[info] Using makefile-style concurrent boot in runlevel 2. [ 26.576516] audit: type=1800 audit(1545615251.650:21): pid=5872 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts. 2018/12/24 01:34:23 fuzzer started 2018/12/24 01:34:25 dialing manager at 10.128.0.26:33943 2018/12/24 01:34:25 syscalls: 1 2018/12/24 01:34:25 code coverage: enabled 2018/12/24 01:34:25 comparison tracing: enabled 2018/12/24 01:34:25 setuid sandbox: enabled 2018/12/24 01:34:25 namespace sandbox: enabled 2018/12/24 01:34:25 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 01:34:25 fault injection: enabled 2018/12/24 01:34:25 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 01:34:25 net packet injection: enabled 2018/12/24 01:34:25 net device setup: enabled 01:36:40 executing program 0: getrandom(&(0x7f0000000540)=""/6, 0x6, 0x2) r0 = gettid() timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) syzkaller login: [ 175.548480] IPVS: ftp: loaded support on port[0] = 21 01:36:40 executing program 1: socket$inet6(0xa, 0x805, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x8400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000100)=0xffffffff80000001) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000500)={0x6c07, 0x0, 0x3ff, 0x8000000005, 0x5}) futex(&(0x7f0000000080)=0x2, 0x0, 0x2, &(0x7f0000000380)={0x0, 0x989680}, &(0x7f00000003c0)=0x2, 0x0) flistxattr(r0, &(0x7f0000000400)=""/168, 0xfffffffffffffcc0) fremovexattr(r0, &(0x7f00000000c0)=@known='trusted.overlay.impure\x00') epoll_wait(0xffffffffffffffff, &(0x7f0000000180)=[{}, {}, {}], 0x3, 0xd) unshare(0x40000000) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = semget$private(0x0, 0x8, 0x4) semctl$SEM_STAT(r2, 0x2, 0x12, &(0x7f00000008c0)=""/208) semctl$GETPID(0x0, 0x0, 0xb, 0x0) unshare(0x4000000) gettid() ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000240)={[0x4, 0x0, 0x0, 0x0, 0x10000, 0xfffffffffffff800, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f00000005c0)=""/94, &(0x7f00000001c0)=0x5e) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net\x00\x00\x00\x00\x00\x00\x00\a/expire_nodest_conn\x00', 0x2, 0x0) mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xfffffffffffffffe) ioctl$FS_IOC_GETVERSION(r1, 0x80087601, &(0x7f00000004c0)) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x10000, &(0x7f0000000540)={0xffffffffffffffff}, 0x13f, 0x100f}}, 0x20) ioctl$ION_IOC_HEAP_QUERY(r1, 0xc0184908, &(0x7f0000000300)={0x34, 0x0, &(0x7f0000000040)}) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f0000000740)={0xb, 0xd9, 0xfa00, {&(0x7f0000000640), r4, 0x9}}, 0x18) ioctl$UI_DEV_SETUP(r1, 0x405c5503, 0xffffffffffffffff) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/ptmx\x00', 0xfffffffffffffffd, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) getdents64(r5, &(0x7f00000000c0)=""/11, 0xeb) [ 175.841482] IPVS: ftp: loaded support on port[0] = 21 01:36:41 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0xfffffffffc, 0x31, 0xffffffffffffffff, 0x0) ioctl$BLKPG(r0, 0x1269, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}) [ 176.081883] IPVS: ftp: loaded support on port[0] = 21 01:36:41 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000140)="420fb507b805000000b98de92d630f01c1f2430f3566b869008ec0f0814b00ec480000470f017a00f3f7e4470f017cc0423e26460f21f6410f01df", 0x3b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x4000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_upper(0xffffffffffffffff, 0x0, &(0x7f0000000440)={0x0, 0xfb, 0xc16, 0x0, 0x0, "d19fccaf27603b34415b1d4ecd7cf2ae", "4aa20fad33f511442dfd67f53ad84f5f66c54b202a1d7e2b3f08ed13daedf75d1c4dd88a19fb9d89887be41e8d2e45fd89959c4adf89fddc509eefca1bee2085cbfba29e0dd82baf98712ba12e81b1076df4271d3f1b281f263c886eb31fef0e9bdcc5565321647e9e2222617541c8b667d0061b942ff9340c2f9790cd6b3bac697c5fd26e63955776d9c826a4985b0ec61cc76a08b205f7ccf396fe119431d9e9fdb92a457eca32b63e294257b0824a3b140028818b751ed5f6b82efd797cee15f14385fd370789d9490f1346a346821c387ae21742bf79118aa46c0dde590dbd27f01d6035fa46168a37e539ad06288b360ae1a306441fa49d0f5b6e1177d4a021b1a3a2a1abafde5b8de113fd270c172f34124219128bf2080bb898563c8997e73847660cd562893565169f841fa9185d525bc4b0c3e675a0c220bca29a1c36766b17bcc5b9fb305813e0611fc90b1ae7c713b9e0f04a8f223cbc041e41e14a17ca63b87c4839b673850f3f64ec4d5d3cbd9a43fa7cf96fd2d5d7d43edd83712d13e853752de6adc018b62c39a6832505459d983fce6a0f433feb3fa386b3072e880c9dd4842c9c99c8d0d87c3948610492fe29c506460343f47d7b65d8845fea27775edbbabddaecc6568152b87101fa58a640140025186a782ef37b1633b54837779767b42d22b8ac3b2edef9944676981c61b72ff1167a8fefb82e8d083dfe6b8a2928461f0e86165ee8f2796f66bacce23019d6f1b652a5759c3fcef207d72253b33fc7fc31f3eb4085a4ce5b4defbcf91b518f3df75db0108773fa0d471d32e928fb465113d6ae40798d4166cc5ed7a74cfe20d74afed4068e1e1a13ae2a95fb08cb251d47f6187694537da7