[ 29.006586] audit: type=1800 audit(1545617596.420:28): pid=5929 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.796614] audit: type=1800 audit(1545617597.280:29): pid=5929 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.818769] audit: type=1800 audit(1545617597.290:30): pid=5929 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts. 2018/12/24 02:13:27 fuzzer started 2018/12/24 02:13:29 dialing manager at 10.128.0.26:33943 2018/12/24 02:13:29 syscalls: 1 2018/12/24 02:13:29 code coverage: enabled 2018/12/24 02:13:29 comparison tracing: enabled 2018/12/24 02:13:29 setuid sandbox: enabled 2018/12/24 02:13:29 namespace sandbox: enabled 2018/12/24 02:13:29 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 02:13:29 fault injection: enabled 2018/12/24 02:13:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 02:13:29 net packet injection: enabled 2018/12/24 02:13:29 net device setup: enabled 02:15:47 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'bpq0\x00', 0x1}) socketpair$unix(0x1, 0x4000000000002, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000000)) syzkaller login: [ 180.612027] IPVS: ftp: loaded support on port[0] = 21 02:15:48 executing program 1: r0 = socket$inet6(0xa, 0x803, 0x3) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) read(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100), &(0x7f00000001c0)=0x4) ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140)) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f00000000c0)={'bridge_slave_0\x00'}) pipe2(0x0, 0x4000) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000080)={'bridge_slave_0\x00', 0x2000000c0ffffff}) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") [ 180.908015] IPVS: ftp: loaded support on port[0] = 21 02:15:48 executing program 2: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x40}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f00001e5000/0x2000)=nil, 0x2000}, 0x1}) read(r0, &(0x7f0000000000)=""/128, 0x80) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xfffffffffffffffc, 0x8031, 0xffffffffffffffff, 0x0) arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x0) getpeername$unix(0xffffffffffffffff, 0x0, 0x0) [ 181.274824] IPVS: ftp: loaded support on port[0] = 21 02:15:48 executing program 3: semctl$SETALL(0x0, 0x0, 0x11, 0x0) semop(0x0, &(0x7f0000000100), 0x2d) semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000000)=[0x82a]) [ 181.693938] IPVS: ftp: loaded support on port[0] = 21 02:15:49 executing program 4: ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) read(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) ioprio_set$pid(0x0, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000000c0)={'bridge_slave_0\x00'}) pipe2(&(0x7f0000000000), 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'bridge_slave_0\x00', 0x2000000c0ffffff}) [ 182.103842] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.136995] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.151350] device bridge_slave_0 entered promiscuous mode [ 182.272460] IPVS: ftp: loaded support on port[0] = 21 [ 182.387508] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.398187] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.405968] device bridge_slave_1 entered promiscuous mode 02:15:50 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000100)='\x00', 0x0) listen(0xffffffffffffffff, 0x0) accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) [ 182.598518] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.739589] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.839317] IPVS: ftp: loaded support on port[0] = 21 [ 183.060087] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.066592] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.081238] device bridge_slave_0 entered promiscuous mode [ 183.241453] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.247930] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.256180] device bridge_slave_1 entered promiscuous mode [ 183.292022] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.389245] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.403792] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.439370] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.478597] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.498183] device bridge_slave_0 entered promiscuous mode [ 183.526369] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.620065] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.626488] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.641020] device bridge_slave_1 entered promiscuous mode [ 183.711188] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.718120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.861204] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.970242] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.006202] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 184.093936] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 184.102909] team0: Port device team_slave_0 added [ 184.119792] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.141309] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.148736] device bridge_slave_0 entered promiscuous mode [ 184.161181] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.250520] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.257971] team0: Port device team_slave_1 added [ 184.280849] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.294557] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.306110] device bridge_slave_1 entered promiscuous mode [ 184.366761] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 184.412297] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.465440] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.475977] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.499536] device bridge_slave_0 entered promiscuous mode [ 184.536164] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.553446] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 184.568870] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.630592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.648018] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.655988] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.678339] device bridge_slave_1 entered promiscuous