[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 15.668823] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 16.731849] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.958215] random: sshd: uninitialized urandom read (32 bytes read) [ 17.633766] random: sshd: uninitialized urandom read (32 bytes read) [ 17.785754] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.61' (ECDSA) to the list of known hosts. [ 23.260582] random: sshd: uninitialized urandom read (32 bytes read) [ 23.346160] IPVS: ftp: loaded support on port[0] = 21 [ 23.437802] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.444224] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.451173] device bridge_slave_0 entered promiscuous mode [ 23.464399] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.470770] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.477711] device bridge_slave_1 entered promiscuous mode [ 23.490999] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 23.504538] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 23.536636] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 23.551298] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 23.596511] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 23.603566] team0: Port device team_slave_0 added [ 23.615276] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 23.622460] team0: Port device team_slave_1 added [ 23.634365] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready RTNETLINK answers: Operation not supported [ 23.648695] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 23.663650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.677730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported [ 23.759742] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.766129] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.772766] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.779111] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 24.074075] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 24.080191] 8021q: adding VLAN 0 to HW filter on device bond0 [ 24.112515] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 24.143878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.151441] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 24.179740] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 24.185863] 8021q: adding VLAN 0 to HW filter on device team0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 24.400236] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 27.171406] ================================================================== [ 27.178837] BUG: KASAN: stack-out-of-bounds in vma_interval_tree_insert+0x248/0x2a0 [ 27.186632] Read of size 8 at addr ffff8801bc118ee0 by task modprobe/6035 [ 27.190539] PANIC: double fault, error_code: 0x0 [ 27.193545] [ 27.198307] CPU: 0 PID: 6036 Comm: syz-executor672 Not tainted 4.18.0-rc3+ #48 [ 27.199910] CPU: 1 PID: 6035 Comm: modprobe Not tainted 4.18.0-rc3+ #48 [ 27.207289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.214015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.223359] RIP: 0010:__lock_acquire+0x2e/0x5020 [ 27.232674] Call Trace: [ 27.237405] Code: 41 [ 27.239977] dump_stack+0x1c9/0x2b4 [ 27.239979] 57 41 [ 27.242641] ? dump_stack_print_info.cold.2+0x52/0x52 [ 27.246247] 89 [ 27.248392] ? printk+0xa7/0xcf [ 27.253546] cf [ 27.255422] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 