[ 33.528877] random: sshd: uninitialized urandom read (32 bytes read) [ 39.368970] random: sshd: uninitialized urandom read (32 bytes read) [ 40.508118] random: cc1: uninitialized urandom read (8 bytes read) [ 40.907037] ld (5138) used greatest stack depth: 15960 bytes left [ 41.041740] IPVS: ftp: loaded support on port[0] = 21 [ 70.089469] can: request_module (can-proto-0) failed. [ 70.099153] can: request_module (can-proto-0) failed. [ 72.597422] random: sshd: uninitialized urandom read (32 bytes read) [ 73.031711] random: sshd: uninitialized urandom read (32 bytes read) [ 73.211888] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. 2019/03/31 09:06:40 parsed 1 programs 2019/03/31 09:06:40 executed programs: 0 [ 80.281631] IPVS: ftp: loaded support on port[0] = 21 [ 80.290840] IPVS: ftp: loaded support on port[0] = 21 [ 80.318931] IPVS: ftp: loaded support on port[0] = 21 [ 80.332217] IPVS: ftp: loaded support on port[0] = 21 [ 80.332718] IPVS: ftp: loaded support on port[0] = 21 [ 80.371674] IPVS: ftp: loaded support on port[0] = 21 [ 81.357637] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.365298] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.373201] device bridge_slave_0 entered promiscuous mode [ 81.401443] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.407855] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.419244] device bridge_slave_0 entered promiscuous mode [ 81.428043] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.435551] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.443658] device bridge_slave_1 entered promiscuous mode [ 81.451986] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.458345] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.466288] device bridge_slave_0 entered promiscuous mode [ 81.475331] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.484799] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.492465] device bridge_slave_0 entered promiscuous mode [ 81.502770] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.509235] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.516913] device bridge_slave_1 entered promiscuous mode [ 81.525227] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 81.535384] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.546740] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.553952] device bridge_slave_0 entered promiscuous mode [ 81.568533] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 81.577767] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.586387] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.594336] device bridge_slave_1 entered promiscuous mode [ 81.607039] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.616907] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.623994] device bridge_slave_1 entered promiscuous mode [ 81.631669] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 81.641941] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.648300] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.658197] device bridge_slave_1 entered promiscuous mode [ 81.665988] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 81.675372] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 81.685825] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.695534] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.703164] device bridge_slave_0 entered promiscuous mode [ 81.711080] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 81.733109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 81.745328] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 81.757232] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.767968] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.777610] device bridge_slave_1 entered promiscuous mode [ 81.798520] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 81.811891] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 81.821685] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 81.863420] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 81.913605] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 81.948673] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 81.959124] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 81.972983] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 82.022303] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 82.033874] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 82.049297] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 82.063670] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 82.080470] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 82.094859] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 82.105644] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 82.116279] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 82.125530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.138056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.148811] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 82.157976] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 82.171636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.179522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.190274] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 82.199361] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 