BUG: Bad rss-counter state mm:00000000270b5714 idx:1 val:3 Linux version 4.19.0-rc1+ (syzkaller@ci) (clang version 8.0.0 (trunk 339414)) #37 SMP Thu Aug 30 01:10:09 UTC 2018 Command line: BOOT_IMAGE=/vmlinuz root=/dev/sda1 console=ttyS0 earlyprintk=serial vsyscall=native rodata=n ftrace_dump_on_oops=orig_cpu oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 workqueue.watchdog_thresh=140 kvm-intel.nested=1 nf-conntrack-ftp.ports=20000 nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000 nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000 nopcid x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format. BIOS-provided physical RAM map: BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved BIOS-e820: [mem 0x0000000000100000-0x00000000bfff2fff] usable BIOS-e820: [mem 0x00000000bfff3000-0x00000000bfffffff] reserved BIOS-e820: [mem 0x00000000fffbc000-0x00000000ffffffff] reserved BIOS-e820: [mem 0x0000000100000000-0x000000021fffffff] usable bootconsole [earlyser0] enabled Malformed early option 'vsyscall' nopcid: PCID feature disabled NX (Execute Disable) protection: active SMBIOS 2.4 present. DMI: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 last_pfn = 0x220000 max_arch_pfn = 0x400000000 x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT last_pfn = 0xbfff3 max_arch_pfn = 0x400000000 found SMP MP-table at [mem 0x000f2300-0x000f230f] mapped at [(____ptrval____)] Scanning 1 areas for low memory corruption Using GB pages for direct mapping ACPI: Early table checksum verification disabled ACPI: RSDP 0x00000000000F22C0 000014 (v00 Google) ACPI: RSDT 0x00000000BFFF3430 000038 (v01 Google GOOGRSDT 00000001 GOOG 00000001) ACPI: FACP 0x00000000BFFFCF60 0000F4 (v02 Google GOOGFACP 00000001 GOOG 00000001) ACPI: DSDT 0x00000000BFFF3470 0017B2 (v01 Google GOOGDSDT 00000001 GOOG 00000001) ACPI: FACS 0x00000000BFFFCF00 000040 ACPI: FACS 0x00000000BFFFCF00 000040 ACPI: SSDT 0x00000000BFFF65F0 00690D (v01 Google GOOGSSDT 00000001 GOOG 00000001) ACPI: APIC 0x00000000BFFF5D10 000076 (v01 Google GOOGAPIC 00000001 GOOG 00000001) ACPI: WAET 0x00000000BFFF5CE0 000028 (v01 Google GOOGWAET 00000001 GOOG 00000001) ACPI: SRAT 0x00000000BFFF4C30 0000C8 (v01 Google GOOGSRAT 00000001 GOOG 00000001) SRAT: PXM 0 -> APIC 0x00 -> Node 0 SRAT: PXM 0 -> APIC 0x01 -> Node 0 ACPI: SRAT: Node 0 PXM 0 [mem 0x00000000-0x0009ffff] ACPI: SRAT: Node 0 PXM 0 [mem 0x00100000-0xbfffffff] ACPI: SRAT: Node 0 PXM 0 [mem 0x100000000-0x21fffffff] NUMA: Node 0 [mem 0x00000000-0x0009ffff] + [mem 0x00100000-0xbfffffff] -> [mem 0x00000000-0xbfffffff] NUMA: Node 0 [mem 0x00000000-0xbfffffff] + [mem 0x100000000-0x21fffffff] -> [mem 0x00000000-0x21fffffff] NODE_DATA(0) allocated [mem 0x21fffa000-0x21fffdfff] Zone ranges: DMA [mem 0x0000000000001000-0x0000000000ffffff] DMA32 [mem 0x0000000001000000-0x00000000ffffffff] Normal [mem 0x0000000100000000-0x000000021fffffff] Movable zone start for each node Early memory node ranges node 0: [mem 0x0000000000001000-0x000000000009efff] node 0: [mem 0x0000000000100000-0x00000000bfff2fff] node 0: [mem 0x0000000100000000-0x000000021fffffff] Reserved but unavailable: 111 pages Initmem setup node 0 [mem 0x0000000000001000-0x000000021fffffff] ACPI: PM-Timer IO Port: 0xb008 ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1]) IOAPIC[0]: apic_id 0, version 17, address 0xfec00000, GSI 0-23 ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level) ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level) ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level) Using ACPI (MADT) for SMP configuration information smpboot: Allowing 2 CPUs, 0 hotplug CPUs PM: Registered nosave memory: [mem 0x00000000-0x00000fff] PM: Registered nosave memory: [mem 0x0009f000-0x0009ffff] PM: Registered nosave memory: [mem 0x000a0000-0x000effff] PM: Registered nosave memory: [mem 0x000f0000-0x000fffff] PM: Registered nosave memory: [mem 0xbfff3000-0xbfffffff] PM: Registered nosave memory: [mem 0xc0000000-0xfffbbfff] PM: Registered nosave memory: [mem 