[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   26.591976] audit: type=1800 audit(1545613066.339:21): pid=5848 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[   26.617972] audit: type=1800 audit(1545613066.339:22): pid=5848 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   32.772856] sshd (5987) used greatest stack depth: 15728 bytes left
Warning: Permanently added '10.128.0.136' (ECDSA) to the list of known hosts.
2018/12/24 00:57:59 fuzzer started
2018/12/24 00:58:01 dialing manager at 10.128.0.26:33943
[   41.726467] ld (6012) used greatest stack depth: 15200 bytes left
2018/12/24 00:58:01 syscalls: 1
2018/12/24 00:58:01 code coverage: enabled
2018/12/24 00:58:01 comparison tracing: enabled
2018/12/24 00:58:01 setuid sandbox: enabled
2018/12/24 00:58:01 namespace sandbox: enabled
2018/12/24 00:58:01 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/24 00:58:01 fault injection: enabled
2018/12/24 00:58:01 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/24 00:58:01 net packet injection: enabled
2018/12/24 00:58:01 net device setup: enabled
01:00:20 executing program 0:
r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079)
write(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_CPUID(r0, 0x4004551e, &(0x7f0000000080)=ANY=[])
ioctl$sock_inet_SIOCRTMSG(r0, 0x8108551b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0xfffffffffffffff8, @loopback}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x2})

