[info] Using makefile-style concurrent boot in runlevel 2. [ 27.576012] audit: type=1800 audit(1545515156.263:21): pid=5942 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.133' (ECDSA) to the list of known hosts. 2018/12/22 21:46:05 fuzzer started 2018/12/22 21:46:07 dialing manager at 10.128.0.26:33943 2018/12/22 21:46:07 syscalls: 1 2018/12/22 21:46:07 code coverage: enabled 2018/12/22 21:46:07 comparison tracing: enabled 2018/12/22 21:46:07 setuid sandbox: enabled 2018/12/22 21:46:07 namespace sandbox: enabled 2018/12/22 21:46:07 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/22 21:46:07 fault injection: enabled 2018/12/22 21:46:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/22 21:46:07 net packet injection: enabled 2018/12/22 21:46:07 net device setup: enabled 21:48:21 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) rename(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file1/file0\x00') syzkaller login: [ 172.511101] IPVS: ftp: loaded support on port[0] = 21 21:48:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000000)={0x8f, 0x0, [0x2]}) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000000c0)={0x1, 0x0, [{0x1, 0x0, 0x0, 0x0, 0x7ff}]}) [ 172.783456] IPVS: ftp: loaded support on port[0] = 21 21:48:21 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0xa0140100, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, 0x0) ptrace$setregset(0x4205, 0x0, 0x205, 0x0) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, 0x0) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) openat$rtc(0xffffffffffffff9c, 0x0, 0x80, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x11) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) wait4(0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000000), 0x0) [ 173.211674] IPVS: ftp: loaded support on port[0] = 21 21:48:21 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4c, &(0x7f0000000140)=0x10000000, 0x4) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000340)=@generic={0xa, "fee62294c47960e7bb18015d57b82b7bee24c5438af2d151cf695ae5c75e83bb29cd4c023e864bcdf44e189ab113d032335f29c133569d2e963f63d2e930370ba1e54c99c4801552c9bf17ed0a79e7e3ad2074e7380cca396ff98b1765756b337295b92c9c98172c927eda7a5210139758ba6aed86fec2ff416ad10850dc"}, 0x35) [ 173.510594] IPVS: ftp: loaded support on port[0] = 21 21:48:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0xa0140100, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) openat$rtc(0xffffffffffffff9c, 0x0, 0x80, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x11) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) wait4(0x0, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000000), 0x0) [ 174.030415] IPVS: ftp: loaded support on port[0] = 21 21:48:22 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000680)='/dev/loop#\x00', 0x0, 0x100082) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000040)={0x0, 0x200}) [ 174.325507] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.340435] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.348389] device bridge_slave_0 entered promiscuous mode [ 174.374679] IPVS: ftp: loaded support on port[0] = 21 [ 174.428376] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.436856] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.444788] device bridge_slave_1 entered promiscuous mode [ 174.548819] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 174.646622] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 175.051782] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.062335] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.068838] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.085972] device bridge_slave_0 entered promiscuous mode [ 175.193782] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.255830] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.276044] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.284244] device bridge_slave_1 entered promiscuous mode [ 175.464104] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 175.590153] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 175.690144] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.710669] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.723558] device bridge_slave_0 entered promiscuous mode [ 175.732939] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.739408] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.747328] device bridge_slave_0 entered promiscuous mode [ 175.813178] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 175.828573] team0: Port device team_slave_0 added [ 175.836138] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.849153] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.862804] device bridge_slave_1 entered promiscuous mode [ 