82.208175] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 82.222256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 82.244656] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 82.254340] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 82.267022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 82.277932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 82.290616] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 82.304057] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 82.313402] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 82.333318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.342901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 82.360265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.381884] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 82.398955] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 82.409177] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 82.422829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 82.455412] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 82.468720] team0: Port device team_slave_0 added [ 82.492698] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 82.505119] team0: Port device team_slave_0 added [ 82.518398] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 82.528246] team0: Port device team_slave_0 added [ 82.547715] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 82.557481] team0: Port device team_slave_0 added [ 82.568083] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 82.576653] team0: Port device team_slave_1 added [ 82.583969] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 82.593243] team0: Port device team_slave_1 added [ 82.600598] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 82.607935] team0: Port device team_slave_1 added [ 82.619029] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 82.635150] team0: Port device team_slave_0 added [ 82.647585] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 82.655970] team0: Port device team_slave_1 added [ 82.663771] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 82.674280] team0: Port device team_slave_0 added [ 82.686761] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.698531] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.711321] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.738633] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 82.746327] team0: Port device team_slave_1 added [ 82.755740] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.770972] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 82.779969] team0: Port device team_slave_1 added [ 82.796885] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.808635] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.817176] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.830696] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.839380] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.857037] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.871720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.879425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.887873] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.895864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 82.908013] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.917809] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.927846] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.940405] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.951523] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 82.967360] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 82.978186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.993958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 83.001849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.009496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.017447] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.025200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 83.033025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.041066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.052328] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 83.066136] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 83.077125] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 83.089149] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.101728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.109546] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.118560] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.128304] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 83.137840] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 83.153833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 83.168372] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 83.180747] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.191979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 83.203967] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 83.222884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.234150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 83.256274] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 