[info] Using makefile-style concurrent boot in runlevel 2. [ 22.969464] audit: type=1800 audit(1543302648.198:21): pid=5786 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [ 23.006079] audit: type=1800 audit(1543302648.198:22): pid=5786 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.182474] sshd (5926) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.15.204' (ECDSA) to the list of known hosts. 2018/11/27 07:12:20 parsed 1 programs 2018/11/27 07:12:22 executed programs: 0 [ 117.576500] IPVS: ftp: loaded support on port[0] = 21 [ 117.588310] IPVS: ftp: loaded support on port[0] = 21 [ 117.613971] IPVS: ftp: loaded support on port[0] = 21 [ 117.616298] IPVS: ftp: loaded support on port[0] = 21 [ 117.633831] IPVS: ftp: loaded support on port[0] = 21 [ 117.636411] IPVS: ftp: loaded support on port[0] = 21 [ 118.780435] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.796414] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.810001] device bridge_slave_0 entered promiscuous mode [ 118.827894] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.834944] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.842584] device bridge_slave_0 entered promiscuous mode [ 118.851886] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.862069] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.869963] device bridge_slave_0 entered promiscuous mode [ 118.876988] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.886163] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.893365] device bridge_slave_0 entered promiscuous mode [ 118.901050] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.907394] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.915097] device bridge_slave_0 entered promiscuous mode [ 118.925366] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.936905] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.944104] device bridge_slave_1 entered promiscuous mode [ 118.955127] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.965578] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.972938] device bridge_slave_1 entered promiscuous mode [ 118.981055] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.987500] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.995118] device bridge_slave_0 entered promiscuous mode [ 119.004401] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.016136] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.023155] device bridge_slave_1 entered promiscuous mode [ 119.032164] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.038794] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.046252] device bridge_slave_1 entered promiscuous mode [ 119.054548] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 119.062673] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.070087] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.077120] device bridge_slave_1 entered promiscuous mode [ 119.085099] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 119.095537] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.108074] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.122146] device bridge_slave_1 entered promiscuous mode [ 119.129860] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 119.139531] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 119.147111] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 119.164947] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 119.178950] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 119.186232] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 119.209665] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 119.236269] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 119.250957] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 119.261483] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 119.399772] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 119.422522] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 119.442259] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 119.458880] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 119.470732] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 119.487191] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 119.508302] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 119.518918] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 119.533236] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 119.549273] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 119.560676] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 119.568833] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 119.576427] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.606941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.618680] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 119.627612] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 119.640868] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 119.649282] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 119.656101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.669554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.685987] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 119.701163] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 119.716261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.724158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.737828] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 119.747764] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 119.754864] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 119.773345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.781419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.790095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.815893] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 