mode [ 184.712904] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 184.729621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.775662] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.785878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.804345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.843368] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 184.868332] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 184.914690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.941331] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.969261] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 184.983937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.020752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.039020] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.057980] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 185.068739] team0: Port device team_slave_0 added [ 185.185533] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.227624] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.236792] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.261442] device bridge_slave_0 entered promiscuous mode [ 185.270694] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 185.278062] team0: Port device team_slave_1 added [ 185.292789] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 185.308330] team0: Port device team_slave_0 added [ 185.340708] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.379582] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.405537] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.413849] device bridge_slave_1 entered promiscuous mode [ 185.440003] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 185.450928] team0: Port device team_slave_1 added [ 185.462905] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.488527] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.568601] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 185.594889] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.631739] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.652713] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 185.659564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.700329] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 185.711383] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 185.728885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.737407] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.774604] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.791390] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.830498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.858423] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 185.873627] team0: Port device team_slave_0 added [ 185.881351] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.889414] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.911215] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 185.921301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.950974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.970843] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.978853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.998752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.012150] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 186.019565] team0: Port device team_slave_1 added [ 186.039846] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 186.072933] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.120928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.155779] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.168263] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 186.190446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.220121] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.277184] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.323930] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.408774] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 186.429373] team0: Port device team_slave_0 added [ 186.443868] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 186.483039] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.495228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.550303] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.556851] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.564091] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.570515] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.588018] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.597632] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 186.610732] team0: Port device team_slave_1 added [ 186.618216] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 186.640474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.648225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.687134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.752041] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 186.758970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.782033] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.851970] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 186.858883] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.869811] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.950303] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 186.973546] team0: Port device team_slave_0 added [ 187.001704] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 187.009444] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.021450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.119405] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 187.132042] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.146781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.160764] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 187.168148] team0: Port device team_slave_1 added [ 187.308468] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 187.316403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.332486] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.438276] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.547618] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.554109] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.560918] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.567306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.583969] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.610480] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 