[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.033224] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.947036] random: sshd: uninitialized urandom read (32 bytes read) [ 18.120366] random: sshd: uninitialized urandom read (32 bytes read) [ 18.949370] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.204' (ECDSA) to the list of known hosts. [ 24.387842] random: sshd: uninitialized urandom read (32 bytes read) 2018/07/10 00:30:32 fuzzer started [ 25.726453] random: cc1: uninitialized urandom read (8 bytes read) 2018/07/10 00:30:34 dialing manager at 10.128.0.26:44551 2018/07/10 00:30:38 syscalls: 1785 2018/07/10 00:30:38 code coverage: enabled 2018/07/10 00:30:38 comparison tracing: enabled 2018/07/10 00:30:38 setuid sandbox: enabled 2018/07/10 00:30:38 namespace sandbox: enabled 2018/07/10 00:30:38 fault injection: enabled 2018/07/10 00:30:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/07/10 00:30:38 net packed injection: enabled [ 31.426572] random: crng init done 00:31:40 executing program 0: mkdir(&(0x7f0000000200)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000000a000)) mount(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='sockfs\x00', 0x20000, &(0x7f0000000180)) mount(&(0x7f0000377ff8)='.', &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f00000e7000)) 00:31:40 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000180)='memory.high\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, &(0x7f00000003c0)={0xe3, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0xffffffff}}, {{0xa, 0x0, 0x0, @dev={0xfe, 0x80}}}}, 0x108) io_setup(0x3ff, &(0x7f0000000380)=0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)) io_submit(r2, 0x1c2, &(0x7f0000000380)) sendfile(r1, r1, &(0x7f0000000040), 0x1) 00:31:40 executing program 7: r0 = socket$inet6(0xa, 0x803, 0x6) connect$inet6(r0, &(0x7f0000000180)={0xa}, 0x1c) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") sendmsg(r0, &(0x7f00000000c0)={0x0, 0x1e6, &(0x7f00000001c0), 0x0, &(0x7f0000000a80)}, 0xc100) write$binfmt_aout(r0, &(0x7f0000000a80), 0xfdef) 00:31:40 executing program 3: syz_emit_ethernet(0x1, &(0x7f0000015e15)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6076605100301100fe80ff0000000000ffff020000000000000000000000000001860090780007f50060c5961e00000000ff010000000000001803580000000001ff020000000000000000000000000001"], 0x0) 00:31:40 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x31, &(0x7f0000000100), &(0x7f00000000c0)=0x149) 00:31:40 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") keyctl$chown(0x4, 0x0, 0x0, 0x0) 00:31:40 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/fib_trie\x00') preadv(r0, &(0x7f00000014c0)=[{&(0x7f00000026c0)=""/202, 0xca}], 0x1, 0x3) 00:31:40 executing program 6: r0 = socket$inet_tcp(0x2, 0x3, 0x6) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xe}}, 0x10) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") write$binfmt_script(r0, &(0x7f0000000d80)={'#! ', './file0', [], 0xa}, 0xb) [ 92.755631] IPVS: ftp: loaded support on port[0] = 21 [ 92.766619] IPVS: ftp: loaded support on port[0] = 21 [ 92.783958] IPVS: ftp: loaded support on port[0] = 21 [ 92.795405] IPVS: ftp: loaded support on port[0] = 21 [ 92.804861] IPVS: ftp: loaded support on port[0] = 21 [ 92.812965] IPVS: ftp: loaded support on port[0] = 21 [ 92.828046] IPVS: ftp: loaded support on port[0] = 21 [ 92.832349] IPVS: ftp: loaded support on port[0] = 21 [ 94.490480] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.496882] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.514182] device bridge_slave_0 entered promiscuous mode [ 94.525077] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.531466] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.538937] device bridge_slave_0 entered promiscuous mode [ 94.561268] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.567684] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.579068] device bridge_slave_0 entered promiscuous mode [ 94.587728] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.594097] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.601779] device bridge_slave_0 entered promiscuous mode [ 94.608875] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.615233] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.624370] device bridge_slave_0 entered promiscuous mode [ 94.632296] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.638661] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.645969] device bridge_slave_1 entered promiscuous mode [ 94.653612] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.659994] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.672535] device bridge_slave_0 entered promiscuous mode [ 94.682522] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.688958] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.699551] device bridge_slave_0 entered promiscuous mode [ 94.707350] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.713748] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.721708] device bridge_slave_1 entered promiscuous mode [ 94.728797] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.735241] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.743252] device bridge_slave_1 entered promiscuous mode [ 94.751190] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.757582] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.767901] device bridge_slave_1 entered promiscuous mode [ 94.776218] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.782586] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.795265] device bridge_slave_1 entered promiscuous mode [ 