[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.069440] kauditd_printk_skb: 8 callbacks suppressed [ 29.069454] audit: type=1800 audit(1545628677.105:29): pid=5935 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.100921] audit: type=1800 audit(1545628677.105:30): pid=5935 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.303056] sshd (6095) used greatest stack depth: 15728 bytes left Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. 2018/12/24 05:18:08 fuzzer started 2018/12/24 05:18:10 dialing manager at 10.128.0.26:33943 [ 42.256586] ld (6120) used greatest stack depth: 15200 bytes left 2018/12/24 05:18:10 syscalls: 1 2018/12/24 05:18:10 code coverage: enabled 2018/12/24 05:18:10 comparison tracing: enabled 2018/12/24 05:18:10 setuid sandbox: enabled 2018/12/24 05:18:10 namespace sandbox: enabled 2018/12/24 05:18:10 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 05:18:10 fault injection: enabled 2018/12/24 05:18:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 05:18:10 net packet injection: enabled 2018/12/24 05:18:10 net device setup: enabled 05:20:35 executing program 0: getrandom(&(0x7f0000000000)=""/240, 0xf0, 0x3) [ 187.060380] IPVS: ftp: loaded support on port[0] = 21 05:20:35 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) close(r1) [ 187.342242] IPVS: ftp: loaded support on port[0] = 21 05:20:35 executing program 2: r0 = syz_open_dev$sndseq(&(0x7f0000000240)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f0000000000)) [ 187.675727] IPVS: ftp: loaded support on port[0] = 21 05:20:35 executing program 3: r0 = socket$unix(0x1, 0x5, 0x0) modify_ldt$write(0x1, 0x0, 0xffffffffffffff40) r1 = open(&(0x7f0000000000)='./file0\x00', 0x40, 0x0) getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) dup3(r0, r1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) mount$9p_rdma(0x0, 0x0, 0x0, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) lchown(0x0, 0x0, 0x0) timer_create(0x0, 0x0, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, 0x0, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0x6f, &(0x7f0000000140), 0x4) [ 188.062689] IPVS: ftp: loaded support on port[0] = 21 05:20:36 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f00000001c0)={'mangle\x00'}, &(0x7f0000000140)=0x54) [ 188.520846] IPVS: ftp: loaded support on port[0] = 21 05:20:36 executing program 5: capget(&(0x7f0000000040)={0x20080522}, 0xffffffffffffffff) [ 188.999244] IPVS: ftp: loaded support on port[0] = 21 [ 189.024503] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.041536] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.049105] device bridge_slave_0 entered promiscuous mode [ 189.216293] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.233665] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.246918] device bridge_slave_1 entered promiscuous mode [ 189.375110] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.490893] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.531682] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.561251] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.568712] device bridge_slave_0 entered promiscuous mode [ 189.680961] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.691775] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.699140] device bridge_slave_1 entered promiscuous mode [ 189.818084] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.941723] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.989627] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.018807] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.027587] device bridge_slave_0 entered promiscuous mode [ 190.062991] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 190.075260] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.140187] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.171686] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.180301] device bridge_slave_1 entered promiscuous mode [ 190.301116] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 190.354788] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 190.363892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.394720] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.407136] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.415183] device bridge_slave_0 entered promiscuous mode [ 190.423990] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 190.504210] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.511538] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.518952] device bridge_slave_1 entered promiscuous mode [ 190.656579] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.685674] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 190.778155] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.821501] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.838194] team0: Port device team_slave_0 added [ 190.846289] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 190.874528] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.886160] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 190.921804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.950595] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.962246] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.969664] device bridge_slave_0 entered promiscuous mode [ 