119.836951] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 119.852940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.868719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.880124] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 119.887384] team0: Port device team_slave_0 added [ 119.892825] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 119.919904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.944696] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 119.968921] team0: Port device team_slave_1 added [ 119.990278] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 119.997566] team0: Port device team_slave_0 added [ 120.013164] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 120.022472] team0: Port device team_slave_0 added [ 120.044884] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 120.060511] team0: Port device team_slave_0 added [ 120.081644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.104013] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 120.112649] team0: Port device team_slave_1 added [ 120.118676] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 120.126199] team0: Port device team_slave_1 added [ 120.132597] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 120.146408] team0: Port device team_slave_1 added [ 120.152381] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.161365] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 120.169343] team0: Port device team_slave_0 added [ 120.181722] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 120.191946] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 120.201101] team0: Port device team_slave_0 added [ 120.211503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.224687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.245851] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.254216] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.261869] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.271999] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 120.279399] team0: Port device team_slave_1 added [ 120.286461] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 120.301602] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 120.309483] team0: Port device team_slave_1 added [ 120.320046] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.332567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.341283] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.355279] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.364195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.380518] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.398672] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.413026] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 120.424378] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 120.434872] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.446770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.455479] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.468470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.478744] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 120.487515] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.505290] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.515811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.523958] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.533870] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 120.542915] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 120.561831] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 120.575502] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 120.584167] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.595105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.603312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.611510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.620108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.627997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.635644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.643681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.652226] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 120.678188] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 120.685309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.710842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.725489] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.733743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.752175] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 120.768389] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.778350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 121.093903] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.100530] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.107481] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.113969] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.129915] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 121.272042] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.278565] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.285158] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.291528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.301445] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 121.343399] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.349809] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.356401] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.362774] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.375280] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 