INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts. 2018/09/20 23:32:36 parsed 1 programs 2018/09/20 23:32:38 executed programs: 0 syzkaller login: [ 57.182386] IPVS: ftp: loaded support on port[0] = 21 [ 57.182394] IPVS: ftp: loaded support on port[0] = 21 [ 57.192543] IPVS: ftp: loaded support on port[0] = 21 [ 57.194144] IPVS: ftp: loaded support on port[0] = 21 [ 57.201498] IPVS: ftp: loaded support on port[0] = 21 [ 57.209242] IPVS: ftp: loaded support on port[0] = 21 [ 58.031570] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.038157] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.054758] device bridge_slave_0 entered promiscuous mode [ 58.064111] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.071045] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.078092] device bridge_slave_0 entered promiscuous mode [ 58.105471] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.117058] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.124295] device bridge_slave_0 entered promiscuous mode [ 58.132261] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.138612] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.147281] device bridge_slave_1 entered promiscuous mode [ 58.156368] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.163976] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.171059] device bridge_slave_0 entered promiscuous mode [ 58.184213] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.192805] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.200232] device bridge_slave_0 entered promiscuous mode [ 58.208170] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.216011] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.223749] device bridge_slave_1 entered promiscuous mode [ 58.230072] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.236527] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.243768] device bridge_slave_1 entered promiscuous mode [ 58.251652] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 58.263363] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.272915] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.282026] device bridge_slave_0 entered promiscuous mode [ 58.291558] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.297933] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.307251] device bridge_slave_1 entered promiscuous mode [ 58.316892] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.324808] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.335935] device bridge_slave_1 entered promiscuous mode [ 58.345290] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 58.357213] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 58.366544] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 58.382173] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 58.390197] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 58.399337] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.414879] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.428752] device bridge_slave_1 entered promiscuous mode [ 58.437858] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 58.458598] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 58.472090] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 58.492385] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 58.501207] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 58.582931] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.593390] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 58.673889] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.692044] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.737937] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.784736] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.808029] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.825293] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.836839] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.849463] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.861910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.877859] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.896403] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.910499] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 58.938039] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.950767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.972774] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.986569] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 58.996361] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 59.010000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.021044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.030707] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 59.040516] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 59.072459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.082011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.092322] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 