187.618058] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.632305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.671670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.775737] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.782221] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.788946] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.795444] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.810808] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.828901] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 187.868147] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.881270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.133256] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.139707] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.146546] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.152993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.164063] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 188.577158] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.583636] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.590407] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.596806] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.616534] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 188.691491] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.701522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.723283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.298721] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.305180] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.311926] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.318305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.344105] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 189.700139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.314238] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.806782] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.891670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.074456] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.346713] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 193.393620] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 193.415093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.423413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.657934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.675436] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.706241] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 193.852698] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 193.861837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.869407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.903637] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.134779] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.146617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.162446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.179234] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 194.195314] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 194.390221] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.563593] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.576237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.587740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.624647] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.689218] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.719151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.728772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.800483] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.059617] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.320806] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.361614] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 195.821679] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 195.828006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.837192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.290259] 8021q: adding VLAN 0 to HW filter on device team0 02:16:04 executing program 0: r0 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x80000000042) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000630000000000000000000000c7d8c1a0ba17000000393c15729606024ebfafe50a0000000000"], 0x2a) [ 197.490539] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.505458] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.511972] bridge0: port 1(bridge_slave_0) entered forwarding state 02:16:05 executing program 0: accept4(0xffffffffffffffff, &(0x7f0000000240)=@ax25, 0x0, 0x800) setsockopt$TIPC_MCAST_BROADCAST(0xffffffffffffffff, 0x10f, 0x85) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f00000001c0)=ANY=[@ANYBLOB="2f0000658477c08a5feeaa3877"], 0x0, &(0x7f0000000100)='ceph\x00', 0x0, 0x0) [ 197.547217] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.564542] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.571033] bridge0: port 1(bridge_slave_0) entered forwarding state 02:16:05 executing program 1: r0 = socket$inet6(0xa, 0x803, 0x3) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) read(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100), &(0x7f00000001c0)=0x4) ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140)) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f00000000c0)={'bridge_slave_0\x00'}) pipe2(0x0, 0x4000) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000080)={'bridge_slave_0\x00', 0x2000000c0ffffff}) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") 02:16:05 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x3) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) read(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100), &(0x7f00000001c0)=0x4) ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, 0x0) msgctl$IPC_STAT(0x0, 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140)) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f00000000c0)={'bridge_slave_0\x00'}) pipe2(0x0, 0x4000) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000080)={'bridge_slave_0\x00', 