83.274968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.286120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.296473] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 83.309980] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.318900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.669130] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.675771] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.682998] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.689471] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.704242] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 83.713599] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.719969] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.726742] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.733145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.740924] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 83.789274] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.795712] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.802432] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.808797] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.817267] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 83.832393] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.838770] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.845444] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.851854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.871183] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 83.918289] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.924727] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.931440] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.939198] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.952318] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 84.053331] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.059736] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.067666] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.074065] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.091173] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 84.102279] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 84.110951] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 84.118441] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 84.126143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 84.135033] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 84.142547] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 85.906183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.938194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.987100] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.038080] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.056760] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.108771] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 86.124126] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 86.189109] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 86.224601] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.271925] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 86.282491] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 86.305843] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 86.317888] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.336196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.351587] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 86.357891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.384740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.402740] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 86.412196] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.419300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.511680] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 86.523267] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 86.531082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.541588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.548962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.556729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.566557] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 86.574560] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.640651] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.665740] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.738015] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.746590] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 86.761477] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.776287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 86.784240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.944544] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.846009] ================================================================== [ 87.853621] BUG: KASAN: use-after-free in finish_task_switch+0x56e/0x8c0 [ 87.853630] Read of size 8 at addr ffff8801d2ba0058 by task syz-executor5/6778 [ 87.867829] [ 87.869467] CPU: 0 PID: 6778 Comm: syz-executor5 Not tainted 4.18.0-rc6+ #1 [ 87.876563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 87.885941] Call Trace: [ 87.888540] dump_stack+0x16e/0x22a [ 87.892186] ? dump_stack_print_info.cold.2+0x48/0x48 [ 87.897397] ? printk+0x9a/0xc0 [ 