[info] Using makefile-style concurrent boot in runlevel 2. [ 27.049778] audit: type=1800 audit(1545616285.853:21): pid=5876 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts. 2018/12/24 01:51:36 fuzzer started 2018/12/24 01:51:38 dialing manager at 10.128.0.26:33943 2018/12/24 01:51:38 syscalls: 1 2018/12/24 01:51:38 code coverage: enabled 2018/12/24 01:51:38 comparison tracing: enabled 2018/12/24 01:51:38 setuid sandbox: enabled 2018/12/24 01:51:38 namespace sandbox: enabled 2018/12/24 01:51:38 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 01:51:38 fault injection: enabled 2018/12/24 01:51:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 01:51:38 net packet injection: enabled 2018/12/24 01:51:38 net device setup: enabled 01:53:55 executing program 0: mknod(&(0x7f0000000ffa)='./bus\x00', 0x8000, 0x0) r0 = open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) fcntl$lock(r0, 0x9, &(0x7f0000000040)={0x0, 0x0, 0x5, 0x100000000}) r1 = open(&(0x7f0000000180)='./bus\x00', 0x8289, 0x0) flock(r1, 0x2) open(&(0x7f0000000080)='./bus\x00', 0x430, 0x0) fcntl$lock(r1, 0x8, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1000300000002}) syzkaller login: [ 177.044660] IPVS: ftp: loaded support on port[0] = 21 01:53:55 executing program 1: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x0, 0x0) ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000000)=ANY=[@ANYBLOB="0e0000060000bc"]) [ 177.338012] IPVS: ftp: loaded support on port[0] = 21 01:53:56 executing program 2: clone(0x13102041ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x7) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xcf}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 177.639944] IPVS: ftp: loaded support on port[0] = 21 01:53:56 executing program 3: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip6_tables_targets\x00') sendfile(r0, r1, 0x0, 0x40000000009) [ 178.005835] IPVS: ftp: loaded support on port[0] = 21 01:53:56 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="b40000000d0000009c000000000000002700000090ffffff9500000000000000"], 0x0, 0x1, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) [ 178.417051] IPVS: ftp: loaded support on port[0] = 21 01:53:57 executing program 5: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) accept4(r0, 0x0, 0x0, 0x0) [ 178.758971] IPVS: ftp: loaded support on port[0] = 21 [ 179.183616] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.190632] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.198634] device bridge_slave_0 entered promiscuous mode [ 179.313827] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.337305] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.347445] device bridge_slave_1 entered promiscuous mode [ 179.433105] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.449030] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.456556] device bridge_slave_0 entered promiscuous mode [ 179.481985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.617562] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.624051] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.635230] device bridge_slave_1 entered promiscuous mode [ 179.666358] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.776440] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.903195] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.071063] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.155000] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.161389] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.179007] device bridge_slave_0 entered promiscuous mode [ 180.191199] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.298531] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.316514] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.323300] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.332398] device bridge_slave_0 entered promiscuous mode [ 180.347382] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.353759] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.389005] device bridge_slave_1 entered promiscuous mode [ 180.426384] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.471250] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.485325] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.502353] device bridge_slave_1 entered promiscuous mode [ 180.513387] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.539242] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.558378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.613247] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.622911] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 180.638809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.671288] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.694844] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.718751] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.726580] device bridge_slave_0 entered promiscuous mode [ 180.779604] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.786917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.808747] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.847078] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.853431] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.877214] device