[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.510877] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.110905] random: sshd: uninitialized urandom read (32 bytes read) [ 29.480894] random: sshd: uninitialized urandom read (32 bytes read) [ 30.071161] random: sshd: uninitialized urandom read (32 bytes read) [ 58.441294] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts. [ 64.093013] random: sshd: uninitialized urandom read (32 bytes read) 2018/09/21 18:39:56 parsed 1 programs [ 65.053217] random: cc1: uninitialized urandom read (8 bytes read) 2018/09/21 18:39:57 executed programs: 0 [ 66.112082] IPVS: ftp: loaded support on port[0] = 21 [ 66.112101] IPVS: ftp: loaded support on port[0] = 21 [ 66.130476] IPVS: ftp: loaded support on port[0] = 21 [ 66.130803] IPVS: ftp: loaded support on port[0] = 21 [ 66.139093] IPVS: ftp: loaded support on port[0] = 21 [ 66.154266] IPVS: ftp: loaded support on port[0] = 21 [ 67.393742] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.400730] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.415182] device bridge_slave_0 entered promiscuous mode [ 67.474161] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.480578] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.499866] device bridge_slave_1 entered promiscuous mode [ 67.515553] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.522043] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.530336] device bridge_slave_0 entered promiscuous mode [ 67.551154] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.559760] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.567821] device bridge_slave_0 entered promiscuous mode [ 67.585156] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.591528] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.610804] device bridge_slave_0 entered promiscuous mode [ 67.619946] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 67.644862] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.651676] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.663367] device bridge_slave_1 entered promiscuous mode [ 67.684011] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.690497] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.700147] device bridge_slave_1 entered promiscuous mode [ 67.713795] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.720184] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.730719] device bridge_slave_1 entered promiscuous mode [ 67.740581] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 67.751462] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 67.761664] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.773145] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.785101] device bridge_slave_0 entered promiscuous mode [ 67.795209] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 67.803914] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.810304] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.823719] device bridge_slave_0 entered promiscuous mode [ 67.833780] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 67.855492] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.862051] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.870565] device bridge_slave_1 entered promiscuous mode [ 67.881117] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 67.898863] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.908908] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.918594] device bridge_slave_1 entered promiscuous mode [ 67.927573] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 67.948772] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 67.960582] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 68.005479] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 68.015897] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 68.045702] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 68.090459] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 68.189747] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 68.201569] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 68.216090] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 68.250329] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 68.264522] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 68.274720] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 68.291489] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 68.317802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 68.334919] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 68.346007] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 68.362301] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 68.375703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 68.393385] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 68.404030] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 68.415147] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 68.427169] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 68.445182] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 68.462843] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 