a79637f58137a88842a38660fd37c2099a36c6d795e183057453f163051a3c66180e78f37250517e859d8b34a44dbe727fc7a45376c3ee67dc3be46e6cf0abf3a72e4bc827c6f4aa6924077bf0c88bd425265be5208e44a46825a469be441b3f546506bca75710c7ed717c93c2bdfe21ed60cdc70ad66b76ffe1901cc74e89dc507db23f2a9c5f8121b9b6bdd060b7e39200a0de9a2ceae6303fbde7a03b79c81c3e26ec159e461b15c6b414d865e18f60a940c91937a3af3ac566eb18e2c1eb2a81ba3a9573b8d886d560f81fdfb28c823e0c1c2f1597a6c72e43eabd8e9c864451ffd5f06d1aeaef23321d51f062e1877d027949f7adff32d8e0e803b62b3143e33cd7141b56182553aeb1ccd1dc158edfdd9e01569a31bda8b926e41ce1da66ec918b8759c7f9a63773ad069f3673dc842534b82c4c82d6987dec546e59d95946da5e34670e7d8918f7e98dadd2f60b719204457000aa1dee3447e0dd15e911e2c09fe09d87b3773efd79a89cc78c6c684e5a31d43ebd880627a9cd6940242732fe6507d8417bba3fcccfc04d02900bd9895014aec9fb1ae9898f3909a818e824ffcaa3a073ed2924bd394c78bfd8b344b584c7d05b2007dc1d366790d6e289b95080dd195dbb1ab3f459662e16773461f951a14aa1db9032118ed61873f9031b5a6ed45f06ae21571dfb184a96da84afdb28fd368d297106821b0fcb5fc99c536032931fe86351d84d7c27d2a832086536f016dc17880b119334569b2c2a044ad9f8ef9094918f6eb8419adf2a29f899d6ba86cdaadbd05477ed3b470602d1b42b7133d8039780ab9e0c0a6e810703ee42e32959855574a18f8b3d0a54798c4366133bedf9424ea44f317ea2e6b01fd7b9568064a2fc0769a10293e402e09ae55bc1ab8252c45b133accf78cdbbfebcb867429f5401eb69fad39c06b40a9bf57a1b1160858322022657958c5decd3f430a2058e845db13ce8d7c7d68b7143eba005cdcd7974992846fe0f365b2c34256805b5748905d9caad0bba8ef0b67f5e6a023ee00cbc29447f0e1ee8efc05faa3f9f59abe4636edde3fbe379213b218ab9bf1c64452a2ef261a5b80f05ac072dc1d7a6a36cf2329b7c3665fe9bed2b4c29fcb63cfb49e5e6b09b2130927af691167080e86365cc0d25875cf36656e7af76ec627a1b89aff0272c8de9e298d80d42e7469e0d7366f6094a2c2359fc4ea40c557fe8072aba923525c5d1a20e3596ae1686ad51fb7ea07ca334d607d4c9cb16341af485e48337b16a8a2ca57df64c01a13edf805295dd8008f3a50653506c629badc3773c936ad883be793614c1b525be62216b37621546946566daeefb0ffe3ebbde09cbc1a1048351844f5247c8c1431301b95204fba2e3d493389daf641bc873498c34a9d697a9009aa8016407e37b4d1b7fbe6ac1ed62aeb97a7e42afa6e9d960eac705aab178b36f76ac7f6cd3063c22265597f0d5c81ec56d3e379c35dfa93c8f2e9d61e102a957561f234ad14401504aa45d16ffae0cb87032acbc37f3b67143457b3dece71c06611e91d56206cfdb5ca2aa0821d82943e67c6e1e106c1945144290ebdddbb746a68a82a2130dc3315087dbc3d57a8f78944252d3263d0f8fe67af25a2496412778975e5736be90f5a242e9daa6852f0a8cc299390314decf18f85d5fce40afdbc58692349a95313618de86bc639c5463c0dee8f816597d41b59011a7085e8e93c1ecdc76a56644f60dda325bc13db191a249009d74ebfb483e0f0338a8625c925f375a67cb6e67d74b679e94aa33bfc4a53406ee2304ebd2aea1b0812982fefca65e628341bc786dbeabf3ee72794f4ed0ca881f7290d3b5a6bf7deeeed4fe79f19153af91eb44324258f94a6dab81aa0dc56d9d5d10241e1c73f8dc151e96fc88dfdcec4b91af9ae4a2236f29c0603d3182a95b948e6b14f58ba50bbde9d73eefedaa2fe5b71f763756ee0d2243ca5333d1d6bc9ec94ace7b367e9c6f06bb11f39ad36943b71562f5a27817e17199b77e6046d543a938bc8f423310f7346f119364dfdc1059b2ec327ffe6699ea7409d8043aae9a0a7d3850c370bbe2296df661f665870ead06df4d24308e5a3d3496689ba7e2aab06acaea9101e3c64b5a571f9895023eb3bb7b9ad3dc93319c1762f5afa3bd036921ef13ded2772868acf5d966e92cac8526570a10b707259ee9d9dba15e60c1fd8a7239804cf861d40d9e912883596295a28d07abab20c2b378371791057f781534d076fc2f80f37e3629bb71dd5108aa2b93dc7745d63eb3d8017acb7f83c624f28a51ea5ce4d7ed2fe6d9b0ff7c51c0a0916a9d7c7ac3dcaf446d2789d00f9ef39e94c4b8cf1fcb9b2072572cb7f0a0299572d84d7e3a7bbf2b5490471b6cfa2858b870e0550f0d77fac61035b8dc1374855f295a54f92088458e0182e038299ec73ed35bdc3251312a945ab64dbc6d3bddc03c97462671920248c4c99bc40e2cfd4a3f8e55249b64ad2dc6f2ee914ba60d1dc46bb878f545e729a8c198271d72c473f823aae3e167dcf987e44e5234af4abd9a9b36037ccc6dc4b25f0f8619d6dbe71bc7cf55a422bbb6a81803c706f3885c7bec0e262375afe791c608356ddde09c1ad453832f55d77e7208d0dddfec70481590d9b4a332db6db26ff055f47cda458cf87f593da07e5fdd5eb1304e92b12655c8df5e272c00a161d0621d25764750e87c5b5fc246a0e5c0d72bcb53c135f78e0f266aa175a8f5eff479c814ce36197ba4528cd16837fb218c82ad0c950d0aebd00a156f3ab98d6f6bca3737287a00f425084ed05f68333821789757afc61e1cd07e100ca474fc7b075516f73bb7143ed8f64ce193859d2c2e1d42d97122afc2577fd6be52e31d749c4687d9f8255f40e562fcd806e95bf974e1e1d9f9b534625ebd9557fb3fe124368e48df7d000e2e467d6f71732e643a496dac8ce9140017aa120c8a4a9b576e8ac2b421d1de195e5fb259808a85487c93f4bbf0e978c468be15ef9a824b77223f0c49ffbef05f2a8cb93261a91c4256df0c858c4b86eb0c841e0e43077c2fbe4e10becab0cc31734e3aa35bb5bd2924bb32f7cfb28de30c093f1ed8096e41eb304f30f0244832271f02a4a0cb212ad3410d13f3b89abd6f41e31654d2d3036ab552b7af96f6f757c0a7f73546147a7cebbd8ae7d893077d7ef8d4ee14bc9fbd0831078ae6348ad6ebe049bb3d26dc1922f7f5309cae9f51ad13720c0ce825d4379b177b3229938017567d5eb928f3432d685a0c5f474eb9a5ee83752d94eaeee9bd0b70a12888903e910ec6728f9a9771e2fb84ad3d4ca5746ceef173bbf33dc60d6bd98a33538e7ccebd613768525a4d2c0e5a3eefa28516d8a79f77a42e1a14cb123eb55d70e81391f757777bd36b608130e93a7c9aea5090360edf7dcea15665165c582292a2cbe9c2310ebe2437b21"}, 