59.099521] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 59.112284] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 59.119485] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 59.150807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.158504] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.173386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.181610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.226603] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 59.241101] team0: Port device team_slave_0 added [ 59.246524] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 59.266142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.334147] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 59.354217] team0: Port device team_slave_1 added [ 59.362762] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 59.382397] team0: Port device team_slave_0 added [ 59.400535] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 59.407990] team0: Port device team_slave_0 added [ 59.420764] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 59.428139] team0: Port device team_slave_0 added [ 59.456694] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.473570] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 59.480957] team0: Port device team_slave_0 added [ 59.488937] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 59.501470] team0: Port device team_slave_1 added [ 59.510197] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 59.518517] team0: Port device team_slave_1 added [ 59.528061] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 59.537828] team0: Port device team_slave_0 added [ 59.545812] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 59.555884] team0: Port device team_slave_1 added [ 59.562315] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 59.574023] team0: Port device team_slave_1 added [ 59.581670] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.606414] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.627887] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.638308] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.646774] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.655898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.666360] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 59.673681] team0: Port device team_slave_1 added [ 59.684860] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.705507] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.717367] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.734415] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.747222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.772655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.781188] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.788725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.798547] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.808338] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.817880] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.835108] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.842526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.852148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.860778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.868746] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.881563] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.889258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.897146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.904810] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.912783] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.925751] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.942791] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.955428] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.964999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.977972] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.987509] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.996001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.004089] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.012063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.019856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.027580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.035784] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 60.045158] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 60.056899] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 60.069791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.082959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.103177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.111715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.119493] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.127812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.136338] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 60.147247] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 