68.469958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 68.664722] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.672354] team0: Port device team_slave_0 added [ 68.689705] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.707096] team0: Port device team_slave_0 added [ 68.760316] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 68.769056] team0: Port device team_slave_1 added [ 68.776625] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.788901] team0: Port device team_slave_0 added [ 68.802163] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 68.813325] team0: Port device team_slave_1 added [ 68.822043] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.833290] team0: Port device team_slave_0 added [ 68.840776] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.855076] team0: Port device team_slave_0 added [ 68.884651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.901930] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 68.915034] team0: Port device team_slave_1 added [ 68.921360] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.937207] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 68.946434] team0: Port device team_slave_1 added [ 68.964913] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.977269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 68.994402] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 69.001857] team0: Port device team_slave_1 added [ 69.008536] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 69.016658] team0: Port device team_slave_0 added [ 69.030771] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 69.046854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.063598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.079694] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.087720] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.096626] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 69.107173] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 69.117853] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.129184] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 69.137891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.153334] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.161041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.180755] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.188524] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.196598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.204642] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.212691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.221725] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 69.229705] team0: Port device team_slave_1 added [ 69.238689] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 69.254981] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 69.262241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.272184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.291603] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.302481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.310774] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 69.320315] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.333384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.343247] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.350868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.364981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.373820] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 69.382930] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.390253] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.407164] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 69.428285] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.441481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.449956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.458754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.470803] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.481729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.489665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.497362] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.509620] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 69.537757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.548160] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.569834] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 69.588175] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.601714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.623017] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 69.650975] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.666381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.687077] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.706373] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 69.725566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.744546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.757401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.765613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 