0xc16, 0x0) [ 176.542174] IPVS: ftp: loaded support on port[0] = 21 01:36:41 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'\x00', 0x43732e5398416f1a}) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000000)) [ 176.970734] IPVS: ftp: loaded support on port[0] = 21 01:36:42 executing program 5: preadv(0xffffffffffffffff, &(0x7f0000000000), 0x287, 0x0) [ 177.302131] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.344271] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.351833] device bridge_slave_0 entered promiscuous mode [ 177.406814] IPVS: ftp: loaded support on port[0] = 21 [ 177.510148] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.523736] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.531289] device bridge_slave_1 entered promiscuous mode [ 177.648230] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 177.794796] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 177.847516] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.868619] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.876427] device bridge_slave_0 entered promiscuous mode [ 178.015949] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.029716] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.043804] device bridge_slave_1 entered promiscuous mode [ 178.162378] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.181569] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.198155] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.206178] device bridge_slave_0 entered promiscuous mode [ 178.216534] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.305862] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.316797] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 178.325264] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.331678] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.373025] device bridge_slave_1 entered promiscuous mode [ 178.528235] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.621567] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.761496] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.901502] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 178.930835] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.963019] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.993085] device bridge_slave_0 entered promiscuous mode [ 179.019307] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.043952] team0: Port device team_slave_0 added [ 179.051026] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.092245] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.109657] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.117875] device bridge_slave_1 entered promiscuous mode [ 179.135414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.158878] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.194141] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.202384] team0: Port device team_slave_1 added [ 179.209909] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.312052] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.344296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.352251] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.359818] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.367540] device bridge_slave_0 entered promiscuous mode [ 179.383960] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.455717] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.481192] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.492380] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.501290] device bridge_slave_0 entered promiscuous mode [ 179.539112] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.553241] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.560953] device bridge_slave_1 entered promiscuous mode [ 179.581453] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 179.606045] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.612410] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.628568] device bridge_slave_1 entered promiscuous mode [ 179.645010] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.673375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.681399] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 179.690605] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.701079] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.711835] team0: Port device team_slave_0 added [ 179.726272] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 179.743353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.751131] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.803440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.814718] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.834493] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.844827] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.868098] team0: