Warning: Permanently added '10.128.0.104' (ECDSA) to the list of known hosts. 2018/12/24 03:09:49 fuzzer started 2018/12/24 03:09:51 dialing manager at 10.128.0.26:33943 2018/12/24 03:09:51 syscalls: 1 2018/12/24 03:09:51 code coverage: enabled 2018/12/24 03:09:51 comparison tracing: enabled 2018/12/24 03:09:51 setuid sandbox: enabled 2018/12/24 03:09:51 namespace sandbox: enabled 2018/12/24 03:09:51 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 03:09:51 fault injection: enabled 2018/12/24 03:09:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 03:09:51 net packet injection: enabled 2018/12/24 03:09:51 net device setup: enabled 03:12:12 executing program 0: syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x6c, 0x0, @empty=0x9000000, @broadcast}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) [ 185.519444] IPVS: ftp: loaded support on port[0] = 21 03:12:12 executing program 1: semget$private(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x400000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) pipe(&(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r0, 0x4, 0x2c00) write(r3, &(0x7f00000001c0), 0xfffffef3) read(r2, &(0x7f0000000540)=""/250, 0x446a6e69) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setresuid(0xffffffffffffffff, 0xfffe, 0xffffffffffffffff) [ 185.794490] IPVS: ftp: loaded support on port[0] = 21 03:12:12 executing program 2: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket(0x10, 0x80002, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2f0000001800030007fffd946fa283bc8020000000040005031d856808000f000600000016ccbb24e0710b42fa3ccc", 0x2f}], 0x1}, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) [ 186.186106] IPVS: ftp: loaded support on port[0] = 21 03:12:13 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400200007fe, &(0x7f00000002c0)={0x2, 0x10084e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0x263313e) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) [ 186.522034] IPVS: ftp: loaded support on port[0] = 21 03:12:13 executing program 4: r0 = socket$unix(0x1, 0x1, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) pwritev(0xffffffffffffffff, 0x0, 0xfffffffffffffc98, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) getgid() listen(r1, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) accept4$inet(r1, &(0x7f0000000080)={0x2, 0x0, @multicast2}, 0x0, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) [ 187.085670] IPVS: ftp: loaded support on port[0] = 21 [ 187.103279] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.128941] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.136795] device bridge_slave_0 entered promiscuous mode [ 187.326129] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.356849] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.371681] device bridge_slave_1 entered promiscuous mode 03:12:14 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000280)={0x0, 0x4000000000088, 0x0, 0x40, &(0x7f0000ffa000/0x4000)=nil, 0x10e15}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000300)={0x0, @time={0x0, 0x989680}, 0x6, {0x1}, 0x6, 0x0, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x80000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f0000000600)={0x1000, 0x2, 'client0\x00', 0x0, "f53f0094036c6c00", "63f91a3c787b91ec03f9fd428f0172e2c149b83499973de883ddba09a57dcc0e", 0x3, 0x33093e40}) userfaultfd(0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) getresuid(&(0x7f0000000040), &(0x7f0000000240), &(0x7f0000000380)) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB]) ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, &(0x7f00000006c0)=""/186) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000200)) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB='z1'], 0x2) process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) utime(&(0x7f0000000400)='./file0\x00', &(0x7f00000002c0)) read$FUSE(r1, &(0x7f00000030c0), 0x1000) read$FUSE(r1, &(0x7f0000001000), 0x10da) write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x3, 0xffffffffffffff9c, 0xa) close(0xffffffffffffffff) write(r2, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f67012", 0x1f7) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000340)='/dev/dri/card#\x00', 0x3, 0x200) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r3) dup2(r3, r3) [ 187.517826] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.597461] IPVS: ftp: loaded support on port[0] = 21 [ 187.745719] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.906416] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.932112] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.941487] device bridge_slave_0 entered promiscuous mode [ 188.021179] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.034043] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.050827] device bridge_slave_1 entered promiscuous mode [ 188.132157] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.234465] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.307134] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.355859] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.458398] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.469746] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.477155] device bridge_slave_0 entered promiscuous mode [ 188.615417] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.622706] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.631131] device bridge_slave_1 entered promiscuous mode [ 188.654591] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 188.707659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.773359] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.807945] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.931176] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.942192] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.963896] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.978965] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.987168] device bridge_slave_0 entered promiscuous mode [ 189.109731] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.116198] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.128242] device bridge_slave_1 entered promiscuous mode [ 189.153045] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.168106] team0: Port device team_slave_0 added [ 189.277890] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.290696] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.300183] device bridge_slave_0 entered promiscuous mode [ 189.308791] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.323765] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 189.331462] team0: Port device team_slave_1 added [ 