[....] Starting OpenBSD Secure Shell server: sshd[ 25.205678] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.127642] random: sshd: uninitialized urandom read (32 bytes read) [ 29.677466] sshd (5311) used greatest stack depth: 16696 bytes left [ 29.702052] random: sshd: uninitialized urandom read (32 bytes read) [ 30.314979] random: sshd: uninitialized urandom read (32 bytes read) [ 42.667635] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts. [ 48.396408] random: sshd: uninitialized urandom read (32 bytes read) [ 48.538482] IPVS: ftp: loaded support on port[0] = 21 [ 48.539065] IPVS: ftp: loaded support on port[0] = 21 [ 48.548218] IPVS: ftp: loaded support on port[0] = 21 [ 48.554937] IPVS: ftp: loaded support on port[0] = 21 [ 48.564206] IPVS: ftp: loaded support on port[0] = 21 [ 48.566776] IPVS: ftp: loaded support on port[0] = 21 [ 49.073965] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.080548] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.092145] device bridge_slave_0 entered promiscuous mode [ 49.117533] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.129018] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.139787] device bridge_slave_1 entered promiscuous mode [ 49.158973] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.169467] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.180280] device bridge_slave_0 entered promiscuous mode [ 49.188342] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.195214] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.202524] device bridge_slave_0 entered promiscuous mode [ 49.210240] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.217560] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.228854] device bridge_slave_0 entered promiscuous mode [ 49.236822] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.250168] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.258380] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.265804] device bridge_slave_1 entered promiscuous mode [ 49.273352] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 49.280547] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.293113] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.300593] device bridge_slave_1 entered promiscuous mode [ 49.307245] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.314662] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.321576] device bridge_slave_0 entered promiscuous mode [ 49.329816] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.336322] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.343629] device bridge_slave_1 entered promiscuous mode [ 49.356197] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.364128] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.370588] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.378869] device bridge_slave_0 entered promiscuous mode [ 49.387131] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.394968] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.401854] device bridge_slave_1 entered promiscuous mode [ 49.408641] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.423432] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 49.430722] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.450027] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.462282] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.469639] device bridge_slave_1 entered promiscuous mode [ 49.486085] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.496435] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 49.506238] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 49.519786] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.531735] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.562578] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.576412] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 49.593386] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 49.615370] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.670069] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.679508] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.710292] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.727860] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.744076] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.776710] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.810484] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.827295] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.840939] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.853859] team0: Port device team_slave_0 added [ 49.868666] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.882605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 49.890930] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.898255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 49.910350] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.918733] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 49.927719] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.939258] team0: Port device team_slave_1 added [ 49.947120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 49.965201] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.982142] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 49.993494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.001179] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.015827] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.041285] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.056959] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.065866] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.076755] team0: Port device team_slave_0 added [ 50.083854] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 50.091860] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.108251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.118330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.130457] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.138465] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.145733] team0: Port device team_slave_0 added [ 50.152686] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.164119] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.171191] team0: Port device team_slave_1 added [ 50.177386] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.187191] team0: Port device team_slave_0 added [ 50.195414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.206739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.225605] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.233999] team0: Port device team_slave_0 added [ 50.240418] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.251433] team0: Port device team_slave_1 added [ 50.258193] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.266787] team0: Port device team_slave_1 added [ 50.272141] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.282959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.291191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.303215] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.310309] team0: Port device team_slave_1 added [ 50.325656] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.348651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.362827] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.370307] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.378079] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.392589] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.400084] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.420516] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.438693] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.450784] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.458424] team0: Port device team_slave_0 added [ 50.465268] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.474994] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.482927] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.497456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.515197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.530891] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.540398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.548327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.556332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.564385] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.577926] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.586727] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.596707] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.605224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.615692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.628025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.635896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.643999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.651668] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.662075] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.669558] team0: Port device team_slave_1 added [ 50.685961] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.708390] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.723109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.731087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.748019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.756036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported [ 50.794196] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.853467] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.930263] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.947655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.959389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.998051] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.010206] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.021530] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported [ 51.142570] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.149118] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.156117] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.162540] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.177740] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 51.394453] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.400888] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.407605] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.414011] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.431969] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.441939] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.448347] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.455092] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.461470] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.474781] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.483371] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.489737] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.496449] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.502868] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.511291] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: No buffer space available RTNETLINK answers: No buffer space available [ 51.588565] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.595015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.601601] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.608016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.626271] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported [ 51.925496] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.931893] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.938679] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.945085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.954771] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.964480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported [ 51.975613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.991384] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.000190] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.007586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.015204] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 54.104693] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.117667] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.222552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.287317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.341665] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.358302] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.385497] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.479682] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.515281] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.583968] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.619973] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.635298] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.641484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.652955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.659971] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.673030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.750759] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.761322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.776641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.815281] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.860152] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.869559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.884420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.897770] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.910403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.922889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.934217] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.945128] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.018467] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.130478] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.144100] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.160460] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.381478] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.388565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.400478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.700444] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 56.390046] FAULT_INJECTION: forcing a failure. [ 56.390046] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 56.426518] CPU: 0 PID: 6709 Comm: syz-executor180 Not tainted 4.19.0-rc4+ #223 [ 56.434014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.443374] Call Trace: [ 56.445977] dump_stack+0x1c4/0x2b4 [ 56.449617] ? dump_stack_print_info.cold.2+0x52/0x52 [ 56.454824] ? follow_page_mask+0x1fb0/0x1fb0 [ 56.459352] ? lock_acquire+0x1ed/0x520 [ 56.463338] ? get_user_pages_unlocked+0xfd/0x5d0 [ 56.468206] should_fail.cold.4+0xa/0x17 [ 56.472284] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 56.477401] ? get_user_pages_unlocked+0x457/0x5d0 [ 56.482335] ? lock_downgrade+0x900/0x900 [ 56.486497] ? get_user_pages_unlocked+0xfd/0x5d0 [ 56.491347] ? __down_interruptible+0x700/0x700 [ 56.496049] ? up_read+0x1a/0x110 [ 56.499521] ? get_user_pages_unlocked+0x3b1/0x5d0 [ 56.504459] ? get_user_pages_longterm+0x650/0x650 [ 56.509393] ? find_held_lock+0x36/0x1c0 [ 56.513473] __alloc_pages_nodemask+0x34b/0xde0 [ 56.518147] ? __get_user_pages_fast+0x3f0/0x3f0 [ 56.522909] ? __alloc_pages_slowpath+0x2d80/0x2d80 [ 56.527927] ? do_raw_spin_unlock+0xa7/0x2f0 [ 56.532345] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.537891] ? do_raw_spin_lock+0xc1/0x200 [ 56.542134] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 56.547688] ? tcp_leave_memory_pressure+0x2a/0x110 [ 56.552707] ? tcp_enter_memory_pressure+0x120/0x120 [ 56.557815] ? __sk_mem_raise_allocated+0x721/0x1800 [ 56.562936] ? sk_busy_loop_end+0x1c0/0x1c0 [ 56.567264] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 56.572809] alloc_pages_current+0x10c/0x210 [ 56.577236] skb_page_frag_refill+0x45f/0x6a0 [ 56.581732] ? sock_kfree_s+0x60/0x60 [ 56.585536] ? sock_kfree_s+0x60/0x60 [ 56.589352] ? zerocopy_from_iter+0x4dd/0x770 [ 56.593875] sk_page_frag_refill+0x55/0x1f0 [ 56.598204] sk_alloc_sg+0x1e9/0xa00 [ 56.602380] ? sk_page_frag_refill+0x1f0/0x1f0 [ 56.606966] ? tls_sw_push_pending_record+0x30/0x30 [ 56.612001] tls_sw_sendmsg+0x714/0x1310 [ 56.616090] ? decrypt_skb_update+0xa30/0xa30 [ 56.620587] ? aa_sk_perm+0x218/0x8b0 [ 56.624395] ? aa_af_perm+0x5a0/0x5a0 [ 56.628200] ? usercopy_warn+0x110/0x110 [ 56.632292] inet_sendmsg+0x1a1/0x690 [ 56.636101] ? ipip_gro_receive+0x100/0x100 [ 56.640425] ? apparmor_socket_sendmsg+0x29/0x30 [ 56.645184] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.650722] ? security_socket_sendmsg+0x94/0xc0 [ 56.655482] ? ipip_gro_receive+0x100/0x100 [ 56.659807] sock_sendmsg+0xd5/0x120 [ 56.663534] __sys_sendto+0x3d7/0x670 [ 56.667346] ? __ia32_sys_getpeername+0xb0/0xb0 [ 56.672025] ? lock_downgrade+0x900/0x900 [ 56.676211] ? __lock_is_held+0xb5/0x140 [ 56.680284] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.685831] ? __sb_end_write+0xd9/0x110 [ 56.689916] ? do_syscall_64+0x9a/0x820 [ 56.693896] ? do_syscall_64+0x9a/0x820 [ 56.697883] ? lockdep_hardirqs_on+0x421/0x5c0 [ 56.702468] ? trace_hardirqs_on+0xbd/0x310 [ 56.706791] ? __ia32_sys_read+0xb0/0xb0 [ 56.710868] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.716236] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 56.721696] __x64_sys_sendto+0xe1/0x1a0 [ 56.725769] do_syscall_64+0x1b9/0x820 [ 56.729662] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 56.735330] ? syscall_return_slowpath+0x5e0/0x5e0 [ 56.740262] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.745109] ? trace_hardirqs_on_caller+0x310/0x310 [ 56.750131] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 56.755155] ? prepare_exit_to_usermode+0x291/0x3b0 [ 56.760192] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.765055] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.770243] RIP: 0033:0x441fc9 executing program [ 56.773441] Code: e8 4c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 4b 04 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.792354] RSP: 002b:00007ffffdcd6938 EFLAGS: 00000216 ORIG_RAX: 000000000000002c [ 56.800083] RAX: ffffffffffffffda RBX: 00007ffffdcd6960 RCX: 0000000000441fc9 [ 56.807368] RDX: 00000000fffffdef RSI: 00000000200005c0 RDI: 0000000000000003 [ 56.814638] RBP: 0000000000000005 R08: 0000000020000000 R09: 000000000000001c [ 56.821910] R10: 0000000000000040 R11: 0000000000000216 R12: 0000000000000000 [ 56.829188] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 executing program executing program executing program [ 56.928922] FAULT_INJECTION: forcing a failure. [ 56.928922] name failslab, interval 1, probability 0, space 0, times 1 [ 56.941803] FAULT_INJECTION: forcing a failure. [ 56.941803] name failslab, interval 1, probability 0, space 0, times 1 [ 56.957231] FAULT_INJECTION: forcing a failure. [ 56.957231] name failslab, interval 1, probability 0, space 0, times 1 [ 56.970265] CPU: 0 PID: 6752 Comm: syz-executor180 Not tainted 4.19.0-rc4+ #223 [ 56.977733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.987085] Call Trace: [ 56.989686] dump_stack+0x1c4/0x2b4 [ 56.993321] ? dump_stack_print_info.cold.2+0x52/0x52 [ 56.998530] should_fail.cold.4+0xa/0x17 [ 57.002599] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 57.007721] ? mm_fault_error+0x380/0x380 [ 57.011886] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 57.017431] ? graph_lock+0x170/0x170 [ 57.021235] ? graph_lock+0x170/0x170 [ 57.025041] ? graph_lock+0x170/0x170 [ 57.028851] ? graph_lock+0x170/0x170 [ 57.032672] ? lockdep_hardirqs_on+0x421/0x5c0 [ 57.037259] ? retint_kernel+0x2d/0x2d [ 57.041154] ? find_held_lock+0x36/0x1c0 [ 57.045222] ? __lock_is_held+0xb5/0x140 [ 57.049297] ? ___might_sleep+0x1ed/0x300 [ 57.053454] ? arch_local_save_flags+0x40/0x40 [ 57.058040] ? arch_local_save_flags+0x40/0x40 [ 57.062638] __should_failslab+0x124/0x180 [ 57.066887] should_failslab+0x9/0x14 [ 57.070691] __kmalloc+0x2d4/0x760 [ 57.074237] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 57.079272] ? _copy_from_iter+0x39d/0x1090 [ 57.083596] ? tls_push_record+0x107/0x1480 [ 57.087922] ? usercopy_warn+0x110/0x110 [ 57.091991] tls_push_record+0x107/0x1480 [ 57.096151] ? _copy_from_iter_nocache+0x1050/0x1050 [ 57.101270] tls_sw_sendmsg+0xe48/0x1310 [ 57.105361] ? decrypt_skb_update+0xa30/0xa30 [ 57.109867] ? aa_sk_perm+0x218/0x8b0 [ 57.113677] ? aa_af_perm+0x5a0/0x5a0 [ 57.117480] ? usercopy_warn+0x110/0x110 [ 57.121551] inet_sendmsg+0x1a1/0x690 [ 57.125358] ? ipip_gro_receive+0x100/0x100 [ 57.129687] ? apparmor_socket_sendmsg+0x29/0x30 [ 57.134448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.139987] ? security_socket_sendmsg+0x94/0xc0 [ 57.144747] ? ipip_gro_receive+0x100/0x100 [ 57.149082] sock_sendmsg+0xd5/0x120 [ 57.152804] __sys_sendto+0x3d7/0x670 [ 57.156613] ? __ia32_sys_getpeername+0xb0/0xb0 [ 57.161290] ? lock_downgrade+0x900/0x900 [ 57.165451] ? __lock_is_held+0xb5/0x140 [ 57.169522] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.175073] ? __sb_end_write+0xd9/0x110 [ 57.179146] ? do_syscall_64+0x9a/0x820 [ 57.183126] ? do_syscall_64+0x9a/0x820 [ 57.187107] ? lockdep_hardirqs_on+0x421/0x5c0 [ 57.191691] ? trace_hardirqs_on+0xbd/0x310 [ 57.196021] ? __ia32_sys_read+0xb0/0xb0 [ 57.200092] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.205464] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 57.210922] __x64_sys_sendto+0xe1/0x1a0 [ 57.214996] do_syscall_64+0x1b9/0x820 [ 57.218895] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 57.224267] ? syscall_return_slowpath+0x5e0/0x5e0 [ 57.229201] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.234054] ? trace_hardirqs_on_caller+0x310/0x310 [ 57.239076] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 