190.985485] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.001933] team0: Port device team_slave_1 added [ 191.050927] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.076013] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.091180] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.098510] device bridge_slave_1 entered promiscuous mode [ 191.141321] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.193955] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.200349] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.234542] device bridge_slave_0 entered promiscuous mode [ 191.259307] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 191.276993] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 191.333277] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.355916] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.375300] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.389606] device bridge_slave_1 entered promiscuous mode [ 191.398408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 191.410193] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.426289] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.465610] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.481739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.541383] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 191.548227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.575287] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 191.590236] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 191.601197] team0: Port device team_slave_0 added [ 191.619269] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.639188] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.661634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.726793] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 191.739291] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 191.749569] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.771844] team0: Port device team_slave_1 added [ 191.777549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.795517] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 191.805425] team0: Port device team_slave_0 added [ 191.813923] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 191.914064] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 191.939145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.954914] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.966825] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.974263] team0: Port device team_slave_1 added [ 192.010338] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 192.047179] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.109567] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 192.117208] team0: Port device team_slave_0 added [ 192.129283] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 192.141310] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 192.152473] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.160088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.182035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.241251] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 192.248653] team0: Port device team_slave_1 added [ 192.274715] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 192.299946] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.332445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.351758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.367031] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 192.381999] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 192.408687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.418718] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.454497] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 192.471197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.479125] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.520116] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 192.532706] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 192.539533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.569444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.591632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.624010] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 192.638030] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 192.661434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.671851] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.691907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.726133] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 192.735690] team0: Port device team_slave_0 added [ 192.744141] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 192.767851] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.779839] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.854047] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 192.872473] team0: Port device team_slave_1 added [ 192.941658] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 192.952994] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.971855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.023428] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.161079] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 193.171964] team0: Port device team_slave_0 added [ 