189.350620] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.446418] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.455098] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.469483] device bridge_slave_1 entered promiscuous mode [ 189.478358] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.522088] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.541280] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.651767] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.708258] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 189.716272] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 189.730182] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.737587] team0: Port device team_slave_0 added [ 189.757628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.770834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.779016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.798891] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.813577] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.829946] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.842558] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 189.851304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.859254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.880385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.912258] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 189.926951] team0: Port device team_slave_1 added [ 189.942801] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.977446] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.991916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.022050] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.061274] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 190.111926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.120436] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.130163] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.136525] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.146447] device bridge_slave_0 entered promiscuous mode [ 190.168561] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.201861] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 190.208704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.230572] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.271825] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.278217] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.301314] device bridge_slave_1 entered promiscuous mode [ 190.335337] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.365880] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.384086] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.406276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.442443] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.455795] team0: Port device team_slave_0 added [ 190.469848] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 190.500233] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.508527] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.540647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.592584] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 190.613279] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.643526] team0: Port device team_slave_1 added [ 190.651529] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 190.665841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.704485] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.712947] team0: Port device team_slave_0 added [ 190.788684] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 190.795672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.809246] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.868174] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 190.897620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.907669] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.941580] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.948986] team0: Port device team_slave_1 added [ 190.970154] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.991899] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.000092] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.030465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.077270] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.126977] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 191.144207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.160215] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.172321] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.184413] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 191.207774] team0: Port device team_slave_0 added [ 191.220101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.240417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.256037] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.372980] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.390202] team0: Port device team_slave_1 added [ 191.399216] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.435517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.446063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.503528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.566375] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.587181] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.599543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.639932] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 191.646987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.660926] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.726658] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 191.751754] team0: Port device team_slave_0 added [ 191.809950] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.817115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.840850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.883736] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.890273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.897240] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.903666] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.918271] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 191.936162] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.944206] team0: Port device team_slave_1 added [ 191.968513] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.986235] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.992662] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.999308] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.005723] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.064201] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.071467] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.079534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.098300] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 