[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 20.380522] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 25.100445] random: sshd: uninitialized urandom read (32 bytes read)
[ 25.587959] random: sshd: uninitialized urandom read (32 bytes read)
[ 26.457825] random: sshd: uninitialized urandom read (32 bytes read)
[ 26.616197] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts.
[ 32.104751] random: sshd: uninitialized urandom read (32 bytes read)
[ 32.205468] IPVS: ftp: loaded support on port[0] = 21
[ 32.216244] IPVS: ftp: loaded support on port[0] = 21
[ 32.217248] IPVS: ftp: loaded support on port[0] = 21
[ 32.224054] IPVS: ftp: loaded support on port[0] = 21
[ 32.227967] IPVS: ftp: loaded support on port[0] = 21
[ 32.239183] IPVS: ftp: loaded support on port[0] = 21
[ 32.244802] IPVS: ftp: loaded support on port[0] = 21
[ 32.250575] IPVS: ftp: loaded support on port[0] = 21
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 32.587707] ==================================================================
[ 32.595188] BUG: KASAN: stack-out-of-bounds in unwind_next_frame.part.7+0x6c7/0x9e0
[ 32.602965] Read of size 8 at addr ffff8801b2467fe0 by task kworker/u4:10/4741
[ 32.610297]
[ 32.611909] CPU: 1 PID: 4741 Comm: kworker/u4:10 Not tainted 4.18.0-rc4+ #145
[ 32.619160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 32.628490] Call Trace:
[ 32.631062] dump_stack+0x1c9/0x2b4
[ 32.634673] ? dump_stack_print_info.cold.2+0x52/0x52
[ 32.639842] ? printk+0xa7/0xcf
[ 32.643105] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 32.647844] ? unwind_next_frame.part.7+0x6c7/0x9e0
[ 32.651217] kasan: CONFIG_KASAN_INLINE enabled
[ 32.657394] print_address_description+0x6c/0x20b
[ 32.662217] ? unwind_next_frame.part.7+0x6c7/0x9e0
[ 32.667223] kasan_report.cold.7+0x242/0x2fe
[ 32.671614] __asan_report_load8_noabort+0x14/0x20
[ 32.676532] unwind_next_frame.part.7+0x6c7/0x9e0
[ 32.681354] ? unwind_dump+0x190/0x190
[ 32.685227] ? unwind_dump+0x190/0x190
[ 32.689094] unwind_next_frame+0x3e/0x50
[ 32.693135] __save_stack_trace+0x7d/0xf0
[ 32.697263] ? ret_from_fork+0x3a/0x50
[ 32.701128] save_stack_trace+0x1a/0x20
[ 32.705080] save_stack+0x43/0xd0
[ 32.708509] ? save_stack+0x43/0xd0
[ 32.712112] ? kasan_kmalloc+0xc4/0xe0
[ 32.715975] ? kasan_slab_alloc+0x12/0x20
[ 32.720098] ? kmem_cache_alloc+0x11b/0x760
[ 32.724397] ? prepare_kernel_cred+0x79/0x550
[ 32.728870] ? call_usermodehelper_exec_async+0x124/0xa80
[ 32.734383] ? ret_from_fork+0x3a/0x50
[ 32.738260] ? perf_trace_lock_acquire+0xeb/0x9a0
[ 32.743083] ? find_held_lock+0x36/0x1c0
[ 32.747128] ? check_same_owner+0x340/0x340
[ 32.751436] ? kasan_unpoison_shadow+0x35/0x50
[ 32.755996] kasan_kmalloc+0xc4/0xe0
[ 32.759688] kasan_slab_alloc+0x12/0x20
[ 32.763639] kmem_cache_alloc+0x11b/0x760
[ 32.767792] ? bpf_tcp_close+0xd25/0x1050
[ 32.771920] prepare_kernel_cred+0x79/0x550
[ 32.776218] ? get_task_cred+0x430/0x430
[ 32.780257] ? _raw_spin_unlock_irq+0x27/0x70
[ 32.784826] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 32.789832] ? bpf_tcp_close+0xd25/0x1050
[ 32.793973] call_usermodehelper_exec_async+0x124/0xa80
[ 32.799315] ? preempt_notifier_register+0x200/0x200
[ 32.804395] ? umh_complete+0x90/0x90
[ 32.808171] ? rcu_is_watching+0x8c/0x150
[ 32.812297] ? rcu_report_qs_rnp+0x7a0/0x7a0
[ 32.816682] ? umh_complete+0x90/0x90
[ 32.820457] ? bpf_tcp_close+0xd25/0x1050
[ 32.824580] ? umh_complete+0x90/0x90
[ 32.828355] ? bpf_tcp_close+0xd25/0x1050
[ 32.832482] ret_from_fork+0x3a/0x50
[ 32.836172] RIP: 0286:0xffff8801b2468118
[ 32.840203] Code: 95 06 10 74 a5 8a ff ff ff ff 10 74 a5 8a ff ff ff ff 00 b1 44 a7 01 88 ff ff 20 b1 44 a7 01 88 ff ff 00 00 00 00 00 00 00 00 <00> 83 46 b2 01 88 ff ff d5 e8 90 81 ff ff ff ff 00 00 00 00 00 00
[ 32.859344] RSP: ab63a8f0:ffff880100000002 EFLAGS: 00000000 ORIG_RAX: ffff8801b2468030
[ 32.867376] RAX: ffff8801b2468030 RBX: ffffffff88f92620 RCX: 1ffff1003648d002
[ 32.874622] RDX: ffff8801b24680f0 RSI: ffffffff88f92620 RDI: ffff8801ab63a0c0
[ 32.881874] RBP: ffff8801d7c1ac00 R08: ffffffff8190dbb0 R09: ffffffff88bee050
[ 32.889118] R10: 0000000041b58ab3 R11: 0000000000000000 R12: ffff8801ab63a920
[ 32.896363] R13: 1ffff1003648d002 R14: 1ffff1003648cff2 R15: 0000000000000000
[ 32.903620] ? sock_hash_free+0x6a0/0x6a0
[ 32.907741]
[ 32.909357] The buggy address belongs to the page:
[ 32.909369] page:ffffea0006c919c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 32.914295] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 32.914310] general protection fault: 0000 [#1] SMP KASAN
[ 32.922437] flags: 0x2fffc0000000000()
[ 32.929779] CPU: 0 PID: 4693 Comm: syz-executor124 Not tainted 4.18.0-rc4+ #145
[ 32.929789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 32.935315] raw: 02fffc0000000000 0000000000000000 ffffffff06c90101 0000000000000000
[ 32.939187] RIP: 0010:timerqueue_add+0xc6/0x2b0
[ 32.946599] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 32.955924] Code: 00
[ 32.963795] page dumped because: kasan: bad access detected
[ 32.963802]
[ 32.968442] 4d 8b
[ 32.976303] Memory state around the buggy address:
[ 32.976313] ffff8801b2467e80: f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2
[ 32.978694] 2f 4d
[ 32.984394] ffff8801b2467f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 32.986003] 85 ed
[ 32.988141] >ffff8801b2467f80: 00 00 f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 f2
[ 32.993043] 74 4b
[ 33.000387] ^
[ 33.000396] ffff8801b2468000: f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 f8 f2
[ 33.002517] e8 96
[ 33.009867] ffff8801b2468080: f2 f2 f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00
[ 33.011990] 07
[ 33.019330] ==================================================================
[ 33.021454] ec f9
[ 33.027961] kasan: CONFIG_KASAN_INLINE enabled
[ 33.035277] 48 8b
[ 33.037422] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 33.044756] 45 d0 80 38 00 0f 85 97 01 00 00 49 8d 7d 18 4c 8b 7b 18 48 89 f9 48 c1 e9 03 <42> 80 3c 21 00 0f 85 73 01 00 00 4d 8b 75 18 4c 89 ff 4c 89 f6 e8
[ 33.084502] RSP: 0018:ffff8801dae07a20 EFLAGS: 00010006
[ 33.089845] RAX: ffffed003b5c4caf RBX: ffff8801dae26560 RCX: 000000000836b159
[ 33.097091] RDX: 0000000000010000 RSI: ffffffff8790040a RDI: 0000000041b58acb
[ 33.104336] RBP: ffff8801dae07a60 R08: ffff8801ab63a0c0 R09: ffffed003b5c46d6
[ 33.111588] R10: ffffed003b5c46d6 R11: ffff8801dae236b3 R12: dffffc0000000000
[ 33.118834] R13: 0000000041b58ab3 R14: ffff8801ae7f7ce0 R15: 000000079a35fb00
[ 33.126083] FS: 00000000018c5880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[ 33.134295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.140150] CR2: 00007ff2e76c3af0 CR3: 00000001adeb1000 CR4: 00000000001406f0
[ 33.147397] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.154647] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.161891] Call Trace:
[ 33.164459]
[ 33.166604] enqueue_hrtimer+0x18e/0x540
[ 33.171484] ? hrtimer_update_softirq_timer+0xa0/0xa0
[ 33.176654] ? __lock_is_held+0xb5/0x140
[ 33.180700] ? kasan_check_write+0x14/0x20
[ 33.184910] ? do_raw_spin_lock+0xc1/0x200
[ 33.189125] __hrtimer_run_queues+0xc07/0x10c0
[ 33.193696] ? hrtimer_start_range_ns+0xd20/0xd20
[ 33.198518] ? pvclock_read_flags+0x160/0x160
[ 33.202993] ? kvm_clock_read+0x25/0x30
[ 33.206944] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 33.211953] ? ktime_get_update_offsets_now+0x3db/0x5d0
[ 33.217300] ? do_timer+0x50/0x50
[ 33.220731] ? rcu_nmi_exit+0xe0/0x2d0
[ 33.224604] ? do_raw_spin_lock+0xc1/0x200
[ 33.228825] hrtimer_interrupt+0x2f3/0x750
[ 33.233045] smp_apic_timer_interrupt+0x165/0x730
[ 33.237870] ? smp_call_function_single_interrupt+0x660/0x660
[ 33.243732] ? _raw_spin_unlock+0x22/0x30
[ 33.247860] ? handle_edge_irq+0x330/0x870
[ 33.252076] ? task_prio+0x50/0x50
[ 33.255597] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 33.260417] apic_timer_interrupt+0xf/0x20
[ 33.264622]
[ 33.266829] Modules linked in:
[ 33.270001] Dumping ftrace buffer:
[ 33.273519] (ftrace buffer empty)
[ 33.277208]
[ 33.277211] ======================================================
[ 33.277215] WARNING: possible circular locking dependency detected
[ 33.277217] 4.18.0-rc4+ #145 Not tainted
[ 33.277220] ------------------------------------------------------
[ 33.277223] syz-executor124/4693 is trying to acquire lock:
[ 33.277225] (____ptrval____) ((console_sem).lock){-...}, at: down_trylock+0x13/0x70
[ 33.277233]
[ 33.277235] but task is already holding lock:
[ 33.277237] (____ptrval____) (hrtimer_bases.lock){-.-.}, at: __hrtimer_run_queues+0x43c/0x10c0
[ 33.277245]
[ 33.277248] which lock already depends on the new lock.