57.244097] ? prepare_exit_to_usermode+0x291/0x3b0 [ 57.249122] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.253978] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.259170] RIP: 0033:0x441fc9 [ 57.262369] Code: e8 4c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 4b 04 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.281283] RSP: 002b:00007ffffdcd6938 EFLAGS: 00000216 ORIG_RAX: 000000000000002c [ 57.289014] RAX: ffffffffffffffda RBX: 00007ffffdcd6960 RCX: 0000000000441fc9 [ 57.296292] RDX: 00000000fffffdef RSI: 00000000200005c0 RDI: 0000000000000003 [ 57.303567] RBP: 0000000000000005 R08: 0000000020000000 R09: 000000000000001c [ 57.310852] R10: 0000000000000040 R11: 0000000000000216 R12: 0000000000000000 [ 57.318135] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 57.332551] CPU: 0 PID: 6742 Comm: syz-executor180 Not tainted 4.19.0-rc4+ #223 [ 57.340041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.349403] Call Trace: [ 57.352004] dump_stack+0x1c4/0x2b4 [ 57.355652] ? dump_stack_print_info.cold.2+0x52/0x52 [ 57.360890] should_fail.cold.4+0xa/0x17 [ 57.364979] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 57.370100] ? mm_fault_error+0x380/0x380 [ 57.374279] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 57.379850] ? graph_lock+0x170/0x170 [ 57.383680] ? graph_lock+0x170/0x170 [ 57.387497] ? graph_lock+0x170/0x170 [ 57.391309] ? graph_lock+0x170/0x170 [ 57.395134] ? lockdep_hardirqs_on+0x421/0x5c0 [ 57.399737] ? retint_kernel+0x2d/0x2d [ 57.403637] ? find_held_lock+0x36/0x1c0 [ 57.407720] ? __lock_is_held+0xb5/0x140 [ 57.411811] ? ___might_sleep+0x1ed/0x300 [ 57.415987] ? arch_local_save_flags+0x40/0x40 [ 57.420580] ? arch_local_save_flags+0x40/0x40 [ 57.425186] __should_failslab+0x124/0x180 [ 57.429436] should_failslab+0x9/0x14 [ 57.433250] __kmalloc+0x2d4/0x760 [ 57.436809] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 57.441861] ? _copy_from_iter+0x39d/0x1090 [ 57.446207] ? tls_push_record+0x107/0x1480 [ 57.450536] ? usercopy_warn+0x110/0x110 [ 57.454615] tls_push_record+0x107/0x1480 [ 57.458774] ? _copy_from_iter_nocache+0x1050/0x1050 [ 57.463913] tls_sw_sendmsg+0xe48/0x1310 [ 57.468010] ? decrypt_skb_update+0xa30/0xa30 [ 57.472509] ? aa_sk_perm+0x218/0x8b0 [ 57.476319] ? aa_af_perm+0x5a0/0x5a0 [ 57.480125] ? usercopy_warn+0x110/0x110 [ 57.484197] inet_sendmsg+0x1a1/0x690 [ 57.488011] ? ipip_gro_receive+0x100/0x100 [ 57.492344] ? apparmor_socket_sendmsg+0x29/0x30 [ 57.497109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.502649] ? security_socket_sendmsg+0x94/0xc0 [ 57.507408] ? ipip_gro_receive+0x100/0x100 [ 57.511741] sock_sendmsg+0xd5/0x120 [ 57.515463] __sys_sendto+0x3d7/0x670 [ 57.519275] ? __ia32_sys_getpeername+0xb0/0xb0 [ 57.523958] ? lock_downgrade+0x900/0x900 [ 57.528121] ? __lock_is_held+0xb5/0x140 [ 57.532195] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.537748] ? __sb_end_write+0xd9/0x110 [ 57.541825] ? do_syscall_64+0x9a/0x820 [ 57.545816] ? do_syscall_64+0x9a/0x820 [ 57.549802] ? lockdep_hardirqs_on+0x421/0x5c0 [ 57.554390] ? trace_hardirqs_on+0xbd/0x310 [ 57.558717] ? __ia32_sys_read+0xb0/0xb0 [ 57.562784] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.568153] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 57.573614] __x64_sys_sendto+0xe1/0x1a0 [ 57.577690] do_syscall_64+0x1b9/0x820 [ 57.581586] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 57.586958] ? syscall_return_slowpath+0x5e0/0x5e0 [ 57.591895] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.596749] ? trace_hardirqs_on_caller+0x310/0x310 [ 57.602264] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 57.607309] ? prepare_exit_to_usermode+0x291/0x3b0 [ 57.612338] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.617199] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.622391] RIP: 0033:0x441fc9 [ 57.625589] Code: e8 4c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 4b 04 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.644495] RSP: 002b:00007ffffdcd6938 EFLAGS: 00000216 ORIG_RAX: 000000000000002c [ 57.652210] RAX: ffffffffffffffda RBX: 00007ffffdcd6960 RCX: 0000000000441fc9 [ 57.659485] RDX: 00000000fffffdef RSI: 00000000200005c0 RDI: 0000000000000003 [ 57.666755] RBP: 0000000000000005 R08: 0000000020000000 R09: 000000000000001c [ 57.674030] R10: 0000000000000040 R11: 0000000000000216 R12: 0000000000000000 [ 57.681299] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 57.688716] CPU: 1 PID: 6737 Comm: syz-executor180 Not tainted 4.19.0-rc4+ #223 [ 57.696187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.705543] Call Trace: [ 57.708142] dump_stack+0x1c4/0x2b4 [ 57.708701] ================================================================== [ 57.711781] ? dump_stack_print_info.cold.2+0x52/0x52 [ 57.711817] should_fail.cold.4+0xa/0x17 [ 57.719263] BUG: KASAN: use-after-free in tls_push_record+0x10b9/0x1480 [ 57.724436] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 57.728485] Write of size 1 at addr ffff8801b7278000 by task syz-executor180/6742 [ 57.735707] ? mm_fault_error+0x380/0x380 [ 57.740790] [ 57.748413] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 57.759682] ? graph_lock+0x170/0x170 [ 57.763487] ? graph_lock+0x170/0x170 [ 57.767290] ? graph_lock+0x170/0x170 [ 57.771094] ? graph_lock+0x170/0x170 [ 57.774902] ? lockdep_hardirqs_on+0x421/0x5c0 [ 57.779493] ? retint_kernel+0x2d/0x2d [ 57.783392] ? find_held_lock+0x36/0x1c0 [ 57.787462] ? __lock_is_held+0xb5/0x140 [ 57.791543] ? ___might_sleep+0x1ed/0x300 [ 57.795701] ? arch_local_save_flags+0x40/0x40 [ 57.800283] ? arch_local_save_flags+0x40/0x40 [ 57.804891] __should_failslab+0x124/0x180 [ 57.809138] should_failslab+0x9/0x14 [ 57.812945] __kmalloc+0x2d4/0x760 [ 57.816489] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 57.821505] ? _copy_from_iter+0x39d/0x1090 [ 57.825829] ? tls_push_record+0x107/0x1480 [ 57.830159] ? usercopy_warn+0x110/0x110 [ 57.834231] tls_push_record+0x107/0x1480 [ 57.838391] ? _copy_from_iter_nocache+0x1050/0x1050 [ 57.843508] tls_sw_sendmsg+0xe48/0x1310 [ 57.847595] ? decrypt_skb_update+0xa30/0xa30 [ 57.852089] ? aa_sk_perm+0x218/0x8b0 [ 57.855900] ? aa_af_perm+0x5a0/0x5a0 [ 57.859700] ? usercopy_warn+0x110/0x110 [ 57.863769] inet_sendmsg+0x1a1/0x690 [ 57.867581] ? ipip_gro_receive+0x100/0x100 [ 57.871908] ? apparmor_socket_sendmsg+0x29/0x30 [ 57.876666] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.882209] ? security_socket_sendmsg+0x94/0xc0 [ 57.886967] ? ipip_gro_receive+0x100/0x100 [ 57.891297] sock_sendmsg+0xd5/0x120 [ 57.895018] __sys_sendto+0x3d7/0x670 [ 57.898850] ? __ia32_sys_getpeername+0xb0/0xb0 [ 57.903544] ? lock_downgrade+0x900/0x900 [ 57.907698] ? __lock_is_held+0xb5/0x140 [ 57.911770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.917318] ? __sb_end_write+0xd9/0x110 [ 57.921398] ? do_syscall_64+0x9a/0x820 [ 57.925378] ? do_syscall_64+0x9a/0x820 [ 57.929357] ? lockdep_hardirqs_on+0x421/0x5c0 [ 57.933950] ? trace_hardirqs_on+0xbd/0x310 [ 57.938275] ? __ia32_sys_read+0xb0/0xb0 [ 57.942342] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.947717] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 57.953178] __x64_sys_sendto+0xe1/0x1a0 [ 57.957245] do_syscall_64+0x1b9/0x820 [ 57.961133] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 57.966498] ? syscall_return_slowpath+0x5e0/0x5e0 [ 57.971431] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.976292] ? trace_hardirqs_on_caller+0x310/0x310 [ 57.981330] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 57.986358] ? prepare_exit_to_usermode+0x291/0x3b0 [ 57.991392] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.996249] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.001438] RIP: 0033:0x441fc9 [ 58.004633] Code: e8 4c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 4b 04 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.023536] RSP: 002b:00007ffffdcd6938 EFLAGS: 00000216 ORIG_RAX: 000000000000002c [ 58.031256] RAX: ffffffffffffffda RBX: 00007ffffdcd6960 RCX: 0000000000441fc9 [ 58.038546] RDX: 00000000fffffdef RSI: 00000000200005c0 RDI: 0000000000000003 [ 58.045816] RBP: 0000000000000005 R08: 0000000020000000 R09: 000000000000001c [ 58.053092] R10: 0000000000000040 R11: 0000000000000216 R12: 0000000000000000 [ 58.060359] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 58.067676] CPU: 0 PID: 6742 Comm: syz-executor180 Not tainted 4.19.0-rc4+ #223 [ 58.075144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.084499] Call Trace: [ 58.087100] dump_stack+0x1c4/0x2b4 [ 58.090732] ? dump_stack_print_info.cold.2+0x52/0x52 [ 58.095927] ? printk+0xa7/0xcf [ 58.099212] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 58.103987] print_address_description.cold.8+0x9/0x1ff [ 58.109354] kasan_report.cold.9+0x242/0x309 [ 58.113767] ? tls_push_record+0x10b9/0x1480 [ 58.118180] __asan_report_store1_noabort+0x17/0x20 [ 58.123200] tls_push_record+0x10b9/0x1480 [ 58.127441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.132982] ? lock_sock_nested+0x9a/0x120 [ 58.137230] tls_sw_push_pending_record+0x22/0x30 [ 58.142080] tls_sk_proto_close+0x69c/0xbb0 [ 58.146407] ? lock_acquire+0x1ed/0x520 [ 58.150390] ? tcp_check_oom+0x530/0x530 [ 58.154457] ? tls_write_space+0x390/0x390 [ 58.158692] ? arch_local_save_flags+0x40/0x40 [ 58.163277] ? aa_af_perm+0x5a0/0x5a0 [ 58.167079] ? usercopy_warn+0x110/0x110 [ 58.171144] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.176681] ? ipv6_sock_ac_close+0x34f/0x470 [ 58.181181] ? ipv6_sock_mc_close+0x162/0x1d0 [ 58.185686] ? ip_mc_drop_socket+0x20b/0x270 [ 58.190095] ? down_write+0x8a/0x130 [ 58.193816] inet_release+0x104/0x1f0 [ 58.197635] inet6_release+0x50/0x70 [ 58.201354] __sock_release+0xd7/0x250 [ 58.205246] ? __sock_release+0x250/0x250 [ 58.209397] sock_close+0x19/0x20 [ 58.212877] __fput+0x385/0xa30 [ 58.216169] ? get_max_files+0x20/0x20 [ 58.220072] ? trace_hardirqs_on+0xbd/0x310 [ 58.224403] ? kasan_check_read+0x11/0x20 [ 58.228556] ? task_work_run+0x1af/0x2a0 [ 58.232621] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 58.238074] ? kasan_check_write+0x14/0x20 [ 58.242315] ? do_raw_spin_lock+0xc1/0x200 [ 58.246558] ____fput+0x15/0x20 [ 58.249839] task_work_run+0x1e8/0x2a0 [ 58.253747] ? task_work_cancel+0x240/0x240 [ 58.258077] ? copy_fd_bitmaps+0x210/0x210 [ 58.262313] ? do_syscall_64+0x9a/0x820 [ 58.266295] exit_to_usermode_loop+0x318/0x380 [ 58.270890] ? syscall_slow_exit_work+0x520/0x520 [ 58.275742] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.281286] do_syscall_64+0x6be/0x820 [ 58.285179] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 58.290549] ? syscall_return_slowpath+0x5e0/0x5e0 [ 58.295480] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 58.300326] ? trace_hardirqs_on_caller+0x310/0x310 [ 58.305344] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 58.310362] ? prepare_exit_to_usermode+0x291/0x3b0 [ 58.315389] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 