70.124364] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.130945] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.138012] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.144489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.165332] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 70.260984] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.267458] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.274179] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.280565] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.304030] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 70.316727] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.323195] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.329878] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.336319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.344884] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 70.422803] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.429255] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.436004] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.442441] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.481384] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 70.541362] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.547830] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.554625] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.561040] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.570847] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 70.667327] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.673796] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.680490] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.686930] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.698882] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 71.072645] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.084271] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.104377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.113636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.121031] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.129302] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.135232] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.271403] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.291960] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.439969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.450496] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 73.468182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.539004] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 73.550138] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 73.574799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.705706] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 73.712062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 73.726933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.745339] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 73.812304] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 73.825264] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 73.834178] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 73.840363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 73.849918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.862566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 73.869745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.881817] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 74.039018] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 74.046479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 74.058303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.079334] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.089239] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 74.104246] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.110970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 74.122088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.201239] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.218479] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 74.242720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 74.250006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.330218] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.347542] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.467790] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.844482] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 2018/09/21 18:40:07 executed programs: 6 2018/09/21 18:40:12 executed programs: 199 2018/09/21 18:40:17 executed programs: 392 2018/09/21 18:40:22 executed programs: 587 2018/09/21 18:40:27 executed programs: 784 2018/09/21 18:40:32 executed programs: 978 2018/09/21 18:40:37 executed programs: 1181 2018/09/21 18:40:42 executed programs: 1375 [ 111.352869] ================================================================== [ 111.360463] BUG: KASAN: use-after-free in finish_task_switch+0x5a5/0x900 [ 111.367316] Read of size 8 at addr ffff8801d2c488d8 by task syz-executor4/11045 [ 111.367324] [ 111.367338] CPU: 1 PID: 11045 Comm: syz-executor4 Not tainted 4.19.0-rc4+ #248 [ 111.367346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.367351] Call Trace: [ 111.367384] dump_stack+0x1c4/0x2b4 [ 111.367404] ? dump_stack_print_info.cold.2+0x52/0x52 [ 111.367420] ? printk+0xa7/0xcf [ 111.367438] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 111.367462] print_address_description.cold.8+0x9/0x1ff [ 111.367479] kasan_report.cold.9+0x242/0x309 [ 111.383934] ? finish_task_switch+0x5a5/0x900 [ 111.383957] __asan_report_load8_noabort+0x14/0x20 [ 111.383972] finish_task_switch+0x5a5/0x900 [ 111.383986] ? __switch_to_asm+0x34/0x70 [ 111.384004] ? preempt_notifier_register+0x200/0x200 [ 111.384015] ? __switch_to_asm+0x34/0x70 [ 111.384028] ? __switch_to_asm+0x34/0x70 [ 111.384039] ? __switch_to_asm+0x40/0x70 [ 111.384050] ? __switch_to_asm+0x34/0x70 [ 111.384061] ? __switch_to_asm+0x40/0x70 [ 111.384073] ? __switch_to_asm+0x34/0x70 [ 111.384085] ? __switch_to_asm+0x40/0x70 [ 111.384104] ? __switch_to_asm+0x34/0x70 [ 111.404888] ? __switch_to_asm+0x34/0x70 [ 111.404927] ? __switch_to_asm+0x40/0x70 [ 111.412978] ? __switch_to_asm+0x34/0x70 [ 111.412991] ? __switch_to_asm+0x40/0x70 [ 111.413003] ? __switch_to_asm+0x34/0x70 [ 111.413015] ? __switch_to_asm+0x40/0x70 [ 111.413037] __schedule+0x874/0x1ed0 [ 111.413061] ? __sched_text_start+0x8/0x8 [ 111.413074] ? check_preemption_disabled+0x48/0x200 [ 111.413101] ? find_held_lock+0x36/0x1c0 [ 111.413122] ? try_to_wake_up+0x10a/0x12f0 [ 111.427398] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 111.427414] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 111.427433] ? lockdep_hardirqs_on+0x421/0x5c0 [ 111.427450] ? preempt_schedule+0x4d/0x60 [ 111.427469] preempt_schedule_common+0x1f/0xd0 [ 111.440771] preempt_schedule+0x4d/0x60 [ 111.440789] ___preempt_schedule+0x16/0x18 [ 111.440812] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 111.449970] try_to_wake_up+0x10a/0x12f0 [ 111.449984] ? __mutex_lock+0x85e/0x1700 [ 111.450008] ? migrate_swap_stop+0x930/0x930 [ 111.450027] ? find_held_lock+0x36/0x1c0 [ 111.458163] ? futex_wake+0x613/0x760 [ 111.470324] ? lock_downgrade+0x900/0x900 [ 111.470351] ? kasan_check_read+0x11/0x20 [ 111.470381] ? do_raw_spin_unlock+0xa7/0x2f0 [ 111.478521] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 111.478541] ? __unqueue_futex+0x2e0/0x2e0 [ 111.478559] wake_up_q+0xa4/0x100 [ 111.478580] futex_wake+0x61f/0x760 [ 111.486732] ? get_futex_key+0x21b0/0x21b0 [ 111.486756] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 111.486772] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 111.486791] ? rcu_pm_notify+0xc0/0xc0 [ 111.494949] do_futex+0x2e4/0x26d0 [ 111.494972] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 111.494997] ? exit_robust_list+0x280/0x280 [ 111.495011] ? find_held_lock+0x36/0x1c0 [ 111.495033] ? __fget+0x4aa/0x740 [ 111.495048] ? lock_downgrade+0x900/0x900 [ 111.495071] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 111.495092] ? kasan_check_read+0x11/0x20 [ 111.503232] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 111.503249] ? rcu_bh_qs+0xc0/0xc0 [ 111.503275] ? __fget+0x4d1/0x740 [ 111.503297] ? ksys_dup3+0x680/0x680 [ 111.503335] ? kvm_vcpu_block+0x1030/0x1030 [ 111.511223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.511242] ? do_vfs_ioctl+0x201/0x1720 [ 111.511264] ? ioctl_preallocate+0x300/0x300 [ 111.511283] ? __fget_light+0x2e9/0x430 [ 111.519185] kobject: 'kvm' (000000002944e90a): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 111.520386] ? fget_raw+0x20/0x20 [ 111.520404] ? graph_lock+0x170/0x170 [ 111.520431] __x64_sys_futex+0x472/0x6a0 [ 111.520452] ? do_futex+0x26d0/0x26d0 [ 111.549772] kobject: 'kvm' (000000002944e90a): kobject_uevent_env [ 111.552178] ? trace_hardirqs_on+0xbd/0x310 [ 111.552197] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 111.552213] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 111.552232] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 111.579411] kobject: 'kvm' (000000002944e90a): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 111.581788] ? ksys_ioctl+0x81/0xd0 [ 111.581816] do_syscall_64+0x1b9/0x820 [ 111.581834] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 111.581853] ? syscall_return_slowpath+0x5e0/0x5e0 [ 111.598021] kobject: 'loop2' (00000000221b9c13): kobject_uevent_env [ 111.599193] ? trace_hardirqs_on_caller+0x310/0x310 [ 111.599212] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 111.607022] kobject: 'kvm' (000000002944e90a): kobject_uevent_env [ 111.607061] ? recalc_sigpending_tsk+0x180/0x180 [ 111.610726] kobject: 'kvm' (000000002944e90a): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 111.614943] ? kasan_check_write+0x14/0x20 [ 111.614965] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 111.614987] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 111.615000] RIP: 0033:0x457679 [ 111.615016] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 111.615024] RSP: 002b:00007f0ff74accf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 111.615038] RAX: ffffffffffffffda RBX: 000000000072bfa8 RCX: 0000000000457679 [ 111.615047] RDX: 0000000000000016 RSI: 0000000000000081 