27.258680] 41 [ 27.260566] ? vma_interval_tree_insert+0x248/0x2a0 [ 27.265283] 56 41 [ 27.267164] print_address_description+0x6c/0x20b [ 27.272155] 55 [ 27.274303] ? vma_interval_tree_insert+0x248/0x2a0 [ 27.279107] 49 89 [ 27.281089] kasan_report.cold.7+0x242/0x2fe [ 27.286107] fd 41 [ 27.288250] __asan_report_load8_noabort+0x14/0x20 [ 27.292625] 54 [ 27.294768] vma_interval_tree_insert+0x248/0x2a0 [ 27.299673] 45 [ 27.301554] __vma_link_file+0xe4/0x1b0 [ 27.306370] 89 [ 27.308827] vma_link+0xcd/0x170 [ 27.312762] cc 53 [ 27.314642] mmap_region+0xe69/0x1890 [ 27.317975] 65 [ 27.320121] ? __x64_sys_brk+0x7a0/0x7a0 [ 27.323890] 4c [ 27.325767] ? arch_get_unmapped_area+0x770/0x770 [ 27.329791] 8b [ 27.331669] ? cap_mmap_addr+0x52/0x130 [ 27.336473] 34 [ 27.338350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.342284] 25 40 [ 27.344177] ? security_mmap_addr+0x80/0xa0 [ 27.349679] ee [ 27.351827] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 27.356112] 01 [ 27.357985] ? get_unmapped_area+0x292/0x3b0 [ 27.363483] 00 48 [ 27.365364] do_mmap+0xa06/0x1320 [ 27.369751] 83 [ 27.371884] ? mmap_region+0x1890/0x1890 [ 27.375572] e4 f0 [ 27.377457] ? vm_mmap_pgoff+0x1b5/0x2c0 [ 27.381473] 48 81 [ 27.383645] ? down_read_killable+0x200/0x200 [ 27.387667] ec [ 27.389804] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.394256] 60 03 [ 27.396134] ? security_mmap_file+0x166/0x1b0 [ 27.401636] 00 [ 27.403793] vm_mmap_pgoff+0x213/0x2c0 [ 27.408262] 00 48 [ 27.410158] ? vma_is_stack_for_current+0xd0/0xd0 [ 27.414002] 8b 45 [ 27.416143] ? __do_page_fault+0x449/0xe50 [ 27.420943] 10 <89> [ 27.423099] vm_mmap+0x90/0xc0 [ 27.427300] 94 [ 27.429607] elf_map+0x18e/0x2b0 [ 27.432777] 24 [ 27.434648] load_elf_binary+0x1ed6/0x5610 [ 27.437982] 80 [ 27.439860] ? notesize.isra.6+0x80/0x80 [ 27.444068] 00 [ 27.445945] ? lock_downgrade+0x8f0/0x8f0 [ 27.450135] 00 00 [ 27.452014] ? prepare_binprm+0x743/0xab0 [ 27.456125] 48 [ 27.458259] ? bm_register_write+0x15a0/0x15a0 [ 27.462372] ba [ 27.464249] ? kasan_check_write+0x14/0x20 [ 27.468804] 00 [ 27.470677] search_binary_handler+0x17d/0x570 [ 27.474876] 00 [ 27.476748] __do_execve_file.isra.36+0x171d/0x2730 [ 27.481288] 00 00 [ 27.483181] ? prepare_bprm_creds+0x120/0x120 [ 27.488160] 00 fc [ 27.490306] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 27.494768] ff df [ 27.496912] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 27.502062] 48 [ 27.504199] ? __check_object_size+0x9d/0x5f2 [ 27.509178] 89 [ 27.511053] ? usercopy_warn+0x120/0x120 [ 27.515515] 84 [ 27.517388] ? kasan_check_read+0x11/0x20 [ 27.521412] 24 98 [ 27.523292] ? do_raw_spin_unlock+0xa7/0x2f0 [ 27.529534] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 27.533913] RSP: 0018:ffff8801ba358de0 EFLAGS: 00010082 [ 27.538477] ? kasan_check_write+0x14/0x20 [ 27.538496] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 27.543831] RAX: 0000000000000000 RBX: 1ffff1003746b239 RCX: 0000000000000002 [ 27.543842] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff88f92620 [ 27.548059] ? strncpy_from_user+0x3be/0x510 [ 27.553565] RBP: ffff8801ba359170 R08: 0000000000000000 R09: 0000000000000000 [ 27.560817] ? mpi_free.cold.1+0x19/0x19 [ 27.568059] R10: ffff8801bc22f1b8 R11: ffff8801dae236b3 R12: 0000000000000000 [ 27.572451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.579683] R13: ffffffff88f92620 R14: ffff8801b45de3c0 R15: 