[  180.407331] IPVS: ftp: loaded support on port[0] = 21
01:00:20 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0)
r1 = dup(r0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_open_pts(r0, 0x5)
r3 = dup3(r2, r0, 0x0)
ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000200)={0x7fff, 0xfff})
write$UHID_INPUT(r3, &(0x7f0000001640)={0x8, "e52aac313baccb9b551156a2d7c12b7711c32a17d3c4c9ceef08c2046fe288a7036e513019e5e114cc4ae935d23a9990952824f5d0c1f52e2eb94e5301ba9dc9a02818038eaef46fc2c3ebbe46e4a6024c93823f66462ba3d68913fdeadd1087b06846aa3ddf6ed3dc2b61b4960f48c2edf5cdf23c7e8d3f2e6daa71e66b29bc19e377d7df4637d735194a52da503a0ac44383ba5b3da867e09ceae02a9bfc21e7f28814c2fab7da41344e207ca706dc37592abdb685e4b80eb6dc2b1dc550a1d16166d163a4a220a54d7844facbbb2648ee90aa05c3c03ee447d79e517df8ffe70c215bd0bf69e86a5f48d571b9337590d05e9947727c0d77d18a117f110252735ca6700a55fd26838935808cce7b7c222a75339e44230bdeb99bc39c0c1cc20de74fcb9744f4c4a988f3874a846d31abcf5504d78a3e14f35f6cbd123fcff22890cc17c730c3ea9f74616dfe60064552ec25568a6211bdc39483a28bed0df0afc7d7c6d13d301e080c8846ea512a8ccae7a99da8dd3009feaf204d22e32c5ecc333e616159d55328d375e59194c5c9a0b3843afb283d1d26f59e03105e91aa552386468432a09be73220e942394f34c559797b74bfe7c5c2c639a40e4d2e81e1004b127540a0bdd6be2f95698e75e4f1203a47d61f506ac9364be9d98ae46536f74afe08c450ecb902e00f188c9f32aed0677455e10bbe82c763a464f10f64c403c35376b7a675546835209f0e2809e9c2bd191f784dda4b727bfac512497a07474e6d3e13233601df81abcdb6fbfb152483ec61baaee45a5d733c62107f63c55a046401a5ddef70cef8d52cb4784e3efc34de554c8ff48f7ae3d6dc1ed4eb70fe1e610355fd66ce1af8ff63b6641fb3dadfab8a9b0b1f26ca11f7287258ad4766e08340f8f2fd53e7e5f287bb73c186f0290f225687040c762776a02e5e65f1b9b713e8ef98ffe111b3e4e7b761dd3ed763ed8dafd67625fb300ac752c0ff9c0c04b75be292c3f0247bd0b3560f1c76aff38791037fcf2b812f1601934a8fc769f7198e0df685841489263a1495a8a8bab1a63cb12b3089a3e30aab15ae872437e52a6f0dbc4df2d0e8df4c6bcd47beefc179d85b70b42b319453e6efaff96a509420bec299f227c4b676c58038916897f15430ff52087dd97dd329c6b6e207378053accaa31843a333e4f69586103424f44bd67eb355c1fbe078e62f07ebaae46c3e335372127dc5fa70a4579af715e531bda52761dc206aded4678079720603a577ef7e5fb5a81a525b7c96a4047d9d6bb80d7e0ce55cc0a4f73256ae9c515307f13fe54126786de425d7a674b05116104176faac5b9365b33fd2f5a710a5159d342abecede83ad421bbb712cd5b006671a958cec907311719eb3e0b5dc4fb51054e06656a7a2a066c0aac65ceb434ca3f242cb2b1d7a22179a85cbbeeacc2f0135d8dd4d1363a98d2543fa4973e19eb359e956d27f142c75f62c7aecaf47090236b9791847725bc6fde15cd4a119a4976a3f0f2d622973ad9000aae56f88b396fa1881ec0b0a5de9955fc8f864b36eacd635b88826e0a64897d605fa4a14f7786b037cf308bef61c7f860e38f1ae67fe8cb7802dbe85f9c0c082eed1a13e645370d0c95d63bba215ac8a637b8f968aef06329d62ba131b56b46bfcfa6a5e82016d5eeb6e7db45595d1acaaa5ec9886315d3dced9d0a15c44c043ac91e4ae7077139774607b76cbc017f636145beb84c1829a6030f4a895a56b8d141f743c9189a71387893f785804f85927a23ccd79c432ab686b621ec91706ef082b4ea4fa608ce2daca0d2e2e07ff51e6a8fdc22f1c8ee5ae53720f93b4547704fae580e5560e3c7b1ac2a38ffc294d3c96635e3b919339394843c8a171c7d12ceb9c0a11be25783694b177b399e7a495538e293a59d3ab44b176afed6894aa0e501d9b98981be3f2057bf6c9869403a34cb83ad57150c674301f39524a026f3608a3414287bc4e507355823c6f8640bb803a392fb8847023d1db3c39753e72414682c617de9bd0d5b6a55d46004d49f20d2f8f53cdd8eb11402f7895cd7c01b4964fd005c564b0b0e156969ccde818dda3a7cae02d1d3af95081e6549f28976fa81b5e90fbb0a62fea850ffaf0220132189c11a74996261f6de6001c50364f08c4f48fd46a0417ec8ee4d003efeead64b87d64b43cd6868f365e72e26dd9f5f9f74d135f64464cb38dd62051ae70c5a4daabebe700eb9b290b8ed4142db0090219e6186f8f71fa8fe1ebe42f621b8eed182ee8ad0401f0a3530fd48e4d1eb2637f1fbd2a7032b0f85715203c12ab8ff48131bc4ff28272b57119a76bc0b30fef5294c23c0b2bcadfbba37a00502b5e43d72148d9acc7cb7cb39dc830cd6f30262a09eecf29d1055c2edc3926cfd5076aa5f9f172ed145359fc974ca5ded652433d212607bed155df1aff269414548a39a644b6ce927de5de6e6750575c4fd7ea7fe10b1e51fde6975c0c23fc012a8b12fe3fa64e972e4e09eafea165ae5c1ffc9d761e1314a781959c223b96eefde0f4f45c7ac032a8d3f1bd304114c3329a3e4966eddcc8d44ae70bad2932f963100955e2d2d487347c2aa8356bc6bc3c84e418163c758f1372246884e6d80d87d7ab3fe660dda13ada65f200b4fb365223b93bbc29493ae6dbbbb1823edb8e9f045b60414edab955e1046b67a8d4908ab08ad90216125d2ffd8c7814a9a4940df0a653b1cf53cf456412228445ebc8e1584adfe13207ff24fe602e2a506218710483