[info] Using makefile-style concurrent boot in runlevel 2. [ 26.591976] audit: type=1800 audit(1545613066.339:21): pid=5848 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [ 26.617972] audit: type=1800 audit(1545613066.339:22): pid=5848 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.772856] sshd (5987) used greatest stack depth: 15728 bytes left Warning: Permanently added '10.128.0.136' (ECDSA) to the list of known hosts. 2018/12/24 00:57:59 fuzzer started 2018/12/24 00:58:01 dialing manager at 10.128.0.26:33943 [ 41.726467] ld (6012) used greatest stack depth: 15200 bytes left 2018/12/24 00:58:01 syscalls: 1 2018/12/24 00:58:01 code coverage: enabled 2018/12/24 00:58:01 comparison tracing: enabled 2018/12/24 00:58:01 setuid sandbox: enabled 2018/12/24 00:58:01 namespace sandbox: enabled 2018/12/24 00:58:01 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 00:58:01 fault injection: enabled 2018/12/24 00:58:01 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 00:58:01 net packet injection: enabled 2018/12/24 00:58:01 net device setup: enabled 01:00:20 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) write(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_SET_CPUID(r0, 0x4004551e, &(0x7f0000000080)=ANY=[]) ioctl$sock_inet_SIOCRTMSG(r0, 0x8108551b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0xfffffffffffffff8, @loopback}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x2}) [ 180.407331] IPVS: ftp: loaded support on port[0] = 21 01:00:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r1 = dup(r0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_pts(r0, 0x5) r3 = dup3(r2, r0, 0x0) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000200)={0x7fff, 0xfff}) write$UHID_INPUT(r3, &(0x7f0000001640)={0x8, "e52aac313baccb9b551156a2d7c12b7711c32a17d3c4c9ceef08c2046fe288a7036e513019e5e114cc4ae935d23a9990952824f5d0c1f52e2eb94e5301ba9dc9a02818038eaef46fc2c3ebbe46e4a6024c93823f66462ba3d68913fdeadd1087b06846aa3ddf6ed3dc2b61b4960f48c2edf5cdf23c7e8d3f2e6daa71e66b29bc19e377d7df4637d735194a52da503a0ac44383ba5b3da867e09ceae02a9bfc21e7f28814c2fab7da41344e207ca706dc37592abdb685e4b80eb6dc2b1dc550a1d16166d163a4a220a54d7844facbbb2648ee90aa05c3c03ee447d79e517df8ffe70c215bd0bf69e86a5f48d571b9337590d05e9947727c0d77d18a117f110252735ca6700a55fd26838935808cce7b7c222a75339e44230bdeb99bc39c0c1cc20de74fcb9744f4c4a988f3874a846d31abcf5504d78a3e14f35f6cbd123fcff22890cc17c730c3ea9f74616dfe60064552ec25568a6211bdc39483a28bed0df0afc7d7c6d13d301e080c8846ea512a8ccae7a99da8dd3009feaf204d22e32c5ecc333e616159d55328d375e59194c5c9a0b3843afb283d1d26f59e03105e91aa552386468432a09be73220e942394f34c559797b74bfe7c5c2c639a40e4d2e81e1004b127540a0bdd6be2f95698e75e4f1203a47d61f506ac9364be9d98ae46536f74afe08c450ecb902e00f188c9f32aed0677455e10bbe82c763a464f10f64c403c35376b7a675546835209f0e2809e9c2bd191f784dda4b727bfac512497a07474e6d3e13233601df81abcdb6fbfb152483ec61baaee45a5d733c62107f63c55a046401a5ddef70cef8d52cb4784e3efc34de554c8ff48f7ae3d6dc1ed4eb70fe1e610355fd66ce1af8ff63b6641fb3dadfab8a9b0b1f26ca11f7287258ad4766e08340f8f2fd53e7e5f287bb73c186f0290f225687040c762776a02e5e65f1b9b713e8ef98ffe111b3e4e7b761dd3ed763ed8dafd67625fb300ac752c0ff9c0c04b75be292c3f0247bd0b3560f1c76aff38791037fcf2b812f1601934a8fc769f7198e0df685841489263a1495a8a8bab1a63cb12b3089a3e30aab15ae872437e52a6f0dbc4df2d0e8df4c6bcd47beefc179d85b70b42b319453e6efaff96a509420bec299f227c4b676c58038916897f15430ff52087dd97dd329c6b6e207378053accaa31843a333e4f69586103424f44bd67eb355c1fbe078e62f07ebaae46c3e335372127dc5fa70a4579af715e531bda52761dc206aded4678079720603a577ef7e5fb5a81a525b7c96a4047d9d6bb80d7e0ce55cc0a4f73256ae9c515307f13fe54126786de425d7a674b05116104176faac5b9365b33fd2f5a710a5159d342abecede83ad421bbb712cd5b006671a958cec907311719eb3e0b5dc4fb51054e06656a7a2a066c0aac65ceb434ca3f242cb2b1d7a22179a85cbbeeacc2f0135d8dd4d1363a98d2543fa4973e19eb359e956d27f142c75f62c7aecaf47090236b9791847725bc6fde15cd4a119a4976a3f0f2d622973ad9000aae56f88b396fa1881ec0b0a5de9955fc8f864b36eacd635b88826e0a64897d605fa4a14f7786b037cf308bef61c7f860e38f1ae67fe8cb7802dbe85f9c0c082eed1a13e645370d0c95d63bba215ac8a637b8f968aef06329d62ba131b56b46bfcfa6a5e82016d5eeb6e7db45595d1acaaa5ec9886315d3dced9d0a15c44c043ac91e4ae7077139774607b76cbc017f636145beb84c1829a6030f4a895a56b8d141f743c9189a71387893f785804f85927a23ccd79c432ab686b621ec91706ef082b4ea4fa608ce2daca0d2e2e07ff51e6a8fdc22f1c8ee5ae53720f93b4547704fae580e5560e3c7b1ac2a38ffc294d3c96635e3b919339394843c8a171c7d12ceb9c0a11be25783694b177b399e7a495538e293a59d3ab44b176afed6894aa0e501d9b98981be3f2057bf6c9869403a34cb83ad57150c674301f39524a026f3608a3414287bc4e507355823c6f8640bb803a392fb8847023d1db3c39753e72414682c617de9bd0d5b6a55d46004d49f20d2f8f53cdd8eb11402f7895cd7c01b4964fd005c564b0b0e156969ccde818dda3a7cae02d1d3af95081e6549f28976fa81b5e90fbb0a62fea850ffaf0220132189c11a74996261f6de6001c50364f08c4f48fd46a0417ec8ee4d003efeead64b87d64b43cd6868f365e72e26dd9f5f9f74d135f64464cb38dd62051ae70c5a4daabebe700eb9b290b8ed4142db0090219e6186f8f71fa8fe1ebe42f621b8eed182ee8ad0401