Warning: Permanently added '10.128.10.53' (ECDSA) to the list of known hosts. executing program [ *** ] A start job is running for dev-ttyS0.device (10s / 1min 30s)[ ***] A start job is running for dev-ttyS0.device (11s / 1min 30s)[ **] A start job is running for dev-ttyS0.device (12s / 1min 30s)[ *] A start job is running for dev-ttyS0.device (12s / 1min 30s)[ **] A start job is running for dev-ttyS0.device (13s / 1min 30s)[ ***] A start job is running for dev-ttyS0.device (14s / 1min 30s)[ *** ] A start job is running for dev-ttyS0.device (14s / 1min 30s)[ *** ] A start job is running for dev-ttyS0.device (15s / 1min 30s)[*** ] A start job is running for dev-ttyS0.device (15s / 1min 30s)[** ] A start job is running for dev-ttyS0.device (16s / 1min 30s)[* ] A start job is running for dev-ttyS0.device (17s / 1min 30s)[** ] A start job is running for dev-ttyS0.device (17s / 1min 30s)[*** ] A start job is running for dev-ttyS0.device (18s / 1min 30s)[ *** ] A start job is running for dev-ttyS0.device (18s / 1min 30s)[ *** ] A start job is running for dev-ttyS0.device (19s / 1min 30s)[ ***] A start job is running for dev-ttyS0.device (20s / 1min 30s)[ **] A start job is running for dev-ttyS0.device (20s / 1min 30s)[ *] A start job is running for dev-ttyS0.device (21s / 1min 30s)[ **] A start job is running for dev-ttyS0.device (22s / 1min 30s)[ 28.202038][ T22] audit: type=1400 audit(1610369274.096:8): avc: denied { execmem } for pid=356 comm="syz-executor656" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 28.225113][ T358] ================================================================== [ 28.233293][ T358] BUG: KASAN: use-after-free in filp_close+0x31/0x140 [ 28.240076][ T358] Read of size 8 at addr ffff8881e9dbbb78 by task syz-executor656/358 [ 28.248189][ T358] [ 28.250490][ T358] CPU: 1 PID: 358 Comm: syz-executor656 Not tainted 5.4.88-syzkaller-00116-gc9951e5d80dd #0 [ 28.260514][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.270538][ T358] Call Trace: [ 28.273799][ T358] dump_stack+0x1dd/0x24e [ 28.278095][ T358] ? show_regs_print_info+0x12/0x12 [ 28.283260][ T358] ? printk+0xcf/0x114 [ 28.287327][ T358] print_address_description+0x96/0x640 [ 28.292843][ T358] ? devkmsg_release+0x11c/0x11c [ 28.297750][ T358] __kasan_report+0x177/0x1f0 [ 28.302396][ T358] ? filp_close+0x31/0x140 [ 28.306782][ T358] kasan_report+0x30/0x60 [ 28.311079][ T358] check_memory_region+0x2b5/0x2f0 [ 28.321482][ T358] filp_close+0x31/0x140 [ 28.325693][ T358] __x64_sys_close+0x62/0xb0 [ 28.330249][ T358] do_syscall_64+0xcb/0x150 [ 28.334720][ T358] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 28.340593][ T358] RIP: 0033:0x400f30 [ 28.344456][ T358] Code: 01 f0 ff ff 0f 83 20 0c 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 9d 17 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 f4 0b 00 00 c3 48 83 ec 08 e8 5a 01 00 00 [ 28.364040][ T358] RSP: 002b:00007fff0b9dea78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 28.372415][ T358] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000400f30 [ 28.380355][ T358] RDX: 0000000020000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 28.388308][ T358] RBP: 00007fff0b9dea80 R08: 0000000000000004 R09: 0000000120080522 [ 28.396246][ T358] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004a22b0 [ 28.404185][ T358] R13: 0000000000402040 R14: 0000000000000000 R15: 0000000000000000 [ 28.412124][ T358] [ 28.414421][ T358] Allocated by task 358: [ 28.418644][ T358] __kasan_kmalloc+0x129/0x1c0 [ 28.423373][ T358] kmem_cache_alloc+0x1e0/0x270 [ 28.428189][ T358] __alloc_file+0x26/0x390 [ 28.432582][ T358] alloc_empty_file+0xa9/0x1b0 [ 28.437327][ T358] path_openat+0x11b/0x3c20 [ 28.441797][ T358] do_filp_open+0x20a/0x440 [ 28.446278][ T358] do_sys_open+0x380/0x7b0 [ 28.450659][ T358] do_syscall_64+0xcb/0x150 [ 28.455130][ T358] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 