[ 33.277249]
[ 33.277251]
[ 33.277254] the existing dependency chain (in reverse order) is:
[ 33.277255]
[ 33.277256] -> #4 (hrtimer_bases.lock){-.-.}:
[ 33.277264] _raw_spin_lock_irqsave+0x96/0xc0
[ 33.277267] lock_hrtimer_base.isra.18+0x75/0x130
[ 33.277269] hrtimer_start_range_ns+0x128/0xd20
[ 33.277272] enqueue_task_rt+0x96a/0xfd0
[ 33.277274] enqueue_task+0xa2/0x1d0
[ 33.277276] __sched_setscheduler+0xe80/0x20b0
[ 33.277279] _sched_setscheduler+0x20c/0x370
[ 33.277281] sched_setscheduler+0xe/0x10
[ 33.277284] watchdog_enable+0x12d/0x1a0
[ 33.277286] smpboot_thread_fn+0x4c0/0x870
[ 33.277288] kthread+0x345/0x410
[ 33.277290] ret_from_fork+0x3a/0x50
[ 33.277291]
[ 33.277293] -> #3 (&rt_b->rt_runtime_lock){-.-.}:
[ 33.277301] _raw_spin_lock+0x2a/0x40
[ 33.277303] enqueue_task_rt+0x618/0xfd0
[ 33.277305] enqueue_task+0xa2/0x1d0
[ 33.277308] __sched_setscheduler+0xe80/0x20b0
[ 33.277310] _sched_setscheduler+0x20c/0x370
[ 33.277312] sched_setscheduler+0xe/0x10
[ 33.277315] watchdog_enable+0x12d/0x1a0
[ 33.277317] smpboot_thread_fn+0x4c0/0x870
[ 33.277319] kthread+0x345/0x410
[ 33.277321] ret_from_fork+0x3a/0x50
[ 33.277323]
[ 33.277324] -> #2 (&rq->lock){-.-.}:
[ 33.277331] _raw_spin_lock+0x2a/0x40
[ 33.277334] task_fork_fair+0x93/0x680
[ 33.277336] sched_fork+0x446/0xb40
[ 33.277338] copy_process.part.39+0x1c09/0x7220
[ 33.277341] _do_fork+0x291/0x12a0
[ 33.277343] kernel_thread+0x34/0x40
[ 33.277345] rest_init+0x22/0xe4
[ 33.277347] start_kernel+0x90e/0x949
[ 33.277350] x86_64_start_reservations+0x29/0x2b
[ 33.277352] x86_64_start_kernel+0x76/0x79
[ 33.277354] secondary_startup_64+0xa5/0xb0
[ 33.277356]
[ 33.277357] -> #1 (&p->pi_lock){-.-.}:
[ 33.277365] _raw_spin_lock_irqsave+0x96/0xc0
[ 33.277367] try_to_wake_up+0xd2/0x12b0
[ 33.277369] wake_up_process+0x10/0x20
[ 33.277371] __up.isra.1+0x1c0/0x2a0
[ 33.277373] up+0x13c/0x1c0
[ 33.277376] __up_console_sem+0xbe/0x1b0
[ 33.277378] console_unlock+0x7a2/0x10b0
[ 33.277380] vprintk_emit+0x6c6/0xdf0
[ 33.277382] vprintk_default+0x28/0x30
[ 33.277385] vprintk_func+0x7a/0xe7
[ 33.277387] printk+0xa7/0xcf
[ 33.277389] load_umh+0x51/0xbd
[ 33.277391] do_one_initcall+0x127/0x913
[ 33.277393] kernel_init_freeable+0x49b/0x58e
[ 33.277396] kernel_init+0x11/0x1b3
[ 33.277398] ret_from_fork+0x3a/0x50
[ 33.277399]
[ 33.277400] -> #0 ((console_sem).lock){-...}:
[ 33.277408] lock_acquire+0x1e4/0x540
[ 33.277411] _raw_spin_lock_irqsave+0x96/0xc0
[ 33.277413] down_trylock+0x13/0x70
[ 33.277415] __down_trylock_console_sem+0xae/0x200
[ 33.277418] console_trylock+0x15/0xa0
[ 33.277420] vprintk_emit+0x6ad/0xdf0
[ 33.277422] vprintk_default+0x28/0x30
[ 33.277424] vprintk_func+0x7a/0xe7
[ 33.277426] printk+0xa7/0xcf
[ 33.277429] kasan_die_handler.cold.22+0x11/0x30
[ 33.277431] notifier_call_chain+0x180/0x390
[ 33.277434] atomic_notifier_call_chain+0x98/0x190
[ 33.277436] notify_die+0x1be/0x2e0
[ 33.277439] do_general_protection+0x248/0x2f0
[ 33.277441] general_protection+0x1e/0x30
[ 33.277443] timerqueue_add+0xc6/0x2b0
[ 33.277446] enqueue_hrtimer+0x18e/0x540
[ 33.277448] __hrtimer_run_queues+0xc07/0x10c0
[ 33.277450] hrtimer_interrupt+0x2f3/0x750