175.876732] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.896095] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.904286] device bridge_slave_1 entered promiscuous mode [ 175.966492] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 175.982755] team0: Port device team_slave_1 added [ 175.990004] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 176.072321] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 176.079842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.094110] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.102877] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 176.118888] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.183950] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 176.227761] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.244408] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.257430] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 176.330765] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 176.339399] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.353364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.496806] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 176.509234] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.536041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 176.618996] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.704690] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.721346] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.728852] device bridge_slave_0 entered promiscuous mode [ 176.758989] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.773239] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.802095] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.817415] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.837484] device bridge_slave_0 entered promiscuous mode [ 176.853835] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.860318] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.881754] device bridge_slave_1 entered promiscuous mode [ 176.900794] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.916401] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 176.923811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 176.942170] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 176.949615] team0: Port device team_slave_0 added [ 176.995721] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 177.004991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.023076] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.029482] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.051876] device bridge_slave_1 entered promiscuous mode [ 177.061113] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 177.087494] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 177.111221] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 177.118811] team0: Port device team_slave_1 added [ 177.132159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.146622] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 177.197507] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 177.338981] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 177.352797] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.452698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.465836] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 177.475848] team0: Port device team_slave_0 added [ 177.532114] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.577673] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 177.591096] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.611193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.631693] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 177.639085] team0: Port device team_slave_0 added [ 177.665950] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 177.675995] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 177.691330] team0: Port device team_slave_1 added [ 177.696673] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.705227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.721923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.772504] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.794050] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 177.809923] team0: Port device team_slave_1 added [ 177.838928] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 177.861837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 177.908693] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 177.924225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.946403] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.955742] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 177.969621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 177.990216] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 