[....] Starting OpenBSD Secure Shell server: sshd[ 30.965905] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.647377] random: sshd: uninitialized urandom read (32 bytes read) [ 36.017421] audit: type=1400 audit(1537537490.396:6): avc: denied { map } for pid=5545 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.067467] random: sshd: uninitialized urandom read (32 bytes read) [ 36.671101] random: sshd: uninitialized urandom read (32 bytes read) [ 121.938604] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.27' (ECDSA) to the list of known hosts. [ 127.742276] random: sshd: uninitialized urandom read (32 bytes read) [ 127.881359] audit: type=1400 audit(1537537582.266:7): avc: denied { map } for pid=5559 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/09/21 13:46:22 parsed 1 programs [ 128.388156] audit: type=1400 audit(1537537582.776:8): avc: denied { map } for pid=5559 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=22 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 129.134113] random: cc1: uninitialized urandom read (8 bytes read) 2018/09/21 13:46:24 executed programs: 0 [ 130.425547] audit: type=1400 audit(1537537584.806:9): avc: denied { map } for pid=5559 comm="syz-execprog" path="/root/syzkaller-shm848104794" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 130.517556] IPVS: ftp: loaded support on port[0] = 21 [ 130.524669] IPVS: ftp: loaded support on port[0] = 21 [ 130.525535] IPVS: ftp: loaded support on port[0] = 21 [ 130.536186] IPVS: ftp: loaded support on port[0] = 21 [ 130.553098] IPVS: ftp: loaded support on port[0] = 21 [ 130.565268] IPVS: ftp: loaded support on port[0] = 21 [ 132.038040] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.044965] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.054047] device bridge_slave_0 entered promiscuous mode [ 132.081121] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.089544] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.097442] device bridge_slave_0 entered promiscuous mode [ 132.108021] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.114630] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.125200] device bridge_slave_0 entered promiscuous mode [ 132.135812] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.143399] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.151502] device bridge_slave_0 entered promiscuous mode [ 132.162097] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.169329] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.177921] device bridge_slave_1 entered promiscuous mode [ 132.185019] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.194447] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.202927] device bridge_slave_0 entered promiscuous mode [ 132.213083] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.221269] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.229420] device bridge_slave_0 entered promiscuous mode [ 132.237798] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.244184] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.252201] device bridge_slave_1 entered promiscuous mode [ 132.261445] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.268089] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.275561] device bridge_slave_1 entered promiscuous mode [ 132.284961] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 132.293070] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.301036] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.308564] device bridge_slave_1 entered promiscuous mode [ 132.318546] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.325027] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.345125] device bridge_slave_1 entered promiscuous mode [ 132.353893] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 132.362597] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.373384] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.381597] device bridge_slave_1 entered promiscuous mode [ 132.391156] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 132.403517] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 132.412591] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 132.423338] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 132.436217] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 132.450490] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 132.477525] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 132.489299] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 132.525265] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 132.562805] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 132.684164] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 132.712685] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 132.725805] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 132.762772] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 132.802220] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 132.817323] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 132.833793] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 132.845588] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 132.869343] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 132.879128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 132.892660] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 132.911432] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 132.934807] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 132.962553] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 132.991822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 133.002899] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 133.221803] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 133.241684] team0: Port device team_slave_0 added [ 133.270103] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 133.278020] team0: Port device