[ 33.277453] smp_apic_timer_interrupt+0x165/0x730
[ 33.277455] apic_timer_interrupt+0xf/0x20
[ 33.277457]
[ 33.277459] other info that might help us debug this:
[ 33.277460]
[ 33.277462] Chain exists of:
[ 33.277463] (console_sem).lock --> &rt_b->rt_runtime_lock --> hrtimer_bases.lock
[ 33.277474]
[ 33.277476] Possible unsafe locking scenario:
[ 33.277477]
[ 33.277480] CPU0 CPU1
[ 33.277482] ---- ----
[ 33.277483] lock(hrtimer_bases.lock);
[ 33.277489] lock(&rt_b->rt_runtime_lock);
[ 33.277494] lock(hrtimer_bases.lock);
[ 33.277499] lock((console_sem).lock);
[ 33.277503]
[ 33.277505] *** DEADLOCK ***
[ 33.277506]
[ 33.277509] 4 locks held by syz-executor124/4693:
[ 33.277510] #0: (____ptrval____) (&sb->s_type->i_mutex_key#11){+.+.}, at: __sock_release+0x8b/0x260
[ 33.277521] #1: (____ptrval____) (rcu_read_lock){....}, at: bpf_tcp_close+0x0/0x1050
[ 33.277531] #2: (____ptrval____) (hrtimer_bases.lock){-.-.}, at: __hrtimer_run_queues+0x43c/0x10c0
[ 33.277541] #3: (____ptrval____) (rcu_read_lock){....}, at: atomic_notifier_call_chain+0x0/0x190
[ 33.277550]
[ 33.277552] stack backtrace:
[ 33.277556] CPU: 0 PID: 4693 Comm: syz-executor124 Not tainted 4.18.0-rc4+ #145
[ 33.277560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 33.277562] Call Trace:
[ 33.277563]
[ 33.277565] dump_stack+0x1c9/0x2b4
[ 33.277568] ? dump_stack_print_info.cold.2+0x52/0x52
[ 33.277570] ? vprintk_func+0xd0/0xe7
[ 33.277573] print_circular_bug.isra.36.cold.57+0x1bd/0x27d
[ 33.277575] ? save_trace+0xe0/0x290
[ 33.277578] __lock_acquire+0x3449/0x5020
[ 33.277580] ? trace_hardirqs_on+0x10/0x10
[ 33.277582] ? trace_hardirqs_on+0x10/0x10
[ 33.277585] ? perf_trace_lock+0x920/0x920
[ 33.277587] ? perf_trace_lock_acquire+0xeb/0x9a0
[ 33.277590] ? perf_trace_lock_acquire+0xeb/0x9a0
[ 33.277592] ? print_usage_bug+0xc0/0xc0
[ 33.277594] lock_acquire+0x1e4/0x540
[ 33.277596] ? down_trylock+0x13/0x70
[ 33.277599] ? lock_release+0xa30/0xa30
[ 33.277601] ? lock_downgrade+0x8f0/0x8f0
[ 33.277603] ? kvm_sched_clock_read+0x9/0x20
[ 33.277605] ? sched_clock+0x31/0x40
[ 33.277608] ? vprintk_emit+0x6ad/0xdf0
[ 33.277610] _raw_spin_lock_irqsave+0x96/0xc0
[ 33.277612] ? down_trylock+0x13/0x70
[ 33.277614] down_trylock+0x13/0x70
[ 33.277617] __down_trylock_console_sem+0xae/0x200
[ 33.277619] console_trylock+0x15/0xa0
[ 33.277621] vprintk_emit+0x6ad/0xdf0
[ 33.277623] ? wake_up_klogd+0x110/0x110
[ 33.277626] ? attach_entity_load_avg+0x860/0x860
[ 33.277628] ? perf_trace_lock+0x920/0x920
[ 33.277631] ? perf_trace_lock_acquire+0xeb/0x9a0
[ 33.277633] ? trace_hardirqs_on+0x10/0x10
[ 33.277636] ? perf_trace_lock+0x920/0x920
[ 33.277638] vprintk_default+0x28/0x30
[ 33.277640] vprintk_func+0x7a/0xe7
[ 33.277642] printk+0xa7/0xcf
[ 33.277644] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 33.277647] ? __lock_acquire+0x7fc/0x5020
[ 33.277649] ? kasan_die_handler.cold.22+0x5/0x30
[ 33.277651] ? kasan_die_handler+0x1a/0x31
[ 33.277654] kasan_die_handler.cold.22+0x11/0x30
[ 33.277656] notifier_call_chain+0x180/0x390
[ 33.277659] ? unregister_die_notifier+0x20/0x20
[ 33.277661] ? rcu_is_watching+0x8c/0x150
[ 33.277664] ? rcu_report_qs_rnp+0x7a0/0x7a0