b5544347a3d515b7d2ddcaa1bb7ae3578841918a8ed00659d5f260d23ae17a9ffc77f79758844586fe53517097838a92dde8873e8be1cd5934f1a4bfdd9d0b5725b811c4a2c121b7729946993a736bd195c55684ea680304af4844a1b2f74e2c2b2ccaeceb00b9c2c515b70912efb27643c5624025e358b44853cc0efddc103ee514471af902cd9b68f102c95a91d2b825b473ce842e6367b0b7305ce8be6f9c812abe860bb632e00b69a0370e5c8f9ba0cebbcbe1b9276949c303a4e9e3b6db37a0716520c07512192364abb58399fca973a1b32106096eda8bb85745562e8a35c5e917fdf858091a4c29d6549e10098d6b205fc5cad546fe07b3a70756cf7079c88f3708f0c8527002b99e80cbd584a3737fb37953cd6dccf21add4d4b6e65894490840c008578737d5e208649d1cd34beb403c2226300297853a29cf6c661b426c13306575d81f6fd21712e0ec4366013883b95a71d5094acbf156e42de11cb873744983ec1ff9cfbee2278053b8b4e523388bd41dfd3c2ecaacc5d9d2958bbfa94f4bd0ac1c61c98ab295dd5c69020f1329818df9a2aa88ced03f4e6a4d1f8cb020afcd2384e65511ddeb908ba0c13a03dd32e8d4ccf0246008f35ef5184f81b8fed73b4aae4998bd8c7d784210042247d39396ba881bf43555d0ec58deede7b4729e79d31b2a346527594ca3a47a1723a792a701dc18d0124365e2c4a4fefed48c29a9f2fc747b302eaf92a100b2da211c91de4ab79d4aede483d852635c6f14d38095a5739d475c7aa67fdd54767a056eeb3098dfd8d1c21f32e76f0247f04118448273586856e641b83f540a643e72dc15804b78bac475f39e23291798aa45a2c10aa5fef2d5e4d7b8f529a66535d11c6149e9797f2fcce2804f2a5370345e98b0c02c7dd27135d414fe72f0740423920d68b64f6b8c05788c6693ee1b9abb5d4593a970dc3ee2528765fb739964f4fed7200d7e796a9f3d0d60834e638dd8c29d4e85011e4ba4f127fe765954a5b5bb5d1cc69f2376599d5a3e8c30714893f763c06061072c10cb0eee17eb2a2514acc584b04e169d4a33a330367bb725ff9462f5d50282a2e393293eec8ea1eaab8217cc108798a4a57eccdb00647ab9f07318993f7c59c395a93cbd681d0a967a56e3f13c832c48dcc0d0096870b0d51b754e70b12a849b6f376923f7f7d909f64d64e1d6e338d39166b725265b96ed21e36b12057148d66e5df04b7b734ed0957d47fde172be2473b9ac6fdb823abe3e11ec69a170a14511d5572d6c0d9f6b749acad7003f0567bb6f9381649e42d02764077330d5af3d93185968a9f8dfed16c4a7c768a2bb98304946a557182c0ce93e82b340074e384cc6bd6129483386c654a6ab3bb12fe8e86adafa93f218fdf5019c09292858acd8ef7aa6a78e3f846215856d630ae9c5fc4009693b2767ea55c469f9099693287b35d43ee0f7a5baf3328d37b2c536f2abd6e21e472c105ae982cdd26a5a20562122e71efb1486c28d9409c3114b608f297695958c5604cf0918c0c70c56c79170260d73bde297e47cae1c404cca0a96eed51a2dc8f6f6ad862fe767ee5b5e68f231096825d935b809b3c1b5d9a2cd76cae22652bed7d263b42612ed717eba0aaf2a3989c4520c402d29428010000000000000062fb3fdd073b91d4e2f6895fba9639ee78bd8ccb5bc3ce442fbeb9a1521314b82804293159fd7df4db66b78a06fe93e705bbc4e0d294a787c3cbf271b2acd15e7b4998c822f7724d3191e2265bd0d694dfb08063c9ff26a424884b46e26b5560d756c114ad1a7b92eee3f49dc2883b604ecc49c5ce92ce467778301326588a6577d44758e8d90710248d110dbf3d3d568779bd1c616369f84619dd089e38b51634f7c5d2ac9f1547a342877815a3864ad70b68b196bde9d810512f411d5235633ef65088788dfa3f152df7cee3a0803f6ac7ae192301dec07ff870ff3d7cf1c09cc9093263b225d01222376531007af9e6fb96e5ccaa8274f70adc786db7f33a20a752717b56b9a03bfce15a1aacd78c4adf8bdf41de8aaf421684c27526088c54322b5eea9175ef9c574c1f873218cc6f5df233892d7d5b0b0649ffc5a1c4909f2967a8c1f15b419ecde0448f071fa71e553f4f12cfa5e35022e75ddc5509edddc3de82d9097759b27f7c24776702e0ff64559281f796f11c1a9c77a156f390d2d18d1759b6be0347eb5bb4df912e9cfafa0db3be3243bacb378ca0946cece695a8099d6d7a24fc8bcca4c09695e3208f17f00bf404f6eb7852dfe73c163a19fd4e890e0edd5c7a727984b6f47a952373b95200bba061756c699c218b52c265b22bcd5cb24fdf056621fdd2126cede171e435320ca34e56e4c82a2afc9a59d3bf4647877658b6f23a6484f37acd8e2e184926993b5d1bbe6cdba64f486b4fb41bb94a644140540894f8fc14e585bc8beae88eabf926add289c82eb8cea99743baed842d76eb5c5573f7a7f3f2693960d6bfed697b5619afd942f41689dbd281a35e32478ba3a388dada82a2f4164481aa6a8f3946a84ea6186b20ce388c202be42996ae90feec7258d4a4a276353df84c96b160ac003d81cf395c0e61b0f0a9e692c32fab307f754cae5de7716a00cb96160cd39c931f4885d612862cecf6ba76502c9d266f97e4cf6cf0a16f787788e5471458a0dc24d3f2a28caa0f7ee00cf8bb113bd9c2b086037d765b5ec9a849df6f482fc01b48261e44299b0bc88321d837b6e2d221ebf2996b4140cd82e531de27f8de445f31c64469a5a145b031cd2569d19e27369c31ec63a989f0c9aaba7cc9d36d652001d40004f83a90d6465854f31bf15d1ef6bff4c02d60b948a37e3f50d250d7f85f545f507014aae5a35908283168c034f654acbb9d0fc261671d612e3d74261653e69e5e9cf7c8fda298b4d6c879cbbb97eafe648ba70150599089d65c1fdc0d5af879a2d46a443ac6dd21b33f72510742db4faf7eeb1580580ffe26e2d5ff", 0x1000}, 0x1006)