60.157663] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.168764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.181131] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.195698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.797069] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.803643] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.810649] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.817001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.833308] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 60.840486] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.846859] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.853599] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.860028] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.868772] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 60.881677] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.889051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.905958] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.912372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.919034] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.925473] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.935334] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 60.944905] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.951324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.957966] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.964374] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.973716] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 60.982515] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.988890] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.995604] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.002014] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.010567] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.082003] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.088435] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.095170] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.101581] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.122573] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 61.900658] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.918144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.934849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.947920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.666806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.681894] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.726551] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.759743] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.783127] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.870888] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.966244] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 63.982030] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 63.991411] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 64.016871] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 64.053568] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 64.111256] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 64.239956] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.246178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.257686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.268026] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.277398] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.290478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.297899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.312642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.323930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.345615] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.354205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.369637] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.396897] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.407931] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 64.420310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.433085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.449000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.456838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.544308] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.567620] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.612068] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.650077] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.697657] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.715646] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.143492] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 2018/09/20 23:32:47 executed programs: 6 2018/09/20 23:32:52 executed programs: 208 2018/09/20 23:32:57 executed programs: 409 [ 76.419593] ================================================================== [ 76.427182] BUG: KASAN: use-after-free in finish_task_switch+0x78e/0x900 [ 76.427196] Read of size 8 at addr ffff8801ce488818 by task syz-executor1/8350 [ 76.427199] [ 76.427221] CPU: 0 PID: 8350 Comm: syz-executor1 Not tainted 4.19.0-rc4-next-20180920+ #76 [ 76.443052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.443058] Call Trace: [ 76.443078] dump_stack+0x1d3/0x2c4 [ 76.443096] ? dump_stack_print_info.cold.2+0x52/0x52 [ 76.467057] ? printk+0xa7/0xcf [ 76.467074] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 76.467102] print_address_description.cold.8+0x9/0x1ff [ 76.467121] kasan_report.cold.9+0x242/0x309 [ 76.467138] ? finish_task_switch+0x78e/0x900 [ 76.475625] __asan_report_load8_noabort+0x14/0x20 [ 76.485726] finish_task_switch+0x78e/0x900 [ 76.485744] ? __switch_to_asm+0x40/0x70 [ 76.485757] ? __switch_to_asm+0x34/0x70 [ 76.485774] ? preempt_notifier_register+0x200/0x200 [ 76.485786] ? __switch_to_asm+0x34/0x70 [ 76.485804] ? __switch_to_asm+0x34/0x70 [ 76.494693] ? __switch_to_asm+0x40/0x70 [ 76.494708] ? __switch_to_asm+0x34/0x70 [ 76.494721] ? __switch_to_asm+0x40/0x70 [ 76.494734] ? __switch_to_asm+0x34/0x70 [ 76.494747] ? __switch_to_asm+0x40/0x70 [ 76.494760] ? __switch_to_asm+0x34/0x70 [ 76.494777] ? __switch_to_asm+0x34/0x70 [ 76.508090] ? __switch_to_asm+0x40/0x70 [ 76.508105] ? __switch_to_asm+0x34/0x70 [ 76.508119] ? __switch_to_asm+0x40/0x70 [ 76.508131] ? __switch_to_asm+0x34/0x70 [ 76.508144] ? __switch_to_asm+0x40/0x70 [ 76.508166] __schedule+0x874/0x1ed0 [ 76.508188] ? __sched_text_start+0x8/0x8 [ 76.581847] ? graph_lock+0x170/0x170 [ 76.585657] ? plist_check_list+0xa0/0xa0 [ 76.589832] ? find_held_lock+0x36/0x1c0 [ 76.593909] schedule+0xfe/0x460 [ 76.597296] ? lock_downgrade+0x900/0x900 [ 76.601465] ? __schedule+0x1ed0/0x1ed0 [ 76.605466] ? kasan_check_read+0x11/0x20 [ 76.609627] ? do_raw_spin_unlock+0xa7/0x2f0 [ 76.614046] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 76.618631] ? lock_acquire+0x1ed/0x520 [ 76.622620] futex_wait_queue_me+0x3f9/0x840 [ 76.627035] ? refill_pi_state_cache.part.9+0x310/0x310 [ 76.632405] ? kasan_check_write+0x14/0x20 [ 76.636643] ? do_raw_spin_lock+0xc1/0x200 [ 76.640888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 76.646428] ? get_futex_value_locked+0xcb/0xf0 [ 76.651110] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 76.656126] ? futex_wait_setup+0x266/0x3e0 [ 76.660470] ? futex_wake+0x760/0x760 [ 76.664282] ? futex_wake+0x613/0x760 [ 76.668091] futex_wait+0x45c/0xa50 [ 76.671733] ? futex_wait_setup+0x3e0/0x3e0 [ 76.676062] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 76.681268] ? drop_futex_key_refs.isra.15+0x6d/0xe0 [ 76.686378] ? futex_wake+0x304/0x760 [ 76.690210] ? rcu_pm_notify+0xc0/0xc0 [ 76.694120] do_futex+0x31a/0x26d0 [ 76.697675] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 76.701928] ? exit_robust_list+0x280/0x280 [ 76.706250] ? find_held_lock+0x36/0x1c0 [ 76.710322] ? __fget+0x4aa/0x740 [ 76.713777] ? lock_downgrade+0x900/0x900 [ 76.717932] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 76.722864] ? kasan_check_read+0x11/0x20 [ 76.727016] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 76.732303] ? rcu_softirq_qs+0x20/0x20 [ 76.736297] ? __fget+0x4d1/0x740 [ 76.739768] ? ksys_dup3+0x680/0x680 [ 76.743531] ? kvm_vcpu_block+0x1020/0x1020 [ 76.747861] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 76.753415] ? do_vfs_ioctl+0x201/0x1720 [ 76.757513] ? ioctl_preallocate+0x300/0x300 [ 76.761942] ? __fget_light+0x2e9/0x430 [ 76.765925] ? fget_raw+0x20/0x20 [ 76.769383] ? graph_lock+0x170/0x170 [ 76.773196] __x64_sys_futex+0x472/0x6a0 [ 76.777265] ? do_futex+0x26d0/0x26d0 [ 76.781072] ? trace_hardirqs_on+0xbd/0x310 [ 76.785399] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 76.790942] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.796311] ? trace_hardirqs_off_caller+0x300/0x300 [ 76.801428] ? ksys_ioctl+0x81/0xd0 [ 76.805075] do_syscall_64+0x1b9/0x820 [ 76.808967] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 76.814337] ? syscall_return_slowpath+0x5e0/0x5e0 [ 76.819273] ? trace_hardirqs_off+0x310/0x310 [ 76.823779] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 76.828804] ? recalc_sigpending_tsk+0x180/0x180 [ 76.833567] ? kasan_check_write+0x14/0x20 [ 76.837819] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 76.842678] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.847870] RIP: 0033:0x457679 [ 76.851066] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 76.869975] RSP: 002b:00007f26c902bcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 76.877697] RAX: ffffffffffffffda RBX: 000000000072bfa8 RCX: 0000000000457679 [ 76.884969] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000072bfa8 [ 76.892242] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 76.899514] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000072bfac [ 76.906788] R13: 00007fff7b4dd38f R14: 00007f26c902c9c0 R15: 0000000000000001 [ 76.914075] [ 76.915706] Allocated by task 8338: [ 