f0a3530fd48e4d1eb2637f1fbd2a7032b0f85715203c12ab8ff48131bc4ff28272b57119a76bc0b30fef5294c23c0b2bcadfbba37a00502b5e43d72148d9acc7cb7cb39dc830cd6f30262a09eecf29d1055c2edc3926cfd5076aa5f9f172ed145359fc974ca5ded652433d212607bed155df1aff269414548a39a644b6ce927de5de6e6750575c4fd7ea7fe10b1e51fde6975c0c23fc012a8b12fe3fa64e972e4e09eafea165ae5c1ffc9d761e1314a781959c223b96eefde0f4f45c7ac032a8d3f1bd304114c3329a3e4966eddcc8d44ae70bad2932f963100955e2d2d487347c2aa8356bc6bc3c84e418163c758f1372246884e6d80d87d7ab3fe660dda13ada65f200b4fb365223b93bbc29493ae6dbbbb1823edb8e9f045b60414edab955e1046b67a8d4908ab08ad90216125d2ffd8c7814a9a4940df0a653b1cf53cf456412228445ebc8e1584adfe13207ff24fe602e2a506218710483b5544347a3d515b7d2ddcaa1bb7ae3578841918a8ed00659d5f260d23ae17a9ffc77f79758844586fe53517097838a92dde8873e8be1cd5934f1a4bfdd9d0b5725b811c4a2c121b7729946993a736bd195c55684ea680304af4844a1b2f74e2c2b2ccaeceb00b9c2c515b70912efb27643c5624025e358b44853cc0efddc103ee514471af902cd9b68f102c95a91d2b825b473ce842e6367b0b7305ce8be6f9c812abe860bb632e00b69a0370e5c8f9ba0cebbcbe1b9276949c303a4e9e3b6db37a0716520c07512192364abb58399fca973a1b32106096eda8bb85745562e8a35c5e917fdf858091a4c29d6549e10098d6b205fc5cad546fe07b3a70756cf7079c88f3708f0c8527002b99e80cbd584a3737fb37953cd6dccf21add4d4b6e65894490840c008578737d5e208649d1cd34beb403c2226300297853a29cf6c661b426c13306575d81f6fd21712e0ec4366013883b95a71d5094acbf156e42de11cb873744983ec1ff9cfbee2278053b8b4e523388bd41dfd3c2ecaacc5d9d2958bbfa94f4bd0ac1c61c98ab295dd5c69020f1329818df9a2aa88ced03f4e6a4d1f8cb020afcd2384e65511ddeb908ba0c13a03dd32e8d4ccf0246008f35ef5184f81b8fed73b4aae4998bd8c7d784210042247d39396ba881bf43555d0ec58deede7b4729e79d31b2a346527594ca3a47a1723a792a701dc18d0124365e2c4a4fefed48c29a9f2fc747b302eaf92a100b2da211c91de4ab79d4aede483d852635c6f14d38095a5739d475c7aa67fdd54767a056eeb3098dfd8d1c21f32e76f0247f04118448273586856e641b83f540a643e72dc15804b78bac475f39e23291798aa45a2c10aa5fef2d5e4d7b8f529a66535d11c6149e9797f2fcce2804f2a5370345e98b0c02c7dd27135d414fe72f0740423920d68b64f6b8c05788c6693ee1b9abb5d4593a970dc3ee2528765fb739964f4fed7200d7e796a9f3d0d60834e638dd8c29d4e85011e4ba4f127fe765954a5b5bb5d1cc69f2376599d5a3e8c30714893f763c06061072c10cb0eee17eb2a2514acc584b04e169d4a33a330367bb725ff9462f5d50282a2e393293eec8ea1eaab8217cc108798a4a57eccdb00647ab9f07318993f7c59c395a93cbd681d0a967a56e3f13c832c48dcc0d0096870b0d51b754e70b12a849b6f376923f7f7d909f64d64e1d6e338d39166b725265b96ed21e36b12057148d66e5df04b7b734ed0957d47fde172be2473b9ac6fdb823abe3e11ec69a170a14511d5572d6c0d9f6b749acad7003f0567bb6f9381649e42d02764077330d5af3d93185968a9f8dfed16c4a7c768a2bb98304946a557182c0ce93e82b340074e384cc6bd6129483386c654a6ab3bb12fe8e86adafa93f218fdf5019c09292858acd8ef7aa6a78e3f846215856d630ae9c5fc4009693b2767ea55c469f9099693287b35d43ee0f7a5baf3328d37b2c536f2abd6e21e472c105ae982cdd26a5a20562122e71efb1486c28d9409c3114b608f297695958c5604cf0918c0c70c56c79170260d73bde297e47cae1c404cca0a96eed51a2dc8f6f6ad862fe767ee5b5e68f231096825d935b809b3c1b5d9a2cd76cae22652bed7d263b42612ed717eba0aaf2a3989c4520c402d29428010000000000000062fb3fdd073b91d4e2f6895fba9639ee78bd8ccb5bc3ce442fbeb9a1521314b82804293159fd7df4db66b78a06fe93e705bbc4e0d294a787c3cbf271b2acd15e7b4998c822f7724d3191e2265bd0d694dfb08063c9ff26a424884b46e26b5560d756c114ad1a7b92eee3f49dc2883b604ecc49c5ce92ce467778301326588a6577d44758e8d90710248d110dbf3d3d568779bd1c616369f84619dd089e38b51634f7c5d2ac9f1547a342877815a3864ad70b68b196bde9d810512f411d5235633ef65088788dfa3f152df7cee3a0803f6ac7ae192301dec07ff870ff3d7cf1c09cc9093263b225d01222376531007af9e6fb96e5ccaa8274f70adc786db7f33a20a752717b56b9a03bfce15a1aacd78c4adf8bdf41de8aaf421684c27526088c54322b5eea9175ef9c574c1f873218cc6f5df233892d7d5b0b0649ffc5a1c4909f2967a8c1f15b419ecde0448f071fa71e553f4f12cfa5e35022e75ddc5509edddc3de82d9097759b27f7c24776702e0ff64559281f796f11c1a9c77a156f390d2d18d1759b6be0347eb5bb4df912e9cfafa0db3be3243bacb378ca0946cece695a8099d6d7a24fc8bcca4c09695e3208f17f00bf404f6eb7852dfe73c163a19fd4e890e0edd5c7a727984b6f47a952373b95200bba061756c699c218b52c265b22bcd5cb24fdf056621fdd2126cede171e435320ca34e56e4c82a2afc9a59d3bf4647877658b6f23a6484f37acd8e2e184926993b5d1bbe6cdba64f486b4fb41bb94a644140540894f8fc14e585bc8beae88eabf926add289c82eb8cea99743baed842d76eb5c5573f7a7f3f2693960d6bfed697b5619afd942f41689dbd281a35e32478ba3a388dada82a2f4164481aa6a8f3946a84ea6186b20ce388c202be42996ae90feec7258d4a4a276353df84c96b160ac003d81cf395c0e61b0f0a9e692c32fab307f754cae5de7716a00cb96160cd39c931f4885d612862cecf6ba76502c9d266f97e4cf6cf0a16f787788e5471458a0dc24d3f2a28caa0f7ee00cf8bb113bd9c2b086037d765b5ec9a849df6f482fc01b48261e44299b0bc88321d837b6e2d221ebf2996b4140cd82e531de27f8de445f31c64469a5a145b031cd2569d19e27369c31ec63a989f0c9aaba7cc9d36d652001d40004f83a90d6465854f31bf15d1ef6bff4c02d60b948a37e3f50d250d7f85f545f507014aae5a35908283168c034f654acbb9d0fc261671d612e3d74261653e69e5e9cf7c8fda298b4d6c879cbbb97eafe648ba70150599089d65c1fdc0d5af879a2d46a443ac6dd21b33f72510742db4faf7eeb1580580ffe26e2d5ff", 0x1000}, 0x1006) [ 180.690741] IPVS: ftp: loaded support