team_slave_0 added [ 133.310097] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 133.325583] team0: Port device team_slave_0 added [ 133.350855] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 133.361255] team0: Port device team_slave_1 added [ 133.370132] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 133.387589] team0: Port device team_slave_0 added [ 133.396343] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 133.406688] team0: Port device team_slave_0 added [ 133.412117] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 133.420093] team0: Port device team_slave_1 added [ 133.429722] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 133.438652] team0: Port device team_slave_0 added [ 133.450322] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 133.470879] team0: Port device team_slave_1 added [ 133.477492] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 133.485022] team0: Port device team_slave_1 added [ 133.492727] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 133.517612] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 133.525055] team0: Port device team_slave_1 added [ 133.543342] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 133.555809] team0: Port device team_slave_1 added [ 133.573643] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 133.582582] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 133.593842] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 133.604562] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 133.616662] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 133.623903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 133.637274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 133.645023] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.659600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.667913] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 133.675773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 133.683802] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 133.694417] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 133.705535] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 133.717933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 133.732905] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 133.747922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 133.755781] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 133.763760] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 133.771842] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 133.780503] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 133.789723] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 133.802499] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 133.815009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 133.831390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 133.845537] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 133.854318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 133.863064] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 133.871776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.879866] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.887658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 133.895344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 133.903389] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 133.913503] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 133.923814] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 133.937903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 133.946668] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 133.959377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.968127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.976135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.984288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.993843] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 134.007220] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 134.014737] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 134.036035] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 134.053722] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 134.064281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 134.078955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 134.087197] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 134.095117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 134.103289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 134.111202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 134.118991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 134.127705] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 134.138204] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 134.146594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 134.154509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 134.174845] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 134.184457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 134.196130] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 134.219401] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 134.237581] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 134.255597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 134.264126] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 134.272483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 134.839145] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.845640] bridge0: port 2(bridge_slave_1) entered forwarding state [ 134.852605] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.859020] bridge0: port 1(bridge_slave_0) entered forwarding state [ 134.880361] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 134.936155] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.942598] bridge0: port 2(bridge_slave_1) entered forwarding