94.803380] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.809745] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.817189] device bridge_slave_0 entered promiscuous mode [ 94.826579] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.832952] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.840375] device bridge_slave_1 entered promiscuous mode [ 94.848052] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 94.856483] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 94.863972] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.870365] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.887737] device bridge_slave_1 entered promiscuous mode [ 94.894333] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 94.901976] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 94.909454] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 94.917405] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.923770] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.953330] device bridge_slave_1 entered promiscuous mode [ 94.972861] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 94.980830] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 94.989327] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 94.999638] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 95.008095] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 95.020442] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 95.034243] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 95.084237] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 95.097180] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 95.141984] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 95.211418] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 95.270494] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 95.303304] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 95.341541] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 95.382402] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 95.392712] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 95.404674] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 95.414776] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 95.424916] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 95.451365] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 95.496192] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 95.506322] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 95.515966] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 95.529927] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 95.541899] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 95.615250] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 95.654746] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 95.945413] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 95.965276] team0: Port device team_slave_0 added [ 95.986761] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 96.002857] team0: Port device team_slave_0 added [ 96.015657] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 96.022887] team0: Port device team_slave_0 added [ 96.030754] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 96.040689] team0: Port device team_slave_0 added [ 96.057266] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 96.065817] team0: Port device team_slave_1 added [ 96.076148] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 96.085790] team0: Port device team_slave_0 added [ 96.094395] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 96.110842] team0: Port device team_slave_1 added [ 96.116527] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 96.123619] team0: Port device team_slave_0 added [ 96.135817] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 96.152856] team0: Port device team_slave_0 added [ 96.160560] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 96.169682] team0: Port device team_slave_1 added [ 96.182125] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 96.190616] team0: Port device team_slave_1 added [ 96.206841] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 96.213878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 96.221948] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 96.238335] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 96.249046] team0: Port device team_slave_1 added [ 96.258444] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 96.273546] team0: Port device team_slave_1 added [ 96.280688] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 96.289868] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 96.296721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 96.305659] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 96.327390] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 96.343475] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 96.354977] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 96.362318] team0: Port device team_slave_0 added [ 96.368131] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 96.374980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 96.383851] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 96.394434] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 96.401270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 96.425528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 96.434885] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 96.441974] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 96.448793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 96.465844] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 96.478925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 96.486646] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 