121.384030] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.390402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.396960] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.403298] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.411701] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 121.433377] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.439769] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.446381] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.452767] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.465201] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 121.493052] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.499457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.506040] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.512451] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.520741] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 121.538305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 121.545832] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 121.570611] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 121.577999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 121.584961] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 121.591983] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 123.562022] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.631275] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.718016] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.728392] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.789627] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.843929] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 123.862256] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 123.878734] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.923358] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 123.998279] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 124.023172] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 124.075035] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 124.092900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.101209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.110845] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 124.117840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.125365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.139133] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 124.194213] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 124.215624] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.231785] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.303721] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.314599] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 124.321573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.329743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.339408] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 124.357992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.365013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.404379] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.432772] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 124.451019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 124.463088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 124.494767] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.569580] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.654355] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.704846] 8021q: adding VLAN 0 to HW filter on device team0 [ 125.698567] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 2018/11/27 07:12:31 executed programs: 6 2018/11/27 07:12:36 executed programs: 158 2018/11/27 07:12:41 executed programs: 322 2018/11/27 07:12:46 executed programs: 494 2018/11/27 07:12:51 executed programs: 661 2018/11/27 07:12:56 executed programs: 826 2018/11/27 07:13:01 executed programs: 995 2018/11/27 07:13:06 executed programs: 1170 2018/11/27 07:13:11 executed programs: 1338 2018/11/27 07:13:16 executed programs: 1506 2018/11/27 07:13:21 executed programs: 1682 2018/11/27 07:13:26 executed programs: 1849 2018/11/27 07:13:31 executed programs: 2024 2018/11/27 07:13:36 executed programs: 2198 2018/11/27 07:13:41 executed programs: 2367 2018/11/27 07:13:46 executed programs: 2537 2018/11/27 07:13:51 executed programs: 2709 2018/11/27 07:13:56 executed programs: 2881 2018/11/27 07:14:01 executed programs: 3052 2018/11/27 07:14:06 executed programs: 3216 2018/11/27 07:14:11 executed programs: 3387 2018/11/27 07:14:16 executed programs: 3550 2018/11/27 07:14:21 executed programs: 3722 2018/11/27 07:14:26 executed programs: 3885 2018/11/27 07:14:31 executed programs: 4049 2018/11/27 07:14:36 executed programs: 4212 2018/11/27 07:14:41 executed programs: 4372 2018/11/27 07:14:46 executed programs: 4531 2018/11/27 07:14:51 executed programs: 4694 2018/11/27 07:14:56 executed programs: 4861 2018/11/27 07:15:01 executed programs: 5033 2018/11/27 07:15:06 executed programs: 5194 2018/11/27 07:15:12 executed programs: 5351 2018/11/27 07:15:17 executed programs: 5523 2018/11/27 07:15:22 executed programs: 5703 [ 299.254858] ================================================================== [ 299.264055] BUG: KASAN: use-after-free in kvm_write_guest_offset_cached+0x693/0x6b0 [ 299.271829] Read of size 8 at addr ffff8881b4302460 by task syz-executor3/2896 [ 299.279166] [ 299.280778] CPU: 1 PID: 2896 Comm: syz-executor3 Not tainted 4.20.0-rc4+ #351 [ 299.288037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 299.297369] Call Trace: [ 299.299941] dump_stack+0x244/0x39d [ 299.303551] ? dump_stack_print_info.cold.1+0x20/0x20 [ 299.308738] ? printk+0xa7/0xcf [ 299.312001] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 