Port device team_slave_1 added [ 179.886535] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.914876] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.931438] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 179.938712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.954271] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.047142] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 180.054268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.068697] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.088551] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.124117] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.143708] team0: Port device team_slave_0 added [ 180.151336] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.203711] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.214851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.264366] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.272895] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 180.285369] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.293580] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.301005] team0: Port device team_slave_1 added [ 180.317512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.333755] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.373767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.392374] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.428507] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.446128] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.514371] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.588024] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.696969] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.711376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.745808] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.753453] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.762223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.783591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.791548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.834415] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.841812] team0: Port device team_slave_0 added [ 180.897931] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.913580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.930481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.977827] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.996193] team0: Port device team_slave_1 added [ 181.004189] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.011578] team0: Port device team_slave_0 added [ 181.116168] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 181.124943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.132883] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.144693] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.157279] team0: Port device team_slave_1 added [ 181.180369] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.199678] team0: Port device team_slave_0 added [ 181.217205] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.284031] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.320845] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.329122] team0: Port device team_slave_1 added [ 181.355806] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.371672] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.381131] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.433663] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.466351] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.477922] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.493239] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.501221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.557986] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.564514] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.571421] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.577841] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.586844] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.598278] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.639018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.669535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.700328] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.714615] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.727377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.743665] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.764327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.797701] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.823712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.839356