96.496402] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 96.503396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 96.511359] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 96.520865] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 96.528698] team0: Port device team_slave_1 added [ 96.533886] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 96.541891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 96.550805] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 96.562690] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 96.569948] team0: Port device team_slave_1 added [ 96.577589] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 96.585869] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 96.595430] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 96.603944] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 96.613479] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 96.628348] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 96.635472] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 96.642948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 96.655941] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 96.691801] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 96.702475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 96.711000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 96.718849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 96.726592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 96.734193] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 96.741652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 96.749294] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 96.756627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 96.764239] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 96.771577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 96.779298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 96.787524] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 96.794686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 96.802750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 96.812123] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 96.820805] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 96.830364] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 96.838873] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 96.847462] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 96.857463] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 96.870085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 96.888927] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 96.916373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 96.933117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 96.940751] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 96.948463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 96.956109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 96.963736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 96.971395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 96.979039] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 96.986625] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 96.994323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.002030] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.011157] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.018403] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.026545] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.051174] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.060304] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.069361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.085653] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.109426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.128395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.139095] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.149526] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.157199] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.165565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.181455] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.193663] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.208256] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.229810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.266536] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.279443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.296496] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.310288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.328656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 98.072046] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.078443] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.085097] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.091468] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.106927] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.114252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 98.126314] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.132675] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.139269] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.145622] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.153507] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.168622] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.175048] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.181676] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.188047] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.207643] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.290310] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.296698] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.303314] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.309675] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.321951] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.336228] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.342608] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.349244] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.355603] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.383080] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.393970] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.400360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.406967] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.413323] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.421431] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.436960] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.443359] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.450011] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.456372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.492187] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.578450] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.584852] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.591471] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.597826] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.608400] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 99.178474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.190714] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.211413] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.218606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.226058] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.233370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.240516] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 102.136814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.172697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.242299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.267883] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.417036] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.443463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.538524] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.551893] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.571572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.584878] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.592815] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.647482] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.815637] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.835665] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.937750] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.946519] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.956038] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.968701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.990689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 103.007842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.015582] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 103.021731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 103.028655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.037312] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 103.047936] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 103.054178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 103.066658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.092558] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 103.230160] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 103.236379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 103.247315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.280636] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 103.286811] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 103.296292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.316626] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.370732] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.380532] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.423597] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 103.429795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 103.443474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.488267] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.527505] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 103.534354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 103.545048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.652462] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.684332] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.870091] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.949101] 8021q: adding VLAN 0 to HW filter on device team0 00:31:53 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x3, &(0x7f0000000280)=@framed={{0x18}, [], {0x95}}, &(0x7f0000000140)='syzkaller\x00'}, 0x48) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000000c0)="075cc83d6d345f8f762070") perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000240)) clone(0x0, &(0x7f0000000140), &(0x7f00000001c0), &(0x7f0000000200), &(0x7f00000000c0)) 00:31:53 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6gre0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@ipv6_deladdr={0x2c, 0x15, 0xa13, 0x0, 0x0, {0xa, 0x78, 0x0, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @remote={0xfe, 0x80, [], 0xbb}}]}, 0x2c}, 0x1}, 0x0) 00:31:53 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x8}, 