bridge_slave_1 entered promiscuous mode [ 180.929138] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.945847] team0: Port device team_slave_0 added [ 180.988180] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.995600] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.003016] device bridge_slave_0 entered promiscuous mode [ 181.055024] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.084328] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.135211] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.142679] team0: Port device team_slave_1 added [ 181.179843] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.195423] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.202858] device bridge_slave_1 entered promiscuous mode [ 181.220359] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.232198] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.254777] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.275723] team0: Port device team_slave_0 added [ 181.284636] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.323242] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.363227] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.402777] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.429504] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.445633] team0: Port device team_slave_1 added [ 181.451392] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.472208] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.494153] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 181.508949] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.532305] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.545276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.562450] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.582285] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.593543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.636347] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 181.646649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.654483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.680602] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.696122] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 181.711729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.730397] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.768620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.785788] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.803161] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 181.828636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.837289] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.902290] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.913625] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.923362] team0: Port device team_slave_0 added [ 181.959499] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.988309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.997461] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.029692] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.053346] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 182.071161] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.095721] team0: Port device team_slave_1 added [ 182.102871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.127828] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.150378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.159953] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.185419] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.192838] team0: Port device team_slave_0 added [ 182.201540] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.246120] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.283931] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.316442] team0: Port device team_slave_1 added [ 182.349227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.452390] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.501407] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.516316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.535881] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.564698] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.581734] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.606324] team0: Port device team_slave_0 added [ 182.611488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.625679] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.633507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.654649] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.671431] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.681531] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.698853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.717676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.746164] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.784075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.802389] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.809581] team0: Port device team_slave_1 added [ 182.817992] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.856618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.871840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.917687] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.924671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.936077] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.015215] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.022578] team0: Port device team_slave_0 added [ 183.046099] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.071472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.080236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.185178] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.192300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.215669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.229724] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.238235] team0: Port device team_slave_1 added [ 183.278428] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.312701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.335684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.359878] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.366475] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.373569] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.379983] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.387436] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.421169] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.455533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.508862] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.525283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.533146] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.666520] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.676031] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.688124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.805998] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.812413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.819136] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.825553] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.834617] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.844363] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.870728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.886100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.245851] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.252292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.259017] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.265462] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.283116] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.486192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.498160] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.524519] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.530926] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.537699] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.544079] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.574865] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.786886] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.793300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.800050] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.806497] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.815980] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.390912] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.397352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.404047] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.410492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.439869] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.567575] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.575629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.596177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.769156] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.024331] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.186439] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 189.482866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.557904] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 189.617985] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 189.625302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.635683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.870126] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.920266] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.063676] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 190.071266] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.087859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.120511] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.156555] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.396525] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.407855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.456356] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 190.462542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.485563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.541236] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.636225] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.848063] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 190.854300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.871495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.905801] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.924157] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.036687] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 191.075895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.082970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.436130] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.453278] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 191.489742] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.505930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.616150] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.948690] 8021q: adding VLAN 0 to HW filter on device team0 01:54:12 executing program 0: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)=ANY=[@ANYBLOB='umask=0']) [ 193.284957] kauditd_printk_skb: 9 callbacks suppressed [ 193.284971] audit: type=1804 audit(1545616452.083:31): pid=7512 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor0" name="/root/syzkaller-testdir678956277/syzkaller.zMzL7l/0/bus" dev="sda1" ino=16519 res=1 [ 193.415352] audit: type=1804 audit(1545616452.083:32): pid=7512 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor0" name="/root/syzkaller-testdir678956277/syzkaller.zMzL7l/0/bus" dev="sda1" ino=16519 res=1 [ 193.475537] FAT-fs (loop0): bogus number of reserved sectors [ 193.517691] FAT-fs (loop0): Can't find a valid FAT filesystem [ 193.525343] audit: type=1804 audit(1545616452.083:33): pid=7512 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor0" name="/root/syzkaller-testdir678956277/syzkaller.zMzL7l/0/bus" dev="sda1" ino=16519 res=1 [ 193.592826] FAT-fs (loop0): bogus number of reserved sectors [ 193.613406] FAT-fs (loop0): Can't find a valid FAT filesystem [ 193.623367] audit: type=1804 audit(1545616452.093:34): pid=7512 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor0" name="/root/syzkaller-testdir678956277/syzkaller.zMzL7l/0/bus" dev="sda1" ino=16519 res=1 01:54:12 executing program 0: [ 193.678625] audit: type=1804 audit(1545616452.093:35): pid=7512 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor0" name="/root/syzkaller-testdir678956277/syzkaller.zMzL7l/0/bus" dev="sda1" ino=16519 res=1 01:54:12 executing program 0: 01:54:12 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x2e4, 0xf7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'lo\x00', &(0x7f0000000280)=ANY=[@ANYBLOB=':']}) 01:54:12 executing program 2: clone(0x13102041ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x7) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xcf}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 01:54:12 executing program 0: r0 = socket$inet(0x10, 0x80002, 0x0) munlock(&(0x7f0000ffa000/0x3000)=nil, 0x3000) close(r0) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0) socket$unix(0x1, 0x5, 0x0) fremovexattr(0xffffffffffffffff, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000080)={'raw\x00', 0x2, [{}, {}]}, 0x48) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) 01:54:12 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000006000)='/dev/ppp\x00', 0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x2, 0x8000) vmsplice(0xffffffffffffffff, &(0x7f0000001000)=[{&(0x7f0000000080)="ea082bb504cf374d", 0x8}], 0x1, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000280)=""/246) clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) ioctl$EVIOCGREP(r0, 0x4010744d, &(0x7f0000001000)=""/174) ioctl$DRM_IOCTL_SET_UNIQUE(r0, 0x40106410, &(0x7f00000001c0)={0x71, &(0x7f00000000c0)="a685ce88a2477542a38fa9d3a942e4f1f60107070e3e53744c66b27a114060e35c19fb570d0fc95200b44115a973973760859da0e0473f20d2f0464dca585fa73cd4df2623fcafcc9911ba816487f8e94a501176265c5ca7181e0d848104fdb5962c675e93b223b4d160f9e375a22e2762"}) 01:54:14 executing program 1: 01:54:14 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) faccessat(0xffffffffffffffff, 0x0, 0x45, 0x0) 01:54:14 executing program 0: socketpair$unix(0x1, 0x400000000000005, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000700)='./bus\x00', 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x8000009) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000180)='./bus\x00', 0x4000, 0x0) pread64(r1, &(0x7f0000000740)=""/4096, 0x1000, 0x0) 01:54:14 executing program 4: 01:54:14 executing program 5: 01:54:14 executing program 4: 01:54:14 executing program 5: 01:54:14 executing program 3: [ 195.468355] audit: type=1804 audit(1545616454.273:36): pid=7643 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor0" name="/root/syzkaller-testdir678956277/syzkaller.zMzL7l/7/bus" dev="sda1" ino=16542 res=1 01:54:14 executing program 1: [ 195.585161] audit: type=1800 