0x2000000c0ffffff}) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") [ 197.794213] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.851901] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.858452] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.896682] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.912643] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.919128] bridge0: port 1(bridge_slave_0) entered forwarding state 02:16:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sched_setaffinity(0x0, 0x0, 0x0) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000180)={0x0, 0xffff, 0xffffffffffffffe5}) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(0xffffffffffffffff, 0x80845663, &(0x7f0000000440)={0x0, @reserved}) perf_event_open(&(0x7f00000002c0)={0x20000000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) r3 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) tkill(r3, 0x1000000000013) 02:16:05 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup\x00IV\xf2Fp\xff\x1f\xe1\xb9\x98\xe8\xdd\xe4\x7f\xfebC\xa1x\x98\x04\x11\xe1D\r\xd6%p\xea\x1c\xd4\x87\x04\xb1z\x12b\xad\xcd8\xf6$\x02\xbe\aV\x11\xb4\xa8\xb4#\xa0\x19e\x9c\xd0\xaa\x026\xa7>\x03\xc5\a\xef\x01e\xdd\xfa,\xb2A\x7f.;\xe0L\x15kxb\x1b\x9c^\x95\xa3\x95LB\x17\x06U\x93&\x11\xfd\xc3\xc65\v4\x81E\x1e\xdd\xd4', 0x200002, 0x0) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)) r1 = openat$cgroup_int(r0, &(0x7f0000000300)='memory.max\x00N\xd4\xa0<\xf4p\xe9\x1c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06 \x81\x95\x90o\xdf4\x15\xfb|W\xc5\xe1\x1d\xa2\xb6u\x87\x94\xe7R9p\xe8\xa0\xe0o%;E\xcddc\xc5\xef\xd0\xb79\x1a\x99\x10\xf3\xc1\xead\x16\xc2\x80\x14\x00\x00\x00\x00\x00\x00\x00\xb4?Kq\x02\xc5\x7f\xc4X\x18\x16&W\x8f\xd8E\n\'u?\xd7-\xceM\xc7/U\xe6@NO\xbeRl\xf0X.f\x87\xd9\xfe3tI\xa6\xc3\xba\xbd\xe2\xe2O#\x8e.\xd2?\xe0\xd7\x91)\x15\xef\xd8\xa8K\xd9$\xc81\xb1\xde\x97\xee\xd0\xd2\x17\x9b\xff\x11\x9b\x14\x06\v\f&\xe4>/\b\xd6\\\t8F8\xeb\xff\xcav\x8a\xba\xc8KV\xe8\xc3\xc9\x1cQX\xfa\xcd\xb5\x8d\x80CkY.\xd4\xb6\x9e\xb8\xb6\xd9\x88\xfaE\x16\xc7\\T\x9c6\x1e\x8cs\x1a\x959\xcf\xc0\x88\xaa2O\xaaR\xe4 \\F\xf3j\\gbW\xed\x98\xd5\x82\x0en\x98\xfd\"\xb48\b\xe1\x1e\x8f\x98V,oX\x04\x93\xbd\x96\x9e\xc9[\xe51\xa4\xe1j\xf2\x8ey\xde', 0x2, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$cgroup_int(r1, 0x0, 0x0) [ 198.045250] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.113966] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 198.130792] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.137260] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.151742] syz-executor0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 198.165973] CPU: 1 PID: 7668 Comm: syz-executor0 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 198.174513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.183884] Call Trace: [ 198.186504] dump_stack+0x244/0x39d [ 198.190154] ? dump_stack_print_info.cold.1+0x20/0x20 [ 198.195370] ? print_usage_bug+0xc0/0xc0 [ 198.199465] dump_header+0x253/0x1239 [ 198.203287] ? print_usage_bug+0xc0/0xc0 [ 198.207367] ? __save_stack_trace+0x8d/0xf0 [ 198.211710] ? pagefault_out_of_memory+0x19d/0x19d [ 198.216658] ? mark_held_locks+0x130/0x130 [ 198.220913] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.226467] ? check_preemption_disabled+0x48/0x280 [ 198.231518] ? graph_lock+0x270/0x270 [ 198.235337] ? __lock_is_held+0xb5/0x140 [ 198.239431] ? graph_lock+0x270/0x270 [ 198.243256] ? print_usage_bug+0xc0/0xc0 [ 198.247354] ? find_held_lock+0x36/0x1c0 [ 198.251455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.257016] ? find_held_lock+0x36/0x1c0 [ 198.261111] ? mark_held_locks+0xc7/0x130 [ 198.265303] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 198.270424] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 198.275551] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 198.280153] ? trace_hardirqs_on+0xbd/0x310 [ 198.284504] ? kasan_check_read+0x11/0x20 [ 198.288672] ? ___ratelimit+0x3b4/0x672 [ 198.292669] ? trace_hardirqs_off_caller+0x310/0x310 [ 198.297800] ? trace_hardirqs_on+0x310/0x310 [ 198.302236] ? lock_downgrade+0x900/0x900 [ 198.306414] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 198.311549] ? ___ratelimit+0x3b9/0x672 [ 198.315548] ? idr_get_free+0xf70/0xf70 [ 198.319542] ? _raw_spin_unlock_irq+0x27/0x80 [ 198.324061] ? _raw_spin_unlock_irq+0x27/0x80 [ 198.328612] oom_kill_process.cold.27+0x10/0x903 [ 198.333390] ? _raw_spin_unlock_irq+0x27/0x80 [ 198.337904] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 198.342511] ? oom_evaluate_task+0x540/0x540 [ 198.346941] ? cgroup_procs_next+0x70/0x70 [ 198.351219] ? _raw_spin_unlock_irq+0x60/0x80 [ 198.355732] ? oom_badness+0xaa0/0xaa0 [ 198.359654] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 198.364434] ? mem_cgroup_iter_break+0x30/0x30 [ 198.369058] ? find_held_lock+0x36/0x1c0 [ 198.373144] out_of_memory+0x8ba/0x1480 [ 198.377155] ? oom_killer_disable+0x3a0/0x3a0 [ 198.381678] ? trace_hardirqs_on+0xbd/0x310 [ 198.386015] ? kasan_check_read+0x11/0x20 [ 198.390191] ? cgroup_file_notify+0x226/0x2f0 [ 198.394711] ? trace_hardirqs_off_caller+0x310/0x310 [ 198.399868] mem_cgroup_out_of_memory+0x15e/0x210 [ 198.404751] ? memory_oom_group_write+0x160/0x160 [ 198.409624] ? kasan_check_read+0x11/0x20 [ 198.413798] memory_max_write+0x1b4/0x3f0 [ 198.417972] ? lock_acquire+0x1ed/0x520 [ 198.421962] ? kernfs_fop_write+0x227/0x480 [ 198.426306] ? mem_cgroup_write+0x400/0x400 [ 198.430646] ? __might_fault+0x12b/0x1e0 [ 198.434723] ? graph_lock+0x270/0x270 [ 198.438545] ? mem_cgroup_write+0x400/0x400 [ 198.442893] cgroup_file_write+0x2f7/0x7e0 [ 198.447150] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 198.452114] ? __lock_is_held+0xb5/0x140 [ 198.456203] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 198.461151] kernfs_fop_write+0x2ba/0x480 [ 198.465329] __vfs_write+0x119/0xab0 [ 198.469069] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.474628] ? kernfs_vma_page_mkwrite+0x230/0x230 [ 198.479584] ? kernel_read+0x120/0x120 [ 198.483497] ? __lock_is_held+0xb5/0x140 [ 198.487591] ? rcu_read_lock_sched_held+0x14f/0x180 [ 198.492633] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.498195] ? __sb_start_write+0x1b2/0x370 [ 198.502549] vfs_write+0x1fc/0x580 [ 198.506123] ksys_write+0x101/0x260 [ 