on port[0] = 21 01:00:20 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x57, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x6) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") ioctl$PERF_EVENT_IOC_ID(r0, 0x80082407, &(0x7f0000000000)) [ 181.048380] IPVS: ftp: loaded support on port[0] = 21 01:00:20 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000080)='./file0/file0\x00', 0x0) mount$fuseblk(&(0x7f00000000c0)='/dev/loop0\x00', &(0x7f0000000100)='./file0/file0\x00', &(0x7f00000001c0)='fuseblk\x00', 0x0, 0x0) [ 181.377529] IPVS: ftp: loaded support on port[0] = 21 01:00:21 executing program 4: r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x80003, 0xff) dup3(r0, r1, 0x0) [ 181.818598] IPVS: ftp: loaded support on port[0] = 21 01:00:21 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_TSC(0x1a, 0x0) [ 182.039515] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.058549] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.076105] device bridge_slave_0 entered promiscuous mode [ 182.260239] IPVS: ftp: loaded support on port[0] = 21 [ 182.288121] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.294509] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.306494] device bridge_slave_1 entered promiscuous mode [ 182.406544] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.575665] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.890787] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.897839] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.905539] device bridge_slave_0 entered promiscuous mode [ 183.001883] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.052558] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.097343] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.105146] device bridge_slave_1 entered promiscuous mode [ 183.142492] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.262157] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.400811] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.456184] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.483716] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.498934] device bridge_slave_0 entered promiscuous mode [ 183.610032] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.616494] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.630893] device bridge_slave_1 entered promiscuous mode [ 183.748461] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.758038] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.786825] device bridge_slave_0 entered promiscuous mode [ 183.862463] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.882611] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.894703] team0: Port device team_slave_0 added [ 183.917091] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.936763] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.957991] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.965388] device bridge_slave_1 entered promiscuous mode [ 183.983144] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 184.039008] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.045484] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.066536] device bridge_slave_0 entered promiscuous mode [ 184.076213] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.092086] team0: Port device team_slave_1 added [ 184.121291] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 184.134338] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.171262] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.181231] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.190129] device bridge_slave_1 entered promiscuous mode [ 184.229608] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.286720] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 184.327683] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 184.352265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.419782] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.462246] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.471619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.485892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.516527] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 184.552067] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.578847] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.586854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.601021] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.643136] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.651961] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.660262] device bridge_slave_0 entered promiscuous mode [ 184.697696] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.755040] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 184.762037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.781762] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.794928] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.804475] device bridge_slave_1 entered promiscuous mode [ 