[  180.690741] IPVS: ftp: loaded support on port[0] = 21
01:00:20 executing program 2:
r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x57, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x6)
ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
ioctl$PERF_EVENT_IOC_ID(r0, 0x80082407, &(0x7f0000000000))

[  181.048380] IPVS: ftp: loaded support on port[0] = 21
01:00:20 executing program 3:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000080)='./file0/file0\x00', 0x0)
mount$fuseblk(&(0x7f00000000c0)='/dev/loop0\x00', &(0x7f0000000100)='./file0/file0\x00', &(0x7f00000001c0)='fuseblk\x00', 0x0, 0x0)

[  181.377529] IPVS: ftp: loaded support on port[0] = 21
01:00:21 executing program 4:
r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x80003, 0xff)
dup3(r0, r1, 0x0)

[  181.818598] IPVS: ftp: loaded support on port[0] = 21
01:00:21 executing program 5:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
prctl$PR_SET_TSC(0x1a, 0x0)

[  182.039515] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.058549] bridge0: port 1(bridge_slave_0) entered disabled state
[  182.076105] device bridge_slave_0 entered promiscuous mode
[  182.260239] IPVS: ftp: loaded support on port[0] = 21
[  182.288121] bridge0: port 2(bridge_slave_1) entered blocking state
[  182.294509] bridge0: port 2(bridge_slave_1) entered disabled state
[  182.306494] device bridge_slave_1 entered promiscuous mode
[  182.406544] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  182.575665] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  182.890787] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.897839] bridge0: port 1(bridge_slave_0) entered disabled state
[  182.905539] device bridge_slave_0 entered promiscuous mode
[  183.001883] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  183.052558] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.097343] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.105146] device bridge_slave_1 entered promiscuous mode
[  183.142492] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  183.262157] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  183.400811] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  183.456184] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.483716] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.498934] device bridge_slave_0 entered promiscuous mode
[  183.610032] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.616494] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.630893] device bridge_slave_1 entered promiscuous mode
[  183.748461] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.758038] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.786825] device bridge_slave_0 entered promiscuous mode
[  183.862463] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  183.882611] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  183.894703] team0: Port device team_slave_0 added
[  183.917091] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  183.936763] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.957991] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.965388] device bridge_slave_1 entered promiscuous mode
[  183.983144] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  184.039008] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.045484] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.066536] device bridge_slave_0 entered promiscuous mode
[  184.076213] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  184.092086] team0: Port device team_slave_1 added
[  184.121291] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  184.134338] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  184.171262] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.181231] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.190129] device bridge_slave_1 entered promiscuous mode
[  184.229608] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  184.286720] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  184.327683] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  184.352265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  184.419782] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  184.462246] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  184.471619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  184.485892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  184.516527] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  184.552067] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  184.578847] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  184.586854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  184.601021] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  184.643136] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.651961] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.660262] device bridge_slave_0 entered promiscuous mode
[  184.697696] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  184.755040] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  184.762037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  184.781762] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.794928] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.804475] device bridge_slave_1 entered promiscuous mode
[  184.837452] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  184.861232] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  184.878320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  184.935201] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  184.952452] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  184.971573] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  184.988543] team0: Port device team_slave_0 added
[  185.002707] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  185.029333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  185.041025] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  185.085916] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  185.103445] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  185.138764] team0: Port device team_slave_1 added
[  185.279609] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  185.332983] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  185.349098] team0: Port device team_slave_0 added
[  185.379061] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  185.489975] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  185.500869] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  185.524089] team0: Port device team_slave_1 added
[  185.533530] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  185.547754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  185.556150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  185.589099] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  185.600818] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  185.609785] team0: Port device team_slave_0 added
[  185.622840] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  185.648582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  185.659974] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  185.691639] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  185.705701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  185.727392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  185.740730] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  185.749078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  185.769498] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  185.776950] team0: Port device team_slave_1 added
[  185.788833] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  185.800371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  185.813729] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  185.838525] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  185.845835] team0: Port device team_slave_0 added
[  185.858833] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  185.866204] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  185.882418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  185.909087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  185.917047] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  185.951105] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  185.979813] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  185.987108] team0: Port device team_slave_1 added
[  186.001238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  186.019037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  186.030938] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  186.063317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  186.084390] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  186.108118] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  186.118510] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  186.131807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  186.158619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  186.166703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  186.174831] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  186.191189] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  186.213214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  186.239261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  186.270201] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  186.281816] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  186.298081] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  186.309926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  186.359981] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.366510] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.373642] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.380057] bridge0: port 1(bridge_slave_0) entered forwarding state
[  186.394924] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  186.407296] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  186.417374] team0: Port device team_slave_0 added
[  186.453594] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  186.467489] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  186.484153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  186.538026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  186.558987] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  186.566360] team0: Port device team_slave_1 added
[  186.591739] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  186.601501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  186.616131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  186.721667] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  186.731465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  186.757792] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  186.828336] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  186.835178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  186.848656] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  187.004698] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  187.016446] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  187.031724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  187.125832] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  187.145770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  187.163868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  187.290432] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.296848] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.303735] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.310147] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.334018] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  187.434660] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.441128] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.447916] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.454300] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.490214] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  187.561090] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  187.569833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  187.976181] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.982632] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.989388] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.995771] bridge0: port 1(bridge_slave_0) entered forwarding state
[  188.016499] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  188.164341] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.170972] bridge0: port 2(bridge_slave_1) entered forwarding state
[  188.177621] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.184044] bridge0: port 1(bridge_slave_0) entered forwarding state
[  188.206721] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  188.498269] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.504676] bridge0: port 2(bridge_slave_1) entered forwarding state
[  188.511396] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.517770] bridge0: port 1(bridge_slave_0) entered forwarding state
[  188.547207] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  188.568541] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  188.595886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  188.604199] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  191.428256] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.888714] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  191.952702] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.323904] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  192.335857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  192.343947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  192.376063] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  192.778576] 8021q: adding VLAN 0 to HW filter on device team0
[  192.822251] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.849537] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  192.856322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  192.870822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  193.246846] 8021q: adding VLAN 0 to HW filter on device bond0
[  193.261850] 8021q: adding VLAN 0 to HW filter on device team0
[  193.308504] 8021q: adding VLAN 0 to HW filter on device bond0
[  193.317341] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  193.351284] 8021q: adding VLAN 0 to HW filter on device bond0
[  193.742348] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  193.748642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  193.764037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  193.788457] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  193.806468] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  193.817650] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  194.228683] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  194.234859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  194.253879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  194.276841] 8021q: adding VLAN 0 to HW filter on device team0
[  194.292548] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  194.309963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  194.339231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  194.369393] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  194.376293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  194.393636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  194.669620] 8021q: adding VLAN 0 to HW filter on device team0
[  194.770067] 8021q: adding VLAN 0 to HW filter on device team0
[  194.848981] 8021q: adding VLAN 0 to HW filter on device team0
01:00:35 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
getrandom(&(0x7f0000000140)=""/207, 0xcf, 0x2)