[ 33.277666] ? rcu_report_qs_rnp+0x7a0/0x7a0
[ 33.277668] ? cmp_ex_search+0x8c/0xb0
[ 33.277671] atomic_notifier_call_chain+0x98/0x190
[ 33.277673] notify_die+0x1be/0x2e0
[ 33.277676] ? __atomic_notifier_call_chain+0x1a0/0x1a0
[ 33.277678] ? search_module_extables+0x18/0xc0
[ 33.277681] ? timerqueue_add+0xc6/0x2b0
[ 33.277683] ? timerqueue_add+0xc6/0x2b0
[ 33.277685] ? search_exception_tables+0x47/0x50
[ 33.277688] do_general_protection+0x248/0x2f0
[ 33.277690] general_protection+0x1e/0x30
[ 33.277693] RIP: 0010:timerqueue_add+0xc6/0x2b0
[ 33.277694] Code: 00 4d 8b 2f 4d 85 ed 74 4b e8 96 07 ec f9 48 8b 45 d0 80 38 00 0f 85 97 01 00 00 49 8d 7d 18 4c 8b 7b 18 48 89 f9 48 c1 e9 03 <42> 80 3c 21 00 0f 85 73 01 00 00 4d 8b 75 18 4c 89 ff 4c 89 f6 e8
[ 33.277775] RSP: 0018:ffff8801dae07a20 EFLAGS: 00010006
[ 33.277780] RAX: ffffed003b5c4caf RBX: ffff8801dae26560 RCX: 000000000836b159
[ 33.277783] RDX: 0000000000010000 RSI: ffffffff8790040a RDI: 0000000041b58acb
[ 33.277787] RBP: ffff8801dae07a60 R08: ffff8801ab63a0c0 R09: ffffed003b5c46d6
[ 33.277790] R10: ffffed003b5c46d6 R11: ffff8801dae236b3 R12: dffffc0000000000
[ 33.277793] R13: 0000000041b58ab3 R14: ffff8801ae7f7ce0 R15: 000000079a35fb00
[ 33.277796] ? timerqueue_add+0xaa/0x2b0
[ 33.277798] enqueue_hrtimer+0x18e/0x540
[ 33.277801] ? hrtimer_update_softirq_timer+0xa0/0xa0
[ 33.277803] ? __lock_is_held+0xb5/0x140
[ 33.277805] ? kasan_check_write+0x14/0x20
[ 33.277808] ? do_raw_spin_lock+0xc1/0x200
[ 33.277810] __hrtimer_run_queues+0xc07/0x10c0
[ 33.277813] ? hrtimer_start_range_ns+0xd20/0xd20
[ 33.277815] ? pvclock_read_flags+0x160/0x160
[ 33.277817] ? kvm_clock_read+0x25/0x30
[ 33.277820] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 33.277823] ? ktime_get_update_offsets_now+0x3db/0x5d0
[ 33.277825] ? do_timer+0x50/0x50
[ 33.277827] ? rcu_nmi_exit+0xe0/0x2d0
[ 33.277829] ? do_raw_spin_lock+0xc1/0x200
[ 33.277832] hrtimer_interrupt+0x2f3/0x750
[ 33.277834] smp_apic_timer_interrupt+0x165/0x730
[ 33.277837] ? smp_call_function_single_interrupt+0x660/0x660
[ 33.277840] ? _raw_spin_unlock+0x22/0x30
[ 33.277842] ? handle_edge_irq+0x330/0x870
[ 33.277844] ? task_prio+0x50/0x50
[ 33.277846] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 33.277849] apic_timer_interrupt+0xf/0x20
[ 33.277850]
[ 34.221440] ---[ end trace dc466ab5d068ecad ]---
[ 34.221449] general protection fault: 0000 [#2] SMP KASAN
[ 34.221465] CPU: 1 PID: 4741 Comm: kworker/u4:10 Tainted: G B D 4.18.0-rc4+ #145
[ 34.226198] RIP: 0010:timerqueue_add+0xc6/0x2b0
[ 34.231712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.240336] Code: 00
[ 34.244998] RIP: 0010:__x86_indirect_thunk_rax+0x10/0x20
[ 34.254311] 4d 8b
[ 34.256700] Code:
[ 34.262122] 2f
[ 34.264245] 90
[ 34.266373] 4d 85
[ 34.268240] 90 90
[ 34.270107] ed 74
[ 34.272236] 90
[ 34.274354] 4b e8
[ 34.276485] 90
[ 34.278341] 96 07
[ 34.280465] 90 90
[ 34.282334] ec
[ 34.284455] 90
[ 34.286575] f9
[ 34.288435] 90 90
[ 34.290302] 48
[ 34.292158] 90
[ 34.294289] 8b
[ 34.296152] 90
[ 34.298013] 45
[ 34.299868] 90 90
[ 34.301739] d0
[ 34.303593] 90 90
[ 34.305716] 80 38
[ 34.307586] 90