192.128157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.149218] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.313599] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.433175] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 192.461045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.472635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.579819] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.587411] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.612997] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 192.623624] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.670679] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.693818] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.700258] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.706928] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.713363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.738024] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.105787] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.112226] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.118882] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.125309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.142175] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.600086] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.610623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.667684] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.674133] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.681096] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.687469] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.720585] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 194.148023] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.154475] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.161986] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.168357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.194526] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 194.640390] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.647901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 196.950792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.245554] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.362312] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 197.750602] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 197.880479] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 197.886959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.897881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.267575] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.290430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.310451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.335711] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.347213] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.510812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.749164] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.821328] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.885524] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.032721] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.270353] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.301381] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.307533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.317135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.442994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.480247] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.486426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.510378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.820634] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.830667] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.837560] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.851488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.886436] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.967677] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.240783] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 200.246970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.279987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.304730] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.671509] 8021q: adding VLAN 0 to HW filter on device team0 03:12:28 executing program 0: socketpair(0x1, 0x0, 0x12ce, &(0x7f0000000000)={0xffffffffffffffff}) r1 = accept(r0, 0x0, &(0x7f0000000040)) socketpair(0x1, 0x2, 0x7, &(0x7f0000000080)) r2 = semget$private(0x0, 0x2, 0x88) semctl$GETZCNT(r2, 0x3, 0x7, &(0x7f00000000c0)=""/158) fsync(r1) setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f0000000180)="fa059645ff96667590b587ad9d92ecead6dd4863b26cb37b217aabd9f868cbbe62226b577a3c883de788035054904cc1b8b54d4090e1b13ff49b8de148eea922fc0db95a67afc291b46eae437bfdc89cc67d147d04f7e473389788ceb751b99f08edc8253927825e8512a06978b7ad7fbdea91f04a58d5a90b02a5a4f0567fc9b14dfcb04d10d8b30617fd3fbca8", 0x8e) pipe2(&(0x7f0000000240)={0xffffffffffffffff}, 0x10000) r4 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0xebdacafa009aac6b) renameat(r3, &(0x7f0000000280)='./file0\x00', r4, &(0x7f0000000300)='./file0\x00') accept(r1, &(0x7f0000000340)=@in, &(0x7f0000000380)=0xc) open(&(0x7f00000003c0)='./file0\x00', 0xb00, 0x31) accept(r3, &(0x7f0000000400)=@in6, &(0x7f0000000440)=0xc) fcntl$setflags(r0, 0x2, 0x1) r5 = shmget(0x2, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmctl$SHM_LOCK(r5, 0x3) shmget(0x3, 0x3000, 0x80, &(0x7f0000ffb000/0x3000)=nil) shmget$private(0x0, 0x2000, 0x20c, &(0x7f0000ffc000/0x2000)=nil) faccessat(r4, &(0x7f0000000480)='./file0\x00', 0x18, 0x2) semctl$SETVAL(r2, 0x0, 0x8, &(0x7f0000000540)=0x81a4) 03:12:28 executing program 0: socket$inet6(0xa, 0x0, 0x6) openat$tun(0xffffffffffffff9c, &(0x7f0000000640)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$mice(&(0x7f0000000200)='/dev/input/mice\x00', 0x0, 0x0) io_setup(0x0, &(0x7f0000000380)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.net/syz1\'u\xca\x1eV\xb8*k,\x96\x104[\xf0\x84\x1f\x9c\x01\x02\xea\x83\x17\xe1\xc2\xfdz\xd8\x19\xa4\xe09', 0x1ff) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000001c0)}], 0x1, 0x0, 0x0, 0x8044}, 0x440c4) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(0xffffffffffffffff, 0x40a45321, &(0x7f0000000480)={{0xffffffffffffffff, 0x6}, 'port1\x00', 0xf, 0x0, 0x7fffffff, 0x5, 0x7, 0x143c, 0x0, 0x0, 0x0, 0x2}) ioctl$KDGKBTYPE(0xffffffffffffffff, 0x4b33, 0x0) capset(&(0x7f0000581ff8), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x40000000b30, &(0x7f0000000000)=0x0) io_pgetevents(r0, 0x1, 0x1, &(0x7f0000000040)=[{}], &(0x7f0000000140)={0x0, 