01:00:35 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
timer_create(0x0, 0x0, &(0x7f0000000280))
timer_getoverrun(0x0)

01:00:35 executing program 0:
socketpair$unix(0x1, 0x0, 0x0, 0x0)
clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
prctl$PR_SET_PTRACER(0x59616d61, r0)
futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
rt_sigqueueinfo(r0, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffffc})
ptrace$cont(0x1f, r0, 0x0, 0x0)
ptrace$cont(0x1f, 0x0, 0x0, 0x0)

01:00:36 executing program 1:
seccomp(0x0, 0x0, 0x0)
utime(0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000040)="66baf80cb8afa4e184ef66bafc0cec660f388183b8b91270c4c1ad73d4ca660f388084822741aace0f30d2edc4c2f931a1b48800000f35360f21b0c4c1e9f809", 0x40}], 0x1, 0x0, 0x0, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  196.536048] kauditd_printk_skb: 8 callbacks suppressed
[  196.536062] audit: type=1326 audit(1545613236.279:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7514 comm="syz-executor1" exe="/root/syz-executor1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0x0
[  196.582955] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
01:00:36 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet(0x2, 0x2, 0x0)
r2 = dup3(r0, r1, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000040)=0x7fd, 0x4)
sendto$inet(r2, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x4e24}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f00000000c0)=0xffffffff, 0x4)
recvmsg(r0, &(0x7f00005b7000)={0x0, 0xffffffffffffff4d, 0x0, 0x0, 0x0, 0xfffffffffffffc9d}, 0x2020)

01:00:36 executing program 2:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000440))

01:00:36 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000200)={{{@in=@multicast1, @in=@remote}}, {{@in6=@ipv4}, 0x0, @in=@local}}, 0x0)
syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x1, 0x2)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
signalfd(r1, 0x0, 0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, 0x0)
stat(0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0)
lstat(&(0x7f0000005f00)='./file0\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000000ba, 0x1c00)