76.919340] save_stack+0x43/0xd0 [ 76.922800] kasan_kmalloc+0xc7/0xe0 [ 76.926520] kasan_slab_alloc+0x12/0x20 [ 76.930500] kmem_cache_alloc+0x12e/0x730 [ 76.934654] vmx_create_vcpu+0xcf/0x25c0 [ 76.938719] kvm_arch_vcpu_create+0xe5/0x220 [ 76.943139] kvm_vm_ioctl+0x472/0x1d60 [ 76.947039] do_vfs_ioctl+0x1de/0x1720 [ 76.950935] ksys_ioctl+0xa9/0xd0 [ 76.954397] __x64_sys_ioctl+0x73/0xb0 [ 76.958290] do_syscall_64+0x1b9/0x820 [ 76.962187] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.967371] [ 76.968996] Freed by task 8337: [ 76.972286] save_stack+0x43/0xd0 [ 76.975746] __kasan_slab_free+0x102/0x150 [ 76.979990] kasan_slab_free+0xe/0x10 [ 76.983802] kmem_cache_free+0x83/0x290 [ 76.987788] vmx_free_vcpu+0x26b/0x300 [ 76.991682] kvm_arch_destroy_vm+0x365/0x7c0 [ 76.996093] kvm_put_kvm+0x6c8/0xff0 [ 76.999809] kvm_vcpu_release+0x7b/0xa0 [ 77.003782] __fput+0x3bc/0xa70 [ 77.007064] ____fput+0x15/0x20 [ 77.010348] task_work_run+0x1e8/0x2a0 [ 77.014236] exit_to_usermode_loop+0x318/0x380 [ 77.018819] do_syscall_64+0x6be/0x820 [ 77.022707] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.027887] [ 77.029517] The buggy address belongs to the object at ffff8801ce488800 [ 77.029517] which belongs to the cache kvm_vcpu(50:syz1) of size 23872 [ 77.042881] The buggy address is located 24 bytes inside of [ 77.042881] 23872-byte region [ffff8801ce488800, ffff8801ce48e540) [ 77.054848] The buggy address belongs to the page: [ 77.059787] page:ffffea0007392200 count:1 mapcount:0 mapping:ffff8801c29fb080 index:0x0 compound_mapcount: 0 [ 77.069764] flags: 0x2fffc0000010200(slab|head) [ 77.074437] raw: 02fffc0000010200 ffffea000715da08 ffffea00074bfa08 ffff8801c29fb080 [ 77.082335] raw: 0000000000000000 ffff8801ce488800 0000000100000001 ffff8801b854a3c0 [ 77.090210] page dumped because: kasan: bad access detected [ 77.095916] page->mem_cgroup:ffff8801b854a3c0 [ 77.100403] [ 77.102021] Memory state around the buggy address: [ 77.106951] ffff8801ce488700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.114317] ffff8801ce488780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.121691] >ffff8801ce488800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.129053] ^ [ 77.133211] ffff8801ce488880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.140573] ffff8801ce488900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.147929] ================================================================== [ 77.155286] Disabling lock debugging due to kernel taint [ 77.161286] Kernel panic - not syncing: panic_on_warn set ... [ 77.161286] [ 77.168673] CPU: 0 PID: 8350 Comm: syz-executor1 Tainted: G B 4.19.0-rc4-next-20180920+ #76 [ 77.172547] kobject: 'kvm' (00000000424d1bcf): kobject_uevent_env [ 77.178476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.188556] kobject: 'kvm' (00000000424d1bcf): kobject_uevent_env [ 77.194048] Call Trace: [ 77.194068] dump_stack+0x1d3/0x2c4 [ 77.194083] ? dump_stack_print_info.cold.2+0x52/0x52 [ 77.194100] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 77.194119] panic+0x238/0x4e7 [ 77.215725] kobject: 'loop0' (00000000b27df754): kobject_uevent_env [ 77.216517] ? add_taint.cold.5+0x16/0x16 [ 77.216537] ? trace_hardirqs_on+0xb4/0x310 [ 77.225402] kobject: 'kvm' (00000000424d1bcf): kobject_uevent_env [ 77.226126] kasan_end_report+0x47/0x4f [ 77.232550] kobject: 'kvm' (00000000424d1bcf): kobject_uevent_env [ 77.234571] kasan_report.cold.9+0x76/0x309 [ 77.234585] ? finish_task_switch+0x78e/0x900 [ 77.234604] __asan_report_load8_noabort+0x14/0x20 [ 77.245636] kobject: 'loop0' (00000000b27df754): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 77.251009] finish_task_switch+0x78e/0x900 [ 77.251024] ? __switch_to_asm+0x40/0x70 [ 77.251035] ? __switch_to_asm+0x34/0x70 [ 77.251050] ? preempt_notifier_register+0x200/0x200 [ 77.251066] ? __switch_to_asm+0x34/0x70 [ 77.256804] kobject: 'kvm' (00000000424d1bcf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 77.260285] ? __switch_to_asm+0x34/0x70 [ 77.260297] ? __switch_to_asm+0x40/0x70 [ 77.260309] ? __switch_to_asm+0x34/0x70 [ 77.260321] ? __switch_to_asm+0x40/0x70 [ 77.260337] ? __switch_to_asm+0x34/0x70 [ 77.266986] kobject: 'kvm' (00000000424d1bcf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 77.274690] ? __switch_to_asm+0x40/0x70 [ 77.274703] ? __switch_to_asm+0x34/0x70 [ 77.274715] ? __switch_to_asm+0x34/0x70 [ 77.274727] ? __switch_to_asm+0x40/0x70 [ 77.274738] ? __switch_to_asm+0x34/0x70 [ 77.274750] ? __switch_to_asm+0x40/0x70 [ 77.274768] ? __switch_to_asm+0x34/0x70 [ 77.280759] kobject: 'kvm' (00000000424d1bcf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 77.283125] ? __switch_to_asm+0x40/0x70 [ 77.283144] __schedule+0x874/0x1ed0 [ 77.283163] ? __sched_text_start+0x8/0x8 [ 77.287949] kobject: 'kvm' (00000000424d1bcf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 77.292309] ? graph_lock+0x170/0x170 [ 77.292324] ? plist_check_list+0xa0/0xa0 [ 77.292347] ? find_held_lock+0x36/0x1c0 [ 