193.182852] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.300166] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 193.307472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.324263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.361905] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 193.371542] team0: Port device team_slave_1 added [ 193.387763] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 193.408384] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.421898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.430673] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.437216] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.444268] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.450641] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.475924] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.522305] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 193.529154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.552492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.661407] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 193.668706] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.677758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.808774] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 193.819230] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.831756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.874615] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 193.893900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.921900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.969805] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.976269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.982989] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.989362] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.033798] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 194.044159] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.050538] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.057234] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.063667] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.072302] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 194.311135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.322419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.341383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.553090] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.559496] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.566229] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.572639] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.595216] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 194.979726] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.986169] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.992872] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.999246] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.017252] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 195.341144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.348449] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.410423] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.416849] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.423582] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.429958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.438929] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 196.400014] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 198.673273] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.095325] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.132160] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.495029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.527784] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.534071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.549696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.598865] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.918079] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.958077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.991283] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 200.096577] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 200.106183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.128337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.311187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.362810] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 200.368983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.401802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.530608] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.567912] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 200.589654] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.791847] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.800864] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 200.981952] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 201.055071] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 201.066791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.082407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.362406] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 201.368758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.381808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.472882] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 201.479050] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.502412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.543667] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.844944] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.882080] 8021q: adding VLAN 0 to HW filter on device team0 05:20:51 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [], 0x13}, 0x9}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 05:20:51 executing program 0: r0 = memfd_create(&(0x7f0000000080)='numa_maps\x00', 0x0) fallocate(r0, 0x3, 0x7fffffffffffdffe, 0x2) 05:20:51 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000480)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) lstat(&(0x7f0000002600)='./file0\x00', &(0x7f0000000340)) 05:20:51 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'lo\x00'}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="000000000c00000000000000080001007366710048000200000000000000000000007418000000000000000000000000000000000000ac699c2600000000000000000000000000000000000000000000000000000000000000000000"], 0x1}}, 0x0) 05:20:51 executing program 1: perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = inotify_init1(0x0) fcntl$setown(r2, 0x8, 0xffffffffffffffff) fcntl$getownex(r2, 0x10, &(0x7f0000000080)={0x0, 0x0}) process_vm_readv(r3, &(0x7f0000000380)=[{&(0x7f0000000340)=""/61, 0x3d}], 0x1, &(0x7f0000002540)=[{&(0x7f00000003c0)=""/63, 0x3f}], 0x1, 0x0) [ 203.921563] ptrace attach of "/root/syz-executor1"[6135] was attempted by "/root/syz-executor1"[7654] 05:20:52 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r1 = syz_open_pts(r0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, r1, 0x0) 05:20:52 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) bind$inet(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000040)=0xffffffffffffffff) ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)=0x6) sendto$inet(r0, 0x0, 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback}, 0x10) 05:20:52 executing program 1: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) seccomp(0x0, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xffffffffffffffbc) lsetxattr$security_evm(0x0, &(0x7f0000000900)='security.evm\x00', 0x0, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_PLL_SET(0xffffffffffffffff, 0x40207012, 0x0) futimesat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', &(0x7f0000000400)={{0x0, 0x2710}, {0x0, 0x7530}}) arch_prctl$ARCH_GET_CPUID(0x1011) r0 = open(0x0, 0x0, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000000)={0x0, 0x1000, 0x1, 0x7}, &(0x7f0000000280)=0x10) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000180)={0x0, 0x81}) syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0x0, 0x0) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f00000005c0)='trusted.overlay.nlink\x00', 0x0, 0x0, 0x0) syz_mount_image$f2fs(&(0x7f0000000240)='f2fs\x00', &(0x7f0000000340)='./file0\x00', 0xffffffff00000000, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="1020f5f20100070009000000030000000c0000000900000001000000020000000000000000300000000000000e00000016000000020000000200000002000000020000000e000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0x0, 0x0}, 0x10) [ 204.096978] audit: type=1326 audit(1545628852.135:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7671 comm="syz-executor1" exe="/root/syz-executor1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0x0 [ 204.141695] hrtimer: interrupt took 53066 ns 05:20:52 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) bind$inet(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000040)=0xffffffffffffffff) ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)=0x6) sendto$inet(r0, 0x0, 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback}, 0x10) [ 204.314039] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 204.322711] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 204.377710] F2FS-fs (loop1): invalid crc value [ 204.397174] F2FS-fs (loop1): invalid crc value [ 204.405063] F2FS-fs (loop1): Failed to get valid F2FS checkpoint [ 204.429807] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 204.462695] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 204.491000] F2FS-fs (loop1): invalid crc value [ 204.502271] F2FS-fs (loop1): invalid crc value [ 204.507357] F2FS-fs (loop1): Failed to get valid F2FS checkpoint 05:20:52 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xaf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xdau\xaf\x1f\x02\xac\x06\xed\xbc\xd7\xa0q\xfb53\x1c\xe3\x9cZ\x00\x00\x00\x00') ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000200)=0x80004) 05:20:52 executing program 4: r0 = socket$inet6(0xa, 0x803, 0x8000000007) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r1, 0x80) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) memfd_create(&(0x7f0000000040)='lo\x00\x00\x00$\x00\x00\x00\x00\x00\x00\b\x00\x00\x11', 0x0) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, 0x0) write(r2, &(0x7f0000000380), 0xfffffffe) recvfrom$inet6(r2, &(0x7f0000001840)=""/31, 0xfffffe0e, 0x100, &(0x7f0000001880), 0x1c) r3 = accept4(r1, 0x0, 0x0, 0x0) sendto$inet6(r3, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") socket$packet(0x11, 0xa, 