198.509784] ? __ia32_sys_read+0xb0/0xb0 [ 198.513881] ? trace_hardirqs_off_caller+0x310/0x310 [ 198.519022] __x64_sys_write+0x73/0xb0 [ 198.522950] do_syscall_64+0x1b9/0x820 [ 198.526871] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 198.532267] ? syscall_return_slowpath+0x5e0/0x5e0 [ 198.537238] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 198.542112] ? trace_hardirqs_on_caller+0x310/0x310 [ 198.547205] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 198.552252] ? prepare_exit_to_usermode+0x291/0x3b0 [ 198.557316] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 198.562206] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.567413] RIP: 0033:0x457669 [ 198.570623] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.589539] RSP: 002b:00007f9b2bab3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 198.597310] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 198.604598] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 198.611896] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 198.619180] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b2bab46d4 [ 198.626464] R13: 00000000004c60f4 R14: 00000000004dacc8 R15: 00000000ffffffff [ 198.641332] hrtimer: interrupt took 27081 ns [ 198.652969] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.676795] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 198.690528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 198.700472] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.707428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.740962] ================================================================== [ 198.748564] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 198.755169] Write of size 832 at addr ffff8881bb2f5bc0 by task syz-executor1/7669 [ 198.762859] [ 198.764528] CPU: 1 PID: 7669 Comm: syz-executor1 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 198.767261] memory: usage 3040kB, limit 0kB, failcnt 3 [ 198.773029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.773041] Call Trace: [ 198.773076] dump_stack+0x244/0x39d [ 198.773099] ? dump_stack_print_info.cold.1+0x20/0x20 [ 198.773113] ? printk+0xa7/0xcf [ 198.773131] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 198.773160] print_address_description.cold.4+0x9/0x1ff [ 198.773178] ? fpstate_init+0x50/0x160 [ 198.773197] kasan_report.cold.5+0x1b/0x39 [ 198.773221] ? fpstate_init+0x50/0x160 [ 198.773244] ? fpstate_init+0x50/0x160 [ 198.783914] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 198.787915] check_memory_region+0x13e/0x1b0 [ 198.787932] memset+0x23/0x40 [ 198.787953] fpstate_init+0x50/0x160 [ 198.800048] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 198.802637] kvm_arch_vcpu_init+0x3e9/0x870 [ 198.802660] kvm_vcpu_init+0x2fa/0x420 [ 198.802679] ? vcpu_stat_get+0x300/0x300 [ 198.820012] Memory cgroup stats for /syz0: cache:0KB rss:2228KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2196KB inactive_file:8KB active_file:0KB unevictable:0KB [ 198.820918] ? kmem_cache_alloc+0x33f/0x730 [ 198.820946] vmx_create_vcpu+0x1b7/0x2695 [ 198.830627] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0 [ 198.830708] ,oom_memcg= [ 198.835473] ? perf_trace_sched_process_exec+0x860/0x860 [ 198.835504] ? do_raw_spin_unlock+0xa7/0x330 [ 198.835547] ? vmx_exec_control+0x210/0x210 [ 198.856299] /syz0,task_memcg=/syz0,task=syz-executor0,pid=7666,uid=0 [ 198.857310] ? kasan_check_write+0x14/0x20 [ 198.857341] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 198.857360] ? futex_wait_queue_me+0x55d/0x840 [ 198.867398] Memory cgroup out of memory: Kill process 7666 (syz-executor0) score 8760000 or sacrifice child [ 198.885451] ? wait_for_completion+0x8a0/0x8a0 [ 198.885472] ? print_usage_bug+0xc0/0xc0 [ 198.885492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.885506] ? get_futex_value_locked+0xcb/0xf0 [ 198.885526] kvm_arch_vcpu_create+0xe5/0x220 [ 198.885542] ? kvm_arch_vcpu_free+0x90/0x90 [ 198.885566] kvm_vm_ioctl+0x526/0x2030 [ 198.885579] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 198.885593] ? futex_wait+0x5ec/0xa50 [ 198.885612] ? kvm_unregister_device_ops+0x70/0x70 [ 198.916805] Killed process 7666 (syz-executor0) total-vm:70468kB, anon-rss:2148kB, file-rss:32768kB, shmem-rss:0kB [ 198.919749] ? mark_held_locks+0x130/0x130 [ 198.919762] ? kfree+0x11e/0x230 [ 198.919780] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 198.919800] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 198.919824] ? futex_wake+0x304/0x760 [ 198.919853] ? __lock_acquire+0x62f/0x4c20 [ 198.919888] ? mark_held_locks+0x130/0x130 [ 198.941946] oom_reaper: reaped process 7666 (syz-executor0), now anon-rss:0kB, file-rss:32000kB, shmem-rss:0kB [ 198.950851] ? graph_lock+0x270/0x270 [ 198.950867] ? do_futex+0x249/0x26d0 [ 198.950883] ? rcu_read_unlock_special+0x370/0x370 [ 198.950896] ? rcu_softirq_qs+0x20/0x20 [ 198.950918] ? unwind_dump+0x190/0x190 [ 198.950953] ? find_held_lock+0x36/0x1c0 [ 198.950989] ? __fget+0x4aa/0x740 [ 198.951005] ? lock_downgrade+0x900/0x900 [ 198.951027] ? check_preemption_disabled+0x48/0x280 [ 198.951045] ? kasan_check_read+0x11/0x20 [ 199.088364] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 199.093669] ? rcu_read_unlock_special+0x370/0x370 [ 199.098637] ? __fget+0x4d1/0x740 [ 199.102119] ? ksys_dup3+0x680/0x680 [ 199.105861] ? __might_fault+0x12b/0x1e0 [ 199.109937] ? lock_downgrade+0x900/0x900 [ 199.114108] ? lock_release+0xa00/0xa00 [ 199.118097] ? perf_trace_sched_process_exec+0x860/0x860 [ 199.123571] ? kvm_unregister_device_ops+0x70/0x70 [ 199.123592] do_vfs_ioctl+0x1de/0x1790 [ 199.123615] ? ioctl_preallocate+0x300/0x300 [ 199.123633] ? __fget_light+0x2e9/0x430 [ 199.132588] ? fget_raw+0x20/0x20 [ 199.132604] ? _copy_to_user+0xc8/0x110 [ 199.132624] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.132642] ? put_timespec64+0x10f/0x1b0 [ 199.132659] ? nsecs_to_jiffies+0x30/0x30 [ 199.132676] ? do_syscall_64+0x9a/0x820 [ 199.132695] ? do_syscall_64+0x9a/0x820 [ 199.170276] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 199.174882] ? security_file_ioctl+0x94/0xc0 [ 199.179323] ksys_ioctl+0xa9/0xd0 [ 199.182816] __x64_sys_ioctl+0x73/0xb0 [ 199.186729] do_syscall_64+0x1b9/0x820 [ 199.190644] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 