0x1c) sendto$inet6(r0, &(0x7f0000000300), 0xfd90, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14}}}, 0x1c) sendto$inet6(r0, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) 00:31:53 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="025cc83d6d345f8f762070") syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') [ 105.791908] ================================================================== [ 105.799374] BUG: KASAN: slab-out-of-bounds in find_first_bit+0xf7/0x100 [ 105.806136] Read of size 8 at addr ffff8801d68c08d0 by task syz-executor2/6515 [ 105.813484] [ 105.815103] CPU: 1 PID: 6515 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 105.823397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 105.832729] Call Trace: [ 105.835303] dump_stack+0x1c9/0x2b4 [ 105.838921] ? dump_stack_print_info.cold.2+0x52/0x52 [ 105.844096] ? printk+0xa7/0xcf [ 105.847358] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 105.852108] ? find_first_bit+0xf7/0x100 [ 105.856161] print_address_description+0x6c/0x20b [ 105.860990] ? find_first_bit+0xf7/0x100 [ 105.865047] kasan_report.cold.7+0x242/0x30d [ 105.869439] __asan_report_load8_noabort+0x14/0x20 [ 105.874350] find_first_bit+0xf7/0x100 [ 105.878224] shrink_slab+0x5d0/0xdb0 [ 105.881933] ? shrink_node_memcg+0xc91/0x18f0 [ 105.886416] ? unregister_memcg_shrinker.isra.39+0x50/0x50 [ 105.892034] ? shrink_active_list+0x1830/0x1830 [ 105.896690] ? perf_trace_lock+0x920/0x920 [ 105.900918] shrink_node+0x429/0x16a0 [ 105.904711] ? shrink_node_memcg+0x18f0/0x18f0 [ 105.909276] ? kvm_clock_read+0x25/0x30 [ 105.913234] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 105.918240] ? ktime_get_raw_ts64+0x4f0/0x4f0 [ 105.922721] ? perf_trace_lock+0x920/0x920 [ 105.926943] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 105.931946] do_try_to_free_pages+0x3e7/0x1290 [ 105.936520] ? shrink_node+0x16a0/0x16a0 [ 105.940568] ? lock_release+0xa30/0xa30 [ 105.944530] ? lock_downgrade+0x8f0/0x8f0 [ 105.948664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 105.954187] ? _parse_integer+0x13b/0x190 [ 105.958321] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 105.963846] try_to_free_mem_cgroup_pages+0x49d/0xc90 [ 105.969026] ? pointer_string+0x1b0/0x1b0 [ 105.973158] ? __mutex_lock+0x6c4/0x1680 [ 105.977204] ? try_to_free_pages+0xb80/0xb80 [ 105.981602] ? memparse+0x171/0x1d0 [ 105.985211] ? get_options+0x380/0x380 [ 105.989083] ? kasan_kmalloc+0xc4/0xe0 [ 105.992954] ? __kmalloc+0x14e/0x760 [ 105.996652] ? kernfs_fop_write+0x33d/0x480 [ 106.000962] ? __vfs_write+0x117/0x9f0 [ 106.004831] ? __kernel_write+0x10c/0x370 [ 106.008964] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 106.014486] ? page_counter_memparse+0xb5/0x1e0 [ 106.019138] ? page_counter_set_low+0x180/0x180 [ 106.023796] ? cgroup_control+0x180/0x180 [ 106.027930] memory_high_write+0x283/0x310 [ 106.032147] ? mem_cgroup_css_released+0x140/0x140 [ 106.037067] ? lock_downgrade+0x8f0/0x8f0 [ 106.041197] ? lock_release+0xa30/0xa30 [ 106.045155] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 106.050330] cgroup_file_write+0x31f/0x840 [ 106.054551] ? mem_cgroup_css_released+0x140/0x140 [ 106.059471] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 106.064381] ? __kmalloc+0x315/0x760 [ 106.068079] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.073600] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 106.078508] kernfs_fop_write+0x2ba/0x480 [ 106.082640] __vfs_write+0x117/0x9f0 [ 106.086335] ? kernfs_fop_open+0x1020/0x1020 [ 106.090727] ? kernel_read+0x120/0x120 [ 106.094599] ? default_file_splice_read+0x864/0xb10 [ 106.099596] ? splice_direct_to_actor+0x6fc/0x8f0 [ 106.104423] ? do_splice_direct+0x2d4/0x420 [ 106.108725] ? do_sendfile+0x62a/0xe20 [ 106.112595] ? __x64_sys_sendfile64+0x15d/0x250 [ 106.117258] ? iter_file_splice_write+0x1010/0x1010 [ 106.122266] ? check_same_owner+0x340/0x340 [ 106.126572] ? rcu_note_context_switch+0x730/0x730 [ 106.131484] __kernel_write+0x10c/0x370 [ 106.135448] write_pipe_buf+0x181/0x240 [ 106.139406] ? do_splice_direct+0x420/0x420 [ 106.143712] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.149232] ? splice_from_pipe_next.part.9+0x296/0x340 [ 106.154587] ? __ia32_sys_membarrier+0x150/0x150 [ 106.159327] __splice_from_pipe+0x38e/0x7c0 [ 106.163630] ? do_splice_direct+0x420/0x420 [ 106.167935] splice_from_pipe+0x1ea/0x340 [ 106.172067] ? do_splice_direct+0x420/0x420 [ 106.176369] ? splice_shrink_spd+0xd0/0xd0 [ 106.180592] ? security_file_permission+0x1c2/0x230 [ 106.185591] default_file_splice_write+0x3c/0x90 [ 106.190330] ? generic_splice_sendpage+0x50/0x50 [ 106.195070] direct_splice_actor+0x128/0x190 [ 106.199463] splice_direct_to_actor+0x318/0x8f0 [ 106.204115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.209644] ? pipe_to_sendpage+0x400/0x400 [ 106.213959] ? do_splice_to+0x190/0x190 [ 106.217932] ? security_file_permission+0x1c2/0x230 [ 106.222929] ? rw_verify_area+0x118/0x360 [ 106.227062] do_splice_direct+0x2d4/0x420 [ 106.231196] ? splice_direct_to_actor+0x8f0/0x8f0 [ 106.236029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.241556] ? __sb_start_write+0x17f/0x300 [ 106.245860] do_sendfile+0x62a/0xe20 [ 106.249559] ? do_compat_pwritev64+0x1c0/0x1c0 [ 106.254126] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.259646] ? _copy_from_user+0xdf/0x150 [ 106.263776] __x64_sys_sendfile64+0x15d/0x250 [ 106.268256] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 106.272827] do_syscall_64+0x1b9/0x820 [ 106.276697] ? finish_task_switch+0x1d3/0x870 [ 106.281175] ? syscall_return_slowpath+0x5e0/0x5e0 [ 106.286088] ? syscall_return_slowpath+0x31d/0x5e0 [ 106.291003] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 106.296020] ? prepare_exit_to_usermode+0x291/0x3b0 [ 106.301369] ? perf_trace_sys_enter+0xb10/0xb10 [ 106.306025] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 106.310854] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 106.316033] RIP: 0033:0x455e29 [ 106.319199] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 106.338394] RSP: 002b:00007fc88ef68c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 106.346082] RAX: ffffffffffffffda RBX: 00007fc88ef696d4 RCX: 0000000000455e29 [ 106.353340] RDX: 0000000020000040 RSI: 0000000000000014 RDI: 0000000000000014 [ 106.360591] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 106.367849] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000ffffffff [ 106.375098] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000000 [ 106.382354] [ 106.383961] Allocated by task 4480: [ 106.387574] save_stack+0x43/0xd0 [ 106.391012] kasan_kmalloc+0xc4/0xe0 [ 106.394707] __kmalloc_node+0x47/0x70 [ 106.398493] kvmalloc_node+0x65/0xf0 [ 106.402188] mem_cgroup_css_online+0x169/0x3c0 [ 106.406752] online_css+0x10c/0x350 [ 106.410359] cgroup_apply_control_enable+0x777/0xe90 [ 106.415445] cgroup_mkdir+0x88a/0x1170 [ 106.419314] kernfs_iop_mkdir+0x159/0x1e0 [ 106.423444] vfs_mkdir+0x42e/0x6b0 [ 106.426965] do_mkdirat+0x27b/0x310 [ 106.430577] __x64_sys_mkdir+0x5c/0x80 [ 106.434448] do_syscall_64+0x1b9/0x820 [ 106.438320] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 106.443486] [ 106.445090] Freed by task 1: [ 106.448091] save_stack+0x43/0xd0 [ 106.451526] __kasan_slab_free+0x11a/0x170 [ 106.455740] kasan_slab_free+0xe/0x10 [ 106.459521] kfree+0xd9/0x260 [ 106.462607] acpi_ns_get_node_unlocked+0x2b9/0x309 [ 106.467516] acpi_ns_get_node+0x4d/0x6b [ 106.471469] acpi_get_handle+0x15b/0x263 [ 106.475521] acpi_has_method+0x70/0xb0 [ 106.479396] acpi_ata_match+0x98/0xa0 [ 106.483178] acpi_bay_match+0xdb/0x150 [ 106.487045] acpi_bus_check_add+0x710/0xb60 [ 106.491347] acpi_ns_walk_namespace+0x224/0x400 [ 106.495994] acpi_walk_namespace+0xf2/0x12c [ 106.500298] acpi_bus_scan+0x146/0x170 [ 106.504165] acpi_scan_init+0x403/0x8fe [ 106.508122] acpi_init+0x941/0xa19 [ 106.511642] do_one_initcall+0x127/0x913 [ 106.515689] kernel_init_freeable+0x49b/0x58e [ 106.520175] kernel_init+0x11/0x1b3 [ 106.523781] ret_from_fork+0x3a/0x50 [ 106.527468] [ 106.529077] The buggy address belongs to the object at ffff8801d68c08c0 [ 106.529077] which belongs to the cache kmalloc-32 of size 32 [ 106.541541] The buggy address is located 16 bytes inside of [ 106.541541] 32-byte region [ffff8801d68c08c0, ffff8801d68c08e0) [ 106.553233] The buggy address belongs to the page: [ 106.558146] page:ffffea00075a3000 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801d68c0fc1 [ 106.567569] flags: 0x2fffc0000000100(slab) [ 106.571791] raw: 02fffc0000000100 ffffea00075ba008 ffffea00075a3308 ffff8801da8001c0 [ 106.579655] raw: ffff8801d68c0fc1 ffff8801d68c0000 000000010000003f 0000000000000000 [ 106.587511] page dumped because: kasan: bad access detected [ 106.593194] [ 106.594806] Memory state around the buggy address: [ 106.599714] ffff8801d68c0780: 00 03 fc fc fc fc fc fc 00 04 fc fc fc fc fc fc [ 106.607055] ffff8801d68c0800: 00 03 fc fc fc fc fc fc 00 03 fc fc fc fc fc fc [ 106.614393] >ffff8801d68c0880: 00 07 fc fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 106.621730] ^ [ 106.627689] ffff8801d68c0900: 00 06 fc fc fc fc fc fc 00 02 fc fc fc fc fc fc [ 106.635028] ffff8801d68c0980: 07 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc 00:31:54 executing program 7: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r0, 0xffffffffffffff7f) r1 = socket$netlink(0x10, 0x3, 0x4) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") writev(r1, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84470080ffe0064e230000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1) [ 106.642362] ================================================================== [ 106.650212] syz-executor4 (6505) used greatest stack depth: 16960 bytes left [ 106.650915] Kernel panic - not syncing: panic_on_warn set ... [ 106.650915] [ 106.664773] CPU: 1 PID: 6515 Comm: syz-executor2 Tainted: G B 4.18.0-rc3-next-20180709+ #2 [ 106.674474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.683824] Call Trace: [ 106.686419] dump_stack+0x1c9/0x2b4 [ 106.690060] ? dump_stack_print_info.cold.2+0x52/0x52 00:31:54 executing program 4: setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2=0xe0000002, @in6=@ipv4={[], [0xff, 0xff], @rand_addr}}}, {{@in6}, 0x0, @in6=@loopback={0x0, 0x1}}}, 0xe8) [ 106.695253] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 106.700018] panic+0x238/0x4e7 [ 106.703211] ? add_taint.cold.5+0x16/0x16 [ 106.707369] ? do_raw_spin_unlock+0xa7/0x2f0 [ 106.711789] ? do_raw_spin_unlock+0xa7/0x2f0 [ 106.716249] ? find_first_bit+0xf7/0x100 [ 106.720307] kasan_end_report+0x47/0x4f [ 106.724277] kasan_report.cold.7+0x76/0x30d [ 106.728600] __asan_report_load8_noabort+0x14/0x20 [ 106.733532] find_first_bit+0xf7/0x100 [ 106.737424] shrink_slab+0x5d0/0xdb0 [ 106.741574] ? shrink_node_memcg+0xc91/0x18f0 [ 106.746079] ? unregister_memcg_shrinker.isra.39+0x50/0x50 [ 106.751736] ? shrink_active_list+0x1830/0x1830 [ 106.756414] ? perf_trace_lock+0x920/0x920 [ 106.760664] shrink_node+0x429/0x16a0 [ 106.764488] ? shrink_node_memcg+0x18f0/0x18f0 [ 106.769070] ? kvm_clock_read+0x25/0x30 [ 106.773043] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 106.778065] ? ktime_get_raw_ts64+0x4f0/0x4f0 [ 106.782560] ? perf_trace_lock+0x920/0x920 [ 106.786800] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 