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.866595] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.882359] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.888846] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.895520] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.901876] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.911996] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.919461] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.943701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.191204] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.197634] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.204332] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.210701] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.224004] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 182.793441] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.807407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.891014] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.897432] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.904232] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.910621] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.921342] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.131619] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.138084] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.144828] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.151182] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.164713] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.381033] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.387443] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.394129] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.400478] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.415047] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.844576] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.853648] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.861139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.954620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.013295] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.023584] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.423752] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.450969] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.514363] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.844640] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.861490] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.895269] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.917196] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.933494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.940596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.951252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.973809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.121646] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 188.149842] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.159631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.303696] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 188.376768] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.387696] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 188.412112] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.703328] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.732709] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.750955] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 188.759641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.773608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.839956] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 188.853511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.871418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.259325] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.275019] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 189.285761] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.655952] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 189.662830] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.683769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.143353] 8021q: adding VLAN 0 to HW filter on device team0 01:36:56 executing program 0: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx\x00'}, 0x58) r3 = accept4$alg(r2, 0x0, 0x0, 0x0) write$binfmt_elf64(r1, &(0x7f0000000040)=ANY=[], 0xfffffdea) splice(r0, 0x0, r3, 0x0, 0x2000000000a, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) [ 191.437283] hrtimer: interrupt took 29954 ns [ 191.437734] QAT: Invalid ioctl [ 191.747945] IPVS: ftp: loaded support on port[0] = 21 01:36:56 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0\x00', 0x381000, 