299.316748] print_address_description.cold.7+0x9/0x1ff [ 299.322185] kasan_report.cold.8+0x242/0x309 [ 299.326597] ? kvm_write_guest_offset_cached+0x693/0x6b0 [ 299.332043] __asan_report_load8_noabort+0x14/0x20 [ 299.336970] kvm_write_guest_offset_cached+0x693/0x6b0 [ 299.342323] ? kvm_get_dirty_log_protect+0x780/0x780 [ 299.347412] ? check_preemption_disabled+0x48/0x280 [ 299.352413] ? vmx_read_guest_seg_ar+0x21c/0x270 [ 299.357159] kvm_arch_vcpu_put+0x365/0x420 [ 299.361383] kvm_sched_out+0x91/0xb0 [ 299.365081] __schedule+0x103d/0x21d0 [ 299.368868] ? __sched_text_start+0x8/0x8 [ 299.373000] ? __update_load_avg_se+0xae0/0xae0 [ 299.377662] ? mark_held_locks+0xc7/0x130 [ 299.381802] ? __update_load_avg_blocked_se+0x690/0x690 [ 299.387275] ? preempt_schedule_irq+0x90/0x140 [ 299.391840] ? preempt_schedule_irq+0x90/0x140 [ 299.396406] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 299.400969] ? trace_hardirqs_on+0xbd/0x310 [ 299.405360] ? retint_kernel+0x1b/0x2d [ 299.409232] ? trace_hardirqs_off_caller+0x310/0x310 [ 299.414317] ? update_load_avg+0x387/0x2470 [ 299.418622] ? __update_load_avg_blocked_se+0x690/0x690 [ 299.423969] preempt_schedule_irq+0xb9/0x140 [ 299.428364] retint_kernel+0x1b/0x2d [ 299.432063] RIP: 0010:__kvm_gfn_to_hva_cache_init+0x306/0xd10 [ 299.437941] Code: 4c 39 eb 0f 82 6e 01 00 00 45 31 ed e8 f3 f3 77 00 44 89 fe 44 89 ef e8 78 f4 77 00 45 39 fd 0f 8d cf 00 00 00 e8 da f3 77 00 <44> 89 f8 48 b9 00 00 00 00 00 fc ff df 44 29 e8 41 89 c4 41 c1 ec [ 299.456923] RSP: 0018:ffff8881d8f4e970 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 [ 299.464613] RAX: ffff8881b800a0c0 RBX: 0000000000000000 RCX: ffffffff81079718 [ 299.471979] RDX: 0000000000000000 RSI: ffffffff81079726 RDI: 0000000000000004 [ 299.479405] RBP: ffff8881d8f4eb60 R08: ffff8881b800a0c0 R09: ffffed1033a0dfc9 [ 299.486660] R10: ffffed1033a0dfc9 R11: ffff88819d06fe4b R12: ffff88819d064e10 [ 299.493926] R13: 0000000000000000 R14: ffff88819d06fe48 R15: 0000000000000018 [ 299.501187] ? __kvm_gfn_to_hva_cache_init+0x2f8/0xd10 [ 299.506448] ? __kvm_gfn_to_hva_cache_init+0x306/0xd10 [ 299.511714] ? install_new_memslots+0x4b0/0x4b0 [ 299.516363] ? zap_class+0x640/0x640 [ 299.520174] ? mark_held_locks+0x130/0x130 [ 299.524395] ? __lock_is_held+0xb5/0x140 [ 299.528447] kvm_gfn_to_hva_cache_init+0x15a/0x340 [ 299.533358] ? __kvm_gfn_to_hva_cache_init+0xd10/0xd10 [ 299.538617] ? save_stack+0xa9/0xd0 [ 299.542243] ? save_stack+0x43/0xd0 [ 299.545866] kvm_set_msr_common+0x1a0c/0x2670 [ 299.550359] ? zap_class+0x640/0x640 [ 299.554057] ? vmx_vcpu_load+0x339/0x1030 [ 299.558189] ? kvm_write_tsc+0x1490/0x1490 [ 299.562409] ? find_held_lock+0x36/0x1c0 [ 299.566456] ? __might_fault+0x12b/0x1e0 [ 299.570514] ? lock_downgrade+0x900/0x900 [ 299.574646] vmx_set_msr+0x75e/0x1fa0 [ 299.578436] kvm_set_msr+0x18a/0x370 [ 299.582130] do_set_msr+0x10d/0x1a0 [ 299.585740] ? do_get_msr+0x1e0/0x1e0 [ 299.589527] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 299.595049] msr_io+0x222/0x380 [ 299.598322] ? do_get_msr+0x1e0/0x1e0 [ 299.602106] ? kvm_get_msr_common+0x13b0/0x13b0 [ 299.606769] ? check_preemption_disabled+0x48/0x280 [ 299.611778] kvm_arch_vcpu_ioctl+0x966/0x3b10 [ 299.616255] ? kvm_arch_vcpu_ioctl+0x914/0x3b10 [ 299.620913] ? kvm_arch_vcpu_put+0x420/0x420 [ 299.625316] ? kasan_check_read+0x11/0x20 [ 299.629452] ? finish_task_switch+0x1f4/0x910 [ 299.633934] ? trace_hardirqs_off_caller+0x310/0x310 [ 299.639029] ? mark_held_locks+0x130/0x130 [ 299.643247] ? _raw_spin_unlock_irq+0x60/0x80 [ 299.647726] ? finish_task_switch+0x1f4/0x910 [ 299.652205] ? finish_task_switch+0x1b4/0x910 [ 299.656681] ? __switch_to_asm+0x34/0x70 [ 299.660729] ? preempt_notifier_register+0x200/0x200 [ 299.665812] ? __switch_to_asm+0x34/0x70 [ 299.669856] ? __switch_to_asm+0x34/0x70 [ 299.673897] ? __switch_to_asm+0x40/0x70 [ 299.677940] ? __switch_to_asm+0x34/0x70 [ 299.681983] ? __switch_to_asm+0x40/0x70 [ 299.686032] ? __switch_to_asm+0x34/0x70 [ 299.690074] ? __switch_to_asm+0x40/0x70 [ 299.694115] ? __switch_to_asm+0x34/0x70 [ 299.698161] ? __switch_to_asm+0x34/0x70 [ 299.702212] ? __switch_to_asm+0x40/0x70 [ 299.706267] ? __switch_to_asm+0x34/0x70 [ 299.710312] ? __switch_to_asm+0x40/0x70 [ 299.714358] ? __switch_to_asm+0x34/0x70 [ 299.718400] ? __switch_to_asm+0x40/0x70 [ 299.722457] ? __schedule+0x8d7/0x21d0 [ 299.726334] ? __sched_text_start+0x8/0x8 [ 299.730471] ? check_preemption_disabled+0x48/0x280 [ 299.735489] ? find_held_lock+0x36/0x1c0 [ 299.739548] ? try_to_wake_up+0x11c/0x1490 [ 299.743775] ? lock_acquire+0x1ed/0x520 [ 299.747758] ? kvm_vcpu_ioctl+0x1e5/0x1150 [ 299.751986] ? lock_release+0xa00/0xa00 [ 299.755949] ? perf_trace_sched_process_exec+0x860/0x860 [ 299.761404] ? __mutex_lock+0x85e/0x16f0 [ 299.765465] ? kvm_vcpu_ioctl+0x1e5/0x1150 [ 299.769690] ? mutex_trylock+0x2b0/0x2b0 [ 299.773747] ? find_held_lock+0x36/0x1c0 [ 299.777803] ? __lock_acquire+0x62f/0x4c20 [ 299.782021] ? lock_downgrade+0x900/0x900 [ 299.786157] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 299.791336] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 299.796419] ? futex_wake+0x304/0x760 [ 299.800208] ? __lock_acquire+0x62f/0x4c20 [ 299.804432] ? mark_held_locks+0x130/0x130 [ 299.808653] kvm_vcpu_ioctl+0x278/0x1150 [ 299.812703] ? kvm_uevent_notify_change.part.32+0x450/0x450 [ 299.818397] ? find_held_lock+0x36/0x1c0 [ 299.822474] ? __fget+0x4aa/0x740 [ 299.825909] ? lock_downgrade+0x900/0x900 [ 299.830041] ? check_preemption_disabled+0x48/0x280 [ 299.835045] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 299.839954] ? kasan_check_read+0x11/0x20 [ 299.844085] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 299.849343] ? rcu_softirq_qs+0x20/0x20 [ 