58.320244] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.325438] RIP: 0033:0x401970 [ 58.328644] Code: 01 f0 ff ff 0f 83 d0 0a 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d bd 2e 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 a4 0a 00 00 c3 48 83 ec 08 e8 5a 01 00 00 [ 58.347545] RSP: 002b:00007ffffdcd6948 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 58.355270] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000401970 [ 58.362536] RDX: 00000000fffffdef RSI: 00000000200005c0 RDI: 0000000000000003 [ 58.369814] RBP: 0000000000000005 R08: 0000000020000000 R09: 000000000000001c [ 58.377098] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000000 [ 58.384364] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 58.391647] [ 58.393268] The buggy address belongs to the page: [ 58.398195] page:ffffea0006dc9e00 count:0 mapcount:-128 mapping:0000000000000000 index:0x0 [ 58.406598] flags: 0x2fffc0000000000() [ 58.410490] raw: 02fffc0000000000 ffffea00074a9808 ffff88021fffaef8 0000000000000000 [ 58.418374] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000 [ 58.426248] page dumped because: kasan: bad access detected [ 58.431955] [ 58.433577] Memory state around the buggy address: [ 58.438506] ffff8801b7277f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.445879] ffff8801b7277f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.453236] >ffff8801b7278000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.460586] ^ [ 58.463965] ffff8801b7278080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.471322] ffff8801b7278100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.478675] ================================================================== executing program [ 58.486027] Disabling lock debugging due to kernel taint [ 58.492378] page:ffffea0007626200 count:0 mapcount:-128 mapping:0000000000000000 index:0x0 [ 58.500898] flags: 0x2fffc0000000000() [ 58.504926] raw: 02fffc0000000000 ffffea0006dc9e08 ffff88021fffaef8 0000000000000000 [ 58.512957] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 58.520733] Kernel panic - not syncing: panic_on_warn set ... [ 58.520733] [ 58.521511] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) <= 0) [ 58.528237] CPU: 0 PID: 6742 Comm: syz-executor180 Tainted: G B 4.19.0-rc4+ #223 [ 58.528244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.528249] Call Trace: [ 58.528269] dump_stack+0x1c4/0x2b4 [ 58.528284] ? dump_stack_print_info.cold.2+0x52/0x52 [ 58.528304] panic+0x238/0x4e7 [ 58.528317] ? add_taint.cold.5+0x16/0x16 [ 58.528334] ? preempt_schedule+0x4d/0x60 [ 58.528350] ? ___preempt_schedule+0x16/0x18 [ 58.528365] ? trace_hardirqs_on+0xb4/0x310 [ 58.528384] kasan_end_report+0x47/0x4f [ 58.528401] kasan_report.cold.9+0x76/0x309 [ 58.537375] ------------[ cut here ]------------ [ 58.544238] ? tls_push_record+0x10b9/0x1480 [ 58.553574] kernel BUG at include/linux/mm.h:925! [ 58.556154] __asan_report_store1_noabort+0x17/0x20 [ 58.559882] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 58.564937] tls_push_record+0x10b9/0x1480 [ 58.568136] CPU: 1 PID: 6752 Comm: syz-executor180 Tainted: G B 4.19.0-rc4+ #223 [ 58.572269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.576397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.580794] ? lock_sock_nested+0x9a/0x120 [ 58.585100] RIP: 0010:do_tcp_sendpages+0x1854/0x1dc0 [ 58.589054] tls_sw_push_pending_record+0x22/0x30 [ 58.593358] Code: ff ff 48 83 e8 01 48 89 85 b8 fd ff ff e9 99 fa ff ff e8 ff 96 f5 fa 48 8b bd b8 fd ff ff 48 c7 c6 e0 ab ce 88 e8 4c 49 27 fb <0f> 0b 48 89 85 08 fe ff ff e8 de 96 f5 fa 48 8b 85 08 fe ff ff 4c [ 58.598100] tls_sk_proto_close+0x69c/0xbb0 [ 58.602703] RSP: 0018:ffff8801ba487510 EFLAGS: 00010246 [ 58.607542] ? lock_acquire+0x1ed/0x520 [ 58.617889] ? tcp_check_oom+0x530/0x530 [ 58.622100] RAX: 0000000000000000 RBX: ffff8801c105b000 RCX: 0000000000000000 [ 58.630928] ? tls_write_space+0x390/0x390 [ 58.636448] RDX: 0000000000000000 RSI: ffffffff81b098b9 RDI: ffffed0037490e93 [ 58.645814] ? arch_local_save_flags+0x40/0x40 [ 58.650035] RBP: ffff8801ba487770 R08: ffff8801d2fa0040 R09: fffffbfff12f29a0 [ 58.655304] ? aa_af_perm+0x5a0/0x5a0 [ 58.660132] R10: fffffbfff12f29a0 R11: ffffffff89794d03 R12: 000000000000401d [ 58.679055] ? usercopy_warn+0x110/0x110 [ 58.683351] R13: ffffea0007626234 R14: dffffc0000000000 R15: ffff8801b91b4180 [ 58.688720] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.692669] FS: 0000000001c75880(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000 [ 58.696717] ? ipv6_sock_ac_close+0x34f/0x470 [ 58.703965] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.708188] ? ipv6_sock_mc_close+0x162/0x1d0 [ 58.715435] CR2: 00007ffffdcd64ac CR3: 00000001d95e9000 CR4: 00000000001406e0 [ 58.720008] ? ip_mc_drop_socket+0x20b/0x270 [ 58.727257] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.731051] ? down_write+0x8a/0x130 [ 58.738814] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.742890] inet_release+0x104/0x1f0 [ 58.750135] Call Trace: [ 58.755669] inet6_release+0x50/0x70 [ 58.763893] ? sk_stream_alloc_skb+0x970/0x970 [ 58.768369] __sock_release+0xd7/0x250 [ 58.774245] ? generic_gcmaes_decrypt+0x190/0x190 [ 58.778721] ? __sock_release+0x250/0x250 [ 58.785987] ? tls_sw_push_pending_record+0x22/0x30 [ 58.790383] sock_close+0x19/0x20 [ 58.797649] ? tls_sk_proto_close+0x69c/0xbb0 [ 58.801348] __fput+0x385/0xa30 [ 58.808621] ? inet_release+0x104/0x1f0 [ 58.812408] ? get_max_files+0x20/0x20 [ 