[ 34.309711] 00
[ 34.311828] 90 90
[ 34.313698] 0f
[ 34.315563] 90
[ 34.317687] 85
[ 34.319545] 90 90
[ 34.321413] 97
[ 34.323269] 90 90
[ 34.325405] 01 00
[ 34.327275] 90
[ 34.329401] 00
[ 34.331519] 90 e8
[ 34.333389] 49
[ 34.335249] 07 00
[ 34.337378] 8d
[ 34.339248] 00
[ 34.341371] 7d
[ 34.343240] 00 f3
[ 34.345111] 18
[ 34.346971] 90
[ 34.349093] 4c 8b
[ 34.350964] 0f
[ 34.352854] 7b 18
[ 34.354987] ae e8
[ 34.356858] 48 89
[ 34.358987] eb
[ 34.361107] f9 48
[ 34.363233] f9 48
[ 34.365097] c1 e9
[ 34.367221] 89 04
[ 34.369347] 03 <42>
[ 34.371475] 24
[ 34.373600] 80
[ 34.375896]
[ 34.377760] 3c
[ 34.379619] 0f 1f
[ 34.381667] 21
[ 34.383533] 44
[ 34.385648] 00 0f
[ 34.387528] 00
[ 34.389385] 85 73
[ 34.391518] 00 66
[ 34.393382] 01 00
[ 34.395516] 2e 0f
[ 34.397645] 00
[ 34.399766] 1f
[ 34.401884] 4d 8b
[ 34.403754] 84
[ 34.405611] 75 18
[ 34.407735] 00 00
[ 34.409604] 4c
[ 34.411726] 00
[ 34.413842] 89 ff
[ 34.415710] 00
[ 34.417582] 4c 89
[ 34.419718] 00 e8
[ 34.421585] f6 e8
[ 34.423714] 07 00
[ 34.427961] 00 00
[ 34.430090] RSP: 0018:ffff8801dae07a20 EFLAGS: 00010006
[ 34.430097] f3
[ 34.437561] RSP: 0018:ffff8801daf07740 EFLAGS: 00010046
[ 34.439418] RAX: ffffed003b5c4caf RBX: ffff8801dae26560 RCX: 000000000836b159
[ 34.444765] RDX: 0000000000010000 RSI: ffffffff8790040a RDI: 0000000041b58acb
[ 34.452003] RAX: 1ffff10035de4f64 RBX: 0000000000000000 RCX: 0000000000000000
[ 34.452014] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801aef27a68
[ 34.459254] RBP: ffff8801dae07a60 R08: ffff8801ab63a0c0 R09: ffffed003b5c46d6
[ 34.459266] R10: ffffed003b5c46d6 R11: ffff8801dae236b3 R12: dffffc0000000000
[ 34.466517] RBP: ffff8801daf07858 R08: ffff8801aef27a68 R09: ffff8801daf078a8
[ 34.473763] R13: 0000000041b58ab3 R14: ffff8801ae7f7ce0 R15: 000000079a35fb00
[ 34.481006] R10: fffffbfff11f1210 R11: ffffffff88f89083 R12: ffffffff88f890b8
[ 34.488256] FS: 00000000018c5880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[ 34.495500] R13: ffff8801ab63a908 R14: 0000000000000000 R15: dffffc0000000000
[ 34.495514] FS: 0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
[ 34.502761] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.510012] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.518210] CR2: 00007ff2e76c3af0 CR3: 00000001adeb1000 CR4: 00000000001406f0
[ 34.525454] CR2: 00007fc94317f760 CR3: 00000001d91d5000 CR4: 00000000001406e0
[ 34.533664] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.539519] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.545369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.545378] Kernel panic - not syncing: Fatal exception in interrupt
[ 34.552626] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.552633] Call Trace:
[ 34.597873]
[ 34.600015] ? __wake_up_common+0x191/0x740
[ 34.604320] ? wait_woken+0x2a0/0x2a0
[ 34.608116] ? kasan_check_write+0x14/0x20
[ 34.612340] ? do_raw_spin_lock+0xc1/0x200
[ 34.616560] __wake_up_common_lock+0x1c2/0x330
[ 34.621123] ? __wake_up_common+0x740/0x740
[ 34.625432] ? cpuacct_account_field+0x209/0x3b0
[ 34.630171] ? trace_hardirqs_off+0xd/0x10
[ 34.634394] ? raise_softirq+0x1ba/0x460