87.900678] ? kmsg_dump_rewind_nolock+0xdf/0xdf [ 87.905444] print_address_description.cold.8+0x9/0x1ff [ 87.910806] kasan_report.cold.9+0x242/0x2fe [ 87.910815] ? finish_task_switch+0x56e/0x8c0 [ 87.910823] __asan_report_load8_noabort+0x14/0x20 [ 87.910828] finish_task_switch+0x56e/0x8c0 [ 87.910836] ? preempt_notifier_register+0x200/0x200 [ 87.910846] ? lock_repin_lock+0x430/0x430 [ 87.910853] ? vmx_vcpu_put+0x2b/0x150 [ 87.910864] ? kvm_arch_vcpu_put+0x299/0x3c0 [ 87.910877] __schedule+0x83e/0x1f40 [ 87.910889] ? pci_mmcfg_check_reserved+0x120/0x120 [ 87.910904] ? find_held_lock+0x36/0x1c0 [ 87.910916] ? try_to_wake_up+0x10a/0x1350 [ 87.910923] ? lock_downgrade+0x900/0x900 [ 87.910930] ? preempt_schedule+0x4d/0x60 [ 87.910938] preempt_schedule_common+0x1f/0xd0 [ 87.910944] preempt_schedule+0x4d/0x60 [ 87.910952] ___preempt_schedule+0x16/0x18 [ 87.910963] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 87.910969] try_to_wake_up+0x10a/0x1350 [ 87.910981] ? migrate_swap_stop+0x930/0x930 [ 87.910987] ? find_held_lock+0x36/0x1c0 [ 87.911003] ? futex_wake+0x4fc/0x8b0 [ 87.911009] ? lock_downgrade+0x900/0x900 [ 87.911019] ? kasan_check_read+0x11/0x20 [ 87.911026] ? do_raw_spin_unlock+0xa7/0x2f0 [ 87.911033] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 87.911039] ? __unqueue_futex+0x290/0x290 [ 87.911047] wake_up_q+0xa4/0x100 [ 87.911054] futex_wake+0x504/0x8b0 [ 87.911065] ? get_futex_key+0x1bb0/0x1bb0 [ 87.911078] ? rcu_lockdep_current_cpu_online+0x1ae/0x210 [ 87.919979] ? rcu_pm_notify+0xc0/0xc0 [ 87.920000] do_futex+0x877/0x24f0 [ 88.053311] ? kvm_vcpu_ioctl+0x24c/0xe70 [ 88.057454] ? kvm_vcpu_block+0xde0/0xde0 [ 88.061609] ? exit_robust_list+0x1b0/0x1b0 [ 88.066951] ? find_held_lock+0x36/0x1c0 [ 88.071013] ? __fget+0x307/0x520 [ 88.074469] ? lock_downgrade+0x900/0x900 [ 88.078607] ? rcu_read_unlock_special.part.63+0xf50/0xf50 [ 88.084226] ? kasan_check_read+0x11/0x20 [ 88.088402] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 88.093667] ? rcu_bh_qs+0xc0/0xc0 [ 88.097201] ? __fget+0x324/0x520 [ 88.100655] ? expand_files.part.8+0x880/0x880 [ 88.105240] ? do_vfs_ioctl+0x195/0x1650 [ 88.109295] ? ioctl_preallocate+0x2d0/0x2d0 [ 88.113708] ? __fget_light+0x2e8/0x3a0 [ 88.117677] ? fget_raw+0x10/0x10 [ 88.121150] __x64_sys_futex+0x1cb/0x4f0 [ 88.125223] ? do_futex+0x24f0/0x24f0 [ 88.129801] ? kasan_check_write+0x14/0x20 [ 88.134031] ? fput+0x18/0x120 [ 88.137234] ? ksys_ioctl+0x72/0x90 [ 88.140863] ? do_syscall_64+0x95/0x700 [ 88.144833] do_syscall_64+0x183/0x700 [ 88.148718] ? finish_task_switch+0x1f4/0x8c0 [ 88.153220] ? syscall_return_slowpath+0x4e0/0x4e0 [ 88.158148] ? syscall_return_slowpath+0x215/0x4e0 [ 88.163076] ? prepare_exit_to_usermode+0x300/0x300 [ 88.168090] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 88.173453] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 88.178316] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.183500] RIP: 0033:0x4577c9 [ 88.186679] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 88.205904] RSP: 002b:00007fe563988cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 88.213619] RAX: ffffffffffffffda RBX: 000000000072c048 RCX: 00000000004577c9 [ 88.220893] RDX: 0000000000000016 RSI: 0000000000000081 RDI: 000000000072c04c [ 88.228155] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 88.235416] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000072c04c [ 88.242682] R13: 00007ffc0e6df97f R14: 00007fe5639899c0 R15: 0000000000000002 [ 88.249962] [ 88.251597] Allocated by task 6767: [ 88.255252] save_stack+0x43/0xd0 [ 88.258695] kasan_kmalloc+0xc7/0xe0 [ 88.262397] kasan_slab_alloc+0x12/0x20 [ 88.266359] kmem_cache_alloc+0x12e/0x780 [ 88.270500] vmx_create_vcpu+0xc6/0x1f50 [ 88.274545] kvm_arch_vcpu_create+0xb0/0x1c0 [ 88.278940] kvm_vm_ioctl+0x5e0/0x1c60 [ 88.282820] do_vfs_ioctl+0x195/0x1650 [ 88.286691] ksys_ioctl+0x62/0x90 [ 88.290134] __x64_sys_ioctl+0x6e/0xb0 [ 88.294009] do_syscall_64+0x183/0x700 [ 88.297885] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.303059] [ 88.304673] Freed by task 6766: [ 88.307944] save_stack+0x43/0xd0 [ 88.311384] __kasan_slab_free+0x102/0x150 [ 88.315610] kasan_slab_free+0xe/0x10 [ 88.319397] kmem_cache_free+0x83/0x2d0 [ 88.323367] vmx_free_vcpu+0x200/0x290 [ 88.327242] kvm_arch_destroy_vm+0x322/0x7a0 [ 88.331641] kvm_put_kvm+0x59c/0xdd0 [ 88.335340] kvm_vcpu_release+0x77/0xa0 [ 88.339306] __fput+0x2e6/0x990 [ 88.342571] ____fput+0x9/0x10 [ 88.345758] task_work_run+0x19f/0x240 [ 88.349634] exit_to_usermode_loop+0x269/0x300 [ 88.354382] do_syscall_64+0x587/0x700 [ 88.358264] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.363436] [ 88.365053] The buggy address belongs to the object at ffff8801d2ba0040 [ 88.365053] which belongs to the cache kvm_vcpu of size 23616 [ 88.377621] The buggy address is located 24 bytes inside of [ 88.377621] 23616-byte region [ffff8801d2ba0040, ffff8801d2ba5c80) [ 88.389585] The buggy address belongs to the page: [ 88.394514] page:ffffea00074ae800 count:1 mapcount:0 mapping:ffff8801d52c3c00 index:0x0 compound_mapcount: 0 [ 88.404485] flags: 0x2fffc0000008100(slab|head) [ 88.409154] raw: 02fffc0000008100 ffff8801d52a7b48 ffffea0006e6f408 ffff8801d52c3c00 [ 88.417034] raw: 0000000000000000 ffff8801d2ba0040 