184.837452] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.861232] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 184.878320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.935201] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.952452] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 184.971573] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 184.988543] team0: Port device team_slave_0 added [ 185.002707] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 185.029333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.041025] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.085916] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 185.103445] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 185.138764] team0: Port device team_slave_1 added [ 185.279609] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.332983] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 185.349098] team0: Port device team_slave_0 added [ 185.379061] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.489975] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.500869] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 185.524089] team0: Port device team_slave_1 added [ 185.533530] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.547754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.556150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.589099] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.600818] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 185.609785] team0: Port device team_slave_0 added [ 185.622840] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 185.648582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.659974] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.691639] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.705701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.727392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.740730] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 185.749078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.769498] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 185.776950] team0: Port device team_slave_1 added [ 185.788833] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 185.800371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.813729] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.838525] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 185.845835] team0: Port device team_slave_0 added [ 185.858833] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 185.866204] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 185.882418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.909087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.917047] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.951105] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.979813] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 185.987108] team0: Port device team_slave_1 added [ 186.001238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.019037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.030938] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 186.063317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.084390] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.108118] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 186.118510] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 186.131807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.158619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.166703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.174831] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.191189] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 186.213214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.239261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.270201] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.281816] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 186.298081] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.309926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.359981] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.366510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.373642] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.380057] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.394924] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.407296] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 186.417374] team0: Port device team_slave_0 added [ 186.453594] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 186.467489] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.484153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.538026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.558987] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 186.566360] team0: Port device team_slave_1 added [ 186.591739] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 186.601501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.616131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.721667] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 