0x300) 05:20:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000100)={0x10000000000002, 0x0, @ioapic={0x0, 0x0, 0x0, 0xff, 0x0, [{}, {}, {0x0, 0x80}]}}) 05:20:52 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) bind$inet(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000040)=0xffffffffffffffff) ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)=0x6) sendto$inet(r0, 0x0, 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback}, 0x10) 05:20:52 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)={0x14}, 0x14}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x0) 05:20:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000280)={0xa4}) [ 204.869952] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 204.888498] audit: type=1326 audit(1545628852.925:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7671 comm="syz-executor1" exe="/root/syz-executor1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0x0 [ 204.889606] syz-executor1 (7680) used greatest stack depth: 14752 bytes left 05:20:53 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)={0x14}, 0x14}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x0) [ 204.960751] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 204.978655] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock 05:20:53 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000b55000)={0x2, 0x2}, 0x10) bind$inet(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000040)=0xffffffffffffffff) ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)=0x6) sendto$inet(r0, 0x0, 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @loopback}, 0x10) [ 205.040344] F2FS-fs (loop1): invalid crc value [ 205.084783] F2FS-fs (loop1): invalid crc value 05:20:53 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'eql\x00', 0x100007ff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) ioctl$sock_ifreq(r2, 0x8914, &(0x7f0000000140)={'eql\x00\x00\x00\xa9[\x00', @ifru_map={0x5}}) 05:20:53 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000091fa8)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x69, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r1, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000001700)}}], 0x40000e5, 0x0) [ 205.118165] F2FS-fs (loop1): Failed to get valid F2FS checkpoint [ 205.176612] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 205.236516] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 205.264486] F2FS-fs (loop1): invalid crc value [ 205.274748] F2FS-fs (loop1): invalid crc value [ 205.288140] F2FS-fs (loop1): Failed to get valid F2FS checkpoint 05:20:53 executing program 1: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) seccomp(0x0, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xffffffffffffffbc) lsetxattr$security_evm(0x0, &(0x7f0000000900)='security.evm\x00', 0x0, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_PLL_SET(0xffffffffffffffff, 0x40207012, 0x0) futimesat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', &(0x7f0000000400)={{0x0, 0x2710}, {0x0, 0x7530}}) arch_prctl$ARCH_GET_CPUID(0x1011) r0 = open(0x0, 0x0, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000000)={0x0, 0x1000, 0x1, 0x7}, &(0x7f0000000280)=0x10) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000180)={0x0, 0x81}) syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0x0, 0x0) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f00000005c0)='trusted.overlay.nlink\x00', 0x0, 0x0, 0x0) syz_mount_image$f2fs(&(0x7f0000000240)='f2fs\x00', &(0x7f0000000340)='./file0\x00', 0xffffffff00000000, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="1020f5f20100070009000000030000000c0000000900000001000000020000000000000000300000000000000e00000016000000020000000200000002000000020000000e000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0x0, 0x0}, 0x10) 05:20:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe2(0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 05:20:53 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000540)='/dev/loop#\x00', 0x0, 0x0) ioctl$IOC_PR_REGISTER(r0, 0x401870c8, 0x0) [ 205.424403] ================================================================== [ 205.431931] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 205.438528] Write of size 832 at addr ffff8881bceaebc0 by task syz-executor5/7770 [ 205.446147] [ 205.447766] CPU: 0 PID: 7770 Comm: syz-executor5 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 205.456237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.465611] Call Trace: [ 205.468188] dump_stack+0x244/0x39d [ 205.471807] ? dump_stack_print_info.cold.1+0x20/0x20 [ 205.476988] ? printk+0xa7/0xcf [ 205.480256] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 205.485005] print_address_description.cold.4+0x9/0x1ff [ 205.490355] ? fpstate_init+0x50/0x160 [ 205.494243] kasan_report.cold.5+0x1b/0x39 [ 205.498491] ? fpstate_init+0x50/0x160 [ 205.502369] ? fpstate_init+0x50/0x160 [ 205.506248] check_memory_region+0x13e/0x1b0 [ 205.510642] memset+0x23/0x40 [ 205.513738] fpstate_init+0x50/0x160 [ 205.517445] kvm_arch_vcpu_init+0x3e9/0x870 [ 205.521772] kvm_vcpu_init+0x2fa/0x420 [ 205.525650] ? vcpu_stat_get+0x300/0x300 [ 205.529702] ? kmem_cache_alloc+0x33f/0x730 [ 205.534014] vmx_create_vcpu+0x1b7/0x2695 [ 205.538150] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 