[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.6' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 37.493533] ================================================================== [ 37.500971] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x161c/0x1c60 [ 37.508353] Read of size 8 at addr ffff8880b2537800 by task syz-executor565/8082 [ 37.515886] [ 37.517521] CPU: 1 PID: 8082 Comm: syz-executor565 Not tainted 4.19.177-syzkaller #0 [ 37.525405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.534760] Call Trace: [ 37.537361] dump_stack+0x1fc/0x2ef executing program executing program executing program executing program executing program [ 37.540999] print_address_description.cold+0x54/0x219 [ 37.546288] kasan_report_error.cold+0x8a/0x1b9 [ 37.550963] ? unwind_next_frame+0x161c/0x1c60 [ 37.555567] __asan_report_load8_noabort+0x88/0x90 [ 37.560555] ? unwind_next_frame+0x161c/0x1c60 [ 37.565442] unwind_next_frame+0x161c/0x1c60 [ 37.569872] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.575252] ? deref_stack_reg+0x1d0/0x1d0 [ 37.579501] ? put_callchain_buffers+0x70/0x70 [ 37.584143] ? check_preemption_disabled+0x41/0x280 executing program executing program executing program executing program executing program [ 37.589275] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.594647] perf_callchain_kernel+0x3fa/0x5c0 [ 37.599239] ? sched_clock+0x2a/0x40 [ 37.602962] ? arch_perf_update_userpage+0x360/0x360 [ 37.608075] ? perf_callchain+0x173/0x1c0 [ 37.612316] ? do_syscall_64+0xf9/0x620 [ 37.616302] ? lock_acquire+0x298/0x3c0 [ 37.620290] ? lock_downgrade+0x720/0x720 [ 37.624446] get_perf_callchain+0x392/0x860 [ 37.628781] ? put_callchain_buffers+0x70/0x70 [ 37.633419] ? kvm_sched_clock_read+0x14/0x40 [ 37.637931] ? sched_clock+0x2a/0x40 executing program executing program executing program executing program executing program [ 37.641765] ? sched_clock_cpu+0x18/0x1b0 [ 37.645924] perf_callchain+0x165/0x1c0 [ 37.649910] perf_prepare_sample+0x81e/0x1620 [ 37.654418] ? perf_callchain+0x1c0/0x1c0 [ 37.659090] ? tracing_generic_entry_update+0x191/0x200 [ 37.664477] ? deref_stack_reg+0x134/0x1d0 [ 37.668735] perf_event_output_forward+0xf3/0x270 [ 37.673592] ? perf_prepare_sample+0x1620/0x1620 [ 37.678362] ? unwind_next_frame+0x10a9/0x1c60 [ 37.682953] ? __save_stack_trace+0x72/0x190 [ 37.687483] ? deref_stack_reg+0x134/0x1d0 executing program executing program executing program executing program executing program executing program [ 37.691723] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 37.697623] ? check_preemption_disabled+0x41/0x280 [ 37.702662] __perf_event_overflow+0x13c/0x370 [ 37.707276] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.712741] perf_swevent_event+0x347/0x550 [ 37.717072] ? tracing_generic_entry_update+0x191/0x200 [ 37.722445] perf_tp_event+0x29f/0xaa0 [ 37.726373] ? __kernel_text_address+0x9/0x30 [ 37.730910] ? unwind_get_return_address+0x51/0x90 [ 37.735850] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe executing program executing program executing program executing program executing program [ 37.741220] ? __save_stack_trace+0xaf/0x190 [ 37.745655] ? perf_swevent_event+0x550/0x550 [ 37.750159] ? __lock_acquire+0x22f9/0x3ff0 [ 37.754932] ? mark_held_locks+0xf0/0xf0 [ 37.759001] ? perf_trace_lock_acquire+0x36b/0x530 [ 37.763979] ? HARDIRQ_verbose+0x10/0x10 [ 37.768102] ? check_preemption_disabled+0x41/0x280 [ 37.773133] ? depot_save_stack+0x258/0x410 [ 37.777732] ? perf_trace_run_bpf_submit+0x144/0x220 [ 37.782932] ? check_preemption_disabled+0x41/0x280 [ 37.787963] perf_trace_run_bpf_submit+0x144/0x220 executing program