178.011378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.019460] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.047699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.063025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.071076] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.079934] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 178.112259] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 178.121668] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 178.129285] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.145527] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.191203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.199272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.241720] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 178.251109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.265482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.284712] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.291253] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.298197] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.304670] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.314783] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 178.324271] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 178.350261] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 178.368484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.391580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.399619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.433606] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 178.453982] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.481152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.510216] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 178.523320] team0: Port device team_slave_0 added [ 178.591318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.716277] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 178.729950] team0: Port device team_slave_1 added [ 178.834952] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 178.842692] team0: Port device team_slave_0 added [ 178.855351] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 178.869964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.884445] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.986125] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.001883] team0: Port device team_slave_1 added [ 179.033934] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 179.043902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.071460] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.130095] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 179.157592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.167968] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.213508] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 179.222349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.235871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.278855] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.344452] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 179.353296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.370028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.428512] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 179.442632] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.457903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.552958] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 179.560126] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.580432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.593511] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.599911] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.606795] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.613208] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.625808] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.642687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.759217] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.765678] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.772436] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.778836] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.803405] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.932348] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.938738] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.945489] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.951899] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.998005] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 180.689006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 180.696955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 180.840475] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.846955] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.853698] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.860084] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.869070] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.023343] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.029753] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.036470] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.042890] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.056689] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.720905] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.729718] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.782399] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.183310] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 184.607370] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 184.626224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.647175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.976188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.085468] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.114275] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.164476] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.449672] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 185.611631] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 185.671878] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 186.023077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.061881] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 186.068047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.075554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.099224] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 186.108077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.147085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.164682] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 186.182823] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.193744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.361856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.557635] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 186.586994] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.595887] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.620172] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.892914] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 186.973181] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 186.980799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.987889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.381308] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.387585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.395082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.481150] 8021q: adding VLAN 0 to HW filter on device team0 21:48:36 executing program 0: 21:48:36 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) recvmmsg(0xffffffffffffff9c, &(0x7f0000003480)=[{{0x0, 0x0, &(0x7f0000000080)=[{0xfffffffffffffffd}, {&(0x7f00000001c0)=""/81, 0x51}, {&(0x7f0000000240)=""/176, 0xb0}, {&(0x7f0000000000)=""/21, 0x15}], 0x4}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) tkill(r0, 0x27) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000000c0)={@loopback, @dev, @mcast1, 0xc, 0x0, 0x0, 0xfa}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x21, r0, 0x0, 0x0) [ 187.897437] 8021q: adding VLAN 0 to HW filter on device team0 21:48:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r') r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socket$kcm(0x2, 0x3, 0x2) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x8955, &(0x7f0000000040)=0x2) [ 188.153773] [ 188.155454] ====================================================== [ 188.161813] WARNING: possible circular locking dependency detected [ 188.168171] 4.20.0-rc6-next-20181217+ #172 Not tainted [ 188.173445] ------------------------------------------------------ [ 188.179770] syz-executor0/7514 is trying to acquire lock: [ 188.185357] 000000004c35cae0 (&tbl->lock){+.-.}, at: neigh_change_state+0x1dc/0x7a0 [ 188.193183] [ 188.193183] but task is already holding lock: [ 188.199183] 000000006d1062ba (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0 [ 188.206507] [ 188.206507] which lock already depends on the new lock. [ 188.206507] [ 188.214849] [ 188.214849] the existing dependency chain (in reverse order) is: [ 188.222468] [ 188.222468] -> #1 (&n->lock){++--}: [ 188.227589] _raw_write_lock+0x2d/0x40 [ 188.231985] neigh_periodic_work+0x3c0/0xc30 [ 188.237017] process_one_work+0xc90/0x1c40 [ 188.241759] worker_thread+0x17f/0x1390 [ 188.246344] kthread+0x35a/0x440 [ 188.250215] ret_from_fork+0x3a/0x50 [ 188.254435] [ 188.254435] -> #0 (&tbl->lock){+.-.