[  197.258457] hrtimer: interrupt took 49880 ns
[  197.336623] audit: type=1326 audit(1545613237.079:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7514 comm="syz-executor1" exe="/root/syz-executor1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0x0
[  197.390896] ==================================================================
[  197.398426] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160
[  197.405022] Write of size 832 at addr ffff8881b3c98bc0 by task syz-executor1/7525
[  197.412643] 
[  197.414313] CPU: 0 PID: 7525 Comm: syz-executor1 Not tainted 4.20.0-rc6-next-20181217+ #172
[  197.422808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  197.422818] Call Trace:
[  197.422841]  dump_stack+0x244/0x39d
[  197.422863]  ? dump_stack_print_info.cold.1+0x20/0x20
[  197.422880]  ? printk+0xa7/0xcf
[  197.422901]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  197.451743]  print_address_description.cold.4+0x9/0x1ff
[  197.457122]  ? fpstate_init+0x50/0x160
[  197.461014]  kasan_report.cold.5+0x1b/0x39
[  197.465253]  ? fpstate_init+0x50/0x160
[  197.469145]  ? fpstate_init+0x50/0x160
[  197.473041]  check_memory_region+0x13e/0x1b0
[  197.477449]  memset+0x23/0x40
[  197.480562]  fpstate_init+0x50/0x160
[  197.484282]  kvm_arch_vcpu_init+0x3e9/0x870
[  197.488613]  kvm_vcpu_init+0x2fa/0x420
[  197.492504]  ? vcpu_stat_get+0x300/0x300
[  197.496569]  ? kmem_cache_alloc+0x33f/0x730
[  197.500902]  vmx_create_vcpu+0x1b7/0x2695
[  197.505056]  ? perf_trace_sched_process_exec+0x860/0x860
[  197.510541]  ? do_raw_spin_unlock+0xa7/0x330
[  197.514956]  ? vmx_exec_control+0x210/0x210
[  197.519281]  ? kasan_check_write+0x14/0x20
[  197.523518]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  197.528448]  ? futex_wait_queue_me+0x55d/0x840
[  197.533047]  ? wait_for_completion+0x8a0/0x8a0
[  197.538950]  ? print_usage_bug+0xc0/0xc0
[  197.543018]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  197.548557]  ? get_futex_value_locked+0xcb/0xf0
[  197.553233]  kvm_arch_vcpu_create+0xe5/0x220
[  197.557638]  ? kvm_arch_vcpu_free+0x90/0x90
[  197.561973]  kvm_vm_ioctl+0x526/0x2030
[  197.565860]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  197.570969]  ? futex_wait+0x5ec/0xa50
[  197.574797]  ? kvm_unregister_device_ops+0x70/0x70
[  197.579751]  ? mark_held_locks+0x130/0x130
[  197.583983]  ? kfree+0x11e/0x230
[  197.587354]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  197.592578]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  197.597690]  ? futex_wake+0x304/0x760
[  197.601506]  ? __lock_acquire+0x62f/0x4c20
[  197.605775]  ? mark_held_locks+0x130/0x130
[  197.610015]  ? graph_lock+0x270/0x270
[  197.613819]  ? do_futex+0x249/0x26d0
[  197.617538]  ? rcu_read_unlock_special+0x370/0x370
[  197.622472]  ? rcu_softirq_qs+0x20/0x20
[  197.626463]  ? unwind_dump+0x190/0x190
[  197.630358]  ? find_held_lock+0x36/0x1c0
[  197.634437]  ? __fget+0x4aa/0x740
[  197.637898]  ? lock_downgrade+0x900/0x900
[  197.642050]  ? check_preemption_disabled+0x48/0x280
[  197.647072]  ? kasan_check_read+0x11/0x20
[  197.651219]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  197.656510]  ? rcu_read_unlock_special+0x370/0x370
[  197.661452]  ? __fget+0x4d1/0x740
[  197.664940]  ? ksys_dup3+0x680/0x680
[  197.668663]  ? __might_fault+0x12b/0x1e0
[  197.672726]  ? lock_downgrade+0x900/0x900
[  197.676869]  ? lock_release+0xa00/0xa00
[  197.680839]  ? perf_trace_sched_process_exec+0x860/0x860
[  197.686279]  ? kvm_unregister_device_ops+0x70/0x70
[  197.691239]  do_vfs_ioctl+0x1de/0x1790
[  197.695124]  ? ioctl_preallocate+0x300/0x300
[  197.699530]  ? __fget_light+0x2e9/0x430
[  197.703500]  ? fget_raw+0x20/0x20
[  197.706948]  ? _copy_to_user+0xc8/0x110
[  197.710974]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  197.716513]  ? put_timespec64+0x10f/0x1b0
[  197.720655]  ? nsecs_to_jiffies+0x30/0x30
[  197.724804]  ? do_syscall_64+0x9a/0x820
[  197.728779]  ? do_syscall_64+0x9a/0x820
[  197.732752]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  197.737334]  ? security_file_ioctl+0x94/0xc0
[  197.741758]  ksys_ioctl+0xa9/0xd0
[  197.745213]  __x64_sys_ioctl+0x73/0xb0
[  197.749096]  do_syscall_64+0x1b9/0x820
[  197.752992]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  197.758353]  ? syscall_return_slowpath+0x5e0/0x5e0
[  197.763279]  ? trace_hardirqs_on_caller+0x310/0x310
[  197.768288]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  197.773303]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[  197.779978]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  197.784839]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  197.790037] RIP: 0033:0x457669
[  197.793226] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  197.812138] RSP: 002b:00007fd86e5e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  197.819845] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669
[  197.827108] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  197.834371] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000
[  197.841650] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd86e5e56d4
[  197.848935] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff
[  197.856243] 
[  197.857875] Allocated by task 7525:
[  197.861496]  save_stack+0x43/0xd0
[  197.864942]  kasan_kmalloc+0xcb/0xd0
[  197.868658]  kasan_slab_alloc+0x12/0x20
[  197.872637]  kmem_cache_alloc+0x130/0x730
[  197.876797]  vmx_create_vcpu+0x110/0x2695
[  197.880945]  kvm_arch_vcpu_create+0xe5/0x220
[  197.885347]  kvm_vm_ioctl+0x526/0x2030
[  197.889234]  do_vfs_ioctl+0x1de/0x1790
[  197.893116]  ksys_ioctl+0xa9/0xd0
[  197.896572]  __x64_sys_ioctl+0x73/0xb0
[  197.900460]  do_syscall_64+0x1b9/0x820
[  197.904349]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  197.909525] 
[  197.911146] Freed by task 0:
[  197.914158] (stack is not available)
[  197.917861] 
[  197.919490] The buggy address belongs to the object at ffff8881b3c98b80
[  197.919490]  which belongs to the cache x86_fpu of size 832
[  197.931799] The buggy address is located 64 bytes inside of
[  197.931799]  832-byte region [ffff8881b3c98b80, ffff8881b3c98ec0)
[  197.943654] The buggy address belongs to the page:
[  197.948588] page:ffffea0006cf2600 count:1 mapcount:0 mapping:ffff8881d9461340 index:0x0
[  197.956727] flags: 0x2fffc0000000200(slab)
[  197.960961] raw: 02fffc0000000200 ffff8881d5031e48 ffff8881d5031e48 ffff8881d9461340
[  197.968846] raw: 0000000000000000 ffff8881b3c98040 0000000100000004 0000000000000000
[  197.976711] page dumped because: kasan: bad access detected
[  197.982432] 
[  197.984055] Memory state around the buggy address:
01:00:37 executing program 3:
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
mremap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)