106.791829] do_try_to_free_pages+0x3e7/0x1290 00:31:54 executing program 3: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) lremovexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)=@random={'osx.', 'btrfs\x00'}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='btrfs\x00', 0x1000, &(0x7f0000000240)) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)={0xaa}) umount2(&(0x7f0000000200)='./file0\x00', 0x0) close(r0) 00:31:54 executing program 4: r0 = socket$inet6(0xa, 0x100040000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r0, 0xffffffffffffffff) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000f68000)={@loopback={0x0, 0x1}, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f000089b000)=0xffffffffffffffff, 0x4) connect$inet6(r1, &(0x7f000000cfe4)={0xa, 0x4e20, 0x807}, 0x1c) [ 106.796427] ? shrink_node+0x16a0/0x16a0 [ 106.800483] ? lock_release+0xa30/0xa30 [ 106.804457] ? lock_downgrade+0x8f0/0x8f0 [ 106.808611] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.814150] ? _parse_integer+0x13b/0x190 [ 106.818304] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 106.823850] try_to_free_mem_cgroup_pages+0x49d/0xc90 [ 106.829047] ? pointer_string+0x1b0/0x1b0 [ 106.833201] ? __mutex_lock+0x6c4/0x1680 [ 106.837269] ? try_to_free_pages+0xb80/0xb80 [ 106.841697] ? memparse+0x171/0x1d0 [ 106.845415] ? get_options+0x380/0x380 [ 106.849310] ? kasan_kmalloc+0xc4/0xe0 [ 106.853188] ? __kmalloc+0x14e/0x760 [ 106.856883] ? kernfs_fop_write+0x33d/0x480 [ 106.861188] ? __vfs_write+0x117/0x9f0 [ 106.865062] ? __kernel_write+0x10c/0x370 [ 106.869206] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 106.874726] ? page_counter_memparse+0xb5/0x1e0 [ 106.879380] ? page_counter_set_low+0x180/0x180 [ 106.884034] ? cgroup_control+0x180/0x180 [ 106.888168] memory_high_write+0x283/0x310 [ 106.892387] ? mem_cgroup_css_released+0x140/0x140 [ 106.897300] ? lock_downgrade+0x8f0/0x8f0 [ 106.901434] ? lock_release+0xa30/0xa30 [ 106.905394] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 106.910586] cgroup_file_write+0x31f/0x840 [ 106.914807] ? mem_cgroup_css_released+0x140/0x140 [ 106.919737] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 106.924651] ? __kmalloc+0x315/0x760 [ 106.928348] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.933869] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 106.938789] kernfs_fop_write+0x2ba/0x480 [ 106.942930] __vfs_write+0x117/0x9f0 [ 106.946630] ? kernfs_fop_open+0x1020/0x1020 [ 106.951023] ? kernel_read+0x120/0x120 [ 106.954891] ? default_file_splice_read+0x864/0xb10 [ 106.959890] ? splice_direct_to_actor+0x6fc/0x8f0 [ 106.964714] ? do_splice_direct+0x2d4/0x420 [ 106.969021] ? do_sendfile+0x62a/0xe20 [ 106.972893] ? __x64_sys_sendfile64+0x15d/0x250 [ 106.977546] ? iter_file_splice_write+0x1010/0x1010 [ 106.982548] ? check_same_owner+0x340/0x340 [ 106.986864] ? rcu_note_context_switch+0x730/0x730 [ 106.991776] __kernel_write+0x10c/0x370 [ 106.995736] write_pipe_buf+0x181/0x240 [ 106.999694] ? do_splice_direct+0x420/0x420 [ 107.003997] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.009520] ? splice_from_pipe_next.part.9+0x296/0x340 [ 107.014868] ? __ia32_sys_membarrier+0x150/0x150 [ 107.019620] __splice_from_pipe+0x38e/0x7c0 [ 107.023931] ? do_splice_direct+0x420/0x420 [ 107.028239] splice_from_pipe+0x1ea/0x340 [ 107.032382] ? do_splice_direct+0x420/0x420 [ 107.036683] ? splice_shrink_spd+0xd0/0xd0 [ 107.040916] ? security_file_permission+0x1c2/0x230 [ 107.045918] default_file_splice_write+0x3c/0x90 [ 107.050657] ? generic_splice_sendpage+0x50/0x50 [ 107.055398] direct_splice_actor+0x128/0x190 [ 107.059791] splice_direct_to_actor+0x318/0x8f0 [ 107.064443] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.069980] ? pipe_to_sendpage+0x400/0x400 [ 107.074295] ? do_splice_to+0x190/0x190 [ 107.078260] ? security_file_permission+0x1c2/0x230 [ 107.083275] ? rw_verify_area+0x118/0x360 [ 107.088195] do_splice_direct+0x2d4/0x420 [ 107.092327] ? splice_direct_to_actor+0x8f0/0x8f0 [ 107.097156] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 107.102678] ? __sb_start_write+0x17f/0x300 [ 107.106982] do_sendfile+0x62a/0xe20 [ 107.110684] ? do_compat_pwritev64+0x1c0/0x1c0 [ 107.115252] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 107.120771] ? _copy_from_user+0xdf/0x150 [ 107.124912] __x64_sys_sendfile64+0x15d/0x250 [ 107.129396] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 107.133966] do_syscall_64+0x1b9/0x820 [ 107.137843] ? finish_task_switch+0x1d3/0x870 [ 107.142331] ? syscall_return_slowpath+0x5e0/0x5e0 [ 107.147242] ? syscall_return_slowpath+0x31d/0x5e0 [ 107.152153] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 107.157151] ? prepare_exit_to_usermode+0x291/0x3b0 [ 107.162149] ? perf_trace_sys_enter+0xb10/0xb10 [ 107.166799] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 107.171627] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 107.176798] RIP: 0033:0x455e29 [ 107.179965] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 107.199161] RSP: 002b:00007fc88ef68c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 107.206850] RAX: ffffffffffffffda RBX: 00007fc88ef696d4 RCX: 0000000000455e29 [ 107.214100] RDX: 0000000020000040 RSI: 0000000000000014 RDI: 0000000000000014 [ 107.221350] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 107.228600] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000ffffffff [ 107.235851] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000000 [ 107.243590] Dumping ftrace buffer: [ 107.247106] (ftrace buffer empty) [ 107.250793] Kernel Offset: disabled [ 107.254399] Rebooting in 86400 seconds..