0x0) write$FUSE_NOTIFY_DELETE(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="3d4000000600000000090000000000000000000000010000dd95d19d16dca915f670ab065700000000000100000000000000140000000000000173656c6673656c696e757876626f786e6574312400ab2c0a89364b95bf206c81357e1023bfd72cddd9f6f5f771ac2b4400000000"], 0x6e) close(r0) r2 = socket$inet6(0xa, 0x400000000001, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x19, &(0x7f000074fffc)=0x3, 0x348) r3 = dup(r2) setsockopt$inet6_tcp_int(r3, 0x6, 0x20000000000002, &(0x7f00007b1000)=0x81, 0x4) bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet(r0, &(0x7f0000000240)="3a3c58a59b6f933cba7de2146a93c435c1466529aaadb4554f83a39a81e4cbdfe7da0115b6277f3d24cd6e0f6959f964db92f3e12fe70b8d698f46a3e99684f87782ef55efc2103aa1212b83cafba82a0504c5c31c6618a42a625fd0d4135ca43e15c9059f44eb126f8ed50ee573b32342e2a9f6995030076900af8e47d82711655026ceb4ebe0f2cfd10d96f1a73ae533c7e04169211b0ae84fb9ac104bab620895f5d64874dcdee6804893541dc449216cf819636ea1badd4cc3ade0a3961bf27c2f686f56fa70d990f7367450cd0c4b63", 0xd2, 0x8001, 0x0, 0x0) [ 191.988275] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 01:36:57 executing program 2: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)) r0 = gettid() r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) read(r1, 0x0, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0x9205, 0x0) read(r1, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x15) 01:36:57 executing program 0: seccomp(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) rt_sigaction(0x2f, 0x0, 0x0, 0x8, &(0x7f00000006c0)) [ 192.323815] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 01:36:57 executing program 2: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)) r0 = gettid() r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) read(r1, 0x0, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0x9205, 0x0) read(r1, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x15) [ 192.492685] kauditd_printk_skb: 9 callbacks suppressed [ 192.492700] audit: type=1326 audit(1545615417.560:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7589 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 [ 192.592204] ================================================================== [ 192.599720] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 192.606313] Write of size 832 at addr ffff8881d7422bc0 by task syz-executor3/7585 [ 192.613942] [ 192.615591] CPU: 0 PID: 7585 Comm: syz-executor3 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 192.624097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.633464] Call Trace: [ 192.636073] dump_stack+0x244/0x39d [ 192.639747] ? dump_stack_print_info.cold.1+0x20/0x20 [ 192.644980] ? printk+0xa7/0xcf [ 192.648270] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 192.653047] print_address_description.cold.4+0x9/0x1ff [ 192.658434] ? fpstate_init+0x50/0x160 [ 192.662335] kasan_report.cold.5+0x1b/0x39 [ 192.662353] ? fpstate_init+0x50/0x160 [ 192.662374] ? fpstate_init+0x50/0x160 [ 192.662394] check_memory_region+0x13e/0x1b0 [ 192.662411] memset+0x23/0x40 [ 192.662430] fpstate_init+0x50/0x160 [ 192.662448] kvm_arch_vcpu_init+0x3e9/0x870 [ 192.662474] kvm_vcpu_init+0x2fa/0x420 [ 192.662493] ? vcpu_stat_get+0x300/0x300 [ 192.690126] ? kmem_cache_alloc+0x33f/0x730 [ 192.690157] vmx_create_vcpu+0x1b7/0x2695 [ 192.690180] ? do_raw_spin_unlock+0xa7/0x330 [ 192.690203] ? vmx_exec_control+0x210/0x210 [ 192.690225] ? kasan_check_write+0x14/0x20 [ 192.690242] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 192.690261] ? futex_wait_queue_me+0x55d/0x840 [ 192.698210] ? wait_for_completion+0x8a0/0x8a0 [ 192.698232] ? print_usage_bug+0xc0/0xc0 [ 192.698256] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.698271] ? get_futex_value_locked+0xcb/0xf0 [ 192.698293] kvm_arch_vcpu_create+0xe5/0x220 [ 192.706736] ? kvm_arch_vcpu_free+0x90/0x90 [ 192.706766] kvm_vm_ioctl+0x526/0x2030 [ 192.706781] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 192.706798] ? futex_wait+0x5ec/0xa50 [ 192.706818] ? kvm_unregister_device_ops+0x70/0x70 [ 192.706841] ? mark_held_locks+0x130/0x130 [ 192.706861] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 192.706883] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 192.706908] ? futex_wake+0x304/0x760 [ 192.715626] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.715644] ? check_preemption_disabled+0x48/0x280 [ 192.715666] ? debug_smp_processor_id+0x1c/0x20 [ 192.715683] ? perf_trace_lock+0x14d/0x7a0 [ 192.715710] ? lock_is_held_type+0x210/0x210 [ 192.715737] ? mark_held_locks+0x130/0x130 [ 192.715753] ? graph_lock+0x270/0x270 [ 192.715771] ? do_futex+0x249/0x26d0 [ 192.724926] ? trace_hardirqs_off+0xb8/0x310 [ 192.724948] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.724967] ? check_preemption_disabled+0x48/0x280 [ 