205.543259] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 205.547865] ? preempt_schedule+0x4d/0x60 [ 205.552004] ? preempt_schedule_common+0x1f/0xe0 [ 205.556750] ? vmx_exec_control+0x210/0x210 [ 205.561070] ? ___preempt_schedule+0x16/0x18 [ 205.565499] ? kasan_check_write+0x14/0x20 [ 205.569738] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 205.574656] ? wait_for_completion+0x8a0/0x8a0 [ 205.579229] ? print_usage_bug+0xc0/0xc0 [ 205.583283] ? migrate_swap_stop+0x8a0/0x8a0 [ 205.587685] kvm_arch_vcpu_create+0xe5/0x220 [ 205.592080] ? kvm_arch_vcpu_free+0x90/0x90 [ 205.596397] kvm_vm_ioctl+0x526/0x2030 [ 205.600275] ? kvm_unregister_device_ops+0x70/0x70 [ 205.605232] ? mark_held_locks+0x130/0x130 [ 205.609498] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 205.614708] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 205.619799] ? futex_wake+0x304/0x760 [ 205.623596] ? __lock_acquire+0x62f/0x4c20 [ 205.627830] ? find_held_lock+0x36/0x1c0 [ 205.631904] ? mark_held_locks+0x130/0x130 [ 205.636145] ? graph_lock+0x270/0x270 [ 205.639944] ? do_futex+0x249/0x26d0 [ 205.643671] ? rcu_read_unlock_special+0x370/0x370 [ 205.648588] ? rcu_softirq_qs+0x20/0x20 [ 205.652566] ? unwind_dump+0x190/0x190 [ 205.656469] ? find_held_lock+0x36/0x1c0 [ 205.660558] ? __fget+0x4aa/0x740 [ 205.663998] ? lock_downgrade+0x900/0x900 [ 205.668150] ? check_preemption_disabled+0x48/0x280 [ 205.673153] ? kasan_check_read+0x11/0x20 [ 205.677317] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 205.682599] ? rcu_read_unlock_special+0x370/0x370 [ 205.687536] ? __fget+0x4d1/0x740 [ 205.691000] ? ksys_dup3+0x680/0x680 [ 205.694733] ? __might_fault+0x12b/0x1e0 [ 205.698794] ? lock_downgrade+0x900/0x900 [ 205.702947] ? lock_release+0xa00/0xa00 [ 205.706928] ? perf_trace_sched_process_exec+0x860/0x860 [ 205.712365] ? kvm_unregister_device_ops+0x70/0x70 [ 205.717292] do_vfs_ioctl+0x1de/0x1790 [ 205.721171] ? ioctl_preallocate+0x300/0x300 [ 205.725570] ? __fget_light+0x2e9/0x430 [ 205.729539] ? fget_raw+0x20/0x20 [ 205.732985] ? _copy_to_user+0xc8/0x110 [ 205.736967] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.742528] ? put_timespec64+0x10f/0x1b0 [ 205.746682] ? nsecs_to_jiffies+0x30/0x30 [ 205.750838] ? do_syscall_64+0x9a/0x820 [ 205.754801] ? do_syscall_64+0x9a/0x820 [ 205.758764] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 205.763364] ? security_file_ioctl+0x94/0xc0 [ 205.767793] ksys_ioctl+0xa9/0xd0 [ 205.771267] __x64_sys_ioctl+0x73/0xb0 [ 205.775158] do_syscall_64+0x1b9/0x820 [ 205.779048] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 205.784423] ? syscall_return_slowpath+0x5e0/0x5e0 [ 205.789338] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 205.794187] ? trace_hardirqs_on_caller+0x310/0x310 [ 205.799212] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 205.804231] ? prepare_exit_to_usermode+0x291/0x3b0 [ 205.809255] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 205.814089] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.819264] RIP: 0033:0x457669 [ 205.822445] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.841355] RSP: 002b:00007f4eab586c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 205.849078] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 205.856335] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 205.863591] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 205.870871] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4eab5876d4 [ 205.878137] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 205.885410] [ 205.887023] Allocated by task 7770: [ 205.890635] save_stack+0x43/0xd0 [ 205.894076] kasan_kmalloc+0xcb/0xd0 [ 205.897772] kasan_slab_alloc+0x12/0x20 [ 205.901749] kmem_cache_alloc+0x130/0x730 [ 205.905883] vmx_create_vcpu+0x110/0x2695 [ 205.910016] kvm_arch_vcpu_create+0xe5/0x220 [ 205.914413] kvm_vm_ioctl+0x526/0x2030 [ 205.918332] do_vfs_ioctl+0x1de/0x1790 [ 205.922205] ksys_ioctl+0xa9/0xd0 [ 205.925644] __x64_sys_ioctl+0x73/0xb0 [ 205.929518] do_syscall_64+0x1b9/0x820 [ 205.933391] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.938562] [ 205.940170] Freed by task 0: [ 205.943189] (stack is not available) [ 205.946894] [ 205.948522] The buggy address belongs to the object at ffff8881bceaeb80 [ 205.948522] which belongs to the cache x86_fpu of size 832 [ 205.960837] The buggy address is located 64 bytes inside of [ 205.960837] 832-byte region [ffff8881bceaeb80, ffff8881bceaeec0) [ 205.972616] The buggy address belongs to the page: [ 205.977545] page:ffffea0006f3ab80 count:1 mapcount:0 mapping:ffff8881d7a60380 index:0x0 [ 205.985668] flags: 0x2fffc0000000200(slab) [ 205.989889] raw: 02fffc0000000200 ffff8881d5081448 ffff8881d5081448 ffff8881d7a60380 [ 205.997757] raw: 0000000000000000 ffff8881bceae040 0000000100000004 0000000000000000 [ 206.005620] page dumped because: kasan: bad access detected [ 206.011310] [ 206.012920] Memory state around the buggy address: [ 206.017855] ffff8881bceaed80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 206.025272] ffff8881bceaee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 206.032630] >ffff8881bceaee80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 206.040032] ^ [ 206.045479] ffff8881bceaef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 