0x1c9c380}, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, &(0x7f0000000300)={'ah\x00'}, &(0x7f0000000400)=0x1e) [ 201.661238] hrtimer: interrupt took 43164 ns 03:12:28 executing program 0: socket$inet6(0xa, 0x0, 0x6) openat$tun(0xffffffffffffff9c, &(0x7f0000000640)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$mice(&(0x7f0000000200)='/dev/input/mice\x00', 0x0, 0x0) io_setup(0x0, &(0x7f0000000380)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.net/syz1\'u\xca\x1eV\xb8*k,\x96\x104[\xf0\x84\x1f\x9c\x01\x02\xea\x83\x17\xe1\xc2\xfdz\xd8\x19\xa4\xe09', 0x1ff) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000001c0)}], 0x1, 0x0, 0x0, 0x8044}, 0x440c4) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(0xffffffffffffffff, 0x40a45321, &(0x7f0000000480)={{0xffffffffffffffff, 0x6}, 'port1\x00', 0xf, 0x0, 0x7fffffff, 0x5, 0x7, 0x143c, 0x0, 0x0, 0x0, 0x2}) ioctl$KDGKBTYPE(0xffffffffffffffff, 0x4b33, 0x0) capset(&(0x7f0000581ff8), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x40000000b30, &(0x7f0000000000)=0x0) io_pgetevents(r0, 0x1, 0x1, &(0x7f0000000040)=[{}], &(0x7f0000000140)={0x0, 0x1c9c380}, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, &(0x7f0000000300)={'ah\x00'}, &(0x7f0000000400)=0x1e) 03:12:29 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x3c) memfd_create(&(0x7f0000000040)='proc,\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) sendmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000002d40), 0x2bc}}, {{0x0, 0x0, &(0x7f0000000040), 0x361, &(0x7f0000000140)}}], 0x40001ab, 0x0) 03:12:29 executing program 0: r0 = socket$inet6(0xa, 0x1000000000001, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000140)={'bridge0\x00\x00\x00\x00\x80\x00', &(0x7f0000000000)=@ethtool_cmd={0xd, 0x0, 0x2}}) 03:12:29 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000075040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], 0x0}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x1800000000000d00, 0xe, 0x0, &(0x7f0000000440)="b90703e6680d698cb89e40f088a8", 0x0, 0x0, 0x6000}, 0x28) 03:12:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) setrlimit(0x7, &(0x7f000000f000)) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 202.763730] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 03:12:29 executing program 1: r0 = getpgrp(0x0) r1 = gettid() rt_sigprocmask(0x0, &(0x7f0000000000)={0xfffffffffffffffe}, 0x0, 0x8) rt_tgsigqueueinfo(r0, r1, 0x10000000036, &(0x7f0000000080)) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000ff8)={0xfffffffffffffdb0}, 0x8, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) read(r2, &(0x7f00000001c0)=""/128, 0x3ea) 03:12:30 executing program 2: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket(0x10, 0x80002, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2f0000001800030007fffd946fa283bc8020000000040005031d856808000f000600000016ccbb24e0710b42fa3ccc", 0x2f}], 0x1}, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 03:12:30 executing program 3: syz_mount_image$xfs(&(0x7f0000000040)='xfs\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 03:12:30 executing program 0: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x177586c) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) lremovexattr(&(0x7f0000000280)='./file0\x00', &(0x7f0000000240)=@known='trusted.overlay.impure\x00') write$P9_RLERROR(r0, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 204.095084] XFS (loop3): Invalid superblock magic number 03:12:31 executing program 1: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl(r1, 0x1000008912, &(0x7f0000000640)="0a5c2d023c126285718070") write$apparmor_current(r0, &(0x7f0000000080)=@profile={'changeprofile ', '&]proc(\x00'}, 0xf) 03:12:31 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000840)=""/148, 0x94}], 0x0, 0x0) write$FUSE_POLL(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, '\x9e\xdez\x8cZ\xe9^\xc8g,\x934\x0fd:fO\x13\xee\xabe\xc02)\x01\xdck\xd3l\xde,Q\xf0\x1b\x7f\v\x01O\x9f\x91\xee\xb7\xc3|r@\xf4v\xc8\xd7S\xd0\x00\xaa\x8f\xaf\x8f\xb5t\xdb\xcf\xa6\xdcM', 0x20000000000000}) futex(0x0, 0x0, 0x10000000000, &(0x7f0000000040)={0x77359400}, &(0x7f0000048000), 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0) clock_gettime(0x7, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) write$cgroup_pid(r0, &(0x7f0000000080), 0xfffffe38) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x660c, 0x0) open(&(0x7f0000000280)='./bus\x00', 0x141042, 0x0) ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f0000000000)={0x3, 0x7, 0x80000000, 0xffffffff}) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8, 0x4002091, 0xffffffffffffffff, 0x0) rt_sigprocmask(0x0, &(0x7f0000000300)={0x3}, 0x0, 0x8) ioctl$GIO_FONT(0xffffffffffffffff, 0x4b60, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x2f, 0x1, @thr={&(0x7f00000007c0)="26c56673640a7bef669933dec90ec53181f345b27f8e90361e1aaa368ef1dea19b432fb2c0699e15d2a983c6556afb2d0c8c844f06a9a1ba85b2de1323ba72b19b1635bd0127f3770a4e7e4a21a7af307ca56b1f3fb4b26dfcf8a5271d4647527fa1ada8aa5bccd407181e6af37d15e0f37f09ab2714dbdfa7770b3751742afcbb91c1cd9ed85fe619f27ef05e3e3ecbfd690a6168115ed11afe8973399c70b5d53a0cf5625b6ec3be45fa892cf1d49947d3aa397c4210dad2033397880a54c3e9d203660a53ad51da74aaab76a1ea38e522c22e02ea320cd57dfa7a39480f0b18a6cee864111e909cca701d155f0523dfda846e1be195396b5601509e6a8777d1bfc8c63f766105e6225d72c907f1699362ddab02e9613a50f4278f5ef775840b74001ea970f39a7cd71d1d502a197d4562b77da9edbd9f96af4971ff94ab03eeb39c80a31286bdb7fdb894334b75b489ddd1d43cd17344644bb1bc91d61ed4fb21c03acdca97901ac570347611beda426df0b9e15abad3f6f06e1f3c645e5a2a6172d27a695c8cb0490ba2d86cee74ac83bd10cb6bab44aa23052a7528e366e0e11cccd92d3bd570538ddfb42a278ef415e71bae00393bcf14680f96d58071e44c42ec0b2fe11cf332550d0ae6a4cdade27c83405242dec32e855fc3810d878895bb5b1e2b8d5a2ca8d5d7c9dab3f370f479cc91e4510a551e1f6487076ed3b7309cd6e3a2ef496e1976e67048aa4b8969f4ae0d364f705c6c1241c7228f0f93a5bed1b646f099e35d312c3a91095f4dbd17c71647dd914e25a82391704dabc51098548d13a7dcd9dcd167d2de63a5e7d2a6ce5013cd23e8353a3c47ad329b79ef5135dfb8c1dade972a7bca56089fc841d33fc85e00b6aac5fbff2655b35a1e711fb02380708c7d79b6c38a37926ae7aeb1797b1b24e13e8f5d2e5d4b1e8a8be140bf37bfe2b693296d26d225595f0b4c015b808b9a37cd167aab25fb7ca630a1bd92777bd44153ed7f5c8dacb673f1eef76a01e70f8894ff69a68135e2605e6fb01b5ca0395cd0421fe39e014d0af093f6246d7cfca859b61c0f743a90892d7deadc27ffa7104f4fa74c555ba1b6a762691919f47cc24ca1b0fef0c50c931d8dcffe02bb882ae5061788e3b25a753156d3c1bbe852c617ded86a75499d22051ba57cd835d87a5cbf42bd8296942d85497eb336224c1233da2c6fd15a563565af99e645b219b34645a703433917c5fe569b531e40f312ce062688733fdb1313c85f7dafbcf87d8dc8e24b2940d3f9bcd6eec99ee11f073cc6ebb658353b801e832e548b02d8dbdff723917ad2ffa7675cb57d90ab04470144e5fefdf0fa5581cb87ce26181cb5fd3d4bf1bce4d6be13205b9fec314eca31c20dbbc0eb07e0d563c171d45d73bfd29fa2421270a98fe31c7f7b8608e4e480d56c950c81672eec0c5fcf51a8516dfce696d03a9bc9849f159898dc603b7725b85e3d21d6cc8502ea4f7548fa1170f4a2afbbe59493b9769a11105144994c596a66da09f03ae30aedb2f1ec49427f6eedb5a145293d0d167fe737602a3f2e997b23c9c4f06a4c5e22206255256bbb2ca9c09db87ba5df9e595ea61d9422751f58876f26d348aa6abd2851990fdad66fff33611a7c9f28d12b8f76c58d4d47a236eb74bc77ec9809552a7bdc45bdf9e30d2dbe94bcdb2253c5527f685926c11019336b3ead6e7997b89194355285e2de2cc0b055068fc296540b4f2c27cec67af83c71466f3ef53033d17f1f5cbecb44e78697f35356ee8f87dd3d8cf83fb14e2fceff8d30fa357024dbb73a69be770deefc3ebb65e1737bed68df5becdf1f837691bbcbb742f9265ca81014b1a18f65a414ebead849be74f954505c5783a5705d4830f0c8f5f22926b56db18aa1698e784d04dc57fb2a7601121f6ee8f29b368afc2adcd5b26b8a005c0f37083a8f7d40c7792465a611aec83c3957d2e7b85cdca8b163c40fc36d6e586061a5be077b37e16a2281487a003e7ee33aecd5f2b44869a8abb79ea54477a867ab9d08a907e4f36d0a50a472e28809609e2858f1d3107dff18eaf141d1ecac9731810c6c06b81d77a455726cd0320bb0d5286454e905b533f0311aa38bf6d2bb0b25a45c8f5d4466b21968fbcb1efc6f603f64fa92309ddfcd2ed37571bedb683f65d41ea872c049d18dd7629125a16c633fb0c0bcf3edfa2eb5ba623f02bc8ef778a1dc5dcf684e9fa175561981fc9442627cd3527260d5d7f1b81f21356a29aecf17554412a05ba19a57d80ea9a23c75956e213ffa0e59864486e837d6d163c7c056ee82cc5b36c5a55a518123993870727f5f47dc7ee94ff1eba9fcfd3d84336843db5a0c988d46f67e855e7e7ea9a5fbf11771e211eb5b5c645368b32f6a2d7c6c44df6ae9afd1e9c5b5242cae0892eacba1252aaeb85e759d029402eb5e860ae3849a94ae367bbeca8f9a2f93c92c53f62cc58e28444aed00dd29f883a5bfb0ffd4531c67cfaf8f5aebcf1a6c9748596c46927ad101dd9eb27251f69ad8b51e384708c0ee319ba951263bc43d44c26526e437dcddfff63f066f1a23bad7bfe8218fec7ca34200bd7751b74a52e8b5c63f1bd59a41afbdde96a689eb011cf1002ec0bad80953292edf48a6fe72f722ed81668513112d8b9bd0c7fcea60dca6330d7b0f3b38c9bf67b701d5a0b62c4fa7dfda65138726ed089e80ae2934adea1202e4045cc868c199af60a2514d9adcb60db339a33d89563be8a7ac14eb303446647f90bee7ee425687db547ad29e531f18a2cedb94c684845550b6803ce511cc7a49e2eda4d21e05874bcbd13c42316dc24060424611fb8b8237fef390f46feb5a7263a6f84ac59368011ca8dcbe9294a2b31cbdc412874e349f62778217355103742b86e8dc52821095fa5a5739010d0f0c5886c0071c8dea2213e75b6ec5ced22d9d5553825569acd6a126d390ff233d0b95a1af94741a61024789055e0d5a22ce781a00f3c926da62c5855a615b55fbc1f158b8d782fca351068267b25df60b2ad8465de3ba63fd61ed9e57c41c56f4ca6efc36667f7acaf704922eaea4f0843da9cd6127c8635eb802aabe761066e5545664329f597ab8d1950d7afb6af40c52c5d9fede24ad14f7514e5060c5a368a47a9f186d32c83ebeb225dd995ea90d9b6e2a125a6cded5d7744fb9ac58902cc12560d6f3c409ae834808556fab74491d4cf9d08d077910e0b57d9d35ef6103cb55749154a62ae6d0b44b12093bfed8811e066c96fb4d0359cc117f140201f2299ed93e4751ef85a597e6b9dd43e591aaa106bc3bc5e71c8552a6b188c1bbfa98bbc5999d6f5647d6cf25cc9240fef89027fc715f24cf06301db4214eb87aa0b449491bde927b982b59605e0f80949d0381e0895380d323df1543c6291784da4306b6455323c1d21884a77516ad3de6e046123f3724f7cc8241567ae474e40c5ad7ea7c1f055f0ae7a303c6b0773f27a02d60b85bce38c25ed008059ce8eb5a9166d6078a79f47511e2b22bf794d31e77dfb269d8d5eaca145e68522d413d8372aff65000630b5f8400a8fda3bf5b75301eeec9988d736951d496a33226b92783c0898326c8f021bcf4a0add27b54e1948a3c62d4aa2d063a4a86e9652853a0a75db3cdf11a519db9da08f790e17c4ad51643ac5c4cd83a5076d428ea4b0625f2ece817b7c6481e1b78e39b21731c2e5e3fb4105e31d857637eabe35e27e3b2144eec0ff9ae596e69a7a0cb569fbbeecc3b32256e60a3109385b0995f1c90a1f68a41e7a6e06af637c671b28bf8eab1789859389bbdcf97743e5838753aea487c82f6a7b45286fa130b47b5883f96b28474d8de4646e0c1cf6dfe652206720018f8e5383b587289c9e138ba6292f41533d7c3bac2ed775663b03976474d889d8d741619e852a0e1cea68d16f71ec57b2c40111d1964c1c3612ebf1e0e09a4afcc95518d23124545ff5e4e910d26320bed5dbf68a7d4dde7730a45017375e3f85b33a2aa959de9ecb8602820470f35ef0fd1700e39d0f028110993b54f210d3e7035ec377066fb5b8259cc44d35e952372ebbd751f31d728d49816188b8277e783d3d008b78917a80baf90b41e5dff65d01bbb820b46b1b23b7b27b5ce5792e48da57979775de548a8793e8edc44ad3a42fc477dad8dfdef49dd78f97447f3826d3e31f7a7f104a667990bea7874327b7078f456cb8358b617c72c956d03df4bfbce90b670c2df0b1a2fcb0ee5b6a37681f88239b80e7c519f0ca762d2e66d371be91d16dd83c090db0b255023853469e4a0b44d3edf1e22232521728bdb2b1f5217bd3023786ea96765f56f964d3045dc2d4dad5c5cd5a4150863eb7af881c472c46549e29c4aeec925353c9646945bd80e9c7b807f67fe4b21b356628592a89e06227171442f7429ba073775ab963e5d5eff85c4e4d04c3018fcfe6a8c8619e4fc6ee43e0f53941c7545e894df630b72c035a5b3e48f52f29298f6dc72fea7c284e8ac9d5ce36b8c4472b7964aa267fbd151d6c64f9735bf7ca229d9e36a9f272b14ff43f5ac18682c78996d907651c1224e902880496824127d6a115c2647c95c87ee0424f2c25db893833529f1ac862df4fe1613d27291cbc82a2a75589900c3e0281a2305b31710bf325abd98e6cf7521b9d4ad1b34cf33439b8b0dcdb0ecdb47689fc4d9322e6adaaab1228daf942af50376033a3d1666ca1775084d493dc2658805cee69f854dc3c67e6e0eb49c357e273759f2ad9e039b7c8a1fe421d0ee2885cd216136a5d938aa752701bfe8af233bd5330891a3e8d915401a5a62d3aeec22980a29d0ab7faa09259d987476a36416b81bf6c69e6176b85d78d8be3e146bcb429dd148b31bb3e00512610d783392217d8e84f57520fac2d9a489129de708c23cc1ab1a8e8bc076886e07dc8be4a033301a1d80b17e45041be477fa24922b05193f285417b5c69bc711c1f76284de9234b6d62d3d846d61dac80e7f5100a76b5cfc5c7becd059a56fd8af9a9647408db618134e909009337a4e400624016cc9aad85382ceda1ebc0fbd883e29e03112ecf87af1fa5bff48ad916e897e24e166c5550e546de274afce197fcf42bffb1e97811f85ac2daf96adeca62a9db94c5baaf8e9cdb8c453be01be88c9c2843c6664ec43845bc64cc385a04753d6a5e047b344dc70f699586f62715f378f215c487e6daf3fd80e6a2502a6610a38dbed46b2030ac0ebd49e0dfff1d3b1cddb90eb4ba99b1d696671156698baff139aa40466ac03adaf7c576f6d6fe2e6719d6dcca60c0edb338a8a2b030f88ebd9fac8de4384ae3af5f667d9e37fefe9ba5a38deeaa9921be7b0aca30ec5b8837b4a317cef18226372af3c03ac7c300950a3d66dbbf4311bf88ef93288d978d6c5aa46848362317b7b092977c3f0a0022872919449f34077944b442f183605529ab1ce3636debad8a98ede35719f3ef4b77223f77a98c8a020350c9e2526b3809222e815419c3537956b600a5345d2769fbf732009c52db801fc60dfcccf6f75a409eddb2b3e1f72ee3670fee51350db7ecca8574aee82f3d6c1b1cd78b0bb9cfaf5a96116640d358d9bd5e994105bfe40b60324a0a5b1a9c38751282ce413a49ff5605d0cace040f6a110e63d6757a3af37d679376e3ea69588919789c8d2b6955dbf05d7cfddb95ade94b0c99c83fe8f3d1081f93a4b4d9c6cafc451bc3e2efe25267a7cbcf145369b90b2b66fd331b70e6cae0a730e97836c7216a8368fcef05865122f", 0x0}}, &(0x7f0000000240)) r1 = syz_open_dev$sndseq(&(0x7f0000000140)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) 03:12:31 executing program 2: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket(0x10, 0x80002, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2f0000001800030007fffd946fa283bc8020000000040005031d856808000f000600000016ccbb24e0710b42fa3ccc", 0x2f}], 0x1}, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 