RDI: 000000000072bfac [ 111.615061] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 111.628131] kobject: 'loop2' (00000000221b9c13): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 111.629749] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000072bfac [ 111.629759] R13: 00007fffdbbe9ddf R14: 00007f0ff74ad9c0 R15: 0000000000000001 [ 111.629785] [ 111.629793] Allocated by task 11039: [ 111.629810] save_stack+0x43/0xd0 [ 111.629827] kasan_kmalloc+0xc7/0xe0 [ 111.640056] kobject: 'kvm' (000000002944e90a): kobject_uevent_env [ 111.641926] kasan_slab_alloc+0x12/0x20 [ 111.641942] kmem_cache_alloc+0x12e/0x730 [ 111.641956] vmx_create_vcpu+0xcf/0x25e0 [ 111.641969] kvm_arch_vcpu_create+0xe5/0x220 [ 111.641985] kvm_vm_ioctl+0x470/0x1d40 [ 111.650839] kobject: 'loop1' (00000000a87c1c02): kobject_uevent_env [ 111.653650] do_vfs_ioctl+0x1de/0x1720 [ 111.653664] ksys_ioctl+0xa9/0xd0 [ 111.653677] __x64_sys_ioctl+0x73/0xb0 [ 111.653692] do_syscall_64+0x1b9/0x820 [ 111.653708] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 111.653712] [ 111.653719] Freed by task 11038: [ 111.653731] save_stack+0x43/0xd0 [ 111.653742] __kasan_slab_free+0x102/0x150 [ 111.653752] kasan_slab_free+0xe/0x10 [ 111.653766] kmem_cache_free+0x83/0x290 [ 111.653784] vmx_free_vcpu+0x26b/0x300 [ 111.663380] kobject: 'loop1' (00000000a87c1c02): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 111.663726] kvm_arch_destroy_vm+0x365/0x7c0 [ 111.663741] kvm_put_kvm+0x6c8/0xff0 [ 111.663756] kvm_vcpu_release+0x7b/0xa0 [ 111.663767] __fput+0x385/0xa30 [ 111.663785] ____fput+0x15/0x20 [ 111.669768] kobject: 'loop5' (000000008d946e3b): kobject_uevent_env [ 111.672597] task_work_run+0x1e8/0x2a0 [ 111.672614] exit_to_usermode_loop+0x318/0x380 [ 111.672628] do_syscall_64+0x6be/0x820 [ 111.672642] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 111.672646] [ 111.672657] The buggy address belongs to the object at ffff8801d2c488c0 [ 111.672657] which belongs to the cache kvm_vcpu(81:syz4) of size 23872 [ 111.672670] The buggy address is located 24 bytes inside of [ 111.672670] 23872-byte region [ffff8801d2c488c0, ffff8801d2c4e600) [ 111.672675] The buggy address belongs to the page: [ 111.672687] page:ffffea00074b1200 count:1 mapcount:0 mapping:ffff8801beb3e800 index:0x0 compound_mapcount: 0 [ 111.672705] flags: 0x2fffc0000008100(slab|head) [ 111.672724] raw: 02fffc0000008100 ffffea0006ddd208 ffffea000746b408 ffff8801beb3e800 [ 111.672740] raw: 0000000000000000 ffff8801d2c488c0 0000000100000001 ffff8801d15123c0 [ 111.672751] page dumped because: kasan: bad access detected [ 111.683684] kobject: 'kvm' (000000002944e90a): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 111.684230] page->mem_cgroup:ffff8801d15123c0 [ 111.684236] [ 111.684241] Memory state around the buggy address: [ 111.684253] ffff8801d2c48780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 111.684266] ffff8801d2c48800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 111.690189] kobject: 'loop5' (000000008d946e3b): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 111.693859] >ffff8801d2c48880: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 111.693867] ^ [ 111.693878] ffff8801d2c48900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 111.693889] ffff8801d2c48980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 111.693895] ================================================================== [ 111.693900] Disabling lock debugging due to kernel taint [ 111.694112] Kernel panic - not syncing: panic_on_warn set ... [ 111.694112] [ 111.706359] kobject: 'loop3' (0000000037724b45): kobject_uevent_env [ 111.711378] CPU: 1 PID: 11045 Comm: syz-executor4 Tainted: G B 4.19.0-rc4+ #248 [ 111.711387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.711391] Call Trace: [ 111.711411] dump_stack+0x1c4/0x2b4 [ 111.711430] ? dump_stack_print_info.cold.2+0x52/0x52 [ 111.724388] kobject: 'loop3' (0000000037724b45): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 111.726523] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 111.726542] panic+0x238/0x4e7 [ 111.726555] ? add_taint.cold.5+0x16/0x16 [ 111.726574] ? trace_hardirqs_on+0x9a/0x310 [ 111.734713] kobject: 'kvm' (000000002944e90a): kobject_uevent_env [ 111.737139] ? trace_hardirqs_on+0xb4/0x310 [ 111.737153] ? trace_hardirqs_on+0xb4/0x310 [ 111.737171] kasan_end_report+0x47/0x4f [ 111.737185] kasan_report.cold.9+0x76/0x309 [ 111.737208] ? finish_task_switch+0x5a5/0x900 [ 111.743537] kobject: 'kvm' (000000002944e90a): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 111.748094] __asan_report_load8_noabort+0x14/0x20 [ 111.748111] finish_task_switch+0x5a5/0x900 [ 111.748126] ? __switch_to_asm+0x34/0x70 [ 111.748142] ? preempt_notifier_register+0x200/0x200 [ 111.748159] ? __switch_to_asm+0x34/0x70 [ 111.758548] kobject: 'loop2' (00000000221b9c13): kobject_uevent_env [ 111.762612] ? __switch_to_asm+0x34/0x70 [ 111.762625] ? __switch_to_asm+0x40/0x70 [ 111.762638] ? __switch_to_asm+0x34/0x70 [ 111.762650] ? __switch_to_asm+0x40/0x70 [ 111.762661] ? __switch_to_asm+0x34/0x70 [ 111.762673] ? __switch_to_asm+0x40/0x70 [ 