206.052826] ffff8881bceaef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 206.060212] ================================================================== [ 206.067576] Disabling lock debugging due to kernel taint [ 206.079884] Kernel panic - not syncing: panic_on_warn set ... [ 206.085803] CPU: 0 PID: 7770 Comm: syz-executor5 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 206.095678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.105057] Call Trace: [ 206.107636] dump_stack+0x244/0x39d [ 206.111274] ? dump_stack_print_info.cold.1+0x20/0x20 [ 206.116495] ? fpstate_init+0x30/0x160 [ 206.120379] panic+0x2ad/0x632 [ 206.123573] ? add_taint.cold.5+0x16/0x16 [ 206.127722] ? preempt_schedule+0x4d/0x60 [ 206.131862] ? ___preempt_schedule+0x16/0x18 [ 206.136262] ? trace_hardirqs_on+0xb4/0x310 [ 206.140596] ? fpstate_init+0x50/0x160 [ 206.144493] end_report+0x47/0x4f [ 206.147935] kasan_report.cold.5+0xe/0x39 [ 206.152070] ? fpstate_init+0x50/0x160 [ 206.155955] ? fpstate_init+0x50/0x160 [ 206.159843] check_memory_region+0x13e/0x1b0 [ 206.164262] memset+0x23/0x40 [ 206.167359] fpstate_init+0x50/0x160 [ 206.171062] kvm_arch_vcpu_init+0x3e9/0x870 [ 206.175375] kvm_vcpu_init+0x2fa/0x420 [ 206.179260] ? vcpu_stat_get+0x300/0x300 [ 206.183337] ? kmem_cache_alloc+0x33f/0x730 [ 206.187683] vmx_create_vcpu+0x1b7/0x2695 [ 206.191842] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 206.196948] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 206.201538] ? preempt_schedule+0x4d/0x60 [ 206.205686] ? preempt_schedule_common+0x1f/0xe0 [ 206.210449] ? vmx_exec_control+0x210/0x210 [ 206.211318] kobject: 'kvm' (000000007bf60e3d): kobject_uevent_env [ 206.214796] ? ___preempt_schedule+0x16/0x18 [ 206.214813] ? kasan_check_write+0x14/0x20 [ 206.214827] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 206.214845] ? wait_for_completion+0x8a0/0x8a0 [ 206.221719] kobject: 'kvm' (000000007bf60e3d): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 206.225495] ? print_usage_bug+0xc0/0xc0 [ 206.225514] ? migrate_swap_stop+0x8a0/0x8a0 [ 206.225532] kvm_arch_vcpu_create+0xe5/0x220 [ 206.243296] kobject: 'kvm' (000000007bf60e3d): kobject_uevent_env [ 206.248258] ? kvm_arch_vcpu_free+0x90/0x90 [ 206.248280] kvm_vm_ioctl+0x526/0x2030 [ 206.248298] ? kvm_unregister_device_ops+0x70/0x70 [ 206.252503] kobject: 'kvm' (000000007bf60e3d): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 206.256757] ? mark_held_locks+0x130/0x130 [ 206.256776] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 206.256797] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 206.303958] ? futex_wake+0x304/0x760 [ 206.307762] ? __lock_acquire+0x62f/0x4c20 [ 206.311997] ? find_held_lock+0x36/0x1c0 [ 206.316049] ? mark_held_locks+0x130/0x130 [ 206.320268] ? graph_lock+0x270/0x270 [ 206.324053] ? do_futex+0x249/0x26d0 [ 206.327763] ? rcu_read_unlock_special+0x370/0x370 [ 206.332692] ? rcu_softirq_qs+0x20/0x20 [ 206.336658] ? unwind_dump+0x190/0x190 [ 206.340548] ? find_held_lock+0x36/0x1c0 [ 206.344617] ? __fget+0x4aa/0x740 [ 206.348056] ? lock_downgrade+0x900/0x900 [ 206.352226] ? check_preemption_disabled+0x48/0x280 [ 206.357240] ? kasan_check_read+0x11/0x20 [ 206.361394] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 206.366656] ? rcu_read_unlock_special+0x370/0x370 [ 206.371582] ? __fget+0x4d1/0x740 [ 206.375044] ? ksys_dup3+0x680/0x680 [ 206.378748] ? __might_fault+0x12b/0x1e0 [ 206.382798] ? lock_downgrade+0x900/0x900 [ 206.386934] ? lock_release+0xa00/0xa00 [ 206.390896] ? perf_trace_sched_process_exec+0x860/0x860 [ 206.396331] ? kvm_unregister_device_ops+0x70/0x70 [ 206.401257] do_vfs_ioctl+0x1de/0x1790 [ 206.405146] ? ioctl_preallocate+0x300/0x300 [ 206.409543] ? __fget_light+0x2e9/0x430 [ 206.413513] ? fget_raw+0x20/0x20 [ 206.416967] ? _copy_to_user+0xc8/0x110 [ 206.420933] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 206.426458] ? put_timespec64+0x10f/0x1b0 [ 206.430605] ? nsecs_to_jiffies+0x30/0x30 [ 206.434753] ? do_syscall_64+0x9a/0x820 [ 206.438724] ? do_syscall_64+0x9a/0x820 [ 206.442682] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 206.447252] ? security_file_ioctl+0x94/0xc0 [ 206.451649] ksys_ioctl+0xa9/0xd0 [ 206.455088] __x64_sys_ioctl+0x73/0xb0 [ 206.458963] do_syscall_64+0x1b9/0x820 [ 206.462839] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 206.468197] ? syscall_return_slowpath+0x5e0/0x5e0 [ 206.473139] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 206.477970] ? trace_hardirqs_on_caller+0x310/0x310 [ 206.482978] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 206.487984] ? prepare_exit_to_usermode+0x291/0x3b0 [ 206.493017] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 206.497845] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.503018] RIP: 0033:0x457669 [ 206.506213] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.525119] RSP: 002b:00007f4eab586c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 206.532822] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 206.540087] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 206.547348] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 206.554619] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4eab5876d4 [ 206.561870] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 206.570180] Kernel Offset: disabled [ 206.573824] Rebooting in 86400 seconds..