0000000000000002 [ 27.579697] FS: 00007fbe6f107700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 27.583735] ? getname_flags+0x26e/0x5a0 [ 27.590985] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.596506] ? __ia32_sys_umask+0xb0/0xb0 [ 27.603759] CR2: ffff8801ba358dd8 CR3: 00000001be0f4000 CR4: 00000000001406f0 [ 27.611967] __x64_sys_execve+0x8f/0xc0 [ 27.615999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.621863] do_syscall_64+0x1b9/0x820 [ 27.625974] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.625981] Call Trace: [ 27.633249] ? syscall_slow_exit_work+0x500/0x500 [ 27.637203] Kernel panic - not syncing: Machine halted. [ 27.644458] ? syscall_return_slowpath+0x5e0/0x5e0 [ 27.673198] ? syscall_return_slowpath+0x31d/0x5e0 [ 27.678121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.683645] ? prepare_exit_to_usermode+0x291/0x3b0 [ 27.688650] ? perf_trace_sys_enter+0xb10/0xb10 [ 27.693308] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.698145] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.703333] RIP: 0033:0x7fca494c7207 [ 27.707025] Code: Bad RIP value. [ 27.710392] RSP: 002b:00007fff6e93d828 EFLAGS: 00000206 ORIG_RAX: 000000000000003b [ 27.718087] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fca494c7207 [ 27.725344] RDX: 0000000001062fe0 RSI: 00007fff6e93d920 RDI: 00007fff6e93e930 [ 27.732614] RBP: 0000000000625500 R08: 0000000000000ab6 R09: 0000000000000ab6 [ 27.739890] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001062fe0 [ 27.747146] R13: 00000000ffffffff R14: 0000000001052250 R15: 0000000000000005 [ 27.754580] [ 27.754592] CPU: 0 PID: 6036 Comm: syz-executor672 Not tainted 4.18.0-rc3+ #48 [ 27.754602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.756205] Allocated by task 4399: [ 27.763718] Call Trace: [ 27.773069] save_stack+0x43/0xd0 [ 27.776671] <#DF> [ 27.779236] kasan_kmalloc+0xc4/0xe0 [ 27.782670] dump_stack+0x1c9/0x2b4 [ 27.784791] kasan_slab_alloc+0x12/0x20 [ 27.788484] ? dump_stack_print_info.cold.2+0x52/0x52 [ 27.792082] kmem_cache_alloc+0x12e/0x760 [ 27.796045] panic+0x238/0x4e7 [ 27.801205] copy_process.part.40+0x4581/0x7220 [ 27.805329] ? add_taint.cold.5+0x16/0x16 [ 27.808579] _do_fork+0x291/0x12a0 [ 27.813228] ? get_cpu_entry_area+0xc/0x30 [ 27.817542] __x64_sys_clone+0xbf/0x150 [ 27.821067] df_debug+0x2d/0x2e [ 27.825277] do_syscall_64+0x1b9/0x820 [ 27.829230] do_double_fault+0x113/0x200 [ 27.832488] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.836346] double_fault+0x23/0x30 [ 27.840374] [ 27.845578] RIP: 0010:__lock_acquire+0x2e/0x5020 [ 27.849168] Freed by task 0: [ 27.850769] Code: [ 27.855499] (stack is not available) [ 27.858495] 41 [ 27.860629] [ 27.864315] 57 [ 27.866185] The buggy address belongs to the object at ffff8801bc118e70 [ 27.866185] which belongs to the cache vm_area_struct of size 200 [ 27.867783] 41 [ 27.869664] The buggy address is located 112 bytes inside of [ 27.869664] 200-byte region [ffff8801bc118e70, ffff8801bc118f38) [ 27.882577] 89 cf [ 27.884473] The buggy address belongs to the page: [ 27.896318] 41 [ 27.898450] page:ffffea0006f04600 count:1 mapcount:0 mapping:ffff8801da97b840 index:0x0 [ 27.903341] 56 41 [ 27.913346] 55 [ 27.915482] flags: 0x2fffc0000000100(slab) [ 27.915489] 49 [ 27.917364] raw: 02fffc0000000100 ffffea0006cdf848 ffffea0006bce948 ffff8801da97b840 [ 27.921757] 89 [ 27.923631] raw: 0000000000000000 ffff8801bc118000 