192.734119] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.734138] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.734162] ? find_held_lock+0x36/0x1c0 [ 192.734191] ? __fget+0x4aa/0x740 [ 192.734211] ? lock_downgrade+0x900/0x900 [ 192.734224] ? check_preemption_disabled+0x48/0x280 [ 192.734246] ? kasan_check_read+0x11/0x20 [ 192.734263] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 192.734282] ? rcu_read_unlock_special+0x370/0x370 [ 192.734312] ? __fget+0x4d1/0x740 [ 192.734345] ? ksys_dup3+0x680/0x680 [ 192.734366] ? __might_fault+0x12b/0x1e0 [ 192.743956] ? lock_downgrade+0x900/0x900 [ 192.743979] ? lock_release+0xa00/0xa00 [ 192.743997] ? perf_trace_sched_process_exec+0x860/0x860 [ 192.744016] ? kvm_unregister_device_ops+0x70/0x70 [ 192.744034] do_vfs_ioctl+0x1de/0x1790 [ 192.744069] ? ioctl_preallocate+0x300/0x300 [ 192.744089] ? __fget_light+0x2e9/0x430 [ 192.744108] ? fget_raw+0x20/0x20 [ 192.744124] ? _copy_to_user+0xc8/0x110 [ 192.744147] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.744170] ? put_timespec64+0x10f/0x1b0 [ 192.753229] ? nsecs_to_jiffies+0x30/0x30 [ 192.753249] ? do_syscall_64+0x9a/0x820 [ 192.753266] ? do_syscall_64+0x9a/0x820 [ 192.753282] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 192.753302] ? security_file_ioctl+0x94/0xc0 [ 192.753330] ksys_ioctl+0xa9/0xd0 [ 192.753354] __x64_sys_ioctl+0x73/0xb0 [ 192.753374] do_syscall_64+0x1b9/0x820 [ 192.753392] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 192.753411] ? syscall_return_slowpath+0x5e0/0x5e0 [ 192.753427] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 192.753449] ? trace_hardirqs_on_caller+0x310/0x310 [ 192.761658] ? prepare_exit_to_usermode+0x291/0x3b0 [ 192.761698] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 192.761736] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.761752] RIP: 0033:0x457669 [ 192.775581] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.775591] RSP: 002b:00007fe9464f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 192.775607] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 192.775617] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 192.775627] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 192.775636] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe9464f86d4 [ 192.775647] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 192.775674] [ 192.775682] Allocated by task 7585: [ 192.775707] save_stack+0x43/0xd0 [ 192.780521] kobject: 'tx-0' (00000000f04b819c): fill_kobj_path: path = '/devices/virtual/net/ip_vti0/queues/tx-0' [ 192.785108] kasan_kmalloc+0xcb/0xd0 [ 192.785122] kasan_slab_alloc+0x12/0x20 [ 192.785138] kmem_cache_alloc+0x130/0x730 [ 192.785152] vmx_create_vcpu+0x110/0x2695 [ 192.785166] kvm_arch_vcpu_create+0xe5/0x220 [ 192.785179] kvm_vm_ioctl+0x526/0x2030 [ 192.785193] do_vfs_ioctl+0x1de/0x1790 [ 192.785207] ksys_ioctl+0xa9/0xd0 [ 192.785221] __x64_sys_ioctl+0x73/0xb0 [ 192.785236] do_syscall_64+0x1b9/0x820 [ 192.785251] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.785255] [ 192.785263] Freed by task 0: [ 192.785268] (stack is not available) [ 192.785272] [ 192.785283] The buggy address belongs to the object at ffff8881d7422b80 [ 192.785283] which belongs to the cache x86_fpu of size 832 [ 192.785297] The buggy address is located 64 bytes inside of [ 192.785297] 832-byte region [ffff8881d7422b80, ffff8881d7422ec0) [ 192.785303] The buggy address belongs to the page: [ 192.785317] page:ffffea00075d0880 count:1 mapcount:0 mapping:ffff8881d487de00 index:0x0 [ 192.785336] flags: 0x2fffc0000000200(slab) [ 192.785356] raw: 02fffc0000000200 ffff8881d4872948 ffff8881d4872948 ffff8881d487de00 [ 192.809952] kobject: 'ip6_vti0' (000000004fbb75c4): kobject_add_internal: parent: 'net', set: 'devices' [ 192.813686] raw: 0000000000000000 ffff8881d7422040 0000000100000004 0000000000000000 [ 192.813693] page dumped because: kasan: bad access detected [ 192.813698] [ 192.813703] Memory state around the buggy address: [ 192.813717] ffff8881d7422d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 192.813729] ffff8881d7422e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 192.813741] >ffff8881d7422e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 192.813765] ^ [ 192.813776] ffff8881d7422f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 192.813787] ffff8881d7422f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 192.813793] ================================================================== [ 192.813799] Disabling lock debugging due to kernel taint [ 193.026677] QAT: Invalid ioctl [ 193.063585] Kernel panic - not syncing: panic_on_warn set ... [ 193.302929] CPU: 1 PID: 7585 Comm: syz-executor3 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 193.312801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.322153] Call