186.731465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.757792] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.828336] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 186.835178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.848656] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.004698] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 187.016446] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.031724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.125832] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 187.145770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.163868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.290432] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.296848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.303735] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.310147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.334018] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.434660] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.441128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.447916] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.454300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.490214] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.561090] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.569833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.976181] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.982632] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.989388] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.995771] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.016499] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 188.164341] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.170972] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.177621] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.184044] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.206721] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 188.498269] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.504676] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.511396] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.517770] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.547207] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 188.568541] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.595886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.604199] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.428256] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.888714] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 191.952702] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.323904] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.335857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.343947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.376063] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.778576] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.822251] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.849537] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.856322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.870822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.246846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.261850] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.308504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.317341] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 193.351284] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.742348] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 193.748642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.764037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.788457] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 193.806468] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 193.817650] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 194.228683] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.234859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.253879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.276841] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.292548] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.309963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.339231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.369393] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.376293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.393636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.669620] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.770067] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.848981] 8021q: adding VLAN 0 to HW filter on device team0 01:00:35 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) getrandom(&(0x7f0000000140)=""/207, 0xcf, 0x2) 01:00:35 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) timer_create(0x0, 0x0, &(0x7f0000000280)) timer_getoverrun(0x0) 01:00:35 executing program 0: socketpair$unix(0x1, 0x0, 0x0, 0x0) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) rt_sigqueueinfo(r0, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffffc}) ptrace$cont(0x1f, r0, 0x0, 0x0) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 01:00:36 executing program 1: seccomp(0x0, 0x0, 0x0) utime(0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000040)="66baf80cb8afa4e184ef66bafc0cec660f388183b8b91270c4c1ad73d4ca660f388084822741aace0f30d2edc4c2f931a1b48800000f35360f21b0c4c1e9f809", 0x40}], 0x1, 0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 196.536048] kauditd_printk_skb: 8 callbacks suppressed [ 196.536062] audit: type=1326 audit(1545613236.279:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7514 comm="syz-executor1" exe="/root/syz-executor1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0x0 [ 196.582955] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 01:00:36 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) r2 = dup3(r0, r1, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000040)=0x7fd, 0x4) sendto$inet(r2, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x4e24}, 0x10) setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f00000000c0)=0xffffffff, 0x4) recvmsg(r0, &(0x7f00005b7000)={0x0, 0xffffffffffffff4d, 0x0, 0x0, 0x0, 0xfffffffffffffc9d}, 0x2020) 01:00:36 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000440)) 01:00:36 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000200)={{{@in=@multicast1, @in=@remote}}, {{@in6=@ipv4}, 0x0, @in=@local}}, 0x0) syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x1, 0x2) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) signalfd(r1, 0x0, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, 0x0) stat(0x0, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0) lstat(&(0x7f0000005f00)='./file0\x00', 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000000ba, 0x1c00) [ 197.258457] hrtimer: interrupt took 49880 ns [ 197.336623] audit: type=1326 audit(1545613237.079:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7514 comm="syz-executor1" exe="/root/syz-executor1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0x0 [ 197.390896] ================================================================== [ 197.398426] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 197.405022] Write of size 832 at addr ffff8881b3c98bc0 by task syz-executor1/7525 [ 197.412643] [ 197.414313] CPU: 0 PID: 7525 Comm: syz-executor1 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 197.422808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.422818] Call Trace: [ 197.422841] dump_stack+0x244/0x39d [ 197.422863] ? dump_stack_print_info.cold.1+0x20/0x20 [ 197.422880] ? printk+0xa7/0xcf [ 197.422901] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 197.451743] print_address_description.cold.4+0x9/0x1ff [ 197.457122] ? fpstate_init+0x50/0x160 [ 197.461014] kasan_report.cold.5+0x1b/0x39 [ 197.465253] ? fpstate_init+0x50/0x160 [ 197.469145] ? fpstate_init+0x50/0x160 [ 197.473041] check_memory_region+0x13e/0x1b0 [ 197.477449] memset+0x23/0x40 [ 197.480562] fpstate_init+0x50/0x160 [ 197.484282] kvm_arch_vcpu_init+0x3e9/0x870 [ 197.488613] kvm_vcpu_init+0x2fa/0x420 [ 197.492504] ? vcpu_stat_get+0x300/0x300 [ 197.496569] ? kmem_cache_alloc+0x33f/0x730 [ 197.500902] vmx_create_vcpu+0x1b7/0x2695 [ 197.505056] ? perf_trace_sched_process_exec+0x860/0x860 [ 197.510541] ? do_raw_spin_unlock+0xa7/0x330 [ 197.514956] ? vmx_exec_control+0x210/0x210 [ 197.519281] ? kasan_check_write+0x14/0x20 [ 197.523518] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 197.528448] ? futex_wait_queue_me+0x55d/0x840 [ 197.533047] ? wait_for_completion+0x8a0/0x8a0 [ 197.538950] ? print_usage_bug+0xc0/0xc0 [ 197.543018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.548557] ? get_futex_value_locked+0xcb/0xf0 [ 197.553233] kvm_arch_vcpu_create+0xe5/0x220 [ 197.557638] ? kvm_arch_vcpu_free+0x90/0x90 [ 197.561973] kvm_vm_ioctl+0x526/0x2030 [ 197.565860] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 197.570969] ? futex_wait+0x5ec/0xa50 [ 197.574797] ? kvm_unregister_device_ops+0x70/0x70 [ 197.579751] ? mark_held_locks+0x130/0x130 [ 197.583983] ? kfree+0x11e/0x230 [ 197.587354] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 197.592578] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 197.597690] ? futex_wake+0x304/0x760 [ 197.601506] ? __lock_acquire+0x62f/0x4c20 [ 197.605775] ? mark_held_locks+0x130/0x130 [ 197.610015] ? graph_lock+0x270/0x270 [ 197.613819] ? do_futex+0x249/0x26d0 [ 197.617538] ? rcu_read_unlock_special+0x370/0x370 [ 197.622472] ? rcu_softirq_qs+0x20/0x20 [ 197.626463] ? unwind_dump+0x190/0x190 [ 197.630358] ? find_held_lock+0x36/0x1c0 [ 197.634437] ? __fget+0x4aa/0x740 [ 197.637898] ? lock_downgrade+0x900/0x900 [ 197.642050] ? check_preemption_disabled+0x48/0x280 [ 197.647072] ? kasan_check_read+0x11/0x20 [ 197.651219] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 