}: [ 188.259722] lock_acquire+0x1ed/0x520 [ 188.264043] _raw_write_lock_bh+0x31/0x40 [ 188.268697] neigh_change_state+0x1dc/0x7a0 [ 188.273526] __neigh_update+0x478/0x1eb0 [ 188.278105] neigh_update+0x37/0x50 [ 188.282238] arp_req_set+0x54c/0xaa0 [ 188.286562] arp_ioctl+0x48b/0xae0 [ 188.290613] inet_ioctl+0x237/0x360 [ 188.294762] sock_do_ioctl+0xeb/0x420 [ 188.299067] sock_ioctl+0x313/0x690 [ 188.303204] do_vfs_ioctl+0x1de/0x1790 [ 188.307600] ksys_ioctl+0xa9/0xd0 [ 188.311564] __x64_sys_ioctl+0x73/0xb0 [ 188.315962] do_syscall_64+0x1b9/0x820 [ 188.320370] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.326057] [ 188.326057] other info that might help us debug this: [ 188.326057] [ 188.334202] Possible unsafe locking scenario: [ 188.334202] [ 188.340242] CPU0 CPU1 [ 188.344905] ---- ---- [ 188.349603] lock(&n->lock); [ 188.352713] lock(&tbl->lock); [ 188.358507] lock(&n->lock); [ 188.364158] lock(&tbl->lock); [ 188.367418] [ 188.367418] *** DEADLOCK *** [ 188.367418] [ 188.373461] 2 locks held by syz-executor0/7514: [ 188.378113] #0: 00000000600cbef1 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 188.385417] #1: 000000006d1062ba (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0 [ 188.393117] [ 188.393117] stack backtrace: [ 188.397637] CPU: 0 PID: 7514 Comm: syz-executor0 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 188.406110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.415454] Call Trace: [ 188.418041] dump_stack+0x244/0x39d [ 188.421655] ? dump_stack_print_info.cold.1+0x20/0x20 [ 188.426834] ? vprintk_func+0x85/0x181 [ 188.430709] print_circular_bug.isra.36.cold.58+0x1bd/0x27d [ 188.436416] ? save_trace+0xe0/0x290 [ 188.440115] __lock_acquire+0x3399/0x4c20 [ 188.444283] ? mark_held_locks+0x130/0x130 [ 188.448513] ? kasan_check_read+0x11/0x20 [ 188.452656] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 188.457934] ? arp_constructor+0x3a5/0xd80 [ 188.462155] ? lock_downgrade+0x900/0x900 [ 188.466312] ? check_preemption_disabled+0x48/0x280 [ 188.471326] ? mark_held_locks+0x130/0x130 [ 188.475557] ? mark_held_locks+0xc7/0x130 [ 188.479713] ? __local_bh_enable_ip+0x160/0x260 [ 188.484368] ? __local_bh_enable_ip+0x160/0x260 [ 188.489018] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 188.493626] ? trace_hardirqs_on+0xbd/0x310 [ 188.497938] ? _raw_write_unlock_bh+0x30/0x40 [ 188.502422] ? trace_hardirqs_off_caller+0x310/0x310 [ 188.507511] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.513038] ? ___neigh_create+0x1704/0x2630 [ 188.517447] ? ___neigh_create+0x1704/0x2630 [ 188.521842] lock_acquire+0x1ed/0x520 [ 188.525630] ? neigh_change_state+0x1dc/0x7a0 [ 188.530141] ? lock_release+0xa00/0xa00 [ 188.534118] _raw_write_lock_bh+0x31/0x40 [ 188.538251] ? neigh_change_state+0x1dc/0x7a0 [ 188.542746] neigh_change_state+0x1dc/0x7a0 [ 188.547074] ? neigh_parms_alloc+0x6d0/0x6d0 [ 188.551468] ? mark_held_locks+0xc7/0x130 [ 188.555612] ? kasan_check_write+0x14/0x20 [ 188.559866] ? do_raw_write_lock+0x14f/0x310 [ 188.564275] ? do_raw_read_unlock+0x70/0x70 [ 188.568601] ? neigh_lookup+0x586/0x7c0 [ 188.572589] ? trace_hardirqs_off_caller+0x310/0x310 [ 188.577682] __neigh_update+0x478/0x1eb0 [ 188.581728] ? __local_bh_enable_ip+0x160/0x260 [ 188.586402] ? arp_key_eq+0x10/0xa0 [ 188.590014] ? __neigh_notify+0x160/0x160 [ 188.594148] ? ip_route_output_key_hash_rcu+0x3490/0x3490 [ 188.599688] ? find_held_lock+0x36/0x1c0 [ 188.603735] neigh_update+0x37/0x50 [ 188.607345] arp_req_set+0x54c/0xaa0 [ 188.611043] ? arp_req_delete+0x870/0x870 [ 188.615175] ? apparmor_cred_prepare+0x5a0/0x5a0 [ 188.619915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.625439] arp_ioctl+0x48b/0xae0 [ 188.628977] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 188.634164] ? arp_constructor+0xd80/0xd80 [ 188.638389] ? futex_wake+0x304/0x760 [ 188.642178] inet_ioctl+0x237/0x360 [ 188.645798] ? inet_stream_connect+0xa0/0xa0 [ 188.650191] ? mark_held_locks+0x130/0x130 [ 188.654410] ? graph_lock+0x270/0x270 [ 188.658192] ? do_futex+0x249/0x26d0 [ 188.661904] ? trace_hardirqs_off+0xb8/0x310 [ 188.666310] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.671836] ? find_held_lock+0x36/0x1c0 [ 188.675883] sock_do_ioctl+0xeb/0x420 [ 188.679711] ? compat_ifr_data_ioctl+0x170/0x170 [ 188.684491] ? check_preemption_disabled+0x48/0x280 [ 188.689492] ? kasan_check_read+0x11/0x20 [ 188.693625] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 188.698899] ? rcu_read_unlock_special+0x370/0x370 [ 188.703814] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 188.709032] sock_ioctl+0x313/0x690 [ 188.712646] ? dlci_ioctl_set+0x40/0x40 [ 188.716607] ? ksys_dup3+0x680/0x680 [ 188.720315] ? __might_fault+0x12b/0x1e0 [ 188.724357] ? lock_downgrade+0x900/0x900 [ 188.728490] ? lock_release+0xa00/0xa00 [ 188.732489] ? perf_trace_sched_process_exec+0x860/0x860 [ 188.737920] ? dlci_ioctl_set+0x40/0x40 [ 188.741878] do_vfs_ioctl+0x1de/0x1790 [ 