199.196038] ? syscall_return_slowpath+0x5e0/0x5e0 [ 199.201010] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 199.205901] ? trace_hardirqs_on_caller+0x310/0x310 [ 199.210944] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 199.215991] ? prepare_exit_to_usermode+0x291/0x3b0 [ 199.221061] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 199.225952] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.226366] syz-executor0 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 199.231161] RIP: 0033:0x457669 [ 199.231179] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.231186] RSP: 002b:00007f8478103c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 199.231199] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 199.231207] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000007 [ 199.231215] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 199.231223] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f84781046d4 [ 199.231232] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 199.231251] [ 199.231259] Allocated by task 7669: [ 199.231276] save_stack+0x43/0xd0 [ 199.231295] kasan_kmalloc+0xcb/0xd0 [ 199.231308] kasan_slab_alloc+0x12/0x20 [ 199.263938] kmem_cache_alloc+0x130/0x730 [ 199.263953] vmx_create_vcpu+0x110/0x2695 [ 199.263972] kvm_arch_vcpu_create+0xe5/0x220 [ 199.263983] kvm_vm_ioctl+0x526/0x2030 [ 199.263996] do_vfs_ioctl+0x1de/0x1790 [ 199.264009] ksys_ioctl+0xa9/0xd0 [ 199.264022] __x64_sys_ioctl+0x73/0xb0 [ 199.264042] do_syscall_64+0x1b9/0x820 [ 199.356331] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.361525] [ 199.363156] Freed by task 0: [ 199.366168] (stack is not available) [ 199.369878] [ 199.371511] The buggy address belongs to the object at ffff8881bb2f5b80 [ 199.371511] which belongs to the cache x86_fpu of size 832 [ 199.383842] The buggy address is located 64 bytes inside of [ 199.383842] 832-byte region [ffff8881bb2f5b80, ffff8881bb2f5ec0) [ 199.395644] The buggy address belongs to the page: [ 199.400592] page:ffffea0006ecbd40 count:1 mapcount:0 mapping:ffff8881d7a8c540 index:0x0 [ 199.408751] flags: 0x2fffc0000000200(slab) [ 199.413001] raw: 02fffc0000000200 ffff8881d4871948 ffff8881d4871948 ffff8881d7a8c540 [ 199.420898] raw: 0000000000000000 ffff8881bb2f5040 0000000100000004 0000000000000000 [ 199.428790] page dumped because: kasan: bad access detected [ 199.434511] [ 199.436141] Memory state around the buggy address: [ 199.441094] ffff8881bb2f5d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 199.448484] ffff8881bb2f5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 199.455868] >ffff8881bb2f5e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 199.463248] ^ [ 199.468733] ffff8881bb2f5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 199.476114] ffff8881bb2f5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 199.483481] ================================================================== 02:16:06 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'eql\x00', 0x100007ff}) ioctl$TUNSETLINK(r1, 0x400454cd, 0x0) ioctl$sock_ifreq(r0, 0x8914, &(0x7f00000000c0)={'eql\x00\x00\x00\xa9[\x00\x00\x00\x00\x00\x00\x9e\x00', @ifru_mtu=0x1}) 02:16:06 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1fe, 0x0) r2 = shmget(0x0, 0x3000, 0x4, &(0x7f0000ffd000/0x3000)=nil) fstat(0xffffffffffffffff, 0x0) r3 = getgid() getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000001580)={{{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@multicast1}}, 0x0) getgroups(0x8, &(0x7f0000001680)=[0x0, 0xee01, 0xffffffffffffffff, 0x0, 0x0, 0xee01, 0xee01, 0xee00]) r6 = getpgrp(0x0) r7 = getpid() shmctl$IPC_SET(r2, 0x1, &(0x7f00000016c0)={{0x80008000, 0x0, r3, r4, r5, 0x100, 0x135b}, 0x8c2d, 0x8, 0x200, 0x2, r6, r7, 0xff}) write$binfmt_aout(r1, &(0x7f0000006c40)=ANY=[@ANYBLOB="10ef0000000000"], 0x7) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000340)) r8 = perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$security_ima(&(0x7f0000000300)='./file0\x00', &(0x7f0000000240)='security.ima\x00', 0x0, 0x0, 0x1) unlink(&(0x7f0000001e00)='./bus\x00') ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x8) ioctl$KDADDIO(r0, 0x4b34, 0x200) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) getresgid(&(0x7f0000000280), &(0x7f0000000500), 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0xffffffffffffff81) recvmmsg(r1, &(0x7f0000001300)=[{{&(0x7f0000000180)=@rc, 0x80, &(0x7f0000000100)=[{&(0x7f0000000440)=""/114, 0x72}], 0x1, &(0x7f0000000600)=""/104, 0x68}, 0x85}, {{&(0x7f0000000680)=@ipx, 0x80, &(0x7f0000000740)=[{&(0x7f0000001e40)=""/4096, 0x1000}, {&(0x7f0000000940)=""/255, 0xff}, {&(0x7f00000004c0)=""/28, 0x1c}, {&(0x7f0000000a40)=""/251, 0xfb}, {&(0x7f0000002e40)=""/4096, 0x1000}, {&(0x7f0000000bc0)=""/238, 0xee}], 0x6}, 0x5}, {{&(0x7f0000000cc0)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000000f00)=[{&(0x7f0000000d40)=""/86, 0x56}, {&(0x7f0000000880)=""/37, 0x25}, {&(0x7f0000000b40)=""/51, 0x33}, {&(0x7f0000000dc0)=""/190, 0xbe}, {&(0x7f0000000e80)=""/107, 0x6b}], 0x5, &(0x7f0000000f80)=""/142, 0x8e}, 0x4}, {{&(0x7f0000001040)=@can, 0x80, &(0x7f0000001200)=[{&(0x7f00000010c0)=""/116, 0x74}, {&(0x7f0000001140)=""/67, 0x43}, {&(0x7f00000011c0)=""/47, 0x2f}], 0x3}, 0x80}, {{&(0x7f0000001240)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f00000012c0)=[{&(0x7f0000003e40)=""/4096, 0x1000}], 0x1}, 0x6}], 0x5, 0x8ee1d1423a6a2491, &(0x7f0000001440)={0x0, 