111.762684] ? __switch_to_asm+0x34/0x70 [ 111.762702] ? __switch_to_asm+0x34/0x70 [ 111.766984] kobject: 'loop2' (00000000221b9c13): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 111.770232] ? __switch_to_asm+0x40/0x70 [ 111.770245] ? __switch_to_asm+0x34/0x70 [ 111.770258] ? __switch_to_asm+0x40/0x70 [ 111.770270] ? __switch_to_asm+0x34/0x70 [ 111.770287] ? __switch_to_asm+0x40/0x70 [ 111.778122] kobject: 'kvm' (000000002944e90a): kobject_uevent_env [ 111.780565] __schedule+0x874/0x1ed0 [ 111.780586] ? __sched_text_start+0x8/0x8 [ 111.780600] ? check_preemption_disabled+0x48/0x200 [ 111.780622] ? find_held_lock+0x36/0x1c0 [ 111.819622] kobject: 'kvm' (000000002944e90a): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 111.821238] ? try_to_wake_up+0x10a/0x12f0 [ 111.821256] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 111.821270] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 111.821285] ? lockdep_hardirqs_on+0x421/0x5c0 [ 111.821305] ? preempt_schedule+0x4d/0x60 [ 111.894095] kobject: 'kvm' (000000002944e90a): kobject_uevent_env [ 111.899981] preempt_schedule_common+0x1f/0xd0 [ 111.899999] preempt_schedule+0x4d/0x60 [ 111.900015] ___preempt_schedule+0x16/0x18 [ 111.900033] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 111.900046] try_to_wake_up+0x10a/0x12f0 [ 111.900064] ? __mutex_lock+0x85e/0x1700 [ 111.926055] kobject: 'loop0' (00000000b25cf1be): kobject_uevent_env [ 111.930007] ? migrate_swap_stop+0x930/0x930 [ 111.930023] ? find_held_lock+0x36/0x1c0 [ 111.930044] ? futex_wake+0x613/0x760 [ 111.930062] ? lock_downgrade+0x900/0x900 [ 111.936219] kobject: 'kvm' (000000002944e90a): kobject_uevent_env [ 111.938267] ? kasan_check_read+0x11/0x20 [ 111.938283] ? do_raw_spin_unlock+0xa7/0x2f0 [ 111.938302] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 111.956246] kobject: 'kvm' (000000002944e90a): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 111.956862] ? __unqueue_futex+0x2e0/0x2e0 [ 111.956886] wake_up_q+0xa4/0x100 [ 111.961561] kobject: 'loop0' (00000000b25cf1be): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 111.964233] futex_wake+0x61f/0x760 [ 111.964253] ? get_futex_key+0x21b0/0x21b0 [ 111.964272] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 111.964286] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 111.964303] ? rcu_pm_notify+0xc0/0xc0 [ 111.973946] kobject: 'kvm' (000000002944e90a): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 111.975015] do_futex+0x2e4/0x26d0 [ 111.975035] ? kvm_vcpu_ioctl+0x2a1/0x1150 [ 111.975055] ? exit_robust_list+0x280/0x280 [ 111.986668] kobject: 'kvm' (000000002944e90a): kobject_uevent_env [ 111.989901] ? find_held_lock+0x36/0x1c0 [ 111.989929] ? __fget+0x4aa/0x740 [ 111.989943] ? lock_downgrade+0x900/0x900 [ 111.989965] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 112.001109] kobject: 'loop3' (0000000037724b45): kobject_uevent_env [ 112.007259] ? kasan_check_read+0x11/0x20 [ 112.007278] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 112.007291] ? rcu_bh_qs+0xc0/0xc0 [ 112.007310] ? __fget+0x4d1/0x740 [ 112.007328] ? ksys_dup3+0x680/0x680 [ 112.024998] kobject: 'loop3' (0000000037724b45): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 112.025981] ? kvm_vcpu_block+0x1030/0x1030 [ 112.026002] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 112.033064] kobject: 'kvm' (000000002944e90a): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 112.036295] ? do_vfs_ioctl+0x201/0x1720 [ 112.036314] ? ioctl_preallocate+0x300/0x300 [ 112.036332] ? __fget_light+0x2e9/0x430 [ 112.689523] ? fget_raw+0x20/0x20 [ 112.692980] ? graph_lock+0x170/0x170 [ 112.696804] __x64_sys_futex+0x472/0x6a0 [ 112.700886] ? do_futex+0x26d0/0x26d0 [ 112.704699] ? trace_hardirqs_on+0xbd/0x310 [ 112.709020] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 112.714563] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 112.719933] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 112.725396] ? ksys_ioctl+0x81/0xd0 [ 112.729033] do_syscall_64+0x1b9/0x820 [ 112.732926] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 112.738293] ? syscall_return_slowpath+0x5e0/0x5e0 [ 112.743224] ? trace_hardirqs_on_caller+0x310/0x310 [ 112.748245] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 112.753262] ? recalc_sigpending_tsk+0x180/0x180 [ 112.758023] ? kasan_check_write+0x14/0x20 [ 112.762266] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 112.767118] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 112.772304] RIP: 0033:0x457679 [ 112.775500] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 112.794404] RSP: 002b:00007f0ff74accf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 112.802146] RAX: ffffffffffffffda RBX: 000000000072bfa8 RCX: 0000000000457679 [ 112.809422] RDX: 0000000000000016 RSI: 0000000000000081 RDI: 000000000072bfac [ 112.816703] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 112.823996] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000072bfac [ 112.831274] R13: 00007fffdbbe9ddf R14: 00007f0ff74ad9c0 R15: 0000000000000001 [ 112.839471] Kernel Offset: disabled [ 112.843136] Rebooting in 86400 seconds..