0000000100000001 0000000000000000 [ 88.424919] page dumped because: kasan: bad access detected [ 88.430617] [ 88.432252] Memory state around the buggy address: [ 88.437179] ffff8801d2b9ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 88.444539] ffff8801d2b9ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 88.451899] >ffff8801d2ba0000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 88.459276] ^ [ 88.465530] ffff8801d2ba0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 88.472904] ffff8801d2ba0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 88.480273] ================================================================== [ 88.487625] Disabling lock debugging due to kernel taint [ 88.496458] Kernel panic - not syncing: panic_on_warn set ... [ 88.496458] [ 88.498092] kobject: 'kvm' ((____ptrval____)): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 88.503844] CPU: 0 PID: 6778 Comm: syz-executor5 Tainted: G B 4.18.0-rc6+ #1 [ 88.503847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 88.503850] Call Trace: [ 88.503865] dump_stack+0x16e/0x22a [ 88.503871] ? dump_stack_print_info.cold.2+0x48/0x48 [ 88.503880] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 88.503889] panic+0x1c6/0x37d [ 88.503893] ? add_taint.cold.5+0x11/0x11 [ 88.503905] ? do_raw_spin_unlock+0xa7/0x2f0 [ 88.536441] kobject: 'kvm' ((____ptrval____)): kobject_uevent_env [ 88.536937] kasan_end_report+0x47/0x4f [ 88.536944] kasan_report.cold.9+0x76/0x2fe [ 88.547020] kobject: 'kvm' ((____ptrval____)): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 88.550065] ? finish_task_switch+0x56e/0x8c0 [ 88.550077] __asan_report_load8_noabort+0x14/0x20 [ 88.550082] finish_task_switch+0x56e/0x8c0 [ 88.550087] ? preempt_notifier_register+0x200/0x200 [ 88.550095] ? lock_repin_lock+0x430/0x430 [ 88.550100] ? vmx_vcpu_put+0x2b/0x150 [ 88.550109] ? kvm_arch_vcpu_put+0x299/0x3c0 [ 88.550118] __schedule+0x83e/0x1f40 [ 88.550126] ? pci_mmcfg_check_reserved+0x120/0x120 [ 88.550135] ? find_held_lock+0x36/0x1c0 [ 88.550143] ? try_to_wake_up+0x10a/0x1350 [ 88.550148] ? lock_downgrade+0x900/0x900 [ 88.550153] ? preempt_schedule+0x4d/0x60 [ 88.550158] preempt_schedule_common+0x1f/0xd0 [ 88.550163] preempt_schedule+0x4d/0x60 [ 88.550170] ___preempt_schedule+0x16/0x18 [ 88.550179] _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 88.550184] try_to_wake_up+0x10a/0x1350 [ 88.550191] ? migrate_swap_stop+0x930/0x930 [ 88.550195] ? find_held_lock+0x36/0x1c0 [ 88.550205] ? futex_wake+0x4fc/0x8b0 [ 88.550220] ? lock_downgrade+0x900/0x900 [ 88.550229] ? kasan_check_read+0x11/0x20 [ 88.550233] ? do_raw_spin_unlock+0xa7/0x2f0 [ 88.550237] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 88.550242] ? __unqueue_futex+0x290/0x290 [ 88.550249] wake_up_q+0xa4/0x100 [ 88.550254] futex_wake+0x504/0x8b0 [ 88.550260] ? get_futex_key+0x1bb0/0x1bb0 [ 88.550269] ? rcu_lockdep_current_cpu_online+0x1ae/0x210 [ 88.550273] ? rcu_pm_notify+0xc0/0xc0 [ 88.550283] do_futex+0x877/0x24f0 [ 88.550294] ? kvm_vcpu_ioctl+0x24c/0xe70 [ 88.580453] kobject: 'kvm' ((____ptrval____)): kobject_uevent_env [ 88.582321] ? kvm_vcpu_block+0xde0/0xde0 [ 88.582336] ? exit_robust_list+0x1b0/0x1b0 [ 88.586843] kobject: 'kvm' ((____ptrval____)): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 88.591771] ? find_held_lock+0x36/0x1c0 [ 88.591782] ? __fget+0x307/0x520 [ 88.591787] ? lock_downgrade+0x900/0x900 [ 88.591796] ? rcu_read_unlock_special.part.63+0xf50/0xf50 [ 88.591802] ? kasan_check_read+0x11/0x20 [ 88.591806] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 88.591810] ? rcu_bh_qs+0xc0/0xc0 [ 88.591819] ? __fget+0x324/0x520 [ 88.591826] ? expand_files.part.8+0x880/0x880 [ 88.591838] ? do_vfs_ioctl+0x195/0x1650 [ 88.605193] kobject: 'kvm' ((____ptrval____)): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 88.605481] ? ioctl_preallocate+0x2d0/0x2d0 [ 88.605490] ? __fget_light+0x2e8/0x3a0 [ 88.806124] ? fget_raw+0x10/0x10 [ 88.809568] __x64_sys_futex+0x1cb/0x4f0 [ 88.813622] ? do_futex+0x24f0/0x24f0 [ 88.817407] ? kasan_check_write+0x14/0x20 [ 88.821630] ? fput+0x18/0x120 [ 88.824809] ? ksys_ioctl+0x72/0x90 [ 88.828421] ? do_syscall_64+0x95/0x700 [ 88.832406] do_syscall_64+0x183/0x700 [ 88.836278] ? finish_task_switch+0x1f4/0x8c0 [ 88.840757] ? syscall_return_slowpath+0x4e0/0x4e0 [ 88.845680] ? syscall_return_slowpath+0x215/0x4e0 [ 88.850684] ? prepare_exit_to_usermode+0x300/0x300 [ 88.855685] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 88.861036] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 88.865863] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 88.871039] RIP: 0033:0x4577c9 [ 88.874210] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 88.893340] RSP: 002b:00007fe563988cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 88.901039] RAX: ffffffffffffffda RBX: 000000000072c048 RCX: 00000000004577c9 [ 88.908297] RDX: 0000000000000016 RSI: 0000000000000081 RDI: 000000000072c04c [ 88.915556] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 88.922819] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000072c04c [ 88.930078] R13: 00007ffc0e6df97f R14: 00007fe5639899c0 R15: 0000000000000002 [ 88.938307] Kernel Offset: disabled [ 88.941933] Rebooting in 86400 seconds..