state [ 134.949336] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.955719] bridge0: port 1(bridge_slave_0) entered forwarding state [ 134.972234] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 134.988646] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.995036] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.001743] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.008143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.019023] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 135.099330] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.105744] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.112459] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.118863] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.131657] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 135.146078] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.152511] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.159221] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.165597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.177497] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 135.188033] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.194411] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.201201] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.207660] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.221052] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 135.587059] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 135.594658] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 135.610556] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 135.618767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 135.625792] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 135.633015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 137.943649] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.956551] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.964909] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.006780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.140765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.151255] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.193292] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.234662] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.261980] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.290918] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.427574] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.440250] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.474085] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.487924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.495094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.519878] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.529148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.538356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.576024] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.590750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.607167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.628847] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.643531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.665177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.742859] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.767036] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.773434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.784886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.798789] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.812400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.834300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.854584] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.952307] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.976632] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.069066] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.082621] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.443975] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 2018/09/21 13:46:34 executed programs: 6 2018/09/21 13:46:39 executed programs: 192 2018/09/21 13:46:44 executed programs: 391 2018/09/21 13:46:49 executed programs: 589 2018/09/21 13:46:54 executed programs: 783 2018/09/21 13:47:00 executed programs: 969 [ 168.559346] ================================================================== [ 168.566908] BUG: KASAN: use-after-free in finish_task_switch+0x5a5/0x900 [ 168.566923] Read of size 8 at addr ffff8801d8ea8458 by task syz-executor3/10267 [ 168.566927] [ 168.566942] CPU: 1 PID: 10267 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #27 [ 168.566950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.566956] Call Trace: [ 168.566974] dump_stack+0x1c4/0x2b4 [ 168.566991] ? dump_stack_print_info.cold.2+0x52/0x52 [ 168.567005] ? printk+0xa7/0xcf [ 168.567022] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 168.567047] print_address_description.cold.8+0x9/0x1ff [ 168.567066] kasan_report.cold.9+0x242/0x309 [ 168.567081] ? finish_task_switch+0x5a5/0x900 [ 168.567101] __asan_report_load8_noabort+0x14/0x20 [ 168.567117] finish_task_switch+0x5a5/0x900 [ 168.567132] ? __switch_to_asm+0x40/0x70 [ 168.567144] ? __switch_to_asm+0x34/0x70 [ 168.567166] ? preempt_notifier_register+0x200/0x200 [ 168.567177] ? __switch_to_asm+0x34/0x70 [ 168.567189] ? __switch_to_asm+0x34/0x70 [ 168.567199] ? __switch_to_asm+0x40/0x70 [ 168.567209] ? __switch_to_asm+0x34/0x70 [ 168.567221] ? __switch_to_asm+0x40/0x70 [ 168.581672] ? __switch_to_asm+0x34/0x70 [ 168.581687] ? __switch_to_asm+0x40/0x70 [ 168.581712] ? __switch_to_asm+0x34/0x70 [ 168.581729] ? __switch_to_asm+0x34/0x70 [ 168.581743] ? __switch_to_asm+0x40/0x70 [ 168.581757] ? __switch_to_asm+0x34/0x70 [ 168.581771] ? __switch_to_asm+0x40/0x70 [ 168.581789] ? __switch_to_asm+0x34/0x70 [ 168.619514] ? __switch_to_asm+0x40/0x70 [ 168.619540] __schedule+0x874/0x1ed0 [ 168.619568] ? __sched_text_start+0x8/0x8 [ 168.619592] ? graph_lock+0x170/0x170 [ 168.619613] ? plist_check_list+0xa0/0xa0 [ 168.629426] ? __schedule+0x874/0x1ed0 [ 168.629461] ? find_held_lock+0x36/0x1c0 [ 168.629487] schedule+0xfe/0x460 [ 168.629504] ? lock_downgrade+0x900/0x900 [ 168.629524] ? __schedule+0x1ed0/0x1ed0 [ 168.647357] ? kasan_check_read+0x11/0x20 [ 168.647377] ? do_raw_spin_unlock+0xa7/0x2f0 [ 168.647395] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 168.647412] ? lock_acquire+0x1ed/0x520 [ 168.647441] futex_wait_queue_me+0x3f9/0x840 [ 168.647460] ? refill_pi_state_cache.part.9+0x320/0x320 [ 168.647479] ? kasan_check_write+0x14/0x20 [ 168.647495] ? do_raw_spin_lock+0xc1/0x200 [ 168.647515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 168.656712] ? get_futex_value_locked+0xcb/0xf0 [ 168.656730] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 168.656746] ? futex_wait_setup+0x266/0x3e0 [ 168.656772] ? futex_wake+0x760/0x760 [ 168.656792] ? futex_wake+0x613/0x760 [ 168.656815] futex_wait+0x45c/0xa50 [ 168.656840] ? futex_wait_setup+0x3e0/0x3e0 [ 168.656855] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 168.656874] ? drop_futex_key_refs.isra.15+0x6d/0xe0 [ 168.656891] ? futex_wake+0x304/0x760 [ 168.656925] ? rcu_pm_notify+0xc0/0xc0 [ 168.685405] do_futex+0x31a/0x26d0 [ 168.701682] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 168.701723] ? exit_robust_list+0x280/0x280 [ 168.701738] ? find_held_lock+0x36/0x1c0 [ 168.701763] ? __fget+0x4aa/0x740 [ 168.701780] ? lock_downgrade+0x900/0x900 [ 168.701810] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 168.717751] ? kasan_check_read+0x11/0x20 [ 168.717773] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 168.717790] ? rcu_bh_qs+0xc0/0xc0 [ 168.717819] ? __fget+0x4d1/0x740 [ 168.717843] ? ksys_dup3+0x680/0x680 [ 168.717877] ? kvm_vcpu_block+0x1030/0x1030 [ 168.717892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 168.717907] ? do_vfs_ioctl+0x201/0x1720 [ 168.717922] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 168.717945] ? ioctl_preallocate+0x300/0x300 [ 168.725927] ? selinux_file_mprotect+0x620/0x620 [ 168.725947] ? graph_lock+0x170/0x170 [ 168.725965] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 168.725989] __x64_sys_futex+0x472/0x6a0 [ 168.726013] ? do_futex+0x26d0/0x26d0 [ 168.726029] ? trace_hardirqs_on+0xbd/0x310 [ 168.726050] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 168.758206] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 168.758228] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 168.758254] ? ksys_ioctl+0x81/0xd0 [ 168.758279] do_syscall_64+0x1b9/0x820 [ 168.758294] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 168.758313] ? syscall_return_slowpath+0x5e0/0x5e0 [ 168.758331] ? trace_hardirqs_on_caller+0x310/0x310 [ 168.758347] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 168.758368] ? recalc_sigpending_tsk+0x180/0x180 [ 168.785209] ? kasan_check_write+0x14/0x20 [ 168.785233] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 168.785268] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 168.785281] RIP: 0033:0x457679 [ 168.785303] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 168.800556] RSP: 002b:00007fc4e7777cf8 EFLAGS: 00000246 [ 168.808713] ORIG_RAX: 00000000000000ca [ 168.808724] RAX: ffffffffffffffda RBX: 000000000072bfa8 RCX: 0000000000457679 [ 168.808732] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000072bfa8 [ 168.808740] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 168.808749] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000072bfac [ 168.808757] R13: 00007ffcff26405f R14: 00007fc4e77789c0 R15: 0000000000000001 [ 168.808779] [ 168.808788] Allocated by task 10264: [ 168.808805] save_stack+0x43/0xd0 [ 168.808816] kasan_kmalloc+0xc7/0xe0 [ 168.808826] kasan_slab_alloc+0x12/0x20 [ 168.808847] kmem_cache_alloc+0x12e/0x730 [ 169.088960] vmx_create_vcpu+0xcf/0x25e0 [ 169.093037] kvm_arch_vcpu_create+0xe5/0x220 [ 169.097459] kvm_vm_ioctl+0x470/0x1d40 [ 169.101359] do_vfs_ioctl+0x1de/0x1720 [ 169.105261] ksys_ioctl+0xa9/0xd0 [ 169.108734] __x64_sys_ioctl+0x73/0xb0 [ 169.112637] do_syscall_64+0x1b9/0x820 [ 169.116534] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.121738] [ 169.123367] Freed by task 10253: [ 169.126741] save_stack+0x43/0xd0 [ 169.130207] __kasan_slab_free+0x102/0x150 [ 169.134462] kasan_slab_free+0xe/0x10 [ 169.138287] kmem_cache_free+0x83/0x290 [ 169.142290] vmx_free_vcpu+0x26b/0x300 [ 169.146192] kvm_arch_destroy_vm+0x365/0x7c0 [ 169.150610] kvm_put_kvm+0x6c8/0xff0 [ 169.154329] kvm_vcpu_release+0x7b/0xa0 [ 169.158310] __fput+0x385/0xa30 [ 169.161593] ____fput+0x15/0x20 [ 169.164902] task_work_run+0x1e8/0x2a0 [ 169.168798] exit_to_usermode_loop+0x318/0x380 [ 169.173390] do_syscall_64+0x6be/0x820 [ 169.177288] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.182473] [ 169.184108] The buggy address belongs to the object at ffff8801d8ea8440 [ 169.184108] which belongs to the cache kvm_vcpu of size 23872 [ 169.196697] The buggy address is located 24 bytes inside of [ 169.196697] 23872-byte region [ffff8801d8ea8440, ffff8801d8eae180) [ 169.208685] The buggy address belongs to the page: [ 169.213652] page:ffffea000763aa00 count:1 mapcount:0 mapping:ffff8801d4c60600 index:0x0 compound_mapcount: 0 [ 169.223659] flags: 0x2fffc0000008100(slab|head) [ 169.228352] raw: 02fffc0000008100 ffffea00074cde08 ffffea0006e49608 ffff8801d4c60600 [ 169.236273] raw: 0000000000000000 ffff8801d8ea8440 0000000100000001 0000000000000000 [ 169.244170] page dumped because: kasan: bad access detected [ 169.249885] [ 169.251510] Memory state around the buggy address: [ 169.256448] ffff8801d8ea8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 169.263829] ffff8801d8ea8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 