Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program [ 32.281761] audit: type=1400 audit(1595975975.229:8): avc: denied { execmem } for pid=6365 comm="syz-executor313" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 32.327971] ================================================================== [ 32.335365] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x146f/0x17d0 [ 32.342711] Read of size 8 at addr ffff8880974ef790 by task syz-executor313/6376 [ 32.350219] [ 32.351825] CPU: 0 PID: 6376 Comm: syz-executor313 Not tainted 4.14.189-syzkaller #0 [ 32.359678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.369007] Call Trace: [ 32.371574] dump_stack+0x1b2/0x283 [ 32.375183] print_address_description.cold+0x54/0x1d3 [ 32.380434] kasan_report_error.cold+0x8a/0x194 [ 32.385081] ? unwind_next_frame+0x146f/0x17d0 [ 32.389642] __asan_report_load8_noabort+0x68/0x70 [ 32.394624] ? unwind_next_frame+0x146f/0x17d0 [ 32.399179] unwind_next_frame+0x146f/0x17d0 [ 32.403565] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 32.408967] ? deref_stack_reg+0x1a0/0x1a0 [ 32.413179] ? check_preemption_disabled+0x35/0x240 [ 32.418171] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 32.423516] perf_callchain_kernel+0x38c/0x520 [ 32.428085] ? lock_release+0x4df/0x870 [ 32.432041] ? arch_perf_update_userpage+0x300/0x300 [ 32.437191] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 32.442533] ? check_preemption_disabled+0x35/0x240 [ 32.447529] get_perf_callchain+0x2df/0x740 [ 32.451824] ? put_callchain_buffers+0x60/0x60 [ 32.456398] ? __perf_event_overflow+0x1b6/0x310 [ 32.461174] perf_callchain+0x147/0x190 [ 32.465123] perf_prepare_sample+0xd77/0x1380 [ 32.469616] ? get_perf_callchain+0x56f/0x740 [ 32.474099] ? perf_output_sample+0x16f0/0x16f0 [ 32.478748] perf_event_output_forward+0xc9/0x1f0 [ 32.483565] ? perf_prepare_sample+0x1380/0x1380 [ 32.488293] ? perf_callchain+0x150/0x190 [ 32.492414] ? check_preemption_disabled+0x35/0x240 [ 32.497473] __perf_event_overflow+0x113/0x310 [ 32.502031] perf_swevent_event+0x299/0x460 [ 32.506327] perf_tp_event+0x540/0x6e0 [ 32.510190] ? perf_swevent_event+0x460/0x460 [ 32.514665] ? perf_trace_run_bpf_submit+0x119/0x200 [ 32.519743] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 32.525605] ? perf_trace_lock_acquire+0x510/0x510 [ 32.530514] ? __save_stack_trace+0x63/0x160 [ 32.534906] ? deref_stack_reg+0x124/0x1a0 [ 32.539136] ? is_bpf_text_address+0x91/0x150 [ 32.543605] ? lock_acquire+0x170/0x3f0 [ 32.547552] ? lock_downgrade+0x740/0x740 [ 32.551675] ? __lock_acquire+0x5fc/0x3f20 [ 32.555883] ? perf_trace_run_bpf_submit+0x119/0x200 [ 32.560979] perf_trace_run_bpf_submit+0x119/0x200 [ 32.565887] perf_trace_lock+0x2d6/0x490 [ 32.569932] ? kasan_slab_free+0x12d/0x1a0 [ 32.574138] ? perf_trace_lock_acquire+0x510/0x510 [ 32.579042] ? exit_mmap+0x280/0x4b0 [ 32.582732] ? mmput+0xfa/0x420 [ 32.586013] ? do_exit+0x948/0x27f0 [ 32.589621] ? get_signal+0x38d/0x1ca0 [ 32.593483] ? exit_to_usermode_loop+0x160/0x200 [ 32.598218] ? do_syscall_64+0x4a3/0x640 [ 32.602284] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 32.607624] ? debug_check_no_obj_freed+0x2c0/0x674 [ 32.612620] ? perf_trace_lock_acquire+0x510/0x510 [ 32.617547] lock_release+0x4df/0x870 [ 32.621336] ? lock_acquire+0x170/0x3f0 [ 32.625287] ? lock_downgrade+0x740/0x740 [ 32.629413] _raw_spin_unlock_irqrestore+0x1b/0xe0 [ 32.634334] debug_check_no_obj_freed+0x2c0/0x674 [ 32.639159] ? debug_object_activate+0x490/0x490 [ 32.643889] ? unlink_anon_vmas+0x289/0x7e0 [ 32.648186] kmem_cache_free+0x156/0x2b0 [ 32.652222] unlink_anon_vmas+0x289/0x7e0 [ 32.656354] ? up_write+0x17/0x60 [ 32.659779] free_pgtables+0x178/0x2b0 [ 32.663641] exit_mmap+0x280/0x4b0 [ 32.667174] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 