03:12:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) connect$inet(r0, &(0x7f0000000440)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x40000000000002f, 0x0) 03:12:31 executing program 0: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x177586c) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) lremovexattr(&(0x7f0000000280)='./file0\x00', &(0x7f0000000240)=@known='trusted.overlay.impure\x00') write$P9_RLERROR(r0, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:12:31 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000280)={0x0, 0x4000000000088, 0x0, 0x40, &(0x7f0000ffa000/0x4000)=nil, 0x10e15}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000300)={0x0, @time={0x0, 0x989680}, 0x6, {0x1}, 0x6, 0x0, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x80000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f0000000600)={0x1000, 0x2, 'client0\x00', 0x0, "f53f0094036c6c00", "63f91a3c787b91ec03f9fd428f0172e2c149b83499973de883ddba09a57dcc0e", 0x3, 0x33093e40}) userfaultfd(0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) getresuid(&(0x7f0000000040), &(0x7f0000000240), &(0x7f0000000380)) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB]) ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, &(0x7f00000006c0)=""/186) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000200)) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB='z1'], 0x2) process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) utime(&(0x7f0000000400)='./file0\x00', &(0x7f00000002c0)) read$FUSE(r1, &(0x7f00000030c0), 0x1000) read$FUSE(r1, &(0x7f0000001000), 0x10da) write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x3, 0xffffffffffffff9c, 0xa) close(0xffffffffffffffff) write(r2, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f67012", 0x1f7) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000340)='/dev/dri/card#\x00', 0x3, 0x200) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r3) dup2(r3, r3) [ 204.901553] audit: type=1400 audit(1545621151.614:31): apparmor="DENIED" operation="change_profile" info="label not found" error=-22 profile="unconfined" name="&" pid=7846 comm="syz-executor1" [ 204.947426] audit: type=1400 audit(1545621151.634:32): apparmor="DENIED" operation="change_profile" info="label not found" error=-22 profile="unconfined" name="&" pid=7846 comm="syz-executor1" 03:12:31 executing program 1: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl(r1, 0x1000008912, &(0x7f0000000640)="0a5c2d023c126285718070") write$apparmor_current(r0, &(0x7f0000000080)=@profile={'changeprofile ', '&]proc(\x00'}, 0xf) 03:12:31 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000280)={0x0, 0x4000000000088, 0x0, 0x40, &(0x7f0000ffa000/0x4000)=nil, 0x10e15}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000300)={0x0, @time={0x0, 0x989680}, 0x6, {0x1}, 0x6, 0x0, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x80000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f0000000600)={0x1000, 0x2, 'client0\x00', 0x0, "f53f0094036c6c00", "63f91a3c787b91ec03f9fd428f0172e2c149b83499973de883ddba09a57dcc0e", 0x3, 0x33093e40}) userfaultfd(0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) getresuid(&(0x7f0000000040), &(0x7f0000000240), &(0x7f0000000380)) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB]) ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, &(0x7f00000006c0)=""/186) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000200)) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB='z1'], 0x2) process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) utime(&(0x7f0000000400)='./file0\x00', &(0x7f00000002c0)) read$FUSE(r1, &(0x7f00000030c0), 0x1000) read$FUSE(r1, &(0x7f0000001000), 0x10da) write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x3, 0xffffffffffffff9c, 0xa) close(0xffffffffffffffff) write(r2, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f67012", 0x1f7) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000340)='/dev/dri/card#\x00', 0x3, 0x200) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r3) dup2(r3, r3) 03:12:31 executing program 2: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket(0x10, 0x80002, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2f0000001800030007fffd946fa283bc8020000000040005031d856808000f000600000016ccbb24e0710b42fa3ccc", 0x2f}], 0x1}, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 03:12:31 executing program 1: syz_genetlink_get_family_id$ipvs(0x0) clone(0xc02102000fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) seccomp(0x1, 0x0, &(0x7f0000000300)={0x1, &(0x7f00000002c0)=[{0x74, 0x0, 0x0, 0xdae6}]}) setsockopt$inet6_MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) getsockname(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$dri(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={0x0, 0x80000, r0}) keyctl$set_timeout(0xf, 0x0, 0x0) 03:12:32 executing program 1: prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) 03:12:32 executing program 1: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000800)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) creat(0x0, 0x0) 03:12:32 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400200007fe, &(0x7f00000002c0)={0x2, 0x10084e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0x263313e) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) 03:12:33 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000080)) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) io_setup(0x6, &(0x7f0000000240)=0x0) io_submit(r2, 0x1, &(0x7f0000001440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}]) 03:12:33 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000140)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f00000002c0)) 03:12:33 executing program 2: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 03:12:33 executing program 1: r0 = socket$unix(0x1, 0x1, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) pwritev(0xffffffffffffffff, 0x0, 0xfffffffffffffc98, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) getgid() listen(r1, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) r2 = accept4$inet(r1, 0x0, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) dup3(r2, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, 0x0) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0) setsockopt$inet_tcp_TLS_RX(r2, 0x6, 0x2, &(0x7f00000001c0), 0x4) 03:12:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300140006000000000000000000000000000000000008000500ac14141a080003000100000f010008"], 0x1}}, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)={0x14, 0x0, 0x0, 0x0, 0x25dfdbfc}, 0x14}}, 0x0) setxattr$security_evm(&(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x204080c8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:12:34 executing program 4: [ 