Trace: [ 193.324752] dump_stack+0x244/0x39d [ 193.328382] ? dump_stack_print_info.cold.1+0x20/0x20 [ 193.333587] ? fpstate_init+0x30/0x160 [ 193.337477] panic+0x2ad/0x632 [ 193.340676] ? add_taint.cold.5+0x16/0x16 [ 193.344832] ? preempt_schedule+0x4d/0x60 [ 193.348990] ? ___preempt_schedule+0x16/0x18 [ 193.353407] ? trace_hardirqs_on+0xb4/0x310 [ 193.357727] ? fpstate_init+0x50/0x160 [ 193.361624] end_report+0x47/0x4f [ 193.365120] kasan_report.cold.5+0xe/0x39 [ 193.369270] ? fpstate_init+0x50/0x160 [ 193.373159] ? fpstate_init+0x50/0x160 [ 193.377074] check_memory_region+0x13e/0x1b0 [ 193.381487] memset+0x23/0x40 [ 193.384594] fpstate_init+0x50/0x160 [ 193.388309] kvm_arch_vcpu_init+0x3e9/0x870 [ 193.392649] kvm_vcpu_init+0x2fa/0x420 [ 193.396536] ? vcpu_stat_get+0x300/0x300 [ 193.400597] ? kmem_cache_alloc+0x33f/0x730 [ 193.404941] vmx_create_vcpu+0x1b7/0x2695 [ 193.409099] ? do_raw_spin_unlock+0xa7/0x330 [ 193.413516] ? vmx_exec_control+0x210/0x210 [ 193.417845] ? kasan_check_write+0x14/0x20 [ 193.422085] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 193.427012] ? futex_wait_queue_me+0x55d/0x840 [ 193.431594] ? wait_for_completion+0x8a0/0x8a0 [ 193.436178] ? print_usage_bug+0xc0/0xc0 [ 193.440241] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.445785] ? get_futex_value_locked+0xcb/0xf0 [ 193.450477] kvm_arch_vcpu_create+0xe5/0x220 [ 193.454886] ? kvm_arch_vcpu_free+0x90/0x90 [ 193.459218] kvm_vm_ioctl+0x526/0x2030 [ 193.463106] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 193.468212] ? futex_wait+0x5ec/0xa50 [ 193.472017] ? kvm_unregister_device_ops+0x70/0x70 [ 193.476954] ? mark_held_locks+0x130/0x130 [ 193.481190] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 193.486384] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 193.491491] ? futex_wake+0x304/0x760 [ 193.495296] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.500840] ? check_preemption_disabled+0x48/0x280 [ 193.505874] ? debug_smp_processor_id+0x1c/0x20 [ 193.510544] ? perf_trace_lock+0x14d/0x7a0 [ 193.514786] ? lock_is_held_type+0x210/0x210 [ 193.519202] ? mark_held_locks+0x130/0x130 [ 193.523437] ? graph_lock+0x270/0x270 [ 193.527238] ? do_futex+0x249/0x26d0 [ 193.530997] ? trace_hardirqs_off+0xb8/0x310 [ 193.535429] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.540967] ? check_preemption_disabled+0x48/0x280 [ 193.545997] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.551548] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.557097] ? find_held_lock+0x36/0x1c0 [ 193.561167] ? __fget+0x4aa/0x740 [ 193.564627] ? lock_downgrade+0x900/0x900 [ 193.568776] ? check_preemption_disabled+0x48/0x280 [ 193.573793] ? kasan_check_read+0x11/0x20 [ 193.577960] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 193.583238] ? rcu_read_unlock_special+0x370/0x370 [ 193.588176] ? __fget+0x4d1/0x740 [ 193.591636] ? ksys_dup3+0x680/0x680 [ 193.595353] ? __might_fault+0x12b/0x1e0 [ 193.599420] ? lock_downgrade+0x900/0x900 [ 193.603572] ? lock_release+0xa00/0xa00 [ 193.607549] ? perf_trace_sched_process_exec+0x860/0x860 [ 193.613002] ? kvm_unregister_device_ops+0x70/0x70 [ 193.617935] do_vfs_ioctl+0x1de/0x1790 [ 193.621835] ? ioctl_preallocate+0x300/0x300 [ 193.626245] ? __fget_light+0x2e9/0x430 [ 193.630219] ? fget_raw+0x20/0x20 [ 193.633676] ? _copy_to_user+0xc8/0x110 [ 193.637663] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.643261] ? put_timespec64+0x10f/0x1b0 [ 193.647409] ? nsecs_to_jiffies+0x30/0x30 [ 193.651561] ? do_syscall_64+0x9a/0x820 [ 193.655535] ? do_syscall_64+0x9a/0x820 [ 193.659505] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 193.664098] ? security_file_ioctl+0x94/0xc0 [ 193.668508] ksys_ioctl+0xa9/0xd0 [ 193.671966] __x64_sys_ioctl+0x73/0xb0 [ 193.675861] do_syscall_64+0x1b9/0x820 [ 193.679748] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 193.685113] ? syscall_return_slowpath+0x5e0/0x5e0 [ 193.690052] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 193.694905] ? trace_hardirqs_on_caller+0x310/0x310 [ 193.699929] ? prepare_exit_to_usermode+0x291/0x3b0 [ 193.704946] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 193.709799] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.714995] RIP: 0033:0x457669 [ 193.718237] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.737152] RSP: 002b:00007fe9464f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 193.744862] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 193.752125] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 193.759406] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 193.766676] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe9464f86d4 [ 193.773944] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 193.782166] Kernel Offset: disabled [ 193.785794] Rebooting in 86400 seconds..