299.853303] ? __fget+0x4d1/0x740 [ 299.856741] ? ksys_dup3+0x680/0x680 [ 299.860446] ? __might_fault+0x12b/0x1e0 [ 299.864835] ? lock_downgrade+0x900/0x900 [ 299.868967] ? lock_release+0xa00/0xa00 [ 299.872931] ? perf_trace_sched_process_exec+0x860/0x860 [ 299.878367] ? kvm_uevent_notify_change.part.32+0x450/0x450 [ 299.884063] do_vfs_ioctl+0x1de/0x1790 [ 299.887936] ? ioctl_preallocate+0x300/0x300 [ 299.892329] ? __fget_light+0x2e9/0x430 [ 299.896312] ? fget_raw+0x20/0x20 [ 299.899765] ? _copy_to_user+0xc8/0x110 [ 299.903720] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 299.909245] ? put_timespec64+0x10f/0x1b0 [ 299.913380] ? nsecs_to_jiffies+0x30/0x30 [ 299.917511] ? do_syscall_64+0x9a/0x820 [ 299.921467] ? do_syscall_64+0x9a/0x820 [ 299.925425] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 299.929996] ? security_file_ioctl+0x94/0xc0 [ 299.934420] ksys_ioctl+0xa9/0xd0 [ 299.937857] __x64_sys_ioctl+0x73/0xb0 [ 299.941751] do_syscall_64+0x1b9/0x820 [ 299.945621] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 299.950992] ? syscall_return_slowpath+0x5e0/0x5e0 [ 299.955912] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 299.960735] ? trace_hardirqs_on_caller+0x310/0x310 [ 299.965735] ? prepare_exit_to_usermode+0x291/0x3b0 [ 299.970821] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 299.975648] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 299.980813] RIP: 0033:0x457569 [ 299.984030] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 300.002910] RSP: 002b:00007f467a947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 300.010598] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 300.017846] RDX: 0000000020000280 RSI: 000000004008ae89 RDI: 0000000000000005 [ 300.025095] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 300.032345] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f467a9486d4 [ 300.039598] R13: 00000000004bff9d R14: 00000000004d0970 R15: 00000000ffffffff [ 300.046851] [ 300.048463] Allocated by task 2884: [ 300.052205] save_stack+0x43/0xd0 [ 300.055638] kasan_kmalloc+0xc7/0xe0 [ 300.059349] __kmalloc_node+0x50/0x70 [ 300.063132] kvmalloc_node+0xb9/0xf0 [ 300.066825] __kvm_set_memory_region+0x116e/0x2d50 [ 300.071741] kvm_set_memory_region+0x2e/0x50 [ 300.076127] kvm_vm_ioctl+0x652/0x1d60 [ 300.079999] do_vfs_ioctl+0x1de/0x1790 [ 300.083867] ksys_ioctl+0xa9/0xd0 [ 300.087299] __x64_sys_ioctl+0x73/0xb0 [ 300.091168] do_syscall_64+0x1b9/0x820 [ 300.095032] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 300.100195] [ 300.101798] Freed by task 2884: [ 300.105059] save_stack+0x43/0xd0 [ 300.108490] __kasan_slab_free+0x102/0x150 [ 300.112706] kasan_slab_free+0xe/0x10 [ 300.116485] kfree+0xcf/0x230 [ 300.119570] kvfree+0x61/0x70 [ 300.122661] __kvm_set_memory_region+0x1cb3/0x2d50 [ 300.127573] kvm_set_memory_region+0x2e/0x50 [ 300.131963] kvm_vm_ioctl+0x652/0x1d60 [ 300.135839] do_vfs_ioctl+0x1de/0x1790 [ 300.139706] ksys_ioctl+0xa9/0xd0 [ 300.143167] __x64_sys_ioctl+0x73/0xb0 [ 300.147035] do_syscall_64+0x1b9/0x820 [ 300.150903] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 300.156064] [ 300.157675] The buggy address belongs to the object at ffff8881b4302080 [ 300.157675] which belongs to the cache kmalloc-64k of size 65536 [ 300.170487] The buggy address is located 992 bytes inside of [ 300.170487] 65536-byte region [ffff8881b4302080, ffff8881b4312080) [ 300.182512] The buggy address belongs to the page: [ 300.187421] page:ffffea0006d0c000 count:1 mapcount:0 mapping:ffff8881da802500 index:0x0 compound_mapcount: 0 [ 300.197362] flags: 0x2fffc0000010200(slab|head) [ 300.202011] raw: 02fffc0000010200 ffffea0006898808 ffffea00069d1808 ffff8881da802500 [ 300.209874] raw: 0000000000000000 ffff8881b4302080 0000000100000001 0000000000000000 [ 300.217745] page dumped because: kasan: bad access detected [ 300.223439] [ 300.225044] Memory state around the buggy address: [ 300.229952] ffff8881b4302300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 300.237293] ffff8881b4302380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 300.244632] >ffff8881b4302400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 300.251971] ^ [ 300.258453] ffff8881b4302480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 300.265879] ffff8881b4302500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 300.273214] ================================================================== [ 300.280553] Kernel panic - not syncing: panic_on_warn set ... [ 300.286425] CPU: 1 PID: 2896 Comm: syz-executor3 Tainted: G B 4.20.0-rc4+ #351 [ 300.295149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.304479] Call Trace: [ 300.307048] dump_stack+0x244/0x39d [ 300.310676] ? dump_stack_print_info.cold.1+0x20/0x20 [ 300.315855] panic+0x2ad/0x55c [ 300.319033] ? add_taint.cold.5+0x16/0x16 [ 300.323169] ? print_shadow_for_address+0xb6/0x116 [ 300.328092] ? trace_hardirqs_off+0xaf/0x310 [ 300.332485] kasan_end_report+0x47/0x4f [ 300.336437] kasan_report.cold.8+0x76/0x309 [ 300.340762] ? kvm_write_guest_offset_cached+0x693/0x6b0 [ 300.346216] __asan_report_load8_noabort+0x14/0x20 [ 300.351130] kvm_write_guest_offset_cached+0x693/0x6b0 [ 300.356391] ? kvm_get_dirty_log_protect+0x780/0x780 [ 300.361473] ? check_preemption_disabled+0x48/0x280 [ 300.366474] ? vmx_read_guest_seg_ar+0x21c/0x270 [ 300.371215] kvm_arch_vcpu_put+0x365/0x420 [ 300.375431] kvm_sched_out+0x91/0xb0 [ 300.379127] __schedule+0x103d/0x21d0 [ 300.382912] ? __sched_text_start+0x8/0x8 [ 300.387039] ? __update_load_avg_se+0xae0/0xae0 [ 300.391688] ? mark_held_locks+0xc7/0x130 [ 300.395815] ? __update_load_avg_blocked_se+0x690/0x690 [ 300.401158] ? preempt_schedule_irq+0x90/0x140 [ 300.405723] ? preempt_schedule_irq+0x90/0x140 [ 