audit(1545616454.313:37): pid=7643 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor0" name="bus" dev="sda1" ino=16542 res=0 [ 195.654239] audit: type=1804 audit(1545616454.313:38): pid=7648 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor0" name="/root/syzkaller-testdir678956277/syzkaller.zMzL7l/7/bus" dev="sda1" ino=16542 res=1 [ 195.714438] audit: type=1804 audit(1545616454.323:39): pid=7648 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor0" name="/root/syzkaller-testdir678956277/syzkaller.zMzL7l/7/bus" dev="sda1" ino=16542 res=1 [ 195.738344] audit: type=1800 audit(1545616454.323:40): pid=7648 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor0" name="bus" dev="sda1" ino=16542 res=0 01:54:15 executing program 2: clone(0x13102041ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x7) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xcf}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 01:54:15 executing program 4: 01:54:15 executing program 0: 01:54:15 executing program 5: 01:54:15 executing program 3: 01:54:15 executing program 1: 01:54:15 executing program 0: 01:54:15 executing program 3: 01:54:15 executing program 5: 01:54:15 executing program 4: 01:54:16 executing program 1: 01:54:16 executing program 2: clone(0x13102041ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x7) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xcf}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 01:54:16 executing program 0: 01:54:16 executing program 4: 01:54:16 executing program 3: 01:54:16 executing program 5: 01:54:16 executing program 1: 01:54:16 executing program 4: 01:54:16 executing program 3: 01:54:16 executing program 0: 01:54:16 executing program 5: 01:54:16 executing program 4: 01:54:16 executing program 1: 01:54:19 executing program 5: 01:54:19 executing program 2: clone(0x13102041ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x7) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xcf}) ptrace$cont(0x9, r0, 0x0, 0x0) 01:54:19 executing program 3: 01:54:19 executing program 0: 01:54:19 executing program 4: 01:54:19 executing program 1: 01:54:19 executing program 0: 01:54:19 executing program 1: 01:54:19 executing program 4: 01:54:19 executing program 3: 01:54:19 executing program 5: 01:54:19 executing program 0: 01:54:19 executing program 4: 01:54:22 executing program 2: clone(0x13102041ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x7) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xcf}) ptrace$cont(0x9, r0, 0x0, 0x0) 01:54:22 executing program 1: 01:54:22 executing program 5: 01:54:22 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r0, &(0x7f0000000080)=[{{&(0x7f0000000140)=@in6={0xa, 0x4e22, 0x0, @mcast2}, 0x80, 0x0, 0x0, &(0x7f0000000200)=[{0x6e8, 0x29, 0x3, "e6db22a8596caf3c9df190a9d6154af8df79f2bbd13b3a5a36b577a6a0a63a07c2ac6142e7cf341e3422ad8d2ead4f09821a1bb4d6d5d7cc65bdd8bf813215d2c3c559aadde39c1a55029ce2f4da9687da2a98ab0330b117309ae1336bcd510bdc8446a1c121feed5273dbc969a16e0ea4b8aabd8161d321ae3c980fe50934235d3be18b8d5ee6aabafb908f9798fddcf53f65eab97253c232b964645cf913160fad7b7cc26cd7895e708772b960fe191e39b41f700dea2414bc0d1415e29e1c8cbb5b02e85b1c62cc0376f9e9f4c3721b559b741518997d93b67ce8015b4906457fcc47394b6eb75cbe57c62b886e772d12c2c394be9c83e415bdf35b05f5e3578b0d1137ac6db416350df13c8eeba38928220e76f14a774fc8a1bef036d52d7b5a5e80e46a568a52142c43f61a4eb4bb1bb420332c992bc95743cbafc4b49ca2d87ea4618d72b8c52ef84311d775ccfc28be5b4d42e4f92dc3fb2f65b7af3be775665c820e6226a9318df70670fff76112f051f6893444c04c0f02a30b88de7089eba1eb2af60cc1c8315618fe1e6581462536c955dbd3564440097d0d064ffd0dd5974907dcbff7bfceddea754710037cba9c24caac6bfd9125b75af495ef5176672d88291d419edbd2674f8b16dd3fcd9509a5bc96f3628d6027d1c9e4c540ff8837cba266a89862ef50ba430f689088ad74143aadee6ef16d9c6ba34076101408a2fe28f48022ece8082d8c743be9c35a2d346641a4fc5f5120fb455e52a24abd6aedc7ebeb01087d807625872d7551046ca31e88b086473ff7755c14a330b6be990ea065b32c21b64cb9ec285c7f6bf54e5a9409800c39d5a26ba0b45ba81fd018c7fd7e81ebbe6dd245afaf8fb4da303898bd6899dc21d82d9d4177c1a4c354d8202ba769676ed93eaff3140bf98b3ec177c3f75bca9a87b3892ed1e22adbf00319667031d6f32634e31495e17a95b9d9c8fb1f0d59d9f33aab3c802395491d7cbd23b8feded85b8e58c90239a7fc34e98e5b4bcb7e36eab87183af7419205823688c6650eef31df7c0cfa5d905a5e941aa1e659962fcc74b49cd5a1e160c0570e1ecc40b5ef66326fd6abd5fafc53378afe94d093d2f01fdebcca900f745c6428950c90ea773593b15beb779a83dbed28287457ea17df07edcbf2bcdad41993eb811d6e46fde0d6b80e4d342b5f37a5358ab244ac8e9141252afcf80e88d7c2dfbc74920b61a2b123157433d84ca2e470a1274ce498d7d5e081adc2ae9125b15a3ee47baad0864cf48ecf632dc59e48804b95770c1ab398902638fb7e377309f4fe97bbc89c2dd988affface0be9363e45fd609df5d2238beb934f7d56e1f23ce72b22c83fe7d0faaaaa33e235869a1405f268794beedafe99e1a873c3939e1f1484680c94b08d03b690e831ba3f5622794460bd942efc9a05c71ea3e7da3d334887de5c5930d9b2c191de5d9bd1a8293b8d57c19d84adbd1b92590fd517f3bca2cc2bebe40f97508901aae8cd8c4f6cfe1f442b9c089a2a04f983f77930758975e930dde190ceabc1eb28bb555ab6ad7865ff44d5dc7b790ec05ae456be95797c4d2b4637b1f2419fc6eab94342bab0933d6c457f073a26588fa9e58741351b0ff5fd75d6c60df3838f48517bee7efe332b