000000010000000f 0000000000000000 [ 27.931656] fd [ 27.933528] page dumped because: kasan: bad access detected [ 27.941385] 41 [ 27.943249] [ 27.949190] 54 45 [ 27.951063] Memory state around the buggy address: [ 27.952667] 89 [ 27.954809] ffff8801bc118d80: 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.959708] cc [ 27.961575] ffff8801bc118e00: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 [ 27.968900] 53 65 [ 27.970774] >ffff8801bc118e80: f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 [ 27.978113] 4c [ 27.980238] ^ [ 27.987657] 8b [ 27.989538] ffff8801bc118f00: f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 [ 27.996002] 34 [ 27.997875] ffff8801bc118f80: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.005200] 25 40 [ 28.007072] ================================================================== [ 28.014404] ee [ 28.016757] kasan: CONFIG_KASAN_INLINE enabled [ 28.023871] 01 00 48 83 e4 f0 48 81 ec 60 03 00 [ 28.025791] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 28.030343] 00 48 8b 45 10 <89> [ 28.035208] general protection fault: 0000 [#1] SMP KASAN [ 28.042531] 94 [ 28.045890] CPU: 1 PID: 6035 Comm: modprobe Tainted: G B 4.18.0-rc3+ #48 [ 28.051401] 24 80 [ 28.053279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.061386] 00 00 [ 28.063541] RIP: 0010:__qdisc_calculate_pkt_len+0x5e/0x2e0 [ 28.072852] 00 [ 28.074992] Code: [ 28.080594] 48 ba [ 28.082465] 02 [ 28.084595] 00 00 [ 28.086730] 84 [ 28.088589] 00 00 [ 28.090714] c0 74 [ 28.092584] 00 [ 28.094707] 08 [ 28.096827] fc ff [ 28.098696] 3c [ 28.100559] df [ 28.102681] 03 [ 28.104541] 48 89 [ 28.106412] 0f [ 28.108282] 84 24 [ 28.110414] 8e [ 28.112273] 98 [ 28.114404] 53 [ 28.116266] RSP: 0018:ffff8801ba358de0 EFLAGS: 00010082 [ 28.118135] 02 [ 28.120004] RAX: 0000000000000000 RBX: 1ffff1003746b239 RCX: 0000000000000002 [ 28.125339] 00 [ 28.127204] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff88f92620 [ 28.127214] RBP: ffff8801ba359170 R08: 0000000000000000 R09: 0000000000000000 [ 28.134456] 00 49 [ 28.136342] R10: ffff8801bc22f1b8 R11: ffff8801dae236b3 R12: 0000000000000000 [ 28.143584] 8d [ 28.150849] R13: ffffffff88f92620 R14: ffff8801b45de3c0 R15: 0000000000000002 [ 28.152972] 7e [ 28.160257] WARNING: kernel stack regs at (____ptrval____) in syz-executor672:6036 has bad 'bp' value (____ptrval____) [ 28.160265] unwind stack type:0 next_sp:(____ptrval____) mask:0x20 graph_idx:0 [ 28.160276] (____ptrval____): fffffe0000008d78 (0xfffffe0000008d78) [ 28.160294] (____ptrval____): ffffffff812a9105 (show_trace_log_lvl+0x1f6/0x28c) [ 28.160310] (____ptrval____): ffffffff815ea86e (__lock_acquire+0x2e/0x5020) [ 28.160318] (____ptrval____): fffffe0000008fd8 (0xfffffe0000008fd8) [ 28.160324] (____ptrval____): 0000000000000020 (0x20) [ 28.160331] (____ptrval____): 0000000000000005 (0x5) [ 28.160338] (____ptrval____): fffffe0000007000 (0xfffffe0000007000) [ 28.160346] (____ptrval____): fffffe0000009000 (0xfffffe0000009000) [ 28.160361] (____ptrval____): ffff8801ba358de0 (0xffff8801ba358de0) [ 28.160365] (____ptrval____): 0000000000000000 ... [ 28.160373] (____ptrval____): fffffe0000007000 (0xfffffe0000007000) [ 28.160381] (____ptrval____): fffffe0000009000 (0xfffffe0000009000) [ 28.160388] (____ptrval____): ffff8801ba358de0 (0xffff8801ba358de0) [ 28.160395] (____ptrval____): 0000000000000020 (0x20) [ 28.160402] (____ptrval____): ffff8801b45de3c0 (0xffff8801b45de3c0) [ 