300.410302] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 300.414860] ? trace_hardirqs_on+0xbd/0x310 [ 300.419160] ? retint_kernel+0x1b/0x2d [ 300.423032] ? trace_hardirqs_off_caller+0x310/0x310 [ 300.428114] ? update_load_avg+0x387/0x2470 [ 300.432416] ? __update_load_avg_blocked_se+0x690/0x690 [ 300.437762] preempt_schedule_irq+0xb9/0x140 [ 300.442152] retint_kernel+0x1b/0x2d [ 300.445849] RIP: 0010:__kvm_gfn_to_hva_cache_init+0x306/0xd10 [ 300.451716] Code: 4c 39 eb 0f 82 6e 01 00 00 45 31 ed e8 f3 f3 77 00 44 89 fe 44 89 ef e8 78 f4 77 00 45 39 fd 0f 8d cf 00 00 00 e8 da f3 77 00 <44> 89 f8 48 b9 00 00 00 00 00 fc ff df 44 29 e8 41 89 c4 41 c1 ec [ 300.470592] RSP: 0018:ffff8881d8f4e970 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 [ 300.478295] RAX: ffff8881b800a0c0 RBX: 0000000000000000 RCX: ffffffff81079718 [ 300.485544] RDX: 0000000000000000 RSI: ffffffff81079726 RDI: 0000000000000004 [ 300.492794] RBP: ffff8881d8f4eb60 R08: ffff8881b800a0c0 R09: ffffed1033a0dfc9 [ 300.500041] R10: ffffed1033a0dfc9 R11: ffff88819d06fe4b R12: ffff88819d064e10 [ 300.507291] R13: 0000000000000000 R14: ffff88819d06fe48 R15: 0000000000000018 [ 300.514545] ? __kvm_gfn_to_hva_cache_init+0x2f8/0xd10 [ 300.519818] ? __kvm_gfn_to_hva_cache_init+0x306/0xd10 [ 300.525079] ? install_new_memslots+0x4b0/0x4b0 [ 300.529730] ? zap_class+0x640/0x640 [ 300.533439] ? mark_held_locks+0x130/0x130 [ 300.537655] ? __lock_is_held+0xb5/0x140 [ 300.541698] kvm_gfn_to_hva_cache_init+0x15a/0x340 [ 300.546618] ? __kvm_gfn_to_hva_cache_init+0xd10/0xd10 [ 300.551880] ? save_stack+0xa9/0xd0 [ 300.555491] ? save_stack+0x43/0xd0 [ 300.559099] kvm_set_msr_common+0x1a0c/0x2670 [ 300.563571] ? zap_class+0x640/0x640 [ 300.567267] ? vmx_vcpu_load+0x339/0x1030 [ 300.571396] ? kvm_write_tsc+0x1490/0x1490 [ 300.575616] ? find_held_lock+0x36/0x1c0 [ 300.579666] ? __might_fault+0x12b/0x1e0 [ 300.583715] ? lock_downgrade+0x900/0x900 [ 300.587863] vmx_set_msr+0x75e/0x1fa0 [ 300.591648] kvm_set_msr+0x18a/0x370 [ 300.595361] do_set_msr+0x10d/0x1a0 [ 300.598971] ? do_get_msr+0x1e0/0x1e0 [ 300.602751] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 300.608273] msr_io+0x222/0x380 [ 300.611533] ? do_get_msr+0x1e0/0x1e0 [ 300.615315] ? kvm_get_msr_common+0x13b0/0x13b0 [ 300.619985] ? check_preemption_disabled+0x48/0x280 [ 300.624993] kvm_arch_vcpu_ioctl+0x966/0x3b10 [ 300.629470] ? kvm_arch_vcpu_ioctl+0x914/0x3b10 [ 300.634214] ? kvm_arch_vcpu_put+0x420/0x420 [ 300.638608] ? kasan_check_read+0x11/0x20 [ 300.642737] ? finish_task_switch+0x1f4/0x910 [ 300.647217] ? trace_hardirqs_off_caller+0x310/0x310 [ 300.652336] ? mark_held_locks+0x130/0x130 [ 300.656554] ? _raw_spin_unlock_irq+0x60/0x80 [ 300.661033] ? finish_task_switch+0x1f4/0x910 [ 300.665511] ? finish_task_switch+0x1b4/0x910 [ 300.669988] ? __switch_to_asm+0x34/0x70 [ 300.674035] ? preempt_notifier_register+0x200/0x200 [ 300.679118] ? __switch_to_asm+0x34/0x70 [ 300.683160] ? __switch_to_asm+0x34/0x70 [ 300.687206] ? __switch_to_asm+0x40/0x70 [ 300.691246] ? __switch_to_asm+0x34/0x70 [ 300.695285] ? __switch_to_asm+0x40/0x70 [ 300.699327] ? __switch_to_asm+0x34/0x70 [ 300.703370] ? __switch_to_asm+0x40/0x70 [ 300.707413] ? __switch_to_asm+0x34/0x70 [ 300.711455] ? __switch_to_asm+0x34/0x70 [ 300.715498] ? __switch_to_asm+0x40/0x70 [ 300.719542] ? __switch_to_asm+0x34/0x70 [ 300.723587] ? __switch_to_asm+0x40/0x70 [ 300.727629] ? __switch_to_asm+0x34/0x70 [ 300.731679] ? __switch_to_asm+0x40/0x70 [ 300.735738] ? __schedule+0x8d7/0x21d0 [ 300.739611] ? __sched_text_start+0x8/0x8 [ 300.743746] ? check_preemption_disabled+0x48/0x280 [ 300.748746] ? find_held_lock+0x36/0x1c0 [ 300.752794] ? try_to_wake_up+0x11c/0x1490 [ 300.757016] ? lock_acquire+0x1ed/0x520 [ 300.760973] ? kvm_vcpu_ioctl+0x1e5/0x1150 [ 300.765191] ? lock_release+0xa00/0xa00 [ 300.769260] ? perf_trace_sched_process_exec+0x860/0x860 [ 300.774704] ? __mutex_lock+0x85e/0x16f0 [ 300.778746] ? kvm_vcpu_ioctl+0x1e5/0x1150 [ 300.782965] ? mutex_trylock+0x2b0/0x2b0 [ 300.787013] ? find_held_lock+0x36/0x1c0 [ 300.791060] ? __lock_acquire+0x62f/0x4c20 [ 300.795280] ? lock_downgrade+0x900/0x900 [ 300.799418] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 300.804609] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 300.809711] ? futex_wake+0x304/0x760 [ 300.813500] ? __lock_acquire+0x62f/0x4c20 [ 300.817724] ? mark_held_locks+0x130/0x130 [ 300.821949] kvm_vcpu_ioctl+0x278/0x1150 [ 300.825996] ? kvm_uevent_notify_change.part.32+0x450/0x450 [ 300.831705] ? find_held_lock+0x36/0x1c0 [ 300.835748] ? __fget+0x4aa/0x740 [ 300.839182] ? lock_downgrade+0x900/0x900 [ 300.843313] ? check_preemption_disabled+0x48/0x280 [ 300.848329] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 300.853501] ? kasan_check_read+0x11/0x20 [ 300.857634] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 300.862888] ? rcu_softirq_qs+0x20/0x20 [ 300.866849] ? __fget+0x4d1/0x740 [ 300.870286] ? ksys_dup3+0x680/0x680 [ 300.874075] ? __might_fault+0x12b/0x1e0 [ 300.878133] ? lock_downgrade+0x900/0x900 [ 300.882266] ? lock_release+0xa00/0xa00 [ 300.886220] ? perf_trace_sched_process_exec+0x860/0x860 [ 300.891652] ? kvm_uevent_notify_change.part.32+0x450/0x450 [ 300.897356] do_vfs_ioctl+0x1de/0x1790 [ 300.901226] ? ioctl_preallocate+0x300/0x300 [ 300.905615] ? __fget_light+0x2e9/0x430 [ 300.909566] ? fget_raw+0x20/0x20 [ 300.913001] ? _copy_to_user+0xc8/0x110 [ 300.916957] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 300.922479] ? put_timespec64+0x10f/0x1b0 [ 300.926610] ? nsecs_to_jiffies+0x30/0x30 [ 300.930741] ? do_syscall_64+0x9a/0x820 [ 300.934697] ? do_syscall_64+0x9a/0x820 [ 300.938688] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 300.943255] ? security_file_ioctl+0x94/0xc0 [ 300.947657] ksys_ioctl+0xa9/0xd0 [ 300.951107] __x64_sys_ioctl+0x73/0xb0 [ 300.954980] do_syscall_64+0x1b9/0x820 [ 300.958849] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 300.964201] ? syscall_return_slowpath+0x5e0/0x5e0 [ 300.969131] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 300.973959] ? trace_hardirqs_on_caller+0x310/0x310 [ 300.978958] ? prepare_exit_to_usermode+0x291/0x3b0 [ 300.983973] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 300.988801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 300.993971] RIP: 0033:0x457569 [ 300.997152] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 301.016134] RSP: 002b:00007f467a947c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 301.024274] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 301.031525] RDX: 0000000020000280 RSI: 000000004008ae89 RDI: 0000000000000005 [ 301.038775] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 301.046025] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f467a9486d4 [ 301.053278] R13: 00000000004bff9d R14: 00000000004d0970 R15: 00000000ffffffff [ 301.060532] [ 301.060537] ====================================================== [ 301.060541] WARNING: possible circular locking dependency detected [ 301.060543] 4.20.0-rc4+ #351 Not tainted [ 301.060547] ------------------------------------------------------ [ 301.060551] syz-executor3/2896 is trying to acquire lock: [ 301.060553] 00000000434720d8 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70 [ 301.060563] [ 301.060566] but task is already holding lock: [ 301.060568] 00000000325f1787 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 301.060578] [ 301.060581] which lock already depends on the new lock. [ 301.060583] [ 301.060585] [ 301.060589] the existing dependency chain (in reverse order) is: [ 301.060590] [ 301.060592] -> #3 (report_lock){....}: [ 301.060602] _raw_spin_lock_irqsave+0x99/0xd0 [ 301.060604] kasan_report+0x8b/0x110 [ 301.060608] __asan_report_load8_noabort+0x14/0x20 [ 301.060611] kvm_write_guest_offset_cached+0x693/0x6b0 [ 301.060614] kvm_arch_vcpu_put+0x365/0x420 [ 301.060617] kvm_sched_out+0x91/0xb0 [ 301.060620] __schedule+0x103d/0x21d0 [ 301.060623] preempt_schedule_irq+0xb9/0x140 [ 301.060626] retint_kernel+0x1b/0x2d [ 301.060629] __kvm_gfn_to_hva_cache_init+0x306/0xd10 [ 301.060633] kvm_gfn_to_hva_cache_init+0x15a/0x340 [ 301.060636] kvm_set_msr_common+0x1a0c/0x2670 [ 301.060639] vmx_set_msr+0x75e/0x1fa0 [ 301.060641] kvm_set_msr+0x18a/0x370 [ 301.060644] do_set_msr+0x10d/0x1a0 [ 301.060647] msr_io+0x222/0x380 [ 301.060650] kvm_arch_vcpu_ioctl+0x966/0x3b10 [ 301.060653] kvm_vcpu_ioctl+0x278/0x1150 [ 301.060656] do_vfs_ioctl+0x1de/0x1790 [ 301.060658] ksys_ioctl+0xa9/0xd0 [ 301.060661] __x64_sys_ioctl+0x73/0xb0 [ 301.060668] do_syscall_64+0x1b9/0x820 [ 301.060685] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 301.060686] [ 301.060688] -> #2 (&rq->lock){-.-.}: [ 301.060697] _raw_spin_lock+0x2d/0x40 [ 301.060699] task_fork_fair+0xb0/0x6d0 [ 301.060702] sched_fork+0x443/0xba0 [ 301.060705] copy_process+0x25b8/0x87a0 [ 301.060707] _do_fork+0x1cb/0x11d0 [ 301.060710] kernel_thread+0x34/0x40 [ 301.060729] rest_init+0x28/0x372 [ 301.060732] arch_call_rest_init+0xe/0x1b [ 301.060735] start_kernel+0x9f0/0xa2b [ 301.060738] x86_64_start_reservations+0x2e/0x30 [ 301.060741] x86_64_start_kernel+0x76/0x79 [ 301.060744] secondary_startup_64+0xa4/0xb0 [ 301.060746] [ 301.060748] -> #1 (&p->pi_lock){-.-.}: [ 301.060757] _raw_spin_lock_irqsave+0x99/0xd0 [ 301.060760] try_to_wake_up+0xdc/0x1490 [ 301.060763] wake_up_process+0x10/0x20 [ 301.060766] __up.isra.1+0x1c0/0x2a0 [ 301.060768] up+0x13c/0x1c0 [ 301.060771] __up_console_sem+0xbe/0x1b0 [ 301.060774] console_unlock+0x811/0x1190 [ 301.060777] vprintk_emit+0x391/0x990 [ 301.060780] vprintk_default+0x28/0x30 [ 301.060783] vprintk_func+0x7e/0x181 [ 301.060785] printk+0xa7/0xcf [ 301.060788] kobject_get_path.cold.8+0x38/0x47 [ 301.060791] kobject_uevent_env+0x314/0x101e [ 301.060794] reg_query_database+0x283/0x400 [ 301.060797] reg_process_hint+0x189/0xec0 [ 301.060800] reg_todo+0x49a/0xc20 [ 301.060803] process_one_work+0xc90/0x1c40 [ 301.060806] worker_thread+0x17f/0x1390 [ 301.060809] kthread+0x35a/0x440 [ 301.060811] ret_from_fork+0x3a/0x50 [ 301.060813] [ 301.060814] -> #0 ((console_sem).lock){-.-.}: [ 301.060824] lock_acquire+0x1ed/0x520 [ 301.060827] _raw_spin_lock_irqsave+0x99/0xd0 [ 301.060830] down_trylock+0x13/0x70 [ 301.060833] __down_trylock_console_sem+0xae/0x1f0 [ 301.060836] console_trylock+0x15/0xa0 [ 301.060839] vprintk_emit+0x372/0x990 [ 301.060842] vprintk_default+0x28/0x30 [ 301.060845] vprintk_func+0x7e/0x181 [ 301.060847] printk+0xa7/0xcf [ 301.060850] kasan_report+0x9b/0x110 [ 301.060853] __asan_report_load8_noabort+0x14/0x20 [ 301.060857] kvm_write_guest_offset_cached+0x693/0x6b0 [ 301.060860] kvm_arch_vcpu_put+0x365/0x420 [ 301.060862] kvm_sched_out+0x91/0xb0 [ 301.060865] __schedule+0x103d/0x21d0 [ 301.060868] preempt_schedule_irq+0xb9/0x140 [ 301.060871] retint_kernel+0x1b/0x2d [ 301.060875] __kvm_gfn_to_hva_cache_init+0x306/0xd10 [ 301.060878] kvm_gfn_to_hva_cache_init+0x15a/0x340 [ 301.060881] kvm_set_msr_common+0x1a0c/0x2670 [ 301.060884] vmx_set_msr+0x75e/0x1fa0 [ 301.060887] kvm_set_msr+0x18a/0x370 [ 301.060889] do_set_msr+0x10d/0x1a0 [ 301.060892] msr_io+0x222/0x380 [ 301.060895] kvm_arch_vcpu_ioctl+0x966/0x3b10 [ 301.060898] kvm_vcpu_ioctl+0x278/0x1150 [ 301.060901] do_vfs_ioctl+0x1de/0x1790 [ 301.060904] ksys_ioctl+0xa9/0xd0 [ 301.060912] __x64_sys_ioctl+0x73/0xb0 [ 301.060915] do_syscall_64+0x1b9/0x820 [ 301.060919] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 301.060939] [ 301.060942] other info that might help us debug this: [ 301.060944] [ 301.060946] Chain exists of: [ 301.060948] (console_sem).lock --> &rq->lock --> report_lock [ 301.060961] [ 301.060964] Possible unsafe locking scenario: [ 301.060965] [ 301.060969] CPU0 CPU1 [ 301.060972] ---- ---- [ 301.060974] lock(report_lock); [ 301.060980] lock(&rq->lock); [ 301.060987] lock(report_lock); [ 301.060993] lock((console_sem).lock); [ 301.060998] [ 301.061001] *** DEADLOCK *** [ 301.061002] [ 301.061006] 5 locks held by syz-executor3/2896: [ 301.061007] #0: 0000000013a728e2 (&vcpu->mutex){+.