[ 34.638440] __wake_up+0xe/0x10
[ 34.641701] wake_up_klogd_work_func+0x9a/0xb0
[ 34.646286] irq_work_run_list+0x1c0/0x290
[ 34.650504] ? irq_work_sync+0x1e0/0x1e0
[ 34.654554] irq_work_tick+0x15d/0x1e0
[ 34.658423] ? irq_work_needs_cpu+0x2c0/0x2c0
[ 34.662900] ? account_system_time+0x7f/0xb0
[ 34.667291] ? account_process_tick+0x76/0x240
[ 34.671853] ? do_raw_spin_unlock+0xa7/0x2f0
[ 34.676256] update_process_times+0x68/0x70
[ 34.680560] tick_sched_handle+0x9f/0x180
[ 34.684693] tick_sched_timer+0x45/0x130
[ 34.688736] __hrtimer_run_queues+0x3eb/0x10c0
[ 34.693302] ? tick_sched_do_timer+0x1a0/0x1a0
[ 34.697869] ? hrtimer_start_range_ns+0xd20/0xd20
[ 34.702696] ? pvclock_read_flags+0x160/0x160
[ 34.707171] ? kvm_clock_read+0x25/0x30
[ 34.711136] ? kvm_clock_read+0x25/0x30
[ 34.715093] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 34.720090] ? ktime_get_update_offsets_now+0x3db/0x5d0
[ 34.725435] ? do_timer+0x50/0x50
[ 34.728868] ? kasan_check_read+0x11/0x20
[ 34.732996] ? rcu_nmi_exit+0xe0/0x2d0
[ 34.736866] ? do_raw_spin_lock+0xc1/0x200
[ 34.741095] hrtimer_interrupt+0x2f3/0x750
[ 34.745319] smp_apic_timer_interrupt+0x165/0x730
[ 34.750143] ? smp_call_function_single_interrupt+0x660/0x660
[ 34.756021] ? _raw_spin_unlock+0x22/0x30
[ 34.760150] ? handle_edge_irq+0x330/0x870
[ 34.764367] ? task_prio+0x50/0x50
[ 34.767897] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.772732] apic_timer_interrupt+0xf/0x20
[ 34.776941]
[ 34.779163] RIP: 0010:_raw_spin_unlock_irqrestore+0xa1/0xc0
[ 34.784847] Code: 68 b0 f1 88 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 21 48 83 3d 0e b6 5d 01 00 74 0e 48 89 df 57 9d <0f> 1f 44 00 00 eb bb 0f 0b 0f 0b e8 2f eb 25 fa eb 97 e8 28 eb 25
[ 34.804047] RSP: 0018:ffff8801b2467870 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[ 34.811740] RAX: dffffc0000000000 RBX: 0000000000000286 RCX: ffffffff81601b47
[ 34.818999] RDX: 1ffffffff11e360d RSI: 0000000000000004 RDI: 0000000000000286
[ 34.826250] RBP: ffff8801b2467880 R08: fffffbfff12053a1 R09: fffffbfff12053a0
[ 34.833499] R10: fffffbfff12053a0 R11: ffffffff89029d03 R12: ffffffff89029d00
[ 34.840757] R13: 0000000000000000 R14: ffffffff81356017 R15: ffff8801b2467fe0
[ 34.848010] ? unwind_next_frame.part.7+0x6c7/0x9e0
[ 34.853019] ? do_raw_spin_unlock+0xa7/0x2f0
[ 34.857411] kasan_end_report+0x32/0x4f
[ 34.861366] kasan_report.cold.7+0x76/0x2fe
[ 34.865670] __asan_report_load8_noabort+0x14/0x20
[ 34.870578] unwind_next_frame.part.7+0x6c7/0x9e0
[ 34.875408] ? unwind_dump+0x190/0x190
[ 34.879278] ? unwind_dump+0x190/0x190
[ 34.883155] unwind_next_frame+0x3e/0x50
[ 34.887203] __save_stack_trace+0x7d/0xf0
[ 34.891341] ? ret_from_fork+0x3a/0x50
[ 34.895214] save_stack_trace+0x1a/0x20
[ 34.899173] save_stack+0x43/0xd0
[ 34.902619] ? save_stack+0x43/0xd0
[ 34.906226] ? kasan_kmalloc+0xc4/0xe0
[ 34.910093] ? kasan_slab_alloc+0x12/0x20
[ 34.914223] ? kmem_cache_alloc+0x11b/0x760
[ 34.918527] ? prepare_kernel_cred+0x79/0x550
[ 34.923002] ? call_usermodehelper_exec_async+0x124/0xa80
[ 34.928520] ? ret_from_fork+0x3a/0x50
[ 34.932393] ? perf_trace_lock_acquire+0xeb/0x9a0