executing program executing program executing program executing program [ 37.792910] perf_trace_lock_acquire+0x36b/0x530 [ 37.797674] ? kmem_cache_free+0x7f/0x260 [ 37.801827] ? HARDIRQ_verbose+0x10/0x10 [ 37.805906] ? __x64_sys_exit_group+0x3a/0x50 [ 37.810518] ? do_syscall_64+0xf9/0x620 [ 37.814499] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.819872] ? HARDIRQ_verbose+0x10/0x10 [ 37.823974] lock_acquire+0x298/0x3c0 [ 37.827783] ? debug_check_no_obj_freed+0xb5/0x490 [ 37.832720] _raw_spin_lock_irqsave+0x8c/0xc0 [ 37.837222] ? debug_check_no_obj_freed+0xb5/0x490 executing program executing program executing program executing program executing program executing program [ 37.842158] debug_check_no_obj_freed+0xb5/0x490 [ 37.846938] free_unref_page_prepare+0x1ea/0x5d0 [ 37.851711] free_unref_page+0x20/0x170 [ 37.855692] zap_huge_pmd+0xa00/0xe90 [ 37.859497] ? _paravirt_ident_32+0x10/0x10 [ 37.863845] unmap_page_range+0xe4d/0x2a70 [ 37.868096] ? lock_downgrade+0x720/0x720 [ 37.873904] ? vm_normal_page_pmd+0x4c0/0x4c0 [ 37.878411] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 37.883522] ? uprobe_munmap+0x2d/0x4d0 [ 37.887510] unmap_single_vma+0x198/0x300 [ 37.891668] unmap_vmas+0xa9/0x180 executing program executing program executing program executing program executing program [ 37.895214] exit_mmap+0x2b9/0x530 [ 37.898758] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 37.904139] ? __khugepaged_exit+0x2a6/0x3e0 [ 37.908551] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 37.913572] ? kmem_cache_free+0x226/0x260 [ 37.917843] ? __khugepaged_exit+0x2c7/0x3e0 [ 37.922259] mmput+0x14e/0x4a0 [ 37.925487] do_exit+0xaec/0x2be0 [ 37.928943] ? __schedule+0x88f/0x2040 [ 37.932832] ? mm_update_next_owner+0x650/0x650 [ 37.937539] ? io_schedule_timeout+0x140/0x140 [ 37.942124] ? up_read+0x17/0x110 executing program executing program executing program executing program executing program executing program [ 37.945596] do_group_exit+0x125/0x310 [ 37.949489] __x64_sys_exit_group+0x3a/0x50 [ 37.953815] do_syscall_64+0xf9/0x620 [ 37.957624] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.962814] RIP: 0033:0x43e9d9 [ 37.966024] Code: 00 49 c7 c0 c0 ff ff ff be e7 00 00 00 ba 3c 00 00 00 eb 12 0f 1f 44 00 00 89 d0 0f 05 48 3d 00 f0 ff ff 77 1c f4 89 f0 0f 05 <48> 3d 00 f0 ff ff 76 e7 f7 d8 64 41 89 00 eb df 0f 1f 80 00 00 00 [ 37.985375] RSP: 002b:00007ffe95d502d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 executing program executing program executing program executing program executing program [ 37.993099] RAX: ffffffffffffffda RBX: 00000000004b02f0 RCX: 000000000043e9d9 [ 38.000368] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 38.007640] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000001 [ 38.014914] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004b02f0 [ 38.022444] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 38.029718] [ 38.031340] The buggy address belongs to the page: [ 38.036286] page:ffffea0002c94dc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 executing program executing program executing program executing program executing program executing program [ 38.044433] flags: 0xfff00000000000() [ 38.048241] raw: 00fff00000000000 0000000000000000 ffffffff02c90101 0000000000000000 [ 38.056129] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 38.064023] page dumped because: kasan: bad access detected [ 38.069846] [ 38.071499] Memory state around the buggy address: [ 38.076430] ffff8880b2537700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.083794] ffff8880b2537780: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 