197.656510] ? rcu_read_unlock_special+0x370/0x370 [ 197.661452] ? __fget+0x4d1/0x740 [ 197.664940] ? ksys_dup3+0x680/0x680 [ 197.668663] ? __might_fault+0x12b/0x1e0 [ 197.672726] ? lock_downgrade+0x900/0x900 [ 197.676869] ? lock_release+0xa00/0xa00 [ 197.680839] ? perf_trace_sched_process_exec+0x860/0x860 [ 197.686279] ? kvm_unregister_device_ops+0x70/0x70 [ 197.691239] do_vfs_ioctl+0x1de/0x1790 [ 197.695124] ? ioctl_preallocate+0x300/0x300 [ 197.699530] ? __fget_light+0x2e9/0x430 [ 197.703500] ? fget_raw+0x20/0x20 [ 197.706948] ? _copy_to_user+0xc8/0x110 [ 197.710974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.716513] ? put_timespec64+0x10f/0x1b0 [ 197.720655] ? nsecs_to_jiffies+0x30/0x30 [ 197.724804] ? do_syscall_64+0x9a/0x820 [ 197.728779] ? do_syscall_64+0x9a/0x820 [ 197.732752] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 197.737334] ? security_file_ioctl+0x94/0xc0 [ 197.741758] ksys_ioctl+0xa9/0xd0 [ 197.745213] __x64_sys_ioctl+0x73/0xb0 [ 197.749096] do_syscall_64+0x1b9/0x820 [ 197.752992] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 197.758353] ? syscall_return_slowpath+0x5e0/0x5e0 [ 197.763279] ? trace_hardirqs_on_caller+0x310/0x310 [ 197.768288] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 197.773303] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 197.779978] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 197.784839] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.790037] RIP: 0033:0x457669 [ 197.793226] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.812138] RSP: 002b:00007fd86e5e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 197.819845] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 197.827108] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 197.834371] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 197.841650] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd86e5e56d4 [ 197.848935] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 197.856243] [ 197.857875] Allocated by task 7525: [ 197.861496] save_stack+0x43/0xd0 [ 197.864942] kasan_kmalloc+0xcb/0xd0 [ 197.868658] kasan_slab_alloc+0x12/0x20 [ 197.872637] kmem_cache_alloc+0x130/0x730 [ 197.876797] vmx_create_vcpu+0x110/0x2695 [ 197.880945] kvm_arch_vcpu_create+0xe5/0x220 [ 197.885347] kvm_vm_ioctl+0x526/0x2030 [ 197.889234] do_vfs_ioctl+0x1de/0x1790 [ 197.893116] ksys_ioctl+0xa9/0xd0 [ 197.896572] __x64_sys_ioctl+0x73/0xb0 [ 197.900460] do_syscall_64+0x1b9/0x820 [ 197.904349] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.909525] [ 197.911146] Freed by task 0: [ 197.914158] (stack is not available) [ 197.917861] [ 197.919490] The buggy address belongs to the object at ffff8881b3c98b80 [ 197.919490] which belongs to the cache x86_fpu of size 832 [ 197.931799] The buggy address is located 64 bytes inside of [ 197.931799] 832-byte region [ffff8881b3c98b80, ffff8881b3c98ec0) [ 197.943654] The buggy address belongs to the page: [ 197.948588] page:ffffea0006cf2600 count:1 mapcount:0 mapping:ffff8881d9461340 index:0x0 [ 197.956727] flags: 0x2fffc0000000200(slab) [ 197.960961] raw: 02fffc0000000200 ffff8881d5031e48 ffff8881d5031e48 ffff8881d9461340 [ 197.968846] raw: 0000000000000000 ffff8881b3c98040 0000000100000004 0000000000000000 [ 197.976711] page dumped because: kasan: bad access detected [ 197.982432] [ 197.984055] Memory state around the buggy address: 01:00:37 executing program 3: munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) mremap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) [ 197.988989] ffff8881b3c98d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 197.996344] ffff8881b3c98e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 198.003712] >ffff8881b3c98e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 198.011060] ^ [ 198.016503] ffff8881b3c98f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 198.023870] ffff8881b3c98f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 198.031216] ================================================================== [ 198.038563] Disabling lock debugging due to kernel taint [ 198.061920] Kernel panic - not syncing: panic_on_warn set ... [ 198.067828] CPU: 1 PID: 7525 Comm: syz-executor1 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 198.077704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.087059] Call Trace: [ 198.089677] dump_stack+0x244/0x39d [ 198.093330] ? dump_stack_print_info.cold.1+0x20/0x20 [ 198.098549] ? fpstate_init+0x30/0x160 [ 198.102453] panic+0x2ad/0x632 [ 198.105663] ? add_taint.cold.5+0x16/0x16 [ 198.109828] ? preempt_schedule+0x4d/0x60 [ 198.113988] ? ___preempt_schedule+0x16/0x18 [ 198.118436] ? trace_hardirqs_on+0xb4/0x310 [ 198.122764] ? fpstate_init+0x50/0x160 [ 198.126666] end_report+0x47/0x4f [ 198.130123] kasan_report.cold.5+0xe/0x39 [ 198.134276] ? fpstate_init+0x50/0x160 [ 198.138172] ? fpstate_init+0x50/0x160 [ 198.142080] check_memory_region+0x13e/0x1b0 [ 198.146498] memset+0x23/0x40 [ 198.149620] fpstate_init+0x50/0x160 [ 