[ 34.937222] ? find_held_lock+0x36/0x1c0
[ 34.941276] ? check_same_owner+0x340/0x340
[ 34.945929] ? kasan_unpoison_shadow+0x35/0x50
[ 34.950492] kasan_kmalloc+0xc4/0xe0
[ 34.954187] kasan_slab_alloc+0x12/0x20
[ 34.958141] kmem_cache_alloc+0x11b/0x760
[ 34.962274] ? bpf_tcp_close+0xd25/0x1050
[ 34.966403] prepare_kernel_cred+0x79/0x550
[ 34.970716] ? get_task_cred+0x430/0x430
[ 34.974761] ? _raw_spin_unlock_irq+0x27/0x70
[ 34.979239] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 34.984245] ? bpf_tcp_close+0xd25/0x1050
[ 34.988375] call_usermodehelper_exec_async+0x124/0xa80
[ 34.993718] ? preempt_notifier_register+0x200/0x200
[ 34.998905] ? umh_complete+0x90/0x90
[ 35.002686] ? rcu_is_watching+0x8c/0x150
[ 35.006814] ? rcu_report_qs_rnp+0x7a0/0x7a0
[ 35.011204] ? umh_complete+0x90/0x90
[ 35.014986] ? bpf_tcp_close+0xd25/0x1050
[ 35.019121] ? umh_complete+0x90/0x90
[ 35.022905] ? bpf_tcp_close+0xd25/0x1050
[ 35.027034] ret_from_fork+0x3a/0x50
[ 35.030728] RIP: 0286:0xffff8801b2468118
[ 35.034761] Code: 95 06 10 74 a5 8a ff ff ff ff 10 74 a5 8a ff ff ff ff 00 b1 44 a7 01 88 ff ff 20 b1 44 a7 01 88 ff ff 00 00 00 00 00 00 00 00 <00> 83 46 b2 01 88 ff ff d5 e8 90 81 ff ff ff ff 00 00 00 00 00 00
[ 35.054485] RSP: ab63a8f0:ffff880100000002 EFLAGS: 00000000 ORIG_RAX: ffff8801b2468030
[ 35.062526] RAX: ffff8801b2468030 RBX: ffffffff88f92620 RCX: 1ffff1003648d002
[ 35.069787] RDX: ffff8801b24680f0 RSI: ffffffff88f92620 RDI: ffff8801ab63a0c0
[ 35.077040] RBP: ffff8801d7c1ac00 R08: ffffffff8190dbb0 R09: ffffffff88bee050
[ 35.084291] R10: 0000000041b58ab3 R11: 0000000000000000 R12: ffff8801ab63a920
[ 35.091539] R13: 1ffff1003648d002 R14: 1ffff1003648cff2 R15: 0000000000000000
[ 35.098803] ? sock_hash_free+0x6a0/0x6a0
[ 35.102931] Modules linked in:
[ 35.106109] Dumping ftrace buffer:
[ 35.109634] (ftrace buffer empty)
[ 35.113327] ---[ end trace dc466ab5d068ecae ]---
[ 35.118067] RIP: 0010:timerqueue_add+0xc6/0x2b0
[ 35.122736] Code: 00 4d 8b 2f 4d 85 ed 74 4b e8 96 07 ec f9 48 8b 45 d0 80 38 00 0f 85 97 01 00 00 49 8d 7d 18 4c 8b 7b 18 48 89 f9 48 c1 e9 03 <42> 80 3c 21 00 0f 85 73 01 00 00 4d 8b 75 18 4c 89 ff 4c 89 f6 e8
[ 35.141939] RSP: 0018:ffff8801dae07a20 EFLAGS: 00010006
[ 35.147284] RAX: ffffed003b5c4caf RBX: ffff8801dae26560 RCX: 000000000836b159
[ 35.154533] RDX: 0000000000010000 RSI: ffffffff8790040a RDI: 0000000041b58acb
[ 35.161781] RBP: ffff8801dae07a60 R08: ffff8801ab63a0c0 R09: ffffed003b5c46d6
[ 35.169043] R10: ffffed003b5c46d6 R11: ffff8801dae236b3 R12: dffffc0000000000
[ 35.176294] R13: 0000000041b58ab3 R14: ffff8801ae7f7ce0 R15: 000000079a35fb00
[ 35.183545] FS: 0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
[ 35.191749] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 35.197621] CR2: 00007fc94317f760 CR3: 00000001d91d5000 CR4: 00000000001406e0
[ 35.204874] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 35.212123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 35.633839] Shutting down cpus with NMI
[ 35.638442] Dumping ftrace buffer:
[ 35.641962] (ftrace buffer empty)
[ 35.645648] Kernel Offset: disabled
[ 35.649251] Rebooting in 86400 seconds..