28.460991][ T358] [ 28.463286][ T358] Freed by task 358: [ 28.467161][ T358] __kasan_slab_free+0x17e/0x230 [ 28.472062][ T358] slab_free_freelist_hook+0xd0/0x150 [ 28.477399][ T358] kfree+0x12c/0x660 [ 28.481260][ T358] put_fs_context+0x57c/0x690 [ 28.486061][ T358] fscontext_release+0x61/0x80 [ 28.490812][ T358] __fput+0x27d/0x6c0 [ 28.494766][ T358] task_work_run+0x176/0x1a0 [ 28.499324][ T358] prepare_exit_to_usermode+0x2b0/0x310 [ 28.504835][ T358] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 28.510706][ T358] [ 28.513006][ T358] The buggy address belongs to the object at ffff8881e9dbbb40 [ 28.513006][ T358] which belongs to the cache filp of size 256 [ 28.526412][ T358] The buggy address is located 56 bytes inside of [ 28.526412][ T358] 256-byte region [ffff8881e9dbbb40, ffff8881e9dbbc40) [ 28.539557][ T358] The buggy address belongs to the page: [ 28.545155][ T358] page:ffffea0007a76ec0 refcount:1 mapcount:0 mapping:ffff8881f60fa780 index:0x0 [ 28.554222][ T358] flags: 0x8000000000000200(slab) [ 28.559212][ T358] raw: 8000000000000200 0000000000000000 0000000100000001 ffff8881f60fa780 [ 28.567773][ T358] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 28.576317][ T358] page dumped because: kasan: bad access detected [ 28.582794][ T358] [ 28.585115][ T358] Memory state around the buggy address: [ 28.590711][ T358] ffff8881e9dbba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.598736][ T358] ffff8881e9dbba80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.606849][ T358] >ffff8881e9dbbb00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 28.614886][ T358] ^ [ 28.622824][ T358] ffff8881e9dbbb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.630849][ T358] ffff8881e9dbbc00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.638871][ T358] ================================================================== [ 28.646908][ T358] Disabling lock debugging due to kernel taint [ *[ 28.654716][ T358] Kernel panic - not syncing: panic_on_warn set ... [ 28.661635][ T358] CPU: 1 PID: 358 Comm: syz-executor656 Tainted: G B 5.4.88-syzkaller-00116-gc9951e5d80dd #0 *[[ 28.673061][ T358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.684497][ T358] Call Trace: [ 28.687778][ T358] dump_stack+0x1dd/0x24e 0;31m*] A st[ 28.692091][ T358] ? devkmsg_release+0x11c/0x11c [ 28.698564][ T358] ? show_regs_print_info+0x12/0x12 [ 28.703759][ T358] panic+0x285/0x750 art job is runni[ 28.707637][ T358] ? add_taint+0x3e/0x90 [ 28.713252][ T358] ? nmi_panic+0x90/0x90 ng for dev-ttyS0[ 28.717489][ T358] ? ___preempt_schedule+0x16/0x20 [ 28.723980][ T358] __kasan_report+0x1e8/0x1f0 .device (22s / 1[ 28.728635][ T358] ? filp_close+0x31/0x140 [ 28.734425][ T358] kasan_report+0x30/0x60 min 30s)[ 28.738735][ T358] check_memory_region+0x2b5/0x2f0 [ 28.744525][ T358] filp_close+0x31/0x140 [ 28.748750][ T358] __x64_sys_close+0x62/0xb0 [ 28.753421][ T358] do_syscall_64+0xcb/0x150 [ 28.757930][ T358] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 28.763803][ T358] RIP: 0033:0x400f30 [ 28.767679][ T358] Code: 01 f0 ff ff 0f 83 20 0c 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 9d 17 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 f4 0b 00 00 c3 48 83 ec 08 e8 5a 01 00 00 [ 28.787288][ T358] RSP: 002b:00007fff0b9dea78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 28.795739][ T358] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000400f30 [ 28.803715][ T358] RDX: 0000000020000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 28.811666][ T358] RBP: 00007fff0b9dea80 R08: 0000000000000004 R09: 0000000120080522 [ 28.819615][ T358] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004a22b0 [ 28.827579][ T358] R13: 0000000000402040 R14: 0000000000000000 R15: 0000000000000000 [ 28.836024][ T358] Kernel Offset: disabled [ 28.840360][ T358] Rebooting in 86400 seconds..