32.671819] ? kmem_cache_free+0x23a/0x2b0 [ 32.676043] ? __khugepaged_exit+0x29b/0x3c0 [ 32.680444] mmput+0xfa/0x420 [ 32.683525] do_exit+0x948/0x27f0 [ 32.686954] ? perf_trace_lock_acquire+0x510/0x510 [ 32.691870] ? mm_update_next_owner+0x5b0/0x5b0 [ 32.696522] ? get_signal+0x323/0x1ca0 [ 32.700390] ? lock_acquire+0x170/0x3f0 [ 32.704340] ? lock_downgrade+0x740/0x740 [ 32.708539] do_group_exit+0x100/0x2e0 [ 32.712459] get_signal+0x38d/0x1ca0 [ 32.716200] do_signal+0x7c/0x1550 [ 32.719731] ? __mutex_unlock_slowpath+0x75/0x770 [ 32.724606] ? wait_for_completion_io+0x10/0x10 [ 32.729359] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 32.734443] ? setup_sigcontext+0x820/0x820 [ 32.738743] ? SyS_perf_event_open+0x5ea/0x24b0 [ 32.743396] ? SyS_futex+0x1da/0x290 [ 32.747081] ? SyS_futex+0x1e3/0x290 [ 32.750769] ? exit_to_usermode_loop+0x41/0x200 [ 32.755415] exit_to_usermode_loop+0x160/0x200 [ 32.759981] do_syscall_64+0x4a3/0x640 [ 32.763846] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 32.769007] RIP: 0033:0x4468c9 [ 32.772177] RSP: 002b:00007f0ae7627db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 32.779869] RAX: fffffffffffffe00 RBX: 00000000006dbc28 RCX: 00000000004468c9 [ 32.787202] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dbc28 [ 32.794556] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 32.801882] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 32.809150] R13: 00007ffd8fc7718f R14: 00007f0ae76289c0 R15: 0000000000000000 [ 32.816399] [ 32.817999] The buggy address belongs to the page: [ 32.822902] page:ffffea00025d3bc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 32.831016] flags: 0xfffe0000000000() [ 32.834796] raw: 00fffe0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 32.842661] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 32.850514] page dumped because: kasan: bad access detected [ 32.856195] [ 32.857793] Memory state around the buggy address: [ 32.862694] ffff8880974ef680: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 04 f2 00 f3 [ 32.870028] ffff8880974ef700: f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 32.877383] >ffff8880974ef780: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.884716] ^ [ 32.888584] ffff8880974ef800: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 [ 32.895929] ffff8880974ef880: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.903269] ================================================================== [ 32.910601] Disabling lock debugging due to kernel taint [ 32.916073] Kernel panic - not syncing: panic_on_warn set ... [ 32.916073] [ 32.923427] CPU: 0 PID: 6376 Comm: syz-executor313 Tainted: G B 4.14.189-syzkaller #0 [ 32.932505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.941851] Call Trace: [ 32.944424] dump_stack+0x1b2/0x283 [ 32.948044] panic+0x1f9/0x42d [ 32.951232] ? add_taint.cold+0x16/0x16 [ 32.955200] ? lock_downgrade+0x740/0x740 [ 32.959327] kasan_end_report+0x43/0x49 [ 32.963277] kasan_report_error.cold+0xa7/0x194 [ 32.967921] ? unwind_next_frame+0x146f/0x17d0 [ 32.972476] __asan_report_load8_noabort+0x68/0x70 [ 32.977379] ? unwind_next_frame+0x146f/0x17d0 [ 32.981936] unwind_next_frame+0x146f/0x17d0 [ 32.986322] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 32.991659] ? deref_stack_reg+0x1a0/0x1a0 [ 32.995867] ? check_preemption_disabled+0x35/0x240 [ 33.000865] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.006203] perf_callchain_kernel+0x38c/0x520 [ 33.010757] ? lock_release+0x4df/0x870 [ 33.014721] ? arch_perf_update_userpage+0x300/0x300 [ 33.019807] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.025145] ? check_preemption_disabled+0x35/0x240 [ 33.030136] get_perf_callchain+0x2df/0x740 [ 33.034448] ? put_callchain_buffers+0x60/0x60 [ 