205.665311] ? fget_raw+0x20/0x20 [ 205.668777] ? _copy_to_user+0xc8/0x110 [ 205.672776] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.678333] ? put_timespec64+0x10f/0x1b0 [ 205.682528] ? nsecs_to_jiffies+0x30/0x30 [ 205.686697] ? do_syscall_64+0x9a/0x820 [ 205.690685] ? do_syscall_64+0x9a/0x820 [ 205.694671] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 205.699273] ? security_file_ioctl+0x94/0xc0 [ 205.703702] ksys_ioctl+0xa9/0xd0 [ 205.707177] __x64_sys_ioctl+0x73/0xb0 [ 205.711081] do_syscall_64+0x1b9/0x820 [ 205.714989] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 205.720400] ? syscall_return_slowpath+0x5e0/0x5e0 [ 205.725345] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 205.730222] ? trace_hardirqs_on_caller+0x310/0x310 [ 205.735255] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 205.740287] ? prepare_exit_to_usermode+0x291/0x3b0 [ 205.745340] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 205.750223] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.755424] RIP: 0033:0x457669 [ 205.758657] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.777590] RSP: 002b:00007f3ef7150c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 205.785325] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 205.792617] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 205.799907] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 205.807215] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3ef71516d4 [ 205.814527] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 205.821839] [ 205.823484] Allocated by task 7812: [ 205.827147] save_stack+0x43/0xd0 [ 205.830616] kasan_kmalloc+0xcb/0xd0 [ 205.834343] kasan_slab_alloc+0x12/0x20 [ 205.838333] kmem_cache_alloc+0x130/0x730 [ 205.842492] vmx_create_vcpu+0x110/0x2695 [ 205.846668] kvm_arch_vcpu_create+0xe5/0x220 [ 205.851088] kvm_vm_ioctl+0x526/0x2030 [ 205.854991] do_vfs_ioctl+0x1de/0x1790 [ 205.858891] ksys_ioctl+0xa9/0xd0 [ 205.862384] __x64_sys_ioctl+0x73/0xb0 [ 205.866285] do_syscall_64+0x1b9/0x820 [ 205.870218] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.875405] [ 205.877041] Freed by task 0: [ 205.880063] (stack is not available) [ 205.883793] [ 205.885443] The buggy address belongs to the object at ffff8881b5213b80 [ 205.885443] which belongs to the cache x86_fpu of size 832 [ 205.897799] The buggy address is located 64 bytes inside of [ 205.897799] 832-byte region [ffff8881b5213b80, ffff8881b5213ec0) [ 205.909589] The buggy address belongs to the page: [ 205.914549] page:ffffea0006d484c0 count:1 mapcount:0 mapping:ffff8881d67cce00 index:0x0 [ 205.914563] flags: 0x2fffc0000000200(slab) [ 205.914583] raw: 02fffc0000000200 ffff8881d721a248 ffff8881d721a248 ffff8881d67cce00 [ 205.914599] raw: 0000000000000000 ffff8881b5213040 0000000100000004 0000000000000000 [ 205.914607] page dumped because: kasan: bad access detected [ 205.914611] [ 205.914616] Memory state around the buggy address: [ 205.914636] ffff8881b5213d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00:05:33 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xffd8) fcntl$getown(0xffffffffffffffff, 0x9) [ 205.914647] ffff8881b5213e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 205.914657] >ffff8881b5213e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 205.914663] ^ [ 205.914673] ffff8881b5213f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 205.914684] ffff8881b5213f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 205.997427] ================================================================== [ 206.004795] Disabling lock debugging due to kernel taint [ 206.023061] Kernel panic - not syncing: panic_on_warn set ... [ 206.029016] CPU: 1 PID: 7812 Comm: syz-executor5 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 206.038907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.048268] Call Trace: [ 206.050870] dump_stack+0x244/0x39d [ 206.054543] ? dump_stack_print_info.cold.1+0x20/0x20 [ 206.059753] ? fpstate_init+0x30/0x160 [ 206.063649] panic+0x2ad/0x632 [ 206.066853] ? add_taint.cold.5+0x16/0x16 [ 206.071016] ? preempt_schedule+0x4d/0x60 [ 206.075173] ? ___preempt_schedule+0x16/0x18 [ 206.079596] ? trace_hardirqs_on+0xb4/0x310 [ 206.083927] ? fpstate_init+0x50/0x160 [ 206.087821] end_report+0x47/0x4f [ 206.091280] kasan_report.cold.5+0xe/0x39 [ 206.095433] ? fpstate_init+0x50/0x160 [ 206.099364] ? fpstate_init+0x50/0x160 [ 206.103271] check_memory_region+0x13e/0x1b0 [ 206.107721] memset+0x23/0x40 [ 206.110839] fpstate_init+0x50/0x160 [ 206.114557] kvm_arch_vcpu_init+0x3e9/0x870 [ 206.118903] kvm_vcpu_init+0x2fa/0x420 [ 206.122801] ? vcpu_stat_get+0x300/0x300 [ 206.126866] ? kmem_cache_alloc+0x33f/0x730 [ 206.131202] vmx_create_vcpu+0x1b7/0x2695 [ 206.135370] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 206.140482] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 206.145086] ? preempt_schedule+0x4d/0x60 [ 206.149243] ? preempt_schedule_common+0x1f/0xe0 [ 206.154026] ? vmx_exec_control+0x210/0x210 [ 206.158358] ? ___preempt_schedule+0x16/0x18 [ 206.162774] ? kasan_check_write+0x14/0x20 [ 206.167023] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 206.171973] ? wait_for_completion+0x8a0/0x8a0 [ 206.176568] ? print_usage_bug+0xc0/0xc0 [ 206.180638] ? migrate_swap_stop+0x8a0/0x8a0 [ 206.185059] kvm_arch_vcpu_create+0xe5/0x220 [ 206.189491] ? kvm_arch_vcpu_free+0x90/0x90 [ 206.193836] kvm_vm_ioctl+0x526/0x2030 [ 206.197734] ? kvm_unregister_device_ops+0x70/0x70 [ 206.202677] ? mark_held_locks+0x130/0x130 [ 206.206916] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 206.212145] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 206.217283] ? futex_wake+0x304/0x760 [ 206.221099] ? __lock_acquire+0x62f/0x4c20 [ 206.225359] ? mark_held_locks+0x130/0x130 [ 206.229599] ? graph_lock+0x270/0x270 [ 206.233416] ? do_futex+0x249/0x26d0 [ 206.237141] ? rcu_read_unlock_special+0x370/0x370 [ 206.242098] ? rcu_softirq_qs+0x20/0x20 [ 206.246076] ? unwind_dump+0x190/0x190 [ 206.249977] ? find_held_lock+0x36/0x1c0 [ 206.254057] ? __fget+0x4aa/0x740 [ 206.257534] ? lock_downgrade+0x900/0x900 [ 206.261692] ? check_preemption_disabled+0x48/0x280 [ 206.266723] ? kasan_check_read+0x11/0x20 [ 206.270875] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 206.276160] ? rcu_read_unlock_special+0x370/0x370 [ 206.281102] ? __fget+0x4d1/0x740 [ 206.284564] ? ksys_dup3+0x680/0x680 [ 206.288771] ? __might_fault+0x12b/0x1e0 [ 206.292840] ? lock_downgrade+0x900/0x900 [ 206.297046] ? lock_release+0xa00/0xa00 [ 206.301027] ? perf_trace_sched_process_exec+0x860/0x860 [ 206.306481] ? kvm_unregister_device_ops+0x70/0x70 [ 206.311424] do_vfs_ioctl+0x1de/0x1790 [ 206.315319] ? ioctl_preallocate+0x300/0x300 [ 206.319735] ? __fget_light+0x2e9/0x430 [ 206.323714] ? fget_raw+0x20/0x20 [ 206.327167] ? _copy_to_user+0xc8/0x110 [ 206.331148] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 206.336704] ? put_timespec64+0x10f/0x1b0 [ 206.340858] ? nsecs_to_jiffies+0x30/0x30 [ 206.345043] ? do_syscall_64+0x9a/0x820 [ 206.349040] ? do_syscall_64+0x9a/0x820 [ 206.353018] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 206.357607] ? security_file_ioctl+0x94/0xc0 [ 206.362029] ksys_ioctl+0xa9/0xd0 [ 206.365514] __x64_sys_ioctl+0x73/0xb0 [ 206.369425] do_syscall_64+0x1b9/0x820 [ 206.373320] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 206.378700] ? syscall_return_slowpath+0x5e0/0x5e0 [ 206.383634] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 206.388484] ? trace_hardirqs_on_caller+0x310/0x310 [ 206.393535] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 206.398567] ? prepare_exit_to_usermode+0x291/0x3b0 [ 206.403597] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 206.408460] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.413647] RIP: 0033:0x457669 [ 206.416857] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.435761] RSP: 002b:00007f3ef7150c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 206.443472] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 206.450752] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 206.458023] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 206.465296] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3ef71516d4 [ 206.472566] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 206.480778] Kernel Offset: disabled [ 206.484405] Rebooting in 86400 seconds..