04 f2 00 f3 executing program executing program executing program executing program executing program [ 38.091160] >ffff8880b2537800: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.098522] ^ [ 38.101889] ffff8880b2537880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.109249] ffff8880b2537900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.116603] ================================================================== [ 38.123957] Disabling lock debugging due to kernel taint [ 38.129406] Kernel panic - not syncing: panic_on_warn set ... [ 38.129406] [ 38.136778] CPU: 1 PID: 8082 Comm: syz-executor565 Tainted: G B 4.19.177-syzkaller #0 executing program executing program executing program executing program executing program executing program executing program [ 38.146046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.155435] Call Trace: [ 38.158639] dump_stack+0x1fc/0x2ef [ 38.162289] panic+0x26a/0x50e [ 38.165485] ? __warn_printk+0xf3/0xf3 [ 38.169379] ? lock_downgrade+0x720/0x720 [ 38.173544] ? print_shadow_for_address+0xb8/0x114 [ 38.178476] ? trace_hardirqs_off+0x64/0x200 [ 38.182887] kasan_end_report+0x43/0x49 [ 38.187041] kasan_report_error.cold+0xa7/0x1b9 [ 38.191720] ? unwind_next_frame+0x161c/0x1c60 executing program executing program executing program executing program executing program executing program executing program [ 38.196357] __asan_report_load8_noabort+0x88/0x90 [ 38.201291] ? unwind_next_frame+0x161c/0x1c60 [ 38.205878] unwind_next_frame+0x161c/0x1c60 [ 38.210296] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.215666] ? deref_stack_reg+0x1d0/0x1d0 [ 38.219927] ? put_callchain_buffers+0x70/0x70 [ 38.224514] ? check_preemption_disabled+0x41/0x280 [ 38.229538] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.234948] perf_callchain_kernel+0x3fa/0x5c0 [ 38.239534] ? sched_clock+0x2a/0x40 executing program executing program executing program executing program executing program executing program [ 38.243535] ? arch_perf_update_userpage+0x360/0x360 [ 38.248647] ? perf_callchain+0x173/0x1c0 [ 38.252807] ? do_syscall_64+0xf9/0x620 [ 38.256786] ? lock_acquire+0x298/0x3c0 [ 38.260771] ? lock_downgrade+0x720/0x720 [ 38.264947] get_perf_callchain+0x392/0x860 [ 38.269505] ? put_callchain_buffers+0x70/0x70 [ 38.274104] ? kvm_sched_clock_read+0x14/0x40 [ 38.278605] ? sched_clock+0x2a/0x40 [ 38.282322] ? sched_clock_cpu+0x18/0x1b0 [ 38.286475] perf_callchain+0x165/0x1c0 [ 38.290460] perf_prepare_sample+0x81e/0x1620 executing program executing program executing program executing program executing program executing program executing program [ 38.294967] ? perf_callchain+0x1c0/0x1c0 [ 38.299121] ? tracing_generic_entry_update+0x191/0x200 [ 38.304492] ? deref_stack_reg+0x134/0x1d0 [ 38.308744] perf_event_output_forward+0xf3/0x270 [ 38.313593] ? perf_prepare_sample+0x1620/0x1620 [ 38.318359] ? unwind_next_frame+0x10a9/0x1c60 [ 38.322961] ? __save_stack_trace+0x72/0x190 [ 38.327386] ? deref_stack_reg+0x134/0x1d0 [ 38.331630] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 38.337540] ? check_preemption_disabled+0x41/0x280 [ 38.342570] __perf_event_overflow+0x13c/0x370 executing program executing program executing program executing program executing program executing program [ 38.347157] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.352534] perf_swevent_event+0x347/0x550 [ 38.356876] ? tracing_generic_entry_update+0x191/0x200 [ 38.362250] perf_tp_event+0x29f/0xaa0 [ 38.366149] ? __kernel_text_address+0x9/0x30 [ 38.370670] ? unwind_get_return_address+0x51/0x90 [ 38.375630] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.380999] ? __save_stack_trace+0xaf/0x190 [ 38.385419] ? perf_swevent_event+0x550/0x550 [ 38.389924] ? __lock_acquire+0x22f9/0x3ff0 executing program executing program executing program executing program executing program executing program executing program [ 38.394259] ? mark_held_locks+0xf0/0xf0 [ 38.398328] ? perf_trace_lock_acquire+0x36b/0x530 [ 38.403273] ? HARDIRQ_verbose+0x10/0x10 [ 38.407350] ? check_preemption_disabled+0x41/0x280 [ 38.412395] ? depot_save_stack+0x258/0x410 [ 38.416729] ? perf_trace_run_bpf_submit+0x144/0x220 [ 38.421843] ? check_preemption_disabled+0x41/0x280 [ 38.426886] perf_trace_run_bpf_submit+0x144/0x220 [ 38.431826] perf_trace_lock_acquire+0x36b/0x530 [ 38.436597] ? kmem_cache_free+0x7f/0x260 [ 38.440757] ? HARDIRQ_verbose+0x10/0x10 executing program executing program executing program executing program executing program executing program [ 38.444820] ? __x64_sys_exit_group+0x3a/0x50 [ 38.449325] ? do_syscall_64+0xf9/0x620 [ 38.453348] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.458737] ? HARDIRQ_verbose+0x10/0x10 [ 38.462834] lock_acquire+0x298/0x3c0 [ 38.466645] ? debug_check_no_obj_freed+0xb5/0x490 [ 38.471583] _raw_spin_lock_irqsave+0x8c/0xc0 [ 38.476087] ? debug_check_no_obj_freed+0xb5/0x490 [ 38.481025] debug_check_no_obj_freed+0xb5/0x490 [ 38.485793] free_unref_page_prepare+0x1ea/0x5d0 [ 38.490559] free_unref_page+0x20/0x170 executing program executing program executing program executing program executing program executing program [ 38.494561] zap_huge_pmd+0xa00/0xe90 [ 38.498371] ? _paravirt_ident_32+0x10/0x10 [ 38.502718] unmap_page_range+0xe4d/0x2a70 [ 38.506967] ? lock_downgrade+0x720/0x720 [ 38.512012] ? vm_normal_page_pmd+0x4c0/0x4c0 [ 38.516520] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 38.521629] ? uprobe_munmap+0x2d/0x4d0 [ 38.525614] unmap_single_vma+0x198/0x300 [ 38.529770] unmap_vmas+0xa9/0x180 [ 38.533315] exit_mmap+0x2b9/0x530 [ 38.536977] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 38.542273] ? __khugepaged_exit+0x2a6/0x3e0 executing program executing program executing program executing program executing program executing program executing program [ 38.546777] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 38.551809] ? kmem_cache_free+0x226/0x260 [ 38.556055] ? __khugepaged_exit+0x2c7/0x3e0 [ 38.560646] mmput+0x14e/0x4a0 [ 38.563847] do_exit+0xaec/0x2be0 [ 38.567309] ? __schedule+0x88f/0x2040 [ 38.571225] ? mm_update_next_owner+0x650/0x650 [ 38.575913] ? io_schedule_timeout+0x140/0x140 [ 38.580506] ? up_read+0x17/0x110 [ 38.584018] do_group_exit+0x125/0x310 [ 38.587914] __x64_sys_exit_group+0x3a/0x50 [ 38.592276] do_syscall_64+0xf9/0x620 executing program executing program executing program executing program executing program executing program [ 38.596103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.601319] RIP: 0033:0x43e9d9 [ 38.604528] Code: 00 49 c7 c0 c0 ff ff ff be e7 00 00 00 ba 3c 00 00 00 eb 12 0f 1f 44 00 00 89 d0 0f 05 48 3d 00 f0 ff ff 77 1c f4 89 f0 0f 05 <48> 3d 00 f0 ff ff 76 e7 f7 d8 64 41 89 00 eb df 0f 1f 80 00 00 00 [ 38.623804] RSP: 002b:00007ffe95d502d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.631526] RAX: ffffffffffffffda RBX: 00000000004b02f0 RCX: 000000000043e9d9 [ 38.638825] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 executing program executing program [ 38.646106] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000001 [ 38.653380] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004b02f0 [ 38.660828] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 38.668686] Kernel Offset: disabled [ 38.672311] Rebooting in 86400 seconds..