0x1c9c380}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000380)={'bond_slave_1\x00'}) fchdir(r8) sendmsg$nl_route_sched(r1, &(0x7f0000001500)={&(0x7f0000001480)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000014c0)={&(0x7f0000001900)=ANY=[@ANYBLOB="440300003100000429bd7000fedbdf25000000002400010010001400000008000300040000000000100010000000080003000000008000003c00010010000c000000080003000000000000001000190000000800030015000000000018001e0000001000010074756e6e656c5f6b6579000000007c00010010000d0000000800030000000000000010000200000008000100787400000000100011000000080001006270660000001000000000000800010062706600000014001d0000000c000100706f6c69636500000000100009000000080001006970740000001400f20000000c0001006373756d0000000000003400010010000d000000080001006270660000001000160000000800030000000000000010001600000008000300000200000000700001001400030000000c000100736b626d6f640000000010001400000008000300ffffffff0000100017000000080003000b800000000018001e0000001000010074756e6e656c5f6b65790000000010001f0000000800030000020000000010000300000008000300afb6b75c0000740001001400000000000c000100766c616e00000000000018000000000010000100636f6e6e6d61726b00000000000010001f000000080003000400000000001400150000000c000100736b626d6f64000000001000080000000800030009000000000010000000000008000300000000000000040001001400010010000100000008000300bf00000000006800010010000a0000000800010078740000000010000e0000000800010069666500000014001f0000000c0001006d6972726564000000001000000000000800030003000000000010001800000008000300200a0000000010000e00000008000300ffffff7f0000bc00010010001a0000000800030005000000000010001a0000000800030008000000000018000d00000010000100636f6e6e6d61726b00000000000014000c0000000c0001006373756d00000000000014000d0000000c000100676163740000000000001000190000000800010062706600000014000e0000000c00010073616d706c65000000001400050000000c000100736b626d6f64000000001000060000000800030005000000000010001400000008000100697074000000ee2dbe1ec6beb8c4c953e187d6113e45a2e4c8d7ea7cd4"], 0x1}, 0x1, 0x0, 0x0, 0x10}, 0x1) getresgid(0x0, &(0x7f0000000040)=0x0, &(0x7f00000007c0)) fstat(0xffffffffffffffff, &(0x7f00000008c0)) fstat(r1, &(0x7f0000000580)) getgroups(0x4, &(0x7f00000000c0)=[0x0, 0x0, r9, 0x0]) mkdir(&(0x7f0000001540)='./file0\x00', 0x0) [ 199.490844] Disabling lock debugging due to kernel taint [ 199.503113] CPU: 0 PID: 6120 Comm: syz-executor0 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 199.513027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.522395] Call Trace: [ 199.522416] dump_stack+0x244/0x39d [ 199.522431] ? dump_stack_print_info.cold.1+0x20/0x20 [ 199.522447] ? mark_held_locks+0x130/0x130 [ 199.522466] dump_header+0x253/0x1239 [ 199.522486] ? print_usage_bug+0xc0/0xc0 [ 199.525142] Kernel panic - not syncing: panic_on_warn set ... [ 199.528695] ? pagefault_out_of_memory+0x19d/0x19d [ 199.556736] ? mark_held_locks+0x130/0x130 [ 199.560988] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.566539] ? check_preemption_disabled+0x48/0x280 [ 199.571581] ? graph_lock+0x270/0x270 [ 199.575405] ? __lock_is_held+0xb5/0x140 [ 199.579495] ? graph_lock+0x270/0x270 [ 199.583303] ? print_usage_bug+0xc0/0xc0 [ 199.587393] ? find_held_lock+0x36/0x1c0 [ 199.591460] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.597003] ? find_held_lock+0x36/0x1c0 [ 199.601091] ? mark_held_locks+0xc7/0x130 [ 199.605242] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 199.610355] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 199.615500] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 199.620098] ? trace_hardirqs_on+0xbd/0x310 [ 199.624430] ? kasan_check_read+0x11/0x20 [ 199.628587] ? ___ratelimit+0x3b4/0x672 [ 199.632590] ? trace_hardirqs_off_caller+0x310/0x310 [ 199.637713] ? trace_hardirqs_on+0x310/0x310 [ 199.642146] ? lock_downgrade+0x900/0x900 [ 199.646316] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 199.651430] ? ___ratelimit+0x3b9/0x672 [ 199.655427] ? idr_get_free+0xf70/0xf70 [ 199.659409] ? _raw_spin_unlock_irq+0x27/0x80 [ 199.663924] ? _raw_spin_unlock_irq+0x27/0x80 [ 199.668447] oom_kill_process.cold.27+0x10/0x903 [ 199.673228] ? _raw_spin_unlock_irq+0x27/0x80 [ 199.677743] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 199.682361] ? oom_evaluate_task+0x540/0x540 [ 199.686785] ? cgroup_procs_next+0x70/0x70 [ 199.691038] ? _raw_spin_unlock_irq+0x60/0x80 [ 199.695559] ? oom_badness+0xaa0/0xaa0 [ 199.699461] ? mem_cgroup_scan_tasks+0x1c3/0x1e0 [ 199.704239] ? mem_cgroup_iter_break+0x30/0x30 [ 199.708842] ? find_held_lock+0x36/0x1c0 [ 199.712935] out_of_memory+0x8ba/0x1480 [ 199.716937] ? oom_killer_disable+0x3a0/0x3a0 [ 199.721464] ? trace_hardirqs_on+0xbd/0x310 [ 199.725810] ? kasan_check_read+0x11/0x20 [ 199.729987] ? cgroup_file_notify+0x226/0x2f0 [ 199.734513] ? trace_hardirqs_off_caller+0x310/0x310 [ 199.739644] mem_cgroup_out_of_memory+0x15e/0x210 [ 199.744507] ? memory_oom_group_write+0x160/0x160 [ 199.749399] ? page_counter_try_charge+0x1c1/0x220 [ 199.754360] try_charge+0xda9/0x1700 [ 199.758115] ? mem_cgroup_from_task+0x1f0/0x1f0 [ 199.762814] ? rcu_pm_notify+0xc0/0xc0 [ 199.766726] ? rcu_read_lock_sched_held+0x14f/0x180 [ 199.771776] ? __alloc_pages_nodemask+0xb9c/0xec0 [ 199.777100] ? graph_lock+0x270/0x270 [ 199.780941] ? __alloc_pages_slowpath+0x2dc0/0x2dc0 [ 199.785985] ? find_held_lock+0x36/0x1c0 [ 199.790104] ? cache_grow_begin+0x65/0x8c0 [ 199.794386] memcg_kmem_charge_memcg+0x7c/0x120 [ 199.799082] ? memcg_kmem_put_cache+0x300/0x300 [ 199.803771] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 199.809336] cache_grow_begin+0x43e/0x8c0 [ 199.813496] ? do_raw_spin_unlock+0xa7/0x330 [ 199.817924] fallback_alloc+0x204/0x2e0 [ 199.821912] ____cache_alloc_node+0x1c7/0x1e0 [ 199.826432] kmem_cache_alloc+0x1f6/0x730 [ 199.830596] ? graph_lock+0x270/0x270 [ 199.834409] ? print_usage_bug+0xc0/0xc0 [ 199.838483] __alloc_file+0xa8/0x480 [ 199.842209] ? file_free_rcu+0xe0/0xe0 [ 199.846133] ? find_held_lock+0x36/0x1c0 [ 199.850219] ? is_bpf_text_address+0xac/0x170 [ 199.854720] ? lock_downgrade+0x900/0x900 [ 199.858875] ? check_preemption_disabled+0x48/0x280 [ 199.863897] alloc_empty_file+0x72/0x170 [ 199.867999] path_openat+0x170/0x5150 [ 199.871803] ? rcu_softirq_qs+0x20/0x20 [ 199.875777] ? unwind_dump+0x190/0x190 [ 199.879675] ? graph_lock+0x270/0x270 [ 199.883510] ? path_lookupat.isra.43+0xc00/0xc00 [ 199.888270] ? unwind_get_return_address+0x61/0xa0 [ 199.893210] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 199.898249] ? expand_files.part.8+0x571/0x9a0 [ 199.902872] ? find_held_lock+0x36/0x1c0 [ 199.906943] ? __alloc_fd+0x347/0x6e0 [ 199.910753] ? lock_downgrade+0x900/0x900 [ 199.914903] ? getname+0x19/0x20 [ 199.918274] ? kasan_check_read+0x11/0x20 [ 199.922442] ? do_raw_spin_unlock+0xa7/0x330 [ 199.926863] ? do_raw_spin_trylock+0x270/0x270 [ 199.931449] ? __lock_is_held+0xb5/0x140 [ 199.935514] ? __check_object_size+0xb1/0x782 [ 199.940038] ? _raw_spin_unlock+0x2c/0x50 [ 199.944212] ? __alloc_fd+0x347/0x6e0 [ 199.948031] do_filp_open+0x255/0x380 [ 199.951848] ? may_open_dev+0x100/0x100 [ 199.955848] ? get_unused_fd_flags+0x122/0x1a0 [ 199.960438] ? __alloc_fd+0x6e0/0x6e0 [ 199.964253] do_sys_open+0x568/0x780 [ 199.967978] ? filp_open+0x80/0x80 [ 199.971529] ? trace_hardirqs_off_caller+0x310/0x310 [ 199.976650] __x64_sys_open+0x7e/0xc0 [ 199.980477] do_syscall_64+0x1b9/0x820 [ 199.984403] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 199.989790] ? syscall_return_slowpath+0x5e0/0x5e0 [ 199.994747] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 199.999619] ? trace_hardirqs_on_caller+0x310/0x310 [ 200.004650] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 200.009684] ? prepare_exit_to_usermode+0x291/0x3b0 [ 200.014718] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.019579] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.024774] RIP: 0033:0x455670 [ 200.027970] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 200.046891] RSP: 002b:00007ffcf9715e30 EFLAGS: 00000206 ORIG_RAX: 0000000000000002 [ 200.054652] RAX: ffffffffffffffda RBX: 00000000000305f9 RCX: 0000000000455670 [ 200.061929] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffcf9717010 [ 200.069211] RBP: 000000000000010c R08: 0000000000000001 R09: 0000000002150940 [ 200.076490] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffcf9717010 [ 200.083770] R13: 00000000000305c2 R14: 0000000000000000 R15: 0000000000000000 [ 200.091078] CPU: 1 PID: 7669 Comm: syz-executor1 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 200.097018] kobject: 'loop2' (0000000066eafa7f): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 200.100971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.100977] Call Trace: [ 200.100997] dump_stack+0x244/0x39d [ 200.101012] ? dump_stack_print_info.cold.1+0x20/0x20 [ 200.101032] ? fpstate_init+0x30/0x160 [ 200.101063] panic+0x2ad/0x632 [ 200.115209] kobject: 'loop4' (0000000052d84ef9): kobject_uevent_env [ 200.119882] ? add_taint.cold.5+0x16/0x16 [ 200.119901] ? preempt_schedule+0x4d/0x60 [ 200.119916] ? ___preempt_schedule+0x16/0x18 [ 200.119934] ? trace_hardirqs_on+0xb4/0x310 [ 200.119954] ? fpstate_init+0x50/0x160 [ 200.122683] kobject: 'loop4' (0000000052d84ef9): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 200.126161] end_report+0x47/0x4f [ 200.126177] kasan_report.cold.5+0xe/0x39 [ 200.126197] ? fpstate_init+0x50/0x160 [ 200.186652] ? fpstate_init+0x50/0x160 [ 200.190562] check_memory_region+0x13e/0x1b0 [ 200.194985] memset+0x23/0x40 [ 200.198122] fpstate_init+0x50/0x160 [ 200.201862] kvm_arch_vcpu_init+0x3e9/0x870 [ 200.206217] kvm_vcpu_init+0x2fa/0x420 [ 200.210121] ? vcpu_stat_get+0x300/0x300 [ 200.214196] ? kmem_cache_alloc+0x33f/0x730 [ 200.218537] vmx_create_vcpu+0x1b7/0x2695 [ 200.222716] ? perf_trace_sched_process_exec+0x860/0x860 [ 200.228197] ? do_raw_spin_unlock+0xa7/0x330 [ 200.232622] ? vmx_exec_control+0x210/0x210 [ 200.236972] ? kasan_check_write+0x14/0x20 [ 200.241224] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 200.246167] ? futex_wait_queue_me+0x55d/0x840 [ 200.250759] ? wait_for_completion+0x8a0/0x8a0 [ 200.255367] ? print_usage_bug+0xc0/0xc0 [ 200.259456] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.265022] ? get_futex_value_locked+0xcb/0xf0 [ 200.269713] kvm_arch_vcpu_create+0xe5/0x220 [ 200.274142] ? kvm_arch_vcpu_free+0x90/0x90 [ 200.278474] kvm_vm_ioctl+0x526/0x2030 [ 200.282366] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 200.287476] ? futex_wait+0x5ec/0xa50 [ 200.291288] ? kvm_unregister_device_ops+0x70/0x70 [ 200.296229] ? mark_held_locks+0x130/0x130 [ 200.300468] ? kfree+0x11e/0x230 [ 200.303849] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 200.309058] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 200.314209] ? futex_wake+0x304/0x760 [ 200.318021] ? __lock_acquire+0x62f/0x4c20 [ 200.322277] ? mark_held_locks+0x130/0x130 [ 200.326520] ? graph_lock+0x270/0x270 [ 200.330325] ? do_futex+0x249/0x26d0 [ 200.334043] ? rcu_read_unlock_special+0x370/0x370 [ 200.338991] ? rcu_softirq_qs+0x20/0x20 [ 200.342964] ? unwind_dump+0x190/0x190 [ 200.346863] ? find_held_lock+0x36/0x1c0 [ 200.350933] ? __fget+0x4aa/0x740 [ 200.354394] ? lock_downgrade+0x900/0x900 [ 200.358545] ? check_preemption_disabled+0x48/0x280 [ 200.363565] ? kasan_check_read+0x11/0x20 [ 200.367715] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 200.373004] ? rcu_read_unlock_special+0x370/0x370 [ 200.377947] ? __fget+0x4d1/0x740 [ 200.381408] ? ksys_dup3+0x680/0x680 [ 200.385126] ? __might_fault+0x12b/0x1e0 [ 200.389193] ? lock_downgrade+0x900/0x900 [ 200.393355] ? lock_release+0xa00/0xa00 [ 200.397333] ? perf_trace_sched_process_exec+0x860/0x860 [ 200.402792] ? kvm_unregister_device_ops+0x70/0x70 [ 200.407735] do_vfs_ioctl+0x1de/0x1790 [ 200.411637] ? ioctl_preallocate+0x300/0x300 [ 200.416086] ? __fget_light+0x2e9/0x430 [ 200.420078] ? fget_raw+0x20/0x20 [ 200.423536] ? _copy_to_user+0xc8/0x110 [ 200.427520] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.433084] ? put_timespec64+0x10f/0x1b0 [ 200.437241] ? nsecs_to_jiffies+0x30/0x30 [ 200.441398] ? do_syscall_64+0x9a/0x820 [ 200.445378] ? do_syscall_64+0x9a/0x820 [ 200.449380] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 200.453979] ? security_file_ioctl+0x94/0xc0 [ 200.458398] ksys_ioctl+0xa9/0xd0 [ 200.461865] __x64_sys_ioctl+0x73/0xb0 [ 200.465765] do_syscall_64+0x1b9/0x820 [ 200.469682] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 200.475068] ? syscall_return_slowpath+0x5e0/0x5e0 [ 200.480008] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.484867] ? trace_hardirqs_on_caller+0x310/0x310 [ 200.489902] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 200.494942] ? prepare_exit_to_usermode+0x291/0x3b0 [ 200.499979] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.504859] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.510082] RIP: 0033:0x457669 [ 200.513298] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.532217] RSP: 002b:00007f8478103c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 200.539942] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 200.547236] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000007 [ 200.554541] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 200.561850] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f84781046d4 [ 200.569172] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 200.577700] Kernel Offset: disabled [ 200.581380] Rebooting in 86400 seconds..