0xfffbc000-0xffffffff] [mem 0xc0000000-0xfffbbfff] available for PCI devices clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1910969940391419 ns setup_percpu: NR_CPUS:64 nr_cpumask_bits:64 nr_cpu_ids:2 nr_node_ids:1 setup_percpu: pcpu_fc_alloc(0, 0000000000200000, 0000000000200000)=ffff88021fc00000 percpu: Embedded 197 pages/cpu @(____ptrval____) s766984 r8192 d31736 u1048576 Built 1 zonelists, mobility grouping on. Total pages: 1919867 Policy zone: Normal Kernel command line: BOOT_IMAGE=/vmlinuz root=/dev/sda1 console=ttyS0 earlyprintk=serial vsyscall=native rodata=n ftrace_dump_on_oops=orig_cpu oops=panic panic_on_warn=1 nmi_watchdog=panic panic=86400 workqueue.watchdog_thresh=140 kvm-intel.nested=1 nf-conntrack-ftp.ports=20000 nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000 nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000 nopcid Memory: 7449688K/7863876K available (133132K kernel code, 4426K rwdata, 6460K rodata, 4328K init, 9644K bss, 414188K reserved, 0K cma-reserved) SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1 Kernel/User page tables isolation: enabled __START_KERNEL_map: ffffffff80000000, end (__bss_stop): ffffffff8ae44000 __bss: ffffffff8a4d9000-ffffffff8ae44000, __data: ffffffff89c00000-ffffffff8a0528c0 upper start: ffff880000000000, end: ffff88000ae44000 Starting KernelMemorySanitizer rcu: Hierarchical RCU implementation. rcu: RCU restricting CPUs from NR_CPUS=64 to nr_cpu_ids=2. rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2 NR_IRQS: 4352, nr_irqs: 440, preallocated irqs: 16 Console: colour VGA+ 80x25 console [ttyS0] enabled console [ttyS0] enabled bootconsole [earlyser0] disabled bootconsole [earlyser0] disabled ACPI: Core revision 20180810 APIC: Switch to symmetric I/O mode setup x2apic: IRQ remapping doesn't support X2APIC mode ..TIMER: vector=0x30 apic1=0 pin1=0 apic2=-1 pin2=-1 tsc: PIT calibration matches PMTIMER. 1 loops tsc: Detected 2299.980 MHz processor clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x21272259925, max_idle_ns: 440795269411 ns Calibrating delay loop (skipped), value calculated using timer frequency.. 4599.96 BogoMIPS (lpj=2299980) pid_max: default: 32768 minimum: 301 Security Framework initialized AppArmor: AppArmor initialized Dentry cache hash table entries: 1048576 (order: 11, 8388608 bytes) Inode-cache hash table entries: 524288 (order: 10, 4194304 bytes) Mount-cache hash table entries: 16384 (order: 5, 131072 bytes) Mountpoint-cache hash table entries: 16384 (order: 5, 131072 bytes) mce: CPU supports 32 MCE banks Last level iTLB entries: 4KB 1024, 2MB 1024, 4MB 1024 Last level dTLB entries: 4KB 1024, 2MB 1024, 4MB 1024, 1GB 4 Spectre V2 : Mitigation: Full generic retpoline Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch Speculative Store Bypass: Vulnerable Freeing SMP alternatives memory: 92K smpboot: CPU0: Intel(R) Xeon(R) CPU @ 2.30GHz (family: 0x6, model: 0x3f, stepping: 0x0) Performance Events: unsupported p6 CPU model 63 no PMU driver, software events only. rcu: Hierarchical SRCU implementation. NMI watchdog: Perf NMI watchdog permanently disabled smp: Bringing up secondary CPUs ... x86: Booting SMP configuration: .... node #0, CPUs: #1 smp: Brought up 1 node, 2 CPUs smpboot: Max logical packages: 1 smpboot: Total of 2 processors activated (9199.92 BogoMIPS) devtmpfs: initialized clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275000 ns kworker/u4:0 (23) used greatest stack depth: 58824 bytes left futex hash table entries: 512 (order: 3, 32768 bytes) xor: automatically using best checksumming function avx NET: Registered protocol family 16 audit: initializing netlink subsys (disabled) audit: type=2000 audit(1535612306.134:1): state=initialized audit_enabled=0 res=1 cpuidle: using governor menu random: get_random_bytes called from kcmp_cookies_init+0x4b/0xeb kernel/kcmp.c:249 with crng_init=0 ACPI: bus type PCI registered PCI: Using configuration type 1 for base access kworker/u4:0 (56) used greatest stack depth: 57768 bytes left