207.977145] ================================================================== [ 207.984665] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 207.991253] Write of size 832 at addr ffff8881b0f7abc0 by task syz-executor5/7932 [ 207.998868] [ 208.000515] CPU: 0 PID: 7932 Comm: syz-executor5 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 208.009004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.018363] Call Trace: [ 208.020995] dump_stack+0x244/0x39d [ 208.024638] ? dump_stack_print_info.cold.1+0x20/0x20 [ 208.029832] ? printk+0xa7/0xcf [ 208.033132] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 208.037913] print_address_description.cold.4+0x9/0x1ff [ 208.043284] ? fpstate_init+0x50/0x160 [ 208.047181] kasan_report.cold.5+0x1b/0x39 [ 208.051430] ? fpstate_init+0x50/0x160 [ 208.055338] ? fpstate_init+0x50/0x160 [ 208.059242] check_memory_region+0x13e/0x1b0 [ 208.063660] memset+0x23/0x40 [ 208.066777] fpstate_init+0x50/0x160 [ 208.070504] kvm_arch_vcpu_init+0x3e9/0x870 [ 208.074844] kvm_vcpu_init+0x2fa/0x420 [ 208.078761] ? vcpu_stat_get+0x300/0x300 [ 208.082850] ? kmem_cache_alloc+0x33f/0x730 [ 208.087192] vmx_create_vcpu+0x1b7/0x2695 [ 208.091351] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 208.096481] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 208.101099] ? preempt_schedule+0x4d/0x60 [ 208.105273] ? preempt_schedule_common+0x1f/0xe0 [ 208.110039] ? vmx_exec_control+0x210/0x210 [ 208.114414] ? ___preempt_schedule+0x16/0x18 [ 208.118851] ? kasan_check_write+0x14/0x20 [ 208.123090] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 208.128060] ? wait_for_completion+0x8a0/0x8a0 [ 208.132660] ? print_usage_bug+0xc0/0xc0 [ 208.136738] ? migrate_swap_stop+0x8a0/0x8a0 [ 208.141171] kvm_arch_vcpu_create+0xe5/0x220 [ 208.145593] ? kvm_arch_vcpu_free+0x90/0x90 [ 208.149934] kvm_vm_ioctl+0x526/0x2030 [ 208.153871] ? kvm_unregister_device_ops+0x70/0x70 [ 208.158848] ? mark_held_locks+0x130/0x130 [ 208.163112] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 208.168330] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 208.173445] ? futex_wake+0x304/0x760 [ 208.177299] ? __lock_acquire+0x62f/0x4c20 [ 208.181562] ? mark_held_locks+0x130/0x130 [ 208.185809] ? graph_lock+0x270/0x270 [ 208.189623] ? do_futex+0x249/0x26d0 [ 208.193348] ? rcu_read_unlock_special+0x370/0x370 [ 208.198310] ? rcu_softirq_qs+0x20/0x20 [ 208.202297] ? unwind_dump+0x190/0x190 [ 208.206207] ? find_held_lock+0x36/0x1c0 [ 208.210326] ? __fget+0x4aa/0x740 [ 208.213795] ? lock_downgrade+0x900/0x900 [ 208.217967] ? check_preemption_disabled+0x48/0x280 [ 208.223023] ? kasan_check_read+0x11/0x20 [ 208.227204] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 208.232495] ? rcu_read_unlock_special+0x370/0x370 [ 208.237445] ? __fget+0x4d1/0x740 [ 208.240915] ? ksys_dup3+0x680/0x680 [ 208.244648] ? __might_fault+0x12b/0x1e0 [ 208.248725] ? lock_downgrade+0x900/0x900 [ 208.252887] ? lock_release+0xa00/0xa00 [ 208.256871] ? perf_trace_sched_process_exec+0x860/0x860 [ 208.262335] ? kvm_unregister_device_ops+0x70/0x70 [ 208.267275] do_vfs_ioctl+0x1de/0x1790 [ 208.271179] ? ioctl_preallocate+0x300/0x300 [ 208.275613] ? __fget_light+0x2e9/0x430 [ 208.279596] ? fget_raw+0x20/0x20 [ 208.283059] ? _copy_to_user+0xc8/0x110 [ 208.287048] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 208.292593] ? put_timespec64+0x10f/0x1b0 [ 208.296751] ? nsecs_to_jiffies+0x30/0x30 [ 208.300915] ? do_syscall_64+0x9a/0x820 [ 208.304898] ? do_syscall_64+0x9a/0x820 [ 208.308886] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 208.313516] ? security_file_ioctl+0x94/0xc0 [ 208.317954] ksys_ioctl+0xa9/0xd0 [ 208.321428] __x64_sys_ioctl+0x73/0xb0 [ 208.325330] do_syscall_64+0x1b9/0x820 [ 208.329528] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 208.334915] ? syscall_return_slowpath+0x5e0/0x5e0 [ 208.339857] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 208.344749] ? trace_hardirqs_on_caller+0x310/0x310 [ 208.349775] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 208.354808] ? prepare_exit_to_usermode+0x291/0x3b0 [ 208.359869] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 208.364756] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.369943] RIP: 0033:0x457669 [ 208.373130] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 208.392016] RSP: 002b:00007f0ce7382c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 208.399710] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 208.406966] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 208.414222] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 208.421477] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0ce73836d4 [ 208.428728] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 208.436008] [ 208.437619] Allocated by task 7932: [ 208.441236] save_stack+0x43/0xd0 [ 208.444670] kasan_kmalloc+0xcb/0xd0 [ 208.448365] kasan_slab_alloc+0x12/0x20 [ 208.452328] kmem_cache_alloc+0x130/0x730 [ 208.456458] vmx_create_vcpu+0x110/0x2695 [ 208.460588] kvm_arch_vcpu_create+0xe5/0x220 [ 208.464977] kvm_vm_ioctl+0x526/0x2030 [ 208.468846] do_vfs_ioctl+0x1de/0x1790 [ 208.472716] ksys_ioctl+0xa9/0xd0 [ 208.476155] __x64_sys_ioctl+0x73/0xb0 [ 208.480026] do_syscall_64+0x1b9/0x820 [ 208.483912] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.489093] [ 208.490710] Freed by task 0: [ 208.493705] (stack is not available) [ 208.497397] [ 208.499024] The buggy address belongs to the object at ffff8881b0f7ab80 [ 208.499024] which belongs to the cache x86_fpu of size 832 [ 208.511318] The buggy address is located 64 bytes inside of [ 208.511318] 832-byte region [ffff8881b0f7ab80, ffff8881b0f7aec0) [ 208.523086] The buggy address belongs to the page: [ 208.527998] page:ffffea0006c3de80 count:1 mapcount:0 mapping:ffff8881d50d5040 index:0x0 [ 208.536137] flags: 0x2fffc0000000200(slab) [ 208.540371] raw: 02fffc0000000200 ffff8881d485e348 ffff8881d485e348 ffff8881d50d5040 [ 208.548238] raw: 0000000000000000 ffff8881b0f7a040 0000000100000004 0000000000000000 [ 208.556097] page dumped because: kasan: bad access detected [ 208.561788] [ 208.563475] Memory state around the buggy address: [ 208.568391] ffff8881b0f7ad80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03:12:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) clone(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_GET_CLOCK(r1, 0x8030ae7c, &(0x7f0000000080)) 03:12:35 executing program 0: 03:12:35 executing program 2: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 03:12:35 executing program 1: 03:12:35 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x3f, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000280)) close(r0) 03:12:35 executing program 1: [ 208.575734] ffff8881b0f7ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 