188.745766] ? ioctl_preallocate+0x300/0x300 [ 188.750171] ? __fget_light+0x2e9/0x430 [ 188.754139] ? fget_raw+0x20/0x20 [ 188.757620] ? _copy_to_user+0xc8/0x110 [ 188.761584] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.767105] ? put_timespec64+0x10f/0x1b0 [ 188.771234] ? nsecs_to_jiffies+0x30/0x30 [ 188.775379] ? do_syscall_64+0x9a/0x820 [ 188.779367] ? do_syscall_64+0x9a/0x820 [ 188.783338] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 188.787904] ? security_file_ioctl+0x94/0xc0 [ 188.792296] ksys_ioctl+0xa9/0xd0 [ 188.795733] __x64_sys_ioctl+0x73/0xb0 [ 188.799618] do_syscall_64+0x1b9/0x820 [ 188.803498] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 188.808846] ? syscall_return_slowpath+0x5e0/0x5e0 [ 188.813775] ? trace_hardirqs_on_caller+0x310/0x310 [ 188.818790] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 188.823790] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 188.830438] ? __switch_to_asm+0x40/0x70 [ 188.834485] ? __switch_to_asm+0x34/0x70 [ 188.838563] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 188.843397] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.848583] RIP: 0033:0x457669 [ 188.851782] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.870742] RSP: 002b:00007fa0bf578c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 188.878450] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 188.885712] RDX: 0000000020000040 RSI: 0000000000008955 RDI: 0000000000000007 [ 188.892974] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 188.900226] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa0bf5796d4 [ 188.907477] R13: 00000000004c0acd R14: 00000000004d1c98 R15: 00000000ffffffff 21:48:37 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc4c85512, &(0x7f0000000180)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x1000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) [ 189.017341] kobject: 'loop0' (000000006ff4df94): kobject_uevent_env [ 189.030713] kobject: 'loop0' (000000006ff4df94): fill_kobj_path: path = '/devices/virtual/block/loop0' 21:48:37 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc4c85512, &(0x7f0000000180)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x1000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) [ 189.078803] kobject: 'loop0' (000000006ff4df94): kobject_uevent_env [ 189.093411] kobject: 'loop0' (000000006ff4df94): fill_kobj_path: path = '/devices/virtual/block/loop0' 21:48:37 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc4c85512, &(0x7f0000000180)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x1000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) 21:48:37 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc4c85512, &(0x7f0000000180)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00', 0x1000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) [ 189.186975] kobject: 'loop0' (000000006ff4df94): kobject_uevent_env [ 189.201849] kobject: 'loop0' (000000006ff4df94): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 189.283896] kobject: 'loop0' (000000006ff4df94): kobject_uevent_env [ 189.290401] kobject: 'loop0' (000000006ff4df94): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 189.703528] kobject: 'loop1' (00000000c90c174a): kobject_uevent_env [ 189.710075] kobject: 'loop1' (00000000c90c174a): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 189.713500] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 189.750550] kobject: 'kvm' (000000008e5f0d3a): kobject_uevent_env [ 189.758304] kobject: 'kvm' (000000008e5f0d3a): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 189.772929] kobject: 'kvm' (000000008e5f0d3a): kobject_uevent_env [ 189.781516] ================================================================== [ 189.788920] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 189.795525] Write of size 832 at addr ffff8881cce89bc0 by task syz-executor1/7632 [ 189.803173] [ 189.804821] CPU: 1 PID: 7632 Comm: syz-executor1 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 189.813330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.822692] Call Trace: [ 189.825291] dump_stack+0x244/0x39d [ 189.828939] ? dump_stack_print_info.cold.1+0x20/0x20 [ 189.834137] ? printk+0xa7/0xcf [ 189.835429] kobject: 'loop2' (00000000a25dea3a): kobject_uevent_env [ 189.837434] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 189.848639] print_address_description.cold.4+0x9/0x1ff [ 189.854012] ? fpstate_init+0x50/0x160 [ 189.854823] kobject: 'kvm' (000000008e5f0d3a): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 189.857945] kasan_report.cold.5+0x1b/0x39 [ 189.867225] kobject: 'loop2' (00000000a25dea3a): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 189.871198] ? fpstate_init+0x50/0x160 [ 189.871213] ? fpstate_init+0x50/0x160 [ 189.871230] check_memory_region+0x13e/0x1b0 [ 189.871246] memset+0x23/0x40 [ 189.895958] fpstate_init+0x50/0x160 [ 189.899687] kvm_arch_vcpu_init+0x3e9/0x870 [ 189.904026] kvm_vcpu_init+0x2fa/0x420 [ 189.907927] ? vcpu_stat_get+0x300/0x300 [ 189.912002] ? kmem_cache_alloc+0x30b/0x730 [ 189.916335] vmx_create_vcpu+0x1b7/0x2695 [ 189.920488] ? check_preempt_curr+0x3a0/0x3a0 [ 189.925105] ? preempt_schedule+0x4d/0x60 [ 189.929278] ? preempt_schedule_common+0x1f/0xe0 [ 189.934043] ? vmx_exec_control+0x210/0x210 [ 189.938383] ? ___preempt_schedule+0x16/0x18 [ 189.942797] ? kasan_check_write+0x14/0x20 [ 189.947054] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 189.952000] ? wait_for_completion+0x8a0/0x8a0 [ 189.956645] ? migrate_swap_stop+0x8a0/0x8a0 [ 189.961089] kvm_arch_vcpu_create+0xe5/0x220 [ 189.965513] ? kvm_arch_vcpu_free+0x90/0x90 [ 189.969861] kvm_vm_ioctl+0x526/0x2030 [ 189.973752] ? kvm_unregister_device_ops+0x70/0x70 [ 189.978689] ? do_raw_spin_unlock+0xa7/0x330 [ 189.983104] ? mark_held_locks+0x130/0x130 [ 189.987344] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 189.992544] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 189.997647] ? futex_wake+0x304/0x760 [ 190.001452] ? get_futex_key+0x21b0/0x21b0 [ 190.005700] ? mark_held_locks+0x130/0x130 [ 190.009939] ? do_futex+0x249/0x26d0 [ 190.013669] ? exit_robust_list+0x280/0x280 [ 190.017996] ? __fget+0x4aa/0x740 [ 190.021469] ? lock_downgrade+0x900/0x900 [ 190.025640] ? lock_release+0xa00/0xa00 [ 190.029627] ? mark_held_locks+0x130/0x130 [ 190.033867] ? rcu_read_unlock_special+0x370/0x370 [ 190.038809] ? __fget+0x4d1/0x740 [ 190.042271] ? ksys_dup3+0x680/0x680 [ 190.045986] ? __might_fault+0x12b/0x1e0 [ 190.050050] ? lock_downgrade+0x900/0x900 [ 190.054210] ? lock_release+0xa00/0xa00 [ 190.058196] ? perf_trace_sched_process_exec+0x860/0x860 [ 190.063667] ? kvm_unregister_device_ops+0x70/0x70 [ 190.068604] do_vfs_ioctl+0x1de/0x1790 [ 190.072502] ? ioctl_preallocate+0x300/0x300 [ 190.076921] ? __fget_light+0x2e9/0x430 [ 190.080899] ? fget_raw+0x20/0x20 [ 190.084349] ? _copy_to_user+0xc8/0x110 [ 190.088327] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.093882] ? put_timespec64+0x10f/0x1b0 [ 190.098033] ? nsecs_to_jiffies+0x30/0x30 [ 190.102197] ? security_file_ioctl+0x94/0xc0 [ 190.106637] ksys_ioctl+0xa9/0xd0 [ 190.110094] __x64_sys_ioctl+0x73/0xb0 [ 190.113984] do_syscall_64+0x1b9/0x820 [ 190.117888] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 190.123255] ? syscall_return_slowpath+0x5e0/0x5e0 [ 190.128187] ? trace_hardirqs_on_caller+0x310/0x310 [ 190.133206] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 190.138231] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 190.144899] ? __switch_to_asm+0x40/0x70 [ 190.148958] ? __switch_to_asm+0x34/0x70 [ 190.153172] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 190.158030] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.163220] RIP: 0033:0x457669 [ 190.166430] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.185353] RSP: 002b:00007f7a1c1ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 190.193056] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 190.200322] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 190.207583] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 190.214853] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a1c1de6d4 [ 190.222120] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 190.229408] [ 190.231034] Allocated by task 7632: [ 190.234894] save_stack+0x43/0xd0 [ 190.238348] kasan_kmalloc+0xcb/0xd0 [ 190.242060] kasan_slab_alloc+0x12/0x20 [ 190.246060] kmem_cache_alloc+0x130/0x730 [ 190.250226] vmx_create_vcpu+0x110/0x2695 [ 190.254376] kvm_arch_vcpu_create+0xe5/0x220 [ 190.258786] kvm_vm_ioctl+0x526/0x2030 [ 190.262680] do_vfs_ioctl+0x1de/0x1790 [ 190.266568] ksys_ioctl+0xa9/0xd0 [ 190.270022] __x64_sys_ioctl+0x73/0xb0 [ 190.273915] do_syscall_64+0x1b9/0x820 [ 190.277828] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.283486] [ 190.285139] Freed by task 0: [ 190.288147] (stack is not available) [ 190.291864] [ 190.293508] The buggy address belongs to the object at ffff8881cce89b80 [ 190.293508] which belongs to the cache x86_fpu of size 832 [ 190.305839] The buggy address is located 64 bytes inside of [ 190.305839] 832-byte region [ffff8881cce89b80, ffff8881cce89ec0) [ 190.317644] The buggy address belongs to the page: [ 190.322585] page:ffffea000733a240 count:1 mapcount:0 mapping:ffff8881d792e500 index:0x0 [ 190.330731] flags: 0x2fffc0000000200(slab) [ 190.334971] raw: 02fffc0000000200 ffff8881d5091f48 ffff8881d5091f48 ffff8881d792e500 [ 190.342860] raw: 0000000000000000 ffff8881cce89040 0000000100000004 0000000000000000 [ 190.350744] page dumped because: kasan: bad access detected [ 190.356451] [ 190.358084] Memory state around the buggy address: [ 190.363013] ffff8881cce89d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 190.370384] ffff8881cce89e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 190.377738] >ffff8881cce89e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 190.385095] ^ [ 190.390581] ffff8881cce89f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 190.397968] ffff8881cce89f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 190.405318] ================================================================== [ 190.455007] Kernel panic - not syncing: panic_on_warn set ... [ 190.460950] CPU: 1 PID: 7632 Comm: syz-executor1 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 190.470833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.480207] Call Trace: [ 190.482842] dump_stack+0x244/0x39d [ 190.486485] ? dump_stack_print_info.cold.1+0x20/0x20 [ 190.491685] ? fpstate_init+0x30/0x160 [ 190.495582] panic+0x2ad/0x632 [ 190.498805] ? add_taint.cold.5+0x16/0x16 [ 190.502976] ? preempt_schedule+0x4d/0x60 [ 190.507127] ? ___preempt_schedule+0x16/0x18 [ 190.511553] ? trace_hardirqs_on+0xb4/0x310 [ 190.515876] ? fpstate_init+0x50/0x160 [ 190.519760] end_report+0x47/0x4f [ 190.523211] kasan_report.cold.5+0xe/0x39 [ 190.527353] ? fpstate_init+0x50/0x160 [ 190.531255] ? fpstate_init+0x50/0x160 [ 190.535139] check_memory_region+0x13e/0x1b0 [ 190.539565] memset+0x23/0x40 [ 190.542703] fpstate_init+0x50/0x160 [ 190.546435] kvm_arch_vcpu_init+0x3e9/0x870 [ 190.550773] kvm_vcpu_init+0x2fa/0x420 [ 190.554707] ? vcpu_stat_get+0x300/0x300 [ 190.558768] ? kmem_cache_alloc+0x30b/0x730 [ 190.563116] vmx_create_vcpu+0x1b7/0x2695 [ 190.567266] ? check_preempt_curr+0x3a0/0x3a0 [ 190.571762] ? preempt_schedule+0x4d/0x60 [ 190.575908] ? preempt_schedule_common+0x1f/0xe0 [ 190.580663] ? vmx_exec_control+0x210/0x210 [ 190.584984] ? ___preempt_schedule+0x16/0x18 [ 190.589387] ? kasan_check_write+0x14/0x20 [ 190.593618] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 190.598557] ? wait_for_completion+0x8a0/0x8a0 [ 190.603166] ? migrate_swap_stop+0x8a0/0x8a0 [ 190.607575] kvm_arch_vcpu_create+0xe5/0x220 [ 190.611986] ? kvm_arch_vcpu_free+0x90/0x90 [ 190.616306] kvm_vm_ioctl+0x526/0x2030 [ 190.620189] ? kvm_unregister_device_ops+0x70/0x70 [ 190.625112] ? do_raw_spin_unlock+0xa7/0x330 [ 190.629518] ? mark_held_locks+0x130/0x130 [ 190.633817] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 190.639041] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 190.644144] ? futex_wake+0x304/0x760 [ 190.647947] ? get_futex_key+0x21b0/0x21b0 [ 190.652195] ? mark_held_locks+0x130/0x130 [ 190.656433] ? do_futex+0x249/0x26d0 [ 190.660152] ? exit_robust_list+0x280/0x280 [ 190.664490] ? __fget+0x4aa/0x740 [ 190.667942] ? lock_downgrade+0x900/0x900 [ 190.672097] ? lock_release+0xa00/0xa00 [ 190.676077] ? mark_held_locks+0x130/0x130 [ 190.680309] ? rcu_read_unlock_special+0x370/0x370 [ 190.685274] ? __fget+0x4d1/0x740 [ 190.688762] ? ksys_dup3+0x680/0x680 [ 190.692511] ? __might_fault+0x12b/0x1e0 [ 190.696580] ? lock_downgrade+0x900/0x900 [ 190.700732] ? lock_release+0xa00/0xa00 [ 190.704701] ? perf_trace_sched_process_exec+0x860/0x860 [ 190.710150] ? kvm_unregister_device_ops+0x70/0x70 [ 190.715082] do_vfs_ioctl+0x1de/0x1790 [ 190.719011] ? ioctl_preallocate+0x300/0x300 [ 190.723449] ? __fget_light+0x2e9/0x430 [ 190.727420] ? fget_raw+0x20/0x20 [ 190.730883] ? _copy_to_user+0xc8/0x110 [ 190.734873] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.740408] ? put_timespec64+0x10f/0x1b0 [ 190.744557] ? nsecs_to_jiffies+0x30/0x30 [ 190.748724] ? security_file_ioctl+0x94/0xc0 [ 190.753136] ksys_ioctl+0xa9/0xd0 [ 190.756608] __x64_sys_ioctl+0x73/0xb0 [ 190.760495] do_syscall_64+0x1b9/0x820 [ 190.764386] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 190.769753] ? syscall_return_slowpath+0x5e0/0x5e0 [ 190.774728] ? trace_hardirqs_on_caller+0x310/0x310 [ 190.779745] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 190.784767] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 190.791434] ? __switch_to_asm+0x40/0x70 [ 190.795494] ? __switch_to_asm+0x34/0x70 [ 190.799562] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 190.804407] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.809594] RIP: 0033:0x457669 [ 190.812831] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.831759] RSP: 002b:00007f7a1c1ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 190.839467] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 190.846738] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 190.854000] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 190.861265] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a1c1de6d4 [ 190.868546] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 190.876896] Kernel Offset: disabled [ 190.880546] Rebooting in 86400 seconds..