9fce02ed00da2b5c9026e99bf3f2286a6d839178f7f3762ac00f22d9c68a34596a88f65f6449383f5ba2eddb02fe3bc47f4b5c62a4683b9a230457871a8af950c4fee917146e3b216bd8a58a5ebb3fac5bd0e7252c89f1aeeca1fe015515e30be032a61b6416318772120cab427088e97537b0bb62e0af9ba99939a1b4062f679437354c6b85ee41b473a7b84d654df48c3699f81205871ecc010b09018117ed98aa21cec709d33975c30826afb7f8656f331fb9ff5bf9a9d3889d62711fa8da8392daa9dc17791b093ec85acb97993c715e3a390278e3cc1f0aa98a364462c956687638afdd0d48c6e1ff098444015c4b14b9d84250e50f0952234613b8a354749ff2c745eab3ae5df593142d371009100eac0f5880befe9f461964ee4b9e4cb4366da68a49a246aba89c9e06c1517d7920a2217196a07b7ddf6d1b230d10af92c8d8d9c0ad8317c40d16b29cbd79410b72064de65d5b3154483189136274961d1c7b21ae2eec8065d0192fa1a4ff5fc76af484b4ef152b557dfc42e9886ee9876a09d3474e74ff18ff7a2cdd9c31512fd41e0646152f2224eafa42cc5257b56dd72473f6ace72f918f95a92915067ff92c5aaed27e99bb6a2f035f4828fc592304611b540522184dbb63db96baa78636dcc3b45c9da95879a40f70840625f1fe0fe2e7f61d0b3ddbf5219c46d9118db43b780e8838dfb830946e4f7583634588e81c540346496907828398cf89a2d3325630c07306d5db6ab24f4ac2a69d0f4de6eb2789674019e3f504aedd6a99c993ebe75fe82a108dffefeb574e99febec3f927"}], 0x6e8}}], 0x1, 0x0) 01:54:22 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x805, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) write$uinput_user_dev(r0, &(0x7f0000004c40)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30d, 0x55e], [0x3], [], [0x4]}, 0x45c) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) 01:54:22 executing program 0: r0 = socket(0x2, 0x400000000002, 0x0) setsockopt(r0, 0x0, 0x100000001, &(0x7f00000002c0)='\x00\t\v8', 0x4) connect$unix(r0, &(0x7f0000000000)=@file={0xbd5699bc1ec0282, './file0\x00'}, 0x10) write(r0, &(0x7f0000000040)="ce29653666176cd088", 0x9) 01:54:22 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, 0x0) socket$inet6(0xa, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname(r0, 0x0, &(0x7f0000000040)) 01:54:22 executing program 0: 01:54:22 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0xec3}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000036000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{0x0, 0x0, 0x0, 0x5, 0x400003}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x80000003f}}) syz_open_dev$sndseq(0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:54:22 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)=0xffffffff, 0x4) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='/exe\x00\x00\x00\x00\x00\x04\x89\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\x1e\x18\xf0\xc7o\xbb#*\aBJ\xe1\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xe0q\xfb53\x1c\xe3\x9cZ\x00\x00') ioctl$FS_IOC_FSGETXATTR(r0, 0xc0c0583b, &(0x7f0000000040)) [ 203.475878] input: syz1 as /devices/virtual/input/input5 01:54:22 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\xe9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00') lseek(r0, 0x0, 0x1) [ 203.533573] input: syz1 as /devices/virtual/input/input6 [ 203.609661] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 203.660245] ================================================================== [ 203.667804] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 203.674407] Write of size 832 at addr ffff8881c1ae1bc0 by task syz-executor1/7767 [ 203.682032] [ 203.683690] CPU: 0 PID: 7767 Comm: syz-executor1 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 203.692192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.701550] Call Trace: [ 203.704141] dump_stack+0x244/0x39d [ 203.707779] ? dump_stack_print_info.cold.1+0x20/0x20 [ 203.712993] ? printk+0xa7/0xcf [ 203.716279] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 203.721048] print_address_description.cold.4+0x9/0x1ff [ 203.726421] ? fpstate_init+0x50/0x160 [ 203.730320] kasan_report.cold.5+0x1b/0x39 [ 203.734574] ? fpstate_init+0x50/0x160 [ 203.738492] ? fpstate_init+0x50/0x160 [ 203.742410] check_memory_region+0x13e/0x1b0 [ 203.746840] memset+0x23/0x40 [ 203.749948] fpstate_init+0x50/0x160 [ 203.753695] kvm_arch_vcpu_init+0x3e9/0x870 [ 203.758074] kvm_vcpu_init+0x2fa/0x420 [ 203.761965] ? vcpu_stat_get+0x300/0x300 [ 203.766044] ? kmem_cache_alloc+0x33f/0x730 [ 203.770425] vmx_create_vcpu+0x1b7/0x2695 [ 203.774587] ? perf_trace_sched_process_exec+0x860/0x860 [ 203.780047] ? do_raw_spin_unlock+0xa7/0x330 [ 203.784471] ? vmx_exec_control+0x210/0x210 [ 203.788805] ? kasan_check_write+0x14/0x20 [ 203.793074] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 203.798035] ? futex_wait_queue_me+0x55d/0x840 [ 203.802624] ? wait_for_completion+0x8a0/0x8a0 [ 203.807222] ? print_usage_bug+0xc0/0xc0 [ 203.811309] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.816850] ? get_futex_value_locked+0xcb/0xf0 [ 203.821565] kvm_arch_vcpu_create+0xe5/0x220 [ 203.825990] ? kvm_arch_vcpu_free+0x90/0x90 [ 203.830324] kvm_vm_ioctl+0x526/0x2030 [ 203.834218] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 203.839327] ? futex_wait+0x5ec/0xa50 [ 203.843136] ? kvm_unregister_device_ops+0x70/0x70 [ 203.848071] ? mark_held_locks+0x130/0x130 [ 203.852309] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 