77.292366] schedule+0xfe/0x460 [ 77.292384] ? lock_downgrade+0x900/0x900 [ 77.297005] kobject: 'kvm' (00000000424d1bcf): kobject_uevent_env [ 77.305442] ? __schedule+0x1ed0/0x1ed0 [ 77.305469] ? kasan_check_read+0x11/0x20 [ 77.305482] ? do_raw_spin_unlock+0xa7/0x2f0 [ 77.305506] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 77.331937] kobject: 'kvm' (00000000424d1bcf): kobject_uevent_env [ 77.334769] ? lock_acquire+0x1ed/0x520 [ 77.334790] futex_wait_queue_me+0x3f9/0x840 [ 77.334808] ? refill_pi_state_cache.part.9+0x310/0x310 [ 77.348631] kobject: 'kvm' (00000000424d1bcf): kobject_uevent_env [ 77.351012] ? kasan_check_write+0x14/0x20 [ 77.351026] ? do_raw_spin_lock+0xc1/0x200 [ 77.351042] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 77.351056] ? get_futex_value_locked+0xcb/0xf0 [ 77.351073] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 77.359811] kobject: 'kvm' (00000000424d1bcf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 77.363235] ? futex_wait_setup+0x266/0x3e0 [ 77.363252] ? futex_wake+0x760/0x760 [ 77.363268] ? futex_wake+0x613/0x760 [ 77.372849] kobject: 'kvm' (00000000424d1bcf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 77.376333] futex_wait+0x45c/0xa50 [ 77.376357] ? futex_wait_setup+0x3e0/0x3e0 [ 77.387391] kobject: 'kvm' (00000000424d1bcf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 77.393208] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 77.393225] ? drop_futex_key_refs.isra.15+0x6d/0xe0 [ 77.393236] ? futex_wake+0x304/0x760 [ 77.393259] ? rcu_pm_notify+0xc0/0xc0 [ 77.393278] do_futex+0x31a/0x26d0 [ 77.397712] kobject: 'kvm' (00000000424d1bcf): kobject_uevent_env [ 77.401215] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 77.401234] ? exit_robust_list+0x280/0x280 [ 77.401249] ? find_held_lock+0x36/0x1c0 [ 77.401268] ? __fget+0x4aa/0x740 [ 77.407070] kobject: 'kvm' (00000000424d1bcf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 77.408669] ? lock_downgrade+0x900/0x900 [ 77.408686] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 77.408704] ? kasan_check_read+0x11/0x20 [ 77.422104] kobject: 'loop4' (00000000142c4118): kobject_uevent_env [ 77.423024] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 77.423041] ? rcu_softirq_qs+0x20/0x20 [ 77.427204] kobject: 'loop4' (00000000142c4118): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 77.431595] ? __fget+0x4d1/0x740 [ 77.431613] ? ksys_dup3+0x680/0x680 [ 77.431638] ? kvm_vcpu_block+0x1020/0x1020 [ 77.452002] kobject: 'loop5' (000000009ef6ea26): kobject_uevent_env [ 77.456132] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 77.456152] ? do_vfs_ioctl+0x201/0x1720 [ 77.485162] kobject: 'kvm' (00000000424d1bcf): kobject_uevent_env [ 77.486023] ? ioctl_preallocate+0x300/0x300 [ 77.486043] ? __fget_light+0x2e9/0x430 [ 77.506707] kobject: 'kvm' (00000000424d1bcf): kobject_uevent_env [ 77.506964] ? fget_raw+0x20/0x20 [ 77.517227] kobject: 'kvm' (00000000424d1bcf): kobject_uevent_env [ 77.519588] ? graph_lock+0x170/0x170 [ 77.519609] __x64_sys_futex+0x472/0x6a0 [ 77.525605] kobject: 'kvm' (00000000424d1bcf): kobject_uevent_env [ 77.532921] ? do_futex+0x26d0/0x26d0 [ 77.532937] ? trace_hardirqs_on+0xbd/0x310 [ 77.532954] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 77.532974] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.538246] kobject: 'loop5' (000000009ef6ea26): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 77.543247] ? trace_hardirqs_off_caller+0x300/0x300 [ 77.543263] ? ksys_ioctl+0x81/0xd0 [ 77.543283] do_syscall_64+0x1b9/0x820 [ 77.543302] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 77.548784] kobject: 'kvm' (00000000424d1bcf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 77.550964] ? syscall_return_slowpath+0x5e0/0x5e0 [ 77.550981] ? trace_hardirqs_off+0x310/0x310 [ 77.550997] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 77.551013] ? recalc_sigpending_tsk+0x180/0x180 [ 77.551031] ? kasan_check_write+0x14/0x20 [ 77.556062] kobject: 'kvm' (00000000424d1bcf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 77.560785] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 77.560806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.560816] RIP: 0033:0x457679 [ 77.560835] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 77.569422] kobject: 'loop3' (000000009cb225b7): kobject_uevent_env [ 77.573407] RSP: 002b:00007f26c902bcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 77.573422] RAX: ffffffffffffffda RBX: 000000000072bfa8 RCX: 0000000000457679 [ 77.573430] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000072bfa8 [ 77.573438] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 77.573455] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000072bfac [ 77.573468] R13: 00007fff7b4dd38f R14: 00007f26c902c9c0 R15: 0000000000000001 [ 77.577841] kobject: 'kvm' (00000000424d1bcf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 77.586917] Kernel Offset: disabled [ 77.879157] Rebooting in 86400 seconds..