[  197.988989]  ffff8881b3c98d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  197.996344]  ffff8881b3c98e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  198.003712] >ffff8881b3c98e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  198.011060]                                            ^
[  198.016503]  ffff8881b3c98f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  198.023870]  ffff8881b3c98f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  198.031216] ==================================================================
[  198.038563] Disabling lock debugging due to kernel taint
[  198.061920] Kernel panic - not syncing: panic_on_warn set ...
[  198.067828] CPU: 1 PID: 7525 Comm: syz-executor1 Tainted: G    B             4.20.0-rc6-next-20181217+ #172
[  198.077704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  198.087059] Call Trace:
[  198.089677]  dump_stack+0x244/0x39d
[  198.093330]  ? dump_stack_print_info.cold.1+0x20/0x20
[  198.098549]  ? fpstate_init+0x30/0x160
[  198.102453]  panic+0x2ad/0x632
[  198.105663]  ? add_taint.cold.5+0x16/0x16
[  198.109828]  ? preempt_schedule+0x4d/0x60
[  198.113988]  ? ___preempt_schedule+0x16/0x18
[  198.118436]  ? trace_hardirqs_on+0xb4/0x310
[  198.122764]  ? fpstate_init+0x50/0x160
[  198.126666]  end_report+0x47/0x4f
[  198.130123]  kasan_report.cold.5+0xe/0x39
[  198.134276]  ? fpstate_init+0x50/0x160
[  198.138172]  ? fpstate_init+0x50/0x160
[  198.142080]  check_memory_region+0x13e/0x1b0
[  198.146498]  memset+0x23/0x40
[  198.149620]  fpstate_init+0x50/0x160
[  198.153354]  kvm_arch_vcpu_init+0x3e9/0x870
[  198.157687]  kvm_vcpu_init+0x2fa/0x420
01:00:37 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000200)={{{@in=@multicast1, @in=@remote}}, {{@in6=@ipv4}, 0x0, @in=@local}}, 0x0)
syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x1, 0x2)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
signalfd(r1, 0x0, 0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, 0x0)
stat(0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0)
lstat(&(0x7f0000005f00)='./file0\x00', 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000000ba, 0x1c00)