169.271209] >ffff8801d8ea8400: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 169.278586] ^ [ 169.284840] ffff8801d8ea8480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 169.292218] ffff8801d8ea8500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 169.299590] ================================================================== [ 169.306952] Disabling lock debugging due to kernel taint [ 169.312817] Kernel panic - not syncing: panic_on_warn set ... [ 169.312817] [ 169.320227] CPU: 1 PID: 10267 Comm: syz-executor3 Tainted: G B 4.19.0-rc4+ #27 [ 169.328912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 169.338281] Call Trace: [ 169.340889] dump_stack+0x1c4/0x2b4 [ 169.344539] ? dump_stack_print_info.cold.2+0x52/0x52 [ 169.347842] kobject: 'kvm' (000000002a24d6d5): kobject_uevent_env [ 169.349753] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 169.349773] panic+0x238/0x4e7 [ 169.349787] ? add_taint.cold.5+0x16/0x16 [ 169.349807] ? trace_hardirqs_on+0xb4/0x310 [ 169.356260] kobject: 'kvm' (000000002a24d6d5): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 169.360835] kasan_end_report+0x47/0x4f [ 169.360849] kasan_report.cold.9+0x76/0x309 [ 169.360863] ? finish_task_switch+0x5a5/0x900 [ 169.360878] __asan_report_load8_noabort+0x14/0x20 [ 169.360892] finish_task_switch+0x5a5/0x900 [ 169.360906] ? __switch_to_asm+0x40/0x70 [ 169.360918] ? __switch_to_asm+0x34/0x70 [ 169.360932] ? preempt_notifier_register+0x200/0x200 [ 169.360951] ? __switch_to_asm+0x34/0x70 [ 169.421327] ? __switch_to_asm+0x34/0x70 [ 169.425396] ? __switch_to_asm+0x40/0x70 [ 169.429464] ? __switch_to_asm+0x34/0x70 [ 169.433531] ? __switch_to_asm+0x40/0x70 [ 169.437596] ? __switch_to_asm+0x34/0x70 [ 169.441673] ? __switch_to_asm+0x40/0x70 [ 169.445763] ? __switch_to_asm+0x34/0x70 [ 169.449866] ? __switch_to_asm+0x34/0x70 [ 169.453943] ? __switch_to_asm+0x40/0x70 [ 169.458016] ? __switch_to_asm+0x34/0x70 [ 169.462089] ? __switch_to_asm+0x40/0x70 [ 169.466161] ? __switch_to_asm+0x34/0x70 [ 169.470751] ? __switch_to_asm+0x40/0x70 [ 169.474841] __schedule+0x874/0x1ed0 [ 169.478575] ? __sched_text_start+0x8/0x8 [ 169.482744] ? graph_lock+0x170/0x170 [ 169.486554] ? plist_check_list+0xa0/0xa0 [ 169.490726] ? __schedule+0x874/0x1ed0 [ 169.494639] ? find_held_lock+0x36/0x1c0 [ 169.498726] schedule+0xfe/0x460 [ 169.502113] ? lock_downgrade+0x900/0x900 [ 169.506275] ? __schedule+0x1ed0/0x1ed0 [ 169.510270] ? kasan_check_read+0x11/0x20 [ 169.514433] ? do_raw_spin_unlock+0xa7/0x2f0 [ 169.518857] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 169.523472] ? lock_acquire+0x1ed/0x520 [ 169.527465] futex_wait_queue_me+0x3f9/0x840 [ 169.531888] ? refill_pi_state_cache.part.9+0x320/0x320 [ 169.537273] ? kasan_check_write+0x14/0x20 [ 169.541518] ? do_raw_spin_lock+0xc1/0x200 [ 169.545766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 169.551321] ? get_futex_value_locked+0xcb/0xf0 [ 169.556011] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 169.561047] ? futex_wait_setup+0x266/0x3e0 [ 169.565392] ? futex_wake+0x760/0x760 [ 169.569209] ? futex_wake+0x613/0x760 [ 169.573034] futex_wait+0x45c/0xa50 [ 169.576683] ? futex_wait_setup+0x3e0/0x3e0 [ 169.581031] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 169.586246] ? drop_futex_key_refs.isra.15+0x6d/0xe0 [ 169.591368] ? futex_wake+0x304/0x760 [ 169.595195] ? rcu_pm_notify+0xc0/0xc0 [ 169.599109] do_futex+0x31a/0x26d0 [ 169.602663] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 169.606919] ? exit_robust_list+0x280/0x280 [ 169.611254] ? find_held_lock+0x36/0x1c0 [ 169.615327] ? __fget+0x4aa/0x740 [ 169.618790] ? lock_downgrade+0x900/0x900 [ 169.622949] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 169.628758] ? kasan_check_read+0x11/0x20 [ 169.632916] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 169.638201] ? rcu_bh_qs+0xc0/0xc0 [ 169.641754] ? __fget+0x4d1/0x740 [ 169.645222] ? ksys_dup3+0x680/0x680 [ 169.648956] ? kvm_vcpu_block+0x1030/0x1030 [ 169.653287] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 169.658837] ? do_vfs_ioctl+0x201/0x1720 [ 169.662929] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 169.668126] ? ioctl_preallocate+0x300/0x300 [ 169.672541] ? selinux_file_mprotect+0x620/0x620 [ 169.678691] ? graph_lock+0x170/0x170 [ 169.682504] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 169.687613] __x64_sys_futex+0x472/0x6a0 [ 169.691707] ? do_futex+0x26d0/0x26d0 [ 169.695515] ? trace_hardirqs_on+0xbd/0x310 [ 169.699837] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 169.705385] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.710758] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 169.716222] ? ksys_ioctl+0x81/0xd0 [ 169.719873] do_syscall_64+0x1b9/0x820 [ 169.723774] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 169.729149] ? syscall_return_slowpath+0x5e0/0x5e0 [ 169.734092] ? trace_hardirqs_on_caller+0x310/0x310 [ 169.739125] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 169.744155] ? recalc_sigpending_tsk+0x180/0x180 [ 169.748924] ? kasan_check_write+0x14/0x20 [ 169.753197] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 169.758055] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.763260] RIP: 0033:0x457679 [ 169.766462] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 169.785376] RSP: 002b:00007fc4e7777cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 169.793095] RAX: ffffffffffffffda RBX: 000000000072bfa8 RCX: 0000000000457679 [ 169.800371] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000072bfa8 [ 169.807648] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 169.814924] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000072bfac [ 169.822205] R13: 00007ffcff26405f R14: 00007fc4e77789c0 R15: 0000000000000001 [ 169.830463] Kernel Offset: disabled [ 169.834096] Rebooting in 86400 seconds..