Warning: Permanently added '10.128.15.229' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 50.343348][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 50.343362][ T26] audit: type=1326 audit(1553461383.415:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7879 comm="syz-executor634" exe="/root/syz-executor634567690" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f69869 code=0x0 executing program executing program executing program executing program executing program [ 50.376145][ T26] audit: type=1326 audit(1553461383.415:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7873 comm="syz-executor634" exe="/root/syz-executor634567690" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f69869 code=0x0 [ 50.401001][ T26] audit: type=1326 audit(1553461383.445:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7882 comm="syz-executor634" exe="/root/syz-executor634567690" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f69869 code=0x0 executing program [ 50.440057][ T26] audit: type=1326 audit(1553461383.445:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7881 comm="syz-executor634" exe="/root/syz-executor634567690" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f69869 code=0x0 [ 50.463702][ T26] audit: type=1326 audit(1553461383.445:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7880 comm="syz-executor634" exe="/root/syz-executor634567690" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f69869 code=0x0 executing program executing program executing program executing program executing program [ 50.491953][ T26] audit: type=1326 audit(1553461383.465:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7873 comm="syz-executor634" exe="/root/syz-executor634567690" sig=31 arch=40000003 syscall=6 compat=1 ip=0xf7f69869 code=0x0 [ 50.520933][ T26] audit: type=1326 audit(1553461383.475:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7879 comm="syz-executor634" exe="/root/syz-executor634567690" sig=31 arch=40000003 syscall=6 compat=1 ip=0xf7f69869 code=0x0 [ 50.544667][ T26] audit: type=1326 audit(1553461383.495:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7881 comm="syz-executor634" exe="/root/syz-executor634567690" sig=31 arch=40000003 syscall=6 compat=1 ip=0xf7f69869 code=0x0 [ 50.571076][ T7904] ================================================================== [ 50.579187][ T7904] BUG: KASAN: use-after-free in __lock_acquire+0x2d5e/0x3fb0 [ 50.586545][ T7904] Read of size 8 at addr ffff8880a80ac680 by task syz-executor634/7904 [ 50.594760][ T7904] [ 50.597088][ T7904] CPU: 1 PID: 7904 Comm: syz-executor634 Not tainted 5.1.0-rc1+ #35 [ 50.605054][ T7904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.615102][ T7904] Call Trace: [ 50.618399][ T7904] dump_stack+0x172/0x1f0 [ 50.622728][ T7904] ? __lock_acquire+0x2d5e/0x3fb0 [ 50.627748][ T7904] print_address_description.cold+0x7c/0x20d [ 50.633718][ T7904] ? __lock_acquire+0x2d5e/0x3fb0 [ 50.638759][ T7904] ? __lock_acquire+0x2d5e/0x3fb0 [ 50.643774][ T7904] kasan_report.cold+0x1b/0x40 [ 50.648544][ T7904] ? __lock_acquire+0x2d5e/0x3fb0 [ 50.653564][ T7904] __asan_report_load8_noabort+0x14/0x20 [ 50.659188][ T7904] __lock_acquire+0x2d5e/0x3fb0 [ 50.664033][ T7904] ? futex_wait_setup+0x390/0x390 [ 50.669050][ T7904] ? find_held_lock+0x35/0x130 [ 50.673803][ T7904] ? mark_held_locks+0xf0/0xf0 [ 50.678556][ T7904] ? futex_wake+0x179/0x4d0 [ 50.683054][ T7904] lock_acquire+0x16f/0x3f0 [ 50.687554][ T7904] ? seccomp_notify_release+0x62/0x280 [ 50.693006][ T7904] ? seccomp_notify_release+0x62/0x280 [ 50.698460][ T7904] __mutex_lock+0xf7/0x1310 [ 50.702955][ T7904] ? seccomp_notify_release+0x62/0x280 [ 50.708423][ T7904] ? find_held_lock+0x35/0x130 [ 50.713181][ T7904] ? seccomp_notify_release+0x62/0x280 [ 50.718631][ T7904] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 50.724079][ T7904] ? mutex_trylock+0x1e0/0x1e0 [ 50.728837][ T7904] ? lockdep_hardirqs_on+0x418/0x5d0 [ 50.734117][ T7904] ? retint_kernel+0x2d/0x2d [ 50.738702][ T7904] ? trace_hardirqs_on_caller+0x6a/0x220 [ 50.744330][ T7904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 50.750563][ T7904] ? fsnotify+0x811/0xbc0 [ 50.754896][ T7904] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 50.761136][ T7904] ? locks_remove_file+0x305/0x4a0 [ 50.766340][ T7904] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 50.771796][ T7904] mutex_lock_nested+0x16/0x20 [ 50.776556][ T7904] ? mutex_lock_nested+0x16/0x20 [ 50.781488][ T7904] seccomp_notify_release+0x62/0x280 [ 50.786766][ T7904] ? ima_file_free+0xc9/0x4a0 [ 50.791434][ T7904] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 50.796896][ T7904] __fput+0x2e5/0x8d0 [ 50.800880][ T7904] ____fput+0x16/0x20 [ 50.804852][ T7904] task_work_run+0x14a/0x1c0 [ 50.809444][ T7904] exit_to_usermode_loop+0x273/0x2c0 [ 50.814727][ T7904] do_fast_syscall_32+0xa9d/0xc98 [ 50.819769][ T7904] entry_SYSENTER_compat+0x70/0x7f [ 50.824897][ T7904] RIP: 0023:0xf7f69869 [ 50.828958][ T7904] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 50.848657][ T7904] RSP: 002b:00000000fffcfdac EFLAGS: 00000296 ORIG_RAX: 0000000000000006 [ 50.857071][ T7904] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 50.865043][ T7904] RDX: 0000000000000004 RSI: 000000000000002d RDI: 00000000080faffc [ 50.873028][ T7904] RBP: 00000000fffcfe38 R08: 0000000000000000 R09: 0000000000000000 [ 50.881001][ T7904] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 50.888969][ T7904] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 50.896938][ T7904] [ 50.899257][ T7904] Allocated by task 7912: [ 50.903586][ T7904] save_stack+0x45/0xd0 [ 50.907737][ T7904] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 50.913367][ T7904] kasan_kmalloc+0x9/0x10 [ 50.917685][ T7904] kmem_cache_alloc_trace+0x151/0x760 [ 50.923046][ T7904] do_seccomp+0x743/0x2250 [ 50.927455][ T7904] __ia32_sys_seccomp+0x72/0xb0 [ 50.932299][ T7904] do_fast_syscall_32+0x281/0xc98 [ 50.937315][ T7904] entry_SYSENTER_compat+0x70/0x7f [ 50.942403][ T7904] [ 50.944724][ T7904] Freed by task 7912: [ 50.948702][ T7904] save_stack+0x45/0xd0 [ 50.952848][ T7904] __kasan_slab_free+0x102/0x150 [ 50.957782][ T7904] kasan_slab_free+0xe/0x10 [ 50.962278][ T7904] kfree+0xcf/0x230 [ 50.966077][ T7904] do_seccomp+0xb00/0x2250 [ 50.970480][ T7904] __ia32_sys_seccomp+0x72/0xb0 [ 50.975321][ T7904] do_fast_syscall_32+0x281/0xc98 [ 50.980337][ T7904] entry_SYSENTER_compat+0x70/0x7f [ 50.985423][ T7904] [ 50.987740][ T7904] The buggy address belongs to the object at ffff8880a80ac600 [ 50.987740][ T7904] which belongs to the cache kmalloc-192 of size 192 [ 51.001787][ T7904] The buggy address is located 128 bytes inside of [ 51.001787][ T7904] 192-byte region [ffff8880a80ac600, ffff8880a80ac6c0) [ 51.015044][ T7904] The buggy address belongs to the page: [ 51.020674][ T7904] page:ffffea0002a02b00 count:1 mapcount:0 mapping:ffff88812c3f0040 index:0x0 [ 51.029516][ T7904] flags: 0x1fffc0000000200(slab) [ 51.034454][ T7904] raw: 01fffc0000000200 ffffea0002a029c8 ffffea0002a02bc8 ffff88812c3f0040 [ 51.043062][ T7904] raw: 0000000000000000 ffff8880a80ac000 0000000100000010 0000000000000000 [ 51.051636][ T7904] page dumped because: kasan: bad access detected [ 51.058038][ T7904] [ 51.060359][ T7904] Memory state around the buggy address: [ 51.065979][ T7904] ffff8880a80ac580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 51.074048][ T7904] ffff8880a80ac600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.082106][ T7904] >ffff8880a80ac680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 51.090145][ T7904] ^ [ 51.094205][ T7904] ffff8880a80ac700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.102255][ T7904] ffff8880a80ac780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 51.110313][ T7904] ================================================================== [ 51.118366][ T7904] Disabling lock debugging due to kernel taint [ 51.124509][ T7904] Kernel panic - not syncing: panic_on_warn set ... [ 51.131091][ T7904] CPU: 1 PID: 7904 Comm: syz-executor634 Tainted: G B 5.1.0-rc1+ #35 [ 51.140443][ T7904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.150498][ T7904] Call Trace: [ 51.153899][ T7904] dump_stack+0x172/0x1f0 [ 51.158226][ T7904] panic+0x2cb/0x65c [ 51.162111][ T7904] ? __warn_printk+0xf3/0xf3 [ 51.166691][ T7904] ? lock_downgrade+0x880/0x880 [ 51.171602][ T7904] ? __lock_acquire+0x2d5e/0x3fb0 [ 51.176648][ T7904] ? trace_hardirqs_off+0x62/0x220 [ 51.181782][ T7904] ? trace_hardirqs_off+0x59/0x220 [ 51.186961][ T7904] ? __lock_acquire+0x2d5e/0x3fb0 [ 51.192070][ T7904] end_report+0x47/0x4f [ 51.196361][ T7904] ? __lock_acquire+0x2d5e/0x3fb0 [ 51.201481][ T7904] kasan_report.cold+0xe/0x40 [ 51.206157][ T7904] ? __lock_acquire+0x2d5e/0x3fb0 [ 51.211175][ T7904] __asan_report_load8_noabort+0x14/0x20 [ 51.216803][ T7904] __lock_acquire+0x2d5e/0x3fb0 [ 51.221652][ T7904] ? futex_wait_setup+0x390/0x390 [ 51.226753][ T7904] ? find_held_lock+0x35/0x130 [ 51.231508][ T7904] ? mark_held_locks+0xf0/0xf0 [ 51.236280][ T7904] ? futex_wake+0x179/0x4d0 [ 51.240777][ T7904] lock_acquire+0x16f/0x3f0 [ 51.245282][ T7904] ? seccomp_notify_release+0x62/0x280 [ 51.250736][ T7904] ? seccomp_notify_release+0x62/0x280 [ 51.256190][ T7904] __mutex_lock+0xf7/0x1310 [ 51.260700][ T7904] ? seccomp_notify_release+0x62/0x280 [ 51.266147][ T7904] ? find_held_lock+0x35/0x130 [ 51.270912][ T7904] ? seccomp_notify_release+0x62/0x280 [ 51.276367][ T7904] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 51.281820][ T7904] ? mutex_trylock+0x1e0/0x1e0 [ 51.286579][ T7904] ? lockdep_hardirqs_on+0x418/0x5d0 [ 51.291852][ T7904] ? retint_kernel+0x2d/0x2d [ 51.296445][ T7904] ? trace_hardirqs_on_caller+0x6a/0x220 [ 51.302071][ T7904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.308307][ T7904] ? fsnotify+0x811/0xbc0 [ 51.312722][ T7904] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 51.318953][ T7904] ? locks_remove_file+0x305/0x4a0 [ 51.324057][ T7904] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 51.329505][ T7904] mutex_lock_nested+0x16/0x20 [ 51.334259][ T7904] ? mutex_lock_nested+0x16/0x20 [ 51.339197][ T7904] seccomp_notify_release+0x62/0x280 [ 51.344478][ T7904] ? ima_file_free+0xc9/0x4a0 [ 51.349150][ T7904] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 51.354603][ T7904] __fput+0x2e5/0x8d0 [ 51.358577][ T7904] ____fput+0x16/0x20 [ 51.362553][ T7904] task_work_run+0x14a/0x1c0 [ 51.367141][ T7904] exit_to_usermode_loop+0x273/0x2c0 [ 51.372419][ T7904] do_fast_syscall_32+0xa9d/0xc98 [ 51.377446][ T7904] entry_SYSENTER_compat+0x70/0x7f [ 51.382545][ T7904] RIP: 0023:0xf7f69869 [ 51.386607][ T7904] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 51.406204][ T7904] RSP: 002b:00000000fffcfdac EFLAGS: 00000296 ORIG_RAX: 0000000000000006 [ 51.414615][ T7904] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 51.422837][ T7904] RDX: 0000000000000004 RSI: 000000000000002d RDI: 00000000080faffc [ 51.430806][ T7904] RBP: 00000000fffcfe38 R08: 0000000000000000 R09: 0000000000000000 [ 51.438816][ T7904] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 51.446848][ T7904] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 51.455613][ T7904] Kernel Offset: disabled [ 51.459930][ T7904] Rebooting in 86400 seconds..