203.857506] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 203.862654] ? futex_wake+0x304/0x760 [ 203.866472] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.872014] ? check_preemption_disabled+0x48/0x280 [ 203.877041] ? debug_smp_processor_id+0x1c/0x20 [ 203.881714] ? perf_trace_lock_acquire+0x15b/0x800 [ 203.886662] ? perf_trace_lock+0x7a0/0x7a0 [ 203.890921] ? mark_held_locks+0x130/0x130 [ 203.895159] ? graph_lock+0x270/0x270 [ 203.898963] ? do_futex+0x249/0x26d0 [ 203.902685] ? rcu_read_unlock_special+0x370/0x370 [ 203.907618] ? rcu_softirq_qs+0x20/0x20 [ 203.911599] ? unwind_dump+0x190/0x190 [ 203.915495] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.921040] ? find_held_lock+0x36/0x1c0 [ 203.925118] ? __fget+0x4aa/0x740 [ 203.928583] ? lock_downgrade+0x900/0x900 [ 203.932731] ? check_preemption_disabled+0x48/0x280 [ 203.937756] ? kasan_check_read+0x11/0x20 [ 203.941912] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 203.947197] ? rcu_read_unlock_special+0x370/0x370 [ 203.952144] ? __fget+0x4d1/0x740 [ 203.955617] ? ksys_dup3+0x680/0x680 [ 203.959344] ? __might_fault+0x12b/0x1e0 [ 203.963419] ? lock_downgrade+0x900/0x900 [ 203.967584] ? lock_release+0xa00/0xa00 [ 203.971561] ? perf_trace_sched_process_exec+0x860/0x860 [ 203.977018] ? kvm_unregister_device_ops+0x70/0x70 [ 203.981961] do_vfs_ioctl+0x1de/0x1790 [ 203.985864] ? ioctl_preallocate+0x300/0x300 [ 203.990299] ? __fget_light+0x2e9/0x430 [ 203.994277] ? fget_raw+0x20/0x20 [ 203.997736] ? _copy_to_user+0xc8/0x110 [ 204.001734] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.007276] ? put_timespec64+0x10f/0x1b0 [ 204.011431] ? nsecs_to_jiffies+0x30/0x30 [ 204.015586] ? do_syscall_64+0x9a/0x820 [ 204.019586] ? do_syscall_64+0x9a/0x820 [ 204.023568] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 204.028160] ? security_file_ioctl+0x94/0xc0 [ 204.032580] ksys_ioctl+0xa9/0xd0 [ 204.036045] __x64_sys_ioctl+0x73/0xb0 [ 204.039940] do_syscall_64+0x1b9/0x820 [ 204.043834] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 204.049206] ? syscall_return_slowpath+0x5e0/0x5e0 [ 204.054139] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 204.058991] ? trace_hardirqs_on_caller+0x310/0x310 [ 204.064010] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 204.069050] ? prepare_exit_to_usermode+0x291/0x3b0 [ 204.074099] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 204.078957] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.084151] RIP: 0033:0x457669 [ 204.087354] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.106264] RSP: 002b:00007f4832c3fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 204.113974] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 204.121243] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 204.128512] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 204.135783] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4832c406d4 [ 204.143053] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 204.150338] [ 204.151967] Allocated by task 7767: [ 204.155600] save_stack+0x43/0xd0 [ 204.159058] kasan_kmalloc+0xcb/0xd0 [ 204.162778] kasan_slab_alloc+0x12/0x20 [ 204.166759] kmem_cache_alloc+0x130/0x730 [ 204.170911] vmx_create_vcpu+0x110/0x2695 [ 204.175065] kvm_arch_vcpu_create+0xe5/0x220 [ 204.179477] kvm_vm_ioctl+0x526/0x2030 [ 204.183393] do_vfs_ioctl+0x1de/0x1790 [ 204.187284] ksys_ioctl+0xa9/0xd0 [ 204.190738] __x64_sys_ioctl+0x73/0xb0 [ 204.194631] do_syscall_64+0x1b9/0x820 [ 204.198537] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.203717] [ 204.205344] Freed by task 0: [ 204.208372] (stack is not available) [ 204.212103] [ 204.213735] The buggy address belongs to the object at ffff8881c1ae1b80 [ 204.213735] which belongs to the cache x86_fpu of size 832 [ 204.226055] The buggy address is located 64 bytes inside of [ 204.226055] 832-byte region [ffff8881c1ae1b80, ffff8881c1ae1ec0) [ 204.237846] The buggy address belongs to the page: [ 204.242793] page:ffffea000706b840 count:1 mapcount:0 mapping:ffff8881d5182c80 index:0x0 [ 204.250954] flags: 0x2fffc0000000200(slab) [ 204.255200] raw: 02fffc0000000200 ffff8881d5185c48 ffff8881d5185c48 ffff8881d5182c80 [ 204.263083] raw: 0000000000000000 ffff8881c1ae1040 0000000100000004 0000000000000000 [ 204.270957] page dumped because: kasan: bad access detected [ 204.276665] [ 204.278295] Memory state around the buggy address: [ 204.283226] ffff8881c1ae1d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 204.290583] ffff8881c1ae1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 204.297945] >ffff8881c1ae1e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 204.305314] ^ [ 204.310766] ffff8881c1ae1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 204.318129] ffff8881c1ae1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 204.325483] ================================================================== [ 204.332839] Disabling lock debugging due to kernel taint [ 204.342347] Kernel panic - not syncing: panic_on_warn set ... [ 204.342472] kobject: 'loop0' (000000004bcb1768): kobject_uevent_env [ 204.348268] CPU: 