208.583075] >ffff8881b0f7ae80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 208.590414] ^ [ 208.595854] ffff8881b0f7af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 208.603207] ffff8881b0f7af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 208.610545] ================================================================== [ 208.617881] Disabling lock debugging due to kernel taint [ 208.670866] Kernel panic - not syncing: panic_on_warn set ... [ 208.676790] CPU: 0 PID: 7932 Comm: syz-executor5 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 208.686669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.696202] Call Trace: [ 208.698378] kobject: 'kvm' (000000005a880ce7): kobject_uevent_env [ 208.698803] dump_stack+0x244/0x39d [ 208.698821] ? dump_stack_print_info.cold.1+0x20/0x20 [ 208.698846] ? fpstate_init+0x30/0x160 [ 208.709913] kobject: 'kvm' (000000005a880ce7): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 208.713871] panic+0x2ad/0x632 [ 208.713888] ? add_taint.cold.5+0x16/0x16 [ 208.713906] ? preempt_schedule+0x4d/0x60 [ 208.713927] ? ___preempt_schedule+0x16/0x18 [ 208.742689] ? trace_hardirqs_on+0xb4/0x310 [ 208.747027] ? fpstate_init+0x50/0x160 [ 208.749569] kobject: 'kvm' (000000005a880ce7): kobject_uevent_env [ 208.750920] end_report+0x47/0x4f [ 208.750936] kasan_report.cold.5+0xe/0x39 [ 208.750950] ? fpstate_init+0x50/0x160 [ 208.750966] ? fpstate_init+0x50/0x160 [ 208.750988] check_memory_region+0x13e/0x1b0 [ 208.761759] kobject: 'kvm' (000000005a880ce7): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 208.764810] memset+0x23/0x40 [ 208.764827] fpstate_init+0x50/0x160 [ 208.764843] kvm_arch_vcpu_init+0x3e9/0x870 [ 208.764865] kvm_vcpu_init+0x2fa/0x420 [ 208.780595] kobject: 'kvm' (000000005a880ce7): kobject_uevent_env [ 208.786058] ? vcpu_stat_get+0x300/0x300 [ 208.786076] ? kmem_cache_alloc+0x33f/0x730 [ 208.786096] vmx_create_vcpu+0x1b7/0x2695 [ 208.796647] kobject: 'kvm' (000000005a880ce7): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 208.797244] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 208.827833] kobject: 'kvm' (000000005a880ce7): kobject_uevent_env [ 208.828838] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 208.828855] ? preempt_schedule+0x4d/0x60 [ 208.828880] ? preempt_schedule_common+0x1f/0xe0 [ 208.853483] kobject: 'loop3' (0000000045817152): kobject_uevent_env [ 208.853663] ? vmx_exec_control+0x210/0x210 [ 208.861269] kobject: 'loop3' (0000000045817152): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 208.864373] ? ___preempt_schedule+0x16/0x18 [ 208.864403] ? kasan_check_write+0x14/0x20 [ 208.882461] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 208.887407] ? wait_for_completion+0x8a0/0x8a0 [ 208.891963] kobject: 'kvm' (000000005a880ce7): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 208.892186] ? print_usage_bug+0xc0/0xc0 [ 208.905246] ? migrate_swap_stop+0x8a0/0x8a0 [ 208.908495] kobject: 'kvm' (000000005a880ce7): kobject_uevent_env [ 208.909669] kvm_arch_vcpu_create+0xe5/0x220 [ 208.909683] ? kvm_arch_vcpu_free+0x90/0x90 [ 208.909705] kvm_vm_ioctl+0x526/0x2030 [ 208.909726] ? kvm_unregister_device_ops+0x70/0x70 [ 208.917208] kobject: 'kvm' (000000005a880ce7): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 208.920385] ? mark_held_locks+0x130/0x130 [ 208.920404] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 208.920425] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 208.957041] ? futex_wake+0x304/0x760 [ 208.960862] ? __lock_acquire+0x62f/0x4c20 [ 208.965114] ? mark_held_locks+0x130/0x130 [ 208.969377] ? graph_lock+0x270/0x270 [ 208.973207] ? do_futex+0x249/0x26d0 [ 208.974665] kobject: 'kvm' (000000005a880ce7): kobject_uevent_env [ 208.976935] ? rcu_read_unlock_special+0x370/0x370 [ 208.976950] ? rcu_softirq_qs+0x20/0x20 [ 208.976964] ? unwind_dump+0x190/0x190 [ 208.976984] ? find_held_lock+0x36/0x1c0 [ 209.000074] ? __fget+0x4aa/0x740 [ 209.003546] ? lock_downgrade+0x900/0x900 [ 209.007703] ? check_preemption_disabled+0x48/0x280 [ 209.007964] kobject: 'kvm' (000000005a880ce7): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 209.012726] ? kasan_check_read+0x11/0x20 [ 209.012743] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 209.012758] ? rcu_read_unlock_special+0x370/0x370 [ 209.012797] ? __fget+0x4d1/0x740 [ 209.039615] ? ksys_dup3+0x680/0x680 [ 209.043340] ? __might_fault+0x12b/0x1e0 [ 209.047434] ? lock_downgrade+0x900/0x900 [ 209.051589] ? lock_release+0xa00/0xa00 [ 209.055573] ? perf_trace_sched_process_exec+0x860/0x860 [ 209.061031] ? kvm_unregister_device_ops+0x70/0x70 [ 209.065966] do_vfs_ioctl+0x1de/0x1790 [ 209.069864] ? ioctl_preallocate+0x300/0x300 [ 209.074297] ? __fget_light+0x2e9/0x430 [ 209.076140] kobject: 'loop3' (0000000045817152): kobject_uevent_env [ 209.078314] ? fget_raw+0x20/0x20 [ 209.088180] ? _copy_to_user+0xc8/0x110 [ 209.092179] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 209.097722] ? put_timespec64+0x10f/0x1b0 [ 209.100965] kobject: 'loop3' (0000000045817152): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 209.101880] ? nsecs_to_jiffies+0x30/0x30 [ 209.115476] ? do_syscall_64+0x9a/0x820 [ 209.119467] ? do_syscall_64+0x9a/0x820 [ 209.123451] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 209.128047] ? security_file_ioctl+0x94/0xc0 [ 209.132500] ksys_ioctl+0xa9/0xd0 [ 209.135980] __x64_sys_ioctl+0x73/0xb0 [ 209.139878] do_syscall_64+0x1b9/0x820 [ 209.143782] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 209.149160] ? syscall_return_slowpath+0x5e0/0x5e0 [ 209.154097] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 209.158998] ? trace_hardirqs_on_caller+0x310/0x310 [ 209.164022] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 209.169044] ? prepare_exit_to_usermode+0x291/0x3b0 [ 209.174071] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 209.178948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.184151] RIP: 0033:0x457669 [ 209.187232] kobject: 'loop0' (00000000fc20fee9): kobject_uevent_env [ 209.187355] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 209.197999] kobject: 'loop0' (00000000fc20fee9): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 209.212636] RSP: 002b:00007f0ce7382c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 209.212651] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 209.212659] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 209.212668] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 209.212676] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0ce73836d4 [ 209.212691] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 209.242580] kobject: 'loop2' (000000004de143cb): kobject_uevent_env [ 209.245338] Kernel Offset: disabled [ 209.277085] Rebooting in 86400 seconds..