28.160409] (____ptrval____): 0000010100000000 (0x10100000000) [ 28.160414] (____ptrval____): 0000000000000000 ... [ 28.160421] (____ptrval____): fffffe0000008ca8 (0xfffffe0000008ca8) [ 28.160434] (____ptrval____): ffffffff815ea86e (__lock_acquire+0x2e/0x5020) [ 28.160441] (____ptrval____): fffffe0000008f58 (0xfffffe0000008f58) [ 28.160449] (____ptrval____): 6a3a31945ed82c00 (0x6a3a31945ed82c00) [ 28.160455] (____ptrval____): 0000000000000093 (0x93) [ 28.160459] (____ptrval____): 0000000000000000 ... [ 28.160476] (____ptrval____): ffffffff88f1b060 (pv_cpu_ops+0x120/0x120) [ 28.160483] (____ptrval____): 00000000ffffffff (0xffffffff) [ 28.160490] (____ptrval____): fffffe0000008d88 (0xfffffe0000008d88) [ 28.160502] (____ptrval____): ffffffff812a91d3 (show_stack+0x38/0x3a) [ 28.160509] (____ptrval____): fffffe0000008e38 (0xfffffe0000008e38) [ 28.160526] (____ptrval____): ffffffff878e92a5 (dump_stack+0x1c9/0x2b4) [ 28.160534] (____ptrval____): fffffbfff11e360c (0xfffffbfff11e360c) [ 28.160541] (____ptrval____): dffffc0000000000 (0xdffffc0000000000) [ 28.160549] (____ptrval____): 1fffffc0000011b6 (0x1fffffc0000011b6) [ 28.160556] (____ptrval____): 0000000041b58ab3 (0x41b58ab3) [ 28.160571] (____ptrval____): ffffffff88bd6324 (regoff.33338+0x368dc4/0x37b900) [ 28.160584] (____ptrval____): ffffffff878e90dc (dump_stack_print_info.cold.2+0x52/0x52) [ 28.160592] (____ptrval____): fffffe0000008df8 (0xfffffe0000008df8) [ 28.160596] (____ptrval____): 0000000000000000 ... [ 28.160603] (____ptrval____): fffffe0000008e40 (0xfffffe0000008e40) [ 28.160611] (____ptrval____): ffff8801ba359000 (0xffff8801ba359000) [ 28.160619] (____ptrval____): fffffe0000008e18 (0xfffffe0000008e18) [ 28.160626] (____ptrval____): 6a3a31945ed82c00 (0x6a3a31945ed82c00) [ 28.160634] (____ptrval____): ffff8801ba359000 (0xffff8801ba359000) [ 28.160650] (____ptrval____): ffffffff89e73d60 (buf.37263+0x40/0x40) [ 28.160657] (____ptrval____): 6a3a31945ed82c00 (0x6a3a31945ed82c00) [ 28.160661] (____ptrval____): 0000000000000000 ... [ 28.160675] (____ptrval____): ffffffff87e742a0 (hpet_msi_domain_info+0xe40/0x1a80) [ 28.160679] (____ptrval____): 0000000000000000 ... [ 28.160687] (____ptrval____): fffffe0000008f00 (0xfffffe0000008f00) [ 28.160701] (____ptrval____): ffffffff81473ab9 (panic+0x238/0x4e7) [ 28.160708] (____ptrval____): 0000000041b58ab3 (0x41b58ab3) [ 28.160719] (____ptrval____): ffffffff88bec38c (K512_4+0x130c/0x120c74) [ 28.160731] (____ptrval____): ffffffff81473881 (add_taint.cold.5+0x16/0x16) [ 28.160735] (____ptrval____): 0000000000000000 ... [ 28.160742] (____ptrval____): 0000000000000008 (0x8) [ 28.160749] (____ptrval____): fffffe0000008f10 (0xfffffe0000008f10) [ 28.160757] (____ptrval____): fffffe0000008ea8 (0xfffffe0000008ea8) [ 28.160761] (____ptrval____): 0000000000000000 ... [ 28.160768] (____ptrval____): ffff8801b45de3c0 (0xffff8801b45de3c0) [ 28.160776] (____ptrval____): 0000010000000000 (0x10000000000) [ 28.160779] (____ptrval____): 0000000000000000 ... [ 28.160787] (____ptrval____): 6a3a31945ed82c00 (0x6a3a31945ed82c00) [ 28.160791] (____ptrval____): 0000000000000000 ... [ 28.160803] (____ptrval____): ffffffff8137bfcc (get_cpu_entry_area+0xc/0x30) [ 28.160811] (____ptrval____): fffffe0000002000 (0xfffffe0000002000) [ 28.160817] (____ptrval____): 0000000000000004 (0x4) [ 28.160824] (____ptrval____): 000000000001ede0 (0x1ede0) [ 28.160832] (____ptrval____): fffffe0000008e60 (0xfffffe0000008e60) [ 28.160839] (____ptrval____): fffffe0000008f58 (0xfffffe0000008f58) [ 28.160843] (____ptrval____): 0000000000000000 ... [ 28.160856] (____ptrval____): ffffffff87e4a540 (__func__.44285+0x40/0x40) [ 28.160864] (____ptrval____): ffff8801ba358de0 (0xffff8801ba358de0) [ 28.160868] (____ptrval____): 0000000000000000 ... [ 28.160875] (____ptrval____): fffffe0000008f18 (0xfffffe0000008f18) [ 28.160886] (____ptrval____): ffffffff813470df (df_debug+0x2d/0x2e) [ 28.160893] (____ptrval____): fffffe0000008f58 (0xfffffe0000008f58) [ 28.160901] (____ptrval____): fffffe0000008f48 (0xfffffe0000008f48) [ 28.160912] (____ptrval____): ffffffff8129c1f3 (do_double_fault+0x113/0x200) [ 28.160918] (____ptrval____): 0000000000000001 (0x1) [ 28.160922] (____ptrval____): 0000000000000000 ... [ 28.160930] (____ptrval____): fffffe0000008f59 (0xfffffe0000008f59) [ 28.160941] (____ptrval____): ffffffff87a00bd3 (double_fault+0x23/0x30) [ 28.160948] (____ptrval____): 0000000000000002 (0x2) [ 28.160955] (____ptrval____): ffff8801b45de3c0 (0xffff8801b45de3c0) [ 28.160970] (____ptrval____): ffffffff88f92620 (rcu_bh_lock_map+0x40/0x40) [ 28.160973] (____ptrval____): 0000000000000000 ... [ 28.160981] (____ptrval____): ffff8801ba359170 (0xffff8801ba359170) [ 28.160989] (____ptrval____): 1ffff1003746b239 (0x1ffff1003746b239) [ 28.160996] (____ptrval____): ffff8801dae236b3 (0xffff8801dae236b3) [ 28.161004] (____ptrval____): ffff8801bc22f1b8 (0xffff8801bc22f1b8) [ 28.161008] (____ptrval____): 0000000000000000 ... [ 28.161014] (____ptrval____): 0000000000000002 (0x2) [ 28.161018] (____ptrval____): 0000000000000000 ... [ 28.161030] (____ptrval____): ffffffff88f92620 (rcu_bh_lock_map+0x40/0x40) [ 28.161038] (____ptrval____): ffffffffffffffff (0xffffffffffffffff) [ 28.161050] (____ptrval____): ffffffff815ea86e (__lock_acquire+0x2e/0x5020) [ 28.161057] (____ptrval____): 0000000000000010 (0x10) [ 28.161063] (____ptrval____): 0000000000010082 (0x10082) [ 28.161071] (____ptrval____): ffff8801ba358de0 (0xffff8801ba358de0) [ 28.161078] (____ptrval____): 0000000000000018 (0x18) [ 28.161082] [ 28.162123] 24 41 8b 9c 24 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 0c 02 48 89 fa 83 e2 07 83 c2 03 38 ca 7c 08 84 c9 0f 85 13 [ 28.809971] RSP: 0018:ffff8801daf06b88 EFLAGS: 00010202 [ 28.815315] RAX: dffffc0000000000 RBX: 0000000000000048 RCX: ffffffff85f894cb [ 28.822577] RDX: 091ffd645a9d2004 RSI: ffffffff860d2708 RDI: 48ffeb22d4e90023 [ 28.829837] RBP: ffff8801daf06bb0 R08: ffff8801b45dc380 R09: 0000000000000000 [ 28.837087] R10: ffff8801daf070f0 R11: 0000000000000000 R12: ffff8801cd3d2300 [ 28.844339] R13: ffffffff8190e8d5 R14: 48ffeb22d4e8ffff R15: 0000000000000000 [ 28.851594] FS: 00007fca49de37a0(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 28.859803] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.865675] CR2: 00007fca494c71dd CR3: 00000001cae0e000 CR4: 00000000001406e0 [ 28.872929] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.880183] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.887446] Call Trace: [ 28.890009] [ 28.892155] ? bpf_tcp_close+0xd25/0x1050 [ 28.896288] __dev_queue_xmit+0x1270/0x3790 [ 28.900596] ? __update_load_avg_blocked_se.isra.34+0x460/0x460 [ 28.906637] ? netdev_pick_tx+0x2d0/0x2d0 [ 28.910764] ? attach_entity_load_avg+0x860/0x860 [ 28.915598] ? trace_hardirqs_on+0x10/0x10 [ 28.919816] ? trace_hardirqs_on+0x10/0x10 [ 