58.814980] ? inet6_release+0x50/0x70 [ 58.818694] ? trace_hardirqs_on+0xbd/0x310 [ 58.823258] ? sock_close+0x19/0x20 [ 58.827145] ? kasan_check_read+0x11/0x20 [ 58.831968] ? __fput+0x385/0xa30 [ 58.836101] ? task_work_run+0x1af/0x2a0 [ 58.841098] ? ____fput+0x15/0x20 [ 58.844539] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 58.849012] ? task_work_run+0x1e8/0x2a0 [ 58.852273] ? kasan_check_write+0x14/0x20 [ 58.856234] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.860102] ? do_raw_spin_lock+0xc1/0x200 [ 58.863974] ? add_wait_queue+0x2b0/0x2b0 [ 58.868278] ____fput+0x15/0x20 [ 58.871909] ? check_preemption_disabled+0x48/0x200 [ 58.876043] task_work_run+0x1e8/0x2a0 [ 58.879480] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 58.883523] ? task_work_cancel+0x240/0x240 [ 58.886961] ? tcp_rate_check_app_limited+0x121/0x460 [ 58.892397] ? copy_fd_bitmaps+0x210/0x210 [ 58.896441] ? fs_reclaim_acquire+0x20/0x20 [ 58.900661] ? do_syscall_64+0x9a/0x820 [ 58.906011] ? tcp_fastopen_reset_cipher.cold.14+0x47/0x47 [ 58.910227] exit_to_usermode_loop+0x318/0x380 [ 58.914356] ? lock_downgrade+0x900/0x900 [ 58.917619] ? syscall_slow_exit_work+0x520/0x520 [ 58.922622] tls_push_sg+0x283/0x8c0 [ 58.926496] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.931495] ? wait_on_pending_writer+0x5b0/0x5b0 [ 58.935801] do_syscall_64+0x6be/0x820 [ 58.940974] ? helper_rfc4106_encrypt+0x4a0/0x4a0 [ 58.945191] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 58.949498] ? __kmalloc+0x31c/0x760 [ 58.953473] ? syscall_return_slowpath+0x5e0/0x5e0 [ 58.959085] tls_push_record+0xb4d/0x1480 [ 58.963651] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 58.967781] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.972604] ? trace_hardirqs_on_caller+0x310/0x310 [ 58.976302] tls_sw_push_pending_record+0x22/0x30 [ 58.981819] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 58.986647] tls_sk_proto_close+0x69c/0xbb0 [ 58.990519] ? prepare_exit_to_usermode+0x291/0x3b0 [ 58.995352] ? lock_acquire+0x1ed/0x520 [ 59.000698] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 59.004398] ? tcp_check_oom+0x530/0x530 [ 59.009315] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.013447] ? tls_write_space+0x390/0x390 [ 59.018270] RIP: 0033:0x401970 [ 59.023793] ? arch_local_save_flags+0x40/0x40 [ 59.028788] Code: 01 f0 ff ff 0f 83 d0 0a 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d bd 2e 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 a4 0a 00 00 c3 48 83 ec 08 e8 5a 01 00 00 [ 59.033614] ? aa_af_perm+0x5a0/0x5a0 [ 59.038609] RSP: 002b:00007ffffdcd6948 EFLAGS: 00000246 [ 59.042921] ? usercopy_warn+0x110/0x110 [ 59.047914] ORIG_RAX: 0000000000000003 [ 59.051883] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.051906] ? ipv6_sock_ac_close+0x34f/0x470 [ 59.056725] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000401970 [ 59.060774] ? ipv6_sock_mc_close+0x162/0x1d0 [ 59.065944] RDX: 00000000fffffdef RSI: 00000000200005c0 RDI: 0000000000000003 [ 59.070169] ? ip_mc_drop_socket+0x20b/0x270 [ 59.073340] RBP: 0000000000000005 R08: 0000000020000000 R09: 000000000000001c [ 59.077930] ? down_write+0x8a/0x130 [ 59.096828] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000000 [ 59.100631] inet_release+0x104/0x1f0 [ 59.105974] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 59.110027] inet6_release+0x50/0x70 [ 59.180351] __sock_release+0xd7/0x250 [ 59.184245] ? __sock_release+0x250/0x250 [ 59.188397] sock_close+0x19/0x20 [ 59.191857] __fput+0x385/0xa30 [ 59.195142] ? get_max_files+0x20/0x20 [ 59.199032] ? trace_hardirqs_on+0xbd/0x310 [ 59.203351] ? kasan_check_read+0x11/0x20 [ 59.207502] ? task_work_run+0x1af/0x2a0 [ 59.211565] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 59.217019] ? kasan_check_write+0x14/0x20 [ 59.221297] ? do_raw_spin_lock+0xc1/0x200 [ 59.225534] ____fput+0x15/0x20 [ 59.228814] task_work_run+0x1e8/0x2a0 [ 59.232711] ? task_work_cancel+0x240/0x240 [ 59.237040] ? copy_fd_bitmaps+0x210/0x210 [ 59.241286] ? do_syscall_64+0x9a/0x820 [ 59.245268] exit_to_usermode_loop+0x318/0x380 [ 59.249875] ? syscall_slow_exit_work+0x520/0x520 [ 59.254739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.260296] do_syscall_64+0x6be/0x820 [ 59.264198] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 59.269569] ? syscall_return_slowpath+0x5e0/0x5e0 [ 59.274497] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 59.279344] ? trace_hardirqs_on_caller+0x310/0x310 [ 59.284375] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 59.289400] ? prepare_exit_to_usermode+0x291/0x3b0 [ 59.294423] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 59.299275] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.304464] RIP: 0033:0x401970 [ 59.307659] Code: 01 f0 ff ff 0f 83 d0 0a 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d bd 2e 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 a4 0a 00 00 c3 48 83 ec 08 e8 5a 01 00 00 [ 59.326569] RSP: 002b:00007ffffdcd6948 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 59.334290] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000401970 [ 59.341561] RDX: 00000000fffffdef RSI: 00000000200005c0 RDI: 0000000000000003 [ 59.348832] RBP: 0000000000000005 R08: 0000000020000000 R09: 000000000000001c [ 59.356120] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000000 [ 59.363398] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 59.370679] Modules linked in: [ 59.374833] Kernel Offset: disabled [ 59.378493] Rebooting in 86400 seconds..