33.039006] ? __perf_event_overflow+0x1b6/0x310 [ 33.043738] perf_callchain+0x147/0x190 [ 33.047707] perf_prepare_sample+0xd77/0x1380 [ 33.052195] ? get_perf_callchain+0x56f/0x740 [ 33.056940] ? perf_output_sample+0x16f0/0x16f0 [ 33.061604] perf_event_output_forward+0xc9/0x1f0 [ 33.066440] ? perf_prepare_sample+0x1380/0x1380 [ 33.071171] ? perf_callchain+0x150/0x190 [ 33.075296] ? check_preemption_disabled+0x35/0x240 [ 33.080287] __perf_event_overflow+0x113/0x310 [ 33.084846] perf_swevent_event+0x299/0x460 [ 33.089161] perf_tp_event+0x540/0x6e0 [ 33.093024] ? perf_swevent_event+0x460/0x460 [ 33.097501] ? perf_trace_run_bpf_submit+0x119/0x200 [ 33.102581] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 33.108459] ? perf_trace_lock_acquire+0x510/0x510 [ 33.113364] ? __save_stack_trace+0x63/0x160 [ 33.117761] ? deref_stack_reg+0x124/0x1a0 [ 33.121971] ? is_bpf_text_address+0x91/0x150 [ 33.126442] ? lock_acquire+0x170/0x3f0 [ 33.130392] ? lock_downgrade+0x740/0x740 [ 33.134514] ? __lock_acquire+0x5fc/0x3f20 [ 33.138769] ? perf_trace_run_bpf_submit+0x119/0x200 [ 33.143856] perf_trace_run_bpf_submit+0x119/0x200 [ 33.148764] perf_trace_lock+0x2d6/0x490 [ 33.152804] ? kasan_slab_free+0x12d/0x1a0 [ 33.157013] ? perf_trace_lock_acquire+0x510/0x510 [ 33.161914] ? exit_mmap+0x280/0x4b0 [ 33.165623] ? mmput+0xfa/0x420 [ 33.168982] ? do_exit+0x948/0x27f0 [ 33.172612] ? get_signal+0x38d/0x1ca0 [ 33.176481] ? exit_to_usermode_loop+0x160/0x200 [ 33.181226] ? do_syscall_64+0x4a3/0x640 [ 33.185261] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.190599] ? debug_check_no_obj_freed+0x2c0/0x674 [ 33.195609] ? perf_trace_lock_acquire+0x510/0x510 [ 33.200534] lock_release+0x4df/0x870 [ 33.204313] ? lock_acquire+0x170/0x3f0 [ 33.208263] ? lock_downgrade+0x740/0x740 [ 33.212386] _raw_spin_unlock_irqrestore+0x1b/0xe0 [ 33.217298] debug_check_no_obj_freed+0x2c0/0x674 [ 33.222156] ? debug_object_activate+0x490/0x490 [ 33.226892] ? unlink_anon_vmas+0x289/0x7e0 [ 33.231189] kmem_cache_free+0x156/0x2b0 [ 33.235225] unlink_anon_vmas+0x289/0x7e0 [ 33.239349] ? up_write+0x17/0x60 [ 33.242777] free_pgtables+0x178/0x2b0 [ 33.246637] exit_mmap+0x280/0x4b0 [ 33.250164] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 33.254826] ? kmem_cache_free+0x23a/0x2b0 [ 33.259037] ? __khugepaged_exit+0x29b/0x3c0 [ 33.263443] mmput+0xfa/0x420 [ 33.266531] do_exit+0x948/0x27f0 [ 33.269985] ? perf_trace_lock_acquire+0x510/0x510 [ 33.274908] ? mm_update_next_owner+0x5b0/0x5b0 [ 33.279562] ? get_signal+0x323/0x1ca0 [ 33.283429] ? lock_acquire+0x170/0x3f0 [ 33.287378] ? lock_downgrade+0x740/0x740 [ 33.291501] do_group_exit+0x100/0x2e0 [ 33.295407] get_signal+0x38d/0x1ca0 [ 33.299157] do_signal+0x7c/0x1550 [ 33.302673] ? __mutex_unlock_slowpath+0x75/0x770 [ 33.307494] ? wait_for_completion_io+0x10/0x10 [ 33.312139] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 33.317273] ? setup_sigcontext+0x820/0x820 [ 33.321660] ? SyS_perf_event_open+0x5ea/0x24b0 [ 33.326379] ? SyS_futex+0x1da/0x290 [ 33.330067] ? SyS_futex+0x1e3/0x290 [ 33.333757] ? exit_to_usermode_loop+0x41/0x200 [ 33.338402] exit_to_usermode_loop+0x160/0x200 [ 33.342960] do_syscall_64+0x4a3/0x640 [ 33.346888] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.352099] RIP: 0033:0x4468c9 [ 33.355270] RSP: 002b:00007f0ae7627db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 33.362961] RAX: fffffffffffffe00 RBX: 00000000006dbc28 RCX: 00000000004468c9 [ 33.370221] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dbc28 [ 33.377465] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 33.384706] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 33.391949] R13: 00007ffd8fc7718f R14: 00007f0ae76289c0 R15: 0000000000000000 [ 33.400719] Kernel Offset: disabled [ 33.404332] Rebooting in 86400 seconds..