198.153354] kvm_arch_vcpu_init+0x3e9/0x870 [ 198.157687] kvm_vcpu_init+0x2fa/0x420 01:00:37 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000200)={{{@in=@multicast1, @in=@remote}}, {{@in6=@ipv4}, 0x0, @in=@local}}, 0x0) syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x1, 0x2) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) signalfd(r1, 0x0, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, 0x0) stat(0x0, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0) lstat(&(0x7f0000005f00)='./file0\x00', 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000000ba, 0x1c00) [ 198.161586] ? vcpu_stat_get+0x300/0x300 [ 198.165670] ? kmem_cache_alloc+0x33f/0x730 [ 198.170111] vmx_create_vcpu+0x1b7/0x2695 [ 198.174279] ? perf_trace_sched_process_exec+0x860/0x860 [ 198.179755] ? do_raw_spin_unlock+0xa7/0x330 [ 198.184174] ? vmx_exec_control+0x210/0x210 [ 198.188509] ? kasan_check_write+0x14/0x20 [ 198.192752] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 198.197692] ? futex_wait_queue_me+0x55d/0x840 [ 198.198795] kobject: 'loop2' (0000000030cee660): kobject_uevent_env [ 198.202281] ? wait_for_completion+0x8a0/0x8a0 [ 198.213252] ? print_usage_bug+0xc0/0xc0 [ 198.217330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.222874] ? get_futex_value_locked+0xcb/0xf0 [ 198.222974] kobject: 'loop2' (0000000030cee660): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 198.227550] kvm_arch_vcpu_create+0xe5/0x220 [ 198.227571] ? kvm_arch_vcpu_free+0x90/0x90 [ 198.245726] kvm_vm_ioctl+0x526/0x2030 [ 198.249618] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 198.254730] ? futex_wait+0x5ec/0xa50 [ 198.258537] ? kvm_unregister_device_ops+0x70/0x70 [ 198.263480] ? mark_held_locks+0x130/0x130 [ 198.267724] ? kfree+0x11e/0x230 [ 198.271099] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 198.276298] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 198.281435] ? futex_wake+0x304/0x760 [ 198.285252] ? __lock_acquire+0x62f/0x4c20 [ 198.289505] ? mark_held_locks+0x130/0x130 [ 198.293752] ? graph_lock+0x270/0x270 [ 198.297561] ? do_futex+0x249/0x26d0 [ 198.301735] ? rcu_read_unlock_special+0x370/0x370 [ 198.306675] ? rcu_softirq_qs+0x20/0x20 [ 198.310658] ? unwind_dump+0x190/0x190 [ 198.314560] ? find_held_lock+0x36/0x1c0 [ 198.318634] ? __fget+0x4aa/0x740 [ 198.322117] ? lock_downgrade+0x900/0x900 [ 198.326310] ? check_preemption_disabled+0x48/0x280 [ 198.331328] ? kasan_check_read+0x11/0x20 [ 198.335478] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 198.340751] ? rcu_read_unlock_special+0x370/0x370 [ 198.345697] ? __fget+0x4d1/0x740 [ 198.349168] ? ksys_dup3+0x680/0x680 [ 198.352895] ? __might_fault+0x12b/0x1e0 [ 198.356963] ? lock_downgrade+0x900/0x900 [ 198.361131] ? lock_release+0xa00/0xa00 [ 198.365110] ? perf_trace_sched_process_exec+0x860/0x860 [ 198.370565] ? kvm_unregister_device_ops+0x70/0x70 [ 198.375514] do_vfs_ioctl+0x1de/0x1790 [ 198.379422] ? ioctl_preallocate+0x300/0x300 [ 198.383840] ? __fget_light+0x2e9/0x430 [ 198.387826] ? fget_raw+0x20/0x20 [ 198.391295] ? _copy_to_user+0xc8/0x110 [ 198.395274] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.400831] ? put_timespec64+0x10f/0x1b0 [ 198.405028] ? nsecs_to_jiffies+0x30/0x30 [ 198.409225] ? do_syscall_64+0x9a/0x820 [ 198.413202] ? do_syscall_64+0x9a/0x820 [ 198.417218] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 198.421802] ? security_file_ioctl+0x94/0xc0 [ 198.426246] ksys_ioctl+0xa9/0xd0 [ 198.429712] __x64_sys_ioctl+0x73/0xb0 [ 198.433601] do_syscall_64+0x1b9/0x820 [ 198.437515] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 198.442945] ? syscall_return_slowpath+0x5e0/0x5e0 [ 198.447882] ? trace_hardirqs_on_caller+0x310/0x310 [ 198.452924] ? prepare_exit_to_usermode+0x3b0/0x3b0 01:00:38 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) lsetxattr$security_capability(&(0x7f00000002c0)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) clone(0x210007fa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mkdirat(0xffffffffffffff9c, &(0x7f0000000500)='./file0/file0\x00', 0x0) read$FUSE(r0, &(0x7f00000050c0), 0xffffffbe) write$FUSE_ENTRY(r0, &(0x7f0000002000)={0x90, 0x0, 0x2}, 0x90) [ 198.457962] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 198.464642] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 198.469530] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.474754] RIP: 0033:0x457669 [ 198.477979] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.496895] RSP: 002b:00007fd86e5e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 198.504625] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 198.511898] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 198.519171] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 198.526451] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd86e5e56d4 [ 198.532959] kobject: 'loop5' (00000000bd1c816c): kobject_uevent_env [ 198.533724] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 198.541120] Kernel Offset: disabled [ 198.551988] Rebooting in 86400 seconds..