[  198.161586]  ? vcpu_stat_get+0x300/0x300
[  198.165670]  ? kmem_cache_alloc+0x33f/0x730
[  198.170111]  vmx_create_vcpu+0x1b7/0x2695
[  198.174279]  ? perf_trace_sched_process_exec+0x860/0x860
[  198.179755]  ? do_raw_spin_unlock+0xa7/0x330
[  198.184174]  ? vmx_exec_control+0x210/0x210
[  198.188509]  ? kasan_check_write+0x14/0x20
[  198.192752]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  198.197692]  ? futex_wait_queue_me+0x55d/0x840
[  198.198795] kobject: 'loop2' (0000000030cee660): kobject_uevent_env
[  198.202281]  ? wait_for_completion+0x8a0/0x8a0
[  198.213252]  ? print_usage_bug+0xc0/0xc0
[  198.217330]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  198.222874]  ? get_futex_value_locked+0xcb/0xf0
[  198.222974] kobject: 'loop2' (0000000030cee660): fill_kobj_path: path = '/devices/virtual/block/loop2'
[  198.227550]  kvm_arch_vcpu_create+0xe5/0x220
[  198.227571]  ? kvm_arch_vcpu_free+0x90/0x90
[  198.245726]  kvm_vm_ioctl+0x526/0x2030
[  198.249618]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  198.254730]  ? futex_wait+0x5ec/0xa50
[  198.258537]  ? kvm_unregister_device_ops+0x70/0x70
[  198.263480]  ? mark_held_locks+0x130/0x130
[  198.267724]  ? kfree+0x11e/0x230
[  198.271099]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  198.276298]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  198.281435]  ? futex_wake+0x304/0x760
[  198.285252]  ? __lock_acquire+0x62f/0x4c20
[  198.289505]  ? mark_held_locks+0x130/0x130
[  198.293752]  ? graph_lock+0x270/0x270
[  198.297561]  ? do_futex+0x249/0x26d0
[  198.301735]  ? rcu_read_unlock_special+0x370/0x370
[  198.306675]  ? rcu_softirq_qs+0x20/0x20
[  198.310658]  ? unwind_dump+0x190/0x190
[  198.314560]  ? find_held_lock+0x36/0x1c0
[  198.318634]  ? __fget+0x4aa/0x740
[  198.322117]  ? lock_downgrade+0x900/0x900
[  198.326310]  ? check_preemption_disabled+0x48/0x280
[  198.331328]  ? kasan_check_read+0x11/0x20
[  198.335478]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  198.340751]  ? rcu_read_unlock_special+0x370/0x370
[  198.345697]  ? __fget+0x4d1/0x740
[  198.349168]  ? ksys_dup3+0x680/0x680
[  198.352895]  ? __might_fault+0x12b/0x1e0
[  198.356963]  ? lock_downgrade+0x900/0x900
[  198.361131]  ? lock_release+0xa00/0xa00
[  198.365110]  ? perf_trace_sched_process_exec+0x860/0x860
[  198.370565]  ? kvm_unregister_device_ops+0x70/0x70
[  198.375514]  do_vfs_ioctl+0x1de/0x1790
[  198.379422]  ? ioctl_preallocate+0x300/0x300
[  198.383840]  ? __fget_light+0x2e9/0x430
[  198.387826]  ? fget_raw+0x20/0x20
[  198.391295]  ? _copy_to_user+0xc8/0x110
[  198.395274]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  198.400831]  ? put_timespec64+0x10f/0x1b0
[  198.405028]  ? nsecs_to_jiffies+0x30/0x30
[  198.409225]  ? do_syscall_64+0x9a/0x820
[  198.413202]  ? do_syscall_64+0x9a/0x820
[  198.417218]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  198.421802]  ? security_file_ioctl+0x94/0xc0
[  198.426246]  ksys_ioctl+0xa9/0xd0
[  198.429712]  __x64_sys_ioctl+0x73/0xb0
[  198.433601]  do_syscall_64+0x1b9/0x820
[  198.437515]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  198.442945]  ? syscall_return_slowpath+0x5e0/0x5e0
[  198.447882]  ? trace_hardirqs_on_caller+0x310/0x310
[  198.452924]  ? prepare_exit_to_usermode+0x3b0/0x3b0
01:00:38 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
lsetxattr$security_capability(&(0x7f00000002c0)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000001000), 0x1000)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50)
clone(0x210007fa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000500)='./file0/file0\x00', 0x0)
read$FUSE(r0, &(0x7f00000050c0), 0xffffffbe)
write$FUSE_ENTRY(r0, &(0x7f0000002000)={0x90, 0x0, 0x2}, 0x90)

[  198.457962]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[  198.464642]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  198.469530]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  198.474754] RIP: 0033:0x457669
[  198.477979] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  198.496895] RSP: 002b:00007fd86e5e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  198.504625] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669
[  198.511898] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  198.519171] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000
[  198.526451] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd86e5e56d4
[  198.532959] kobject: 'loop5' (00000000bd1c816c): kobject_uevent_env
[  198.533724] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff
[  198.541120] Kernel Offset: disabled
[  198.551988] Rebooting in 86400 seconds..