28.924037] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.929562] ? ipv6_skip_exthdr+0x416/0x760 [ 28.933869] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.939387] ? icmpv6_error+0x43a/0x9e1 [ 28.943345] ? icmpv6_pkt_to_tuple+0x330/0x330 [ 28.947909] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 28.952922] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 28.957663] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 28.963180] ? ipv6_get_l4proto+0xce/0x260 [ 28.967411] ? ipv6_tuple_to_nlattr+0x80/0x80 [ 28.971891] ? trace_hardirqs_on+0x10/0x10 [ 28.976117] ? ip6t_do_table+0xd80/0x1d00 [ 28.980248] ? trace_hardirqs_on+0xd/0x10 [ 28.984380] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.989901] ? bpf_tcp_close+0xd25/0x1050 [ 28.994034] ? ip_vs_in_icmp+0x2950/0x2950 [ 28.998339] ? nf_conntrack_in+0xc97/0x1640 [ 29.002648] ? ip_vs_out_icmp_v6.isra.27+0x6c0/0x6c0 [ 29.007738] ? lock_acquire+0x1e4/0x540 [ 29.011697] ? ip6_finish_output2+0x25b/0x2820 [ 29.016266] ? lock_release+0xa30/0xa30 [ 29.020226] ? nf_ct_frag6_expire+0x60/0x60 [ 29.024531] dev_queue_xmit+0x17/0x20 [ 29.028313] ? dev_queue_xmit+0x17/0x20 [ 29.032271] neigh_direct_output+0x15/0x20 [ 29.036491] ip6_finish_output2+0xc95/0x2820 [ 29.040883] ? ip6_flush_pending_frames+0xc0/0xc0 [ 29.045721] ? lock_acquire+0x1e4/0x540 [ 29.049676] ? ip6_mtu+0x39e/0x520 [ 29.053201] ? lock_downgrade+0x8f0/0x8f0 [ 29.057345] ? lock_release+0xa30/0xa30 [ 29.061304] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 29.066823] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 29.072343] ? ipv6_confirm+0x46e/0x650 [ 29.076299] ? ipv6_helper+0x3ab/0x540 [ 29.080170] ? ip6table_nat_table_init+0x70/0x70 [ 29.084911] ? ip6_mtu+0x160/0x520 [ 29.088433] ? ip6_dst_ifdown+0x4e0/0x4e0 [ 29.092577] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 29.098099] ip6_finish_output+0x5fe/0xbc0 [ 29.102329] ? ip6_finish_output+0x5fe/0xbc0 [ 29.106723] ip6_output+0x234/0x9d0 [ 29.110335] ? ip6_finish_output+0xbc0/0xbc0 [ 29.114746] ? ip6_fragment+0x3930/0x3930 [ 29.118882] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.124416] ndisc_send_skb+0x100d/0x1570 [ 29.128550] ? ndisc_constructor+0xc40/0xc40 [ 29.132964] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.138501] ? refcount_sub_and_test+0x21a/0x350 [ 29.143255] ? refcount_inc_not_zero+0x2f0/0x2f0 [ 29.148001] ndisc_send_rs+0x134/0x6e0 [ 29.151872] addrconf_rs_timer+0x314/0x690 [ 29.156092] ? tcp_retransmit_timer+0x3090/0x3090 [ 29.161013] ? ipv6_get_lladdr+0x5e0/0x5e0 [ 29.165234] call_timer_fn+0x242/0x970 [ 29.169106] ? ipv6_get_lladdr+0x5e0/0x5e0 [ 29.173327] ? process_timeout+0x40/0x40 [ 29.177385] ? kasan_check_read+0x11/0x20 [ 29.181530] ? do_raw_spin_unlock+0xa7/0x2f0 [ 29.185947] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 29.190525] ? kasan_check_write+0x14/0x20 [ 29.194742] ? __run_timers+0x79b/0xc70 [ 29.198705] ? lock_downgrade+0x8f0/0x8f0 [ 29.202839] ? trace_hardirqs_off+0xd/0x10 [ 29.207060] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 29.212144] ? ipv6_get_lladdr+0x5e0/0x5e0 [ 29.216365] ? kasan_check_read+0x11/0x20 [ 29.220507] ? do_raw_spin_unlock+0xa7/0x2f0 [ 29.224903] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 29.229472] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.234993] ? ipv6_get_lladdr+0x5e0/0x5e0 [ 29.239225] __run_timers+0x7a6/0xc70 [ 29.241836] Shutting down cpus with NMI