1 PID: 7767 Comm: syz-executor1 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 204.348277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.348282] Call Trace: [ 204.348299] dump_stack+0x244/0x39d [ 204.348316] ? dump_stack_print_info.cold.1+0x20/0x20 [ 204.348335] ? fpstate_init+0x30/0x160 [ 204.348351] panic+0x2ad/0x632 [ 204.348366] ? add_taint.cold.5+0x16/0x16 [ 204.348394] ? preempt_schedule+0x4d/0x60 [ 204.348432] ? ___preempt_schedule+0x16/0x18 [ 204.360895] kobject: 'loop0' (000000004bcb1768): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 204.364705] ? trace_hardirqs_on+0xb4/0x310 [ 204.364722] ? fpstate_init+0x50/0x160 [ 204.364740] end_report+0x47/0x4f [ 204.426866] kasan_report.cold.5+0xe/0x39 [ 204.431466] ? fpstate_init+0x50/0x160 [ 204.435361] ? fpstate_init+0x50/0x160 [ 204.439258] check_memory_region+0x13e/0x1b0 [ 204.443668] memset+0x23/0x40 [ 204.446779] fpstate_init+0x50/0x160 [ 204.450498] kvm_arch_vcpu_init+0x3e9/0x870 [ 204.454827] kvm_vcpu_init+0x2fa/0x420 [ 204.458716] ? vcpu_stat_get+0x300/0x300 [ 204.462784] ? kmem_cache_alloc+0x33f/0x730 [ 204.467132] vmx_create_vcpu+0x1b7/0x2695 [ 204.471294] ? perf_trace_sched_process_exec+0x860/0x860 [ 204.476749] ? do_raw_spin_unlock+0xa7/0x330 [ 204.481177] ? vmx_exec_control+0x210/0x210 [ 204.485547] ? kasan_check_write+0x14/0x20 [ 204.489781] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 204.494713] ? futex_wait_queue_me+0x55d/0x840 [ 204.499309] ? wait_for_completion+0x8a0/0x8a0 [ 204.503918] ? print_usage_bug+0xc0/0xc0 [ 204.507988] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.513526] ? get_futex_value_locked+0xcb/0xf0 [ 204.518196] kvm_arch_vcpu_create+0xe5/0x220 [ 204.522600] ? kvm_arch_vcpu_free+0x90/0x90 [ 204.526928] kvm_vm_ioctl+0x526/0x2030 [ 204.530815] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 204.535916] ? futex_wait+0x5ec/0xa50 [ 204.539790] ? kvm_unregister_device_ops+0x70/0x70 [ 204.544728] ? mark_held_locks+0x130/0x130 [ 204.548968] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 204.554164] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 204.559287] ? futex_wake+0x304/0x760 [ 204.563093] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.568635] ? check_preemption_disabled+0x48/0x280 [ 204.573660] ? debug_smp_processor_id+0x1c/0x20 [ 204.578333] ? perf_trace_lock_acquire+0x15b/0x800 [ 204.583266] ? perf_trace_lock+0x7a0/0x7a0 [ 204.587520] ? mark_held_locks+0x130/0x130 [ 204.591757] ? graph_lock+0x270/0x270 [ 204.595562] ? do_futex+0x249/0x26d0 [ 204.599278] ? rcu_read_unlock_special+0x370/0x370 [ 204.604205] ? rcu_softirq_qs+0x20/0x20 [ 204.608184] ? unwind_dump+0x190/0x190 [ 204.612076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.617639] ? find_held_lock+0x36/0x1c0 [ 204.621706] ? __fget+0x4aa/0x740 [ 204.625168] ? lock_downgrade+0x900/0x900 [ 204.629319] ? check_preemption_disabled+0x48/0x280 [ 204.634352] ? kasan_check_read+0x11/0x20 [ 204.638507] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 204.643783] ? rcu_read_unlock_special+0x370/0x370 [ 204.648725] ? __fget+0x4d1/0x740 [ 204.652184] ? ksys_dup3+0x680/0x680 [ 204.655944] ? __might_fault+0x12b/0x1e0 [ 204.660008] ? lock_downgrade+0x900/0x900 [ 204.664180] ? lock_release+0xa00/0xa00 [ 204.668164] ? perf_trace_sched_process_exec+0x860/0x860 [ 204.673614] ? kvm_unregister_device_ops+0x70/0x70 [ 204.678546] do_vfs_ioctl+0x1de/0x1790 [ 204.682455] ? ioctl_preallocate+0x300/0x300 [ 204.686861] ? __fget_light+0x2e9/0x430 [ 204.690865] ? fget_raw+0x20/0x20 [ 204.694344] ? _copy_to_user+0xc8/0x110 [ 204.698321] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.703865] ? put_timespec64+0x10f/0x1b0 [ 204.708016] ? nsecs_to_jiffies+0x30/0x30 [ 204.712169] ? do_syscall_64+0x9a/0x820 [ 204.716167] ? do_syscall_64+0x9a/0x820 [ 204.720150] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 204.724753] ? security_file_ioctl+0x94/0xc0 [ 204.729168] ksys_ioctl+0xa9/0xd0 [ 204.732631] __x64_sys_ioctl+0x73/0xb0 [ 204.736554] do_syscall_64+0x1b9/0x820 [ 204.740456] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 204.745839] ? syscall_return_slowpath+0x5e0/0x5e0 [ 204.750773] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 204.755623] ? trace_hardirqs_on_caller+0x310/0x310 [ 204.760641] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 204.765662] ? prepare_exit_to_usermode+0x291/0x3b0 [ 204.770691] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 204.775541] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.780735] RIP: 0033:0x457669 [ 204.783944] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.802847] RSP: 002b:00007f4832c3fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 204.810558] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 204.817824] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 204.825113] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 204.832404] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4832c406d4 [ 204.839672] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 204.847939] Kernel Offset: disabled [ 204.851563] Rebooting in 86400 seconds..