+.}, at: kvm_vcpu_ioctl+0x1e5/0x1150 [ 301.061020] #1: 00000000b606fe1a (&kvm->srcu){....}, at: kvm_arch_vcpu_ioctl+0x914/0x3b10 [ 301.061032] #2: 0000000079789dfe (&rq->lock){-.-.}, at: __schedule+0x236/0x21d0 [ 301.061044] #3: 00000000b606fe1a (&kvm->srcu){....}, at: kvm_arch_vcpu_put+0x136/0x420 [ 301.061056] #4: 00000000325f1787 (report_lock){....}, at: kasan_report+0x8b/0x110 [ 301.061068] [ 301.061070] stack backtrace: [ 301.061075] CPU: 1 PID: 2896 Comm: syz-executor3 Not tainted 4.20.0-rc4+ #351 [ 301.061081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 301.061083] Call Trace: [ 301.061086] dump_stack+0x244/0x39d [ 301.061089] ? dump_stack_print_info.cold.1+0x20/0x20 [ 301.061092] ? vprintk_func+0x85/0x181 [ 301.061096] print_circular_bug.isra.35.cold.54+0x1bd/0x27d [ 301.061099] ? save_trace+0xe0/0x290 [ 301.061102] __lock_acquire+0x3399/0x4c20 [ 301.061105] ? mark_held_locks+0x130/0x130 [ 301.061109] ? mark_held_locks+0x130/0x130 [ 301.061112] ? rcu_softirq_qs+0x20/0x20 [ 301.061115] ? unwind_dump+0x190/0x190 [ 301.061118] ? is_bpf_text_address+0xd3/0x170 [ 301.061121] ? kernel_text_address+0x79/0xf0 [ 301.061124] ? __kernel_text_address+0xd/0x40 [ 301.061128] ? __save_stack_trace+0x8d/0xf0 [ 301.061131] ? add_lock_to_list.isra.28+0x1ec/0x4c0 [ 301.061134] ? save_trace+0x290/0x290 [ 301.061137] ? save_stack_trace+0x1a/0x20 [ 301.061140] ? save_trace+0xe0/0x290 [ 301.061143] ? zap_class+0x640/0x640 [ 301.061147] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 301.061150] lock_acquire+0x1ed/0x520 [ 301.061153] ? down_trylock+0x13/0x70 [ 301.061156] ? lock_release+0xa00/0xa00 [ 301.061159] ? trace_hardirqs_off+0xb8/0x310 [ 301.061162] ? vprintk_emit+0x1de/0x990 [ 301.061165] ? trace_hardirqs_on+0x310/0x310 [ 301.061168] ? trace_hardirqs_off+0xb8/0x310 [ 301.061173] ? log_store+0x344/0x4c0 [ 301.061176] ? vprintk_emit+0x372/0x990 [ 301.061180] _raw_spin_lock_irqsave+0x99/0xd0 [ 301.061183] ? down_trylock+0x13/0x70 [ 301.061185] down_trylock+0x13/0x70 [ 301.061189] __down_trylock_console_sem+0xae/0x1f0 [ 301.061192] console_trylock+0x15/0xa0 [ 301.061195] vprintk_emit+0x372/0x990 [ 301.061198] ? wake_up_klogd+0x180/0x180 [ 301.061201] ? pick_next_task_fair+0xa05/0x1b30 [ 301.061205] ? rcu_read_lock_sched_held+0x14f/0x180 [ 301.061208] ? rcu_note_context_switch+0x12ad/0x2150 [ 301.061211] ? rb_next+0x140/0x140 [ 301.061214] ? lock_acquire+0x1ed/0x520 [ 301.061217] vprintk_default+0x28/0x30 [ 301.061220] vprintk_func+0x7e/0x181 [ 301.061223] printk+0xa7/0xcf [ 301.061226] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 301.061229] kasan_report+0x9b/0x110 [ 301.061233] ? kvm_write_guest_offset_cached+0x693/0x6b0 [ 301.061237] __asan_report_load8_noabort+0x14/0x20 [ 301.061240] kvm_write_guest_offset_cached+0x693/0x6b0 [ 301.061244] ? kvm_get_dirty_log_protect+0x780/0x780 [ 301.061248] ? check_preemption_disabled+0x48/0x280 [ 301.061251] ? vmx_read_guest_seg_ar+0x21c/0x270 [ 301.061254] kvm_arch_vcpu_put+0x365/0x420 [ 301.061257] kvm_sched_out+0x91/0xb0 [ 301.061260] __schedule+0x103d/0x21d0 [ 301.061263] ? __sched_text_start+0x8/0x8 [ 301.061267] ? __update_load_avg_se+0xae0/0xae0 [ 301.061270] ? mark_held_locks+0xc7/0x130 [ 301.061273] ? __update_load_avg_blocked_se+0x690/0x690 [ 301.061277] ? preempt_schedule_irq+0x90/0x140 [ 301.061280] ? preempt_schedule_irq+0x90/0x140 [ 301.061283] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 301.061286] ? trace_hardirqs_on+0xbd/0x310 [ 301.061289] ? retint_kernel+0x1b/0x2d [ 301.061293] ? trace_hardirqs_off_caller+0x310/0x310 [ 301.061296] ? update_load_avg+0x387/0x2470 [ 301.061300] ? __update_load_avg_blocked_se+0x690/0x690 [ 301.061303] preempt_schedule_irq+0xb9/0x140 [ 301.061306] retint_kernel+0x1b/0x2d [ 301.061310] RIP: 0010:__kvm_gfn_to_hva_cache_init+0x306/0xd10 [ 301.061321] Code: 4c 39 eb 0f 82 6e 01 00 00 45 31 ed e8 f3 f3 77 00 44 89 fe 44 89 ef e8 78 f4 77 00 45 39 fd 0f 8d cf 00 00 00 e8 da f3 77 00 <44> 89 f8 48 b9 00 00 00 00 00 fc ff df 44 29 e8 41 89 c4 41 c1 ec [ 301.061324] RSP: 0018:ffff8881d8f4e970 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 [ 301.061332] RAX: ffff8881b800a0c0 RBX: 0000000000000000 RCX: ffffffff81079718 [ 301.061337] RDX: 0000000000000000 RSI: ffffffff81079726 RDI: 0000000000000004 [ 301.061342] RBP: ffff8881d8f4eb60 R08: ffff8881b800a0c0 R09: ffffed1033a0dfc9 [ 301.061346] R10: ffffed1033a0dfc9 R11: ffff88819d06fe4b R12: ffff88819d064e10 [ 301.061351] R13: 0000000000000000 R14: ffff88819d06fe48 R15: 0000000000000018 [ 301.061355] ? __kvm_gfn_to_hva_cache_init+0x2f8/0xd10 [ 301.061358] ? __kvm_gfn_to_hva_cache_init+0x306/0xd10 [ 301.061362] ? install_new_memslots+0x4b0/0x4b0 [ 301.061364] ? zap_class+0x640/0x640 [ 301.061368] ? mark_held_locks+0x130/0x130 [ 301.061371] ? __lock_is_held+0xb5/0x140 [ 301.061374] kvm_gfn_to_hva_cache_init+0x15a/0x340 [ 301.061378] ? __kvm_gfn_to_hva_cache_init+0xd10/0xd10 [ 301.061381] ? save_stack+0xa9/0xd0 [ 301.061383] ? save_stack+0x43/0xd0 [ 301.061386] kvm_set_msr_common+0x1a [ 301.061392] Lost 109 message(s)! [ 302.265674] Shutting down cpus with NMI [ 303.297036] Kernel Offset: disabled [ 303.300650] Rebooting in 86400 seconds..