Warning: Permanently added '10.128.0.120' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 40.644036] audit: type=1400 audit(1595457294.960:8): avc: denied { execmem } for pid=6342 comm="syz-executor036" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 executing program [ 40.697918] ================================================================== [ 40.705310] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x146f/0x17d0 [ 40.712933] Read of size 8 at addr ffff888097a879a8 by task syz-executor036/6350 [ 40.720439] [ 40.722041] CPU: 0 PID: 6350 Comm: syz-executor036 Not tainted 4.14.189-syzkaller #0 [ 40.729901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.739229] Call Trace: [ 40.741796] dump_stack+0x1b2/0x283 [ 40.745413] print_address_description.cold+0x54/0x1d3 [ 40.750670] kasan_report_error.cold+0x8a/0x194 [ 40.755312] ? unwind_next_frame+0x146f/0x17d0 [ 40.759867] __asan_report_load8_noabort+0x68/0x70 [ 40.764778] ? unwind_next_frame+0x146f/0x17d0 [ 40.769343] unwind_next_frame+0x146f/0x17d0 [ 40.773736] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 40.779082] ? deref_stack_reg+0x1a0/0x1a0 [ 40.783322] ? check_preemption_disabled+0x35/0x240 [ 40.788317] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 40.793672] perf_callchain_kernel+0x38c/0x520 [ 40.798242] ? kvm_sched_clock_read+0x5/0x10 [ 40.802643] ? sched_clock+0x2a/0x40 [ 40.806346] ? arch_perf_update_userpage+0x300/0x300 [ 40.811442] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 40.816784] ? arch_perf_update_userpage+0x300/0x300 [ 40.822038] ? check_preemption_disabled+0x35/0x240 [ 40.827043] get_perf_callchain+0x2df/0x740 [ 40.831345] ? put_callchain_buffers+0x60/0x60 [ 40.835906] ? kvm_clock_read+0x1f/0x30 [ 40.839881] ? kvm_sched_clock_read+0x5/0x10 [ 40.844274] ? sched_clock+0x2a/0x40 [ 40.847974] ? sched_clock_cpu+0x18/0x1b0 [ 40.852099] perf_callchain+0x147/0x190 [ 40.856051] perf_prepare_sample+0xd77/0x1380 [ 40.860522] ? perf_output_sample+0x16f0/0x16f0 [ 40.865183] perf_event_output_forward+0xc9/0x1f0 [ 40.870019] ? perf_prepare_sample+0x1380/0x1380 [ 40.874770] ? check_preemption_disabled+0x35/0x240 [ 40.879776] __perf_event_overflow+0x113/0x310 [ 40.884337] perf_swevent_event+0x299/0x460 [ 40.888648] perf_tp_event+0x540/0x6e0 [ 40.892520] ? perf_swevent_event+0x460/0x460 [ 40.897014] ? perf_trace_run_bpf_submit+0x119/0x200 [ 40.902094] ? perf_trace_run_bpf_submit+0x119/0x200 [ 40.907185] ? perf_trace_lock+0x2d6/0x490 [ 40.911393] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 40.917277] ? perf_trace_run_bpf_submit+0x119/0x200 [ 40.922361] ? perf_trace_lock_acquire+0x510/0x510 [ 40.927282] ? __save_stack_trace+0x63/0x160 [ 40.931667] ? deref_stack_reg+0x124/0x1a0 [ 40.935888] ? is_bpf_text_address+0x91/0x150 [ 40.940378] ? lock_acquire+0x170/0x3f0 [ 40.944337] ? lock_downgrade+0x740/0x740 [ 40.948481] ? __lock_acquire+0x5fc/0x3f20 [ 40.952712] ? perf_trace_run_bpf_submit+0x119/0x200 [ 40.957807] ? check_preemption_disabled+0x35/0x240 [ 40.962800] perf_trace_run_bpf_submit+0x119/0x200 [ 40.967724] perf_trace_lock+0x2d6/0x490 [ 40.972457] ? kasan_slab_free+0x12d/0x1a0 [ 40.976668] ? perf_trace_lock_acquire+0x510/0x510 [ 40.981581] ? free_pgd_range+0x84b/0xcd0 [ 40.985705] ? free_pgtables+0x1ec/0x2b0 [ 40.989736] ? exit_mmap+0x280/0x4b0 [ 40.993438] ? do_exit+0x948/0x27f0 [ 40.997049] ? SyS_exit_group+0x19/0x20 [ 41.001006] ? do_syscall_64+0x1d5/0x640 [ 41.005054] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 41.010393] ? debug_check_no_obj_freed+0x2c0/0x674 [ 41.015387] ? perf_trace_lock_acquire+0x510/0x510 [ 41.020303] lock_release+0x4df/0x870 [ 41.024090] ? lock_acquire+0x170/0x3f0 [ 41.028047] ? lock_downgrade+0x740/0x740 [ 41.032168] _raw_spin_unlock_irqrestore+0x1b/0xe0 [ 41.037085] debug_check_no_obj_freed+0x2c0/0x674 [ 41.041911] ? debug_object_activate+0x490/0x490 [ 41.046690] kmem_cache_free+0x156/0x2b0 [ 41.050746] ___pmd_free_tlb+0xa3/0xf0 [ 41.054621] free_pgd_range+0x697/0xcd0 [ 41.058570] free_pgtables+0x1ec/0x2b0 [ 41.062435] exit_mmap+0x280/0x4b0 [ 41.065950] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 41.070600] ? kmem_cache_free+0x23a/0x2b0 [ 41.074811] ? __khugepaged_exit+0x29b/0x3c0 [ 41.079213] mmput+0xfa/0x420 [ 41.082306] do_exit+0x948/0x27f0 [ 41.085735] ? __do_page_fault+0x5a0/0xb50 [ 41.089977] ? mm_update_next_owner+0x5b0/0x5b0 [ 41.094634] ? lock_downgrade+0x740/0x740 [ 41.098769] do_group_exit+0x100/0x2e0 [ 41.102670] SyS_exit_group+0x19/0x20 [ 41.106469] ? do_group_exit+0x2e0/0x2e0 [ 41.110503] do_syscall_64+0x1d5/0x640 [ 41.114388] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 41.119553] RIP: 0033:0x440058 [ 41.123586] RSP: 002b:00007ffc92f98708 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 41.131313] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440058 [ 41.138572] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 41.145820] RBP: 00000000004bf890 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 41.153153] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001 [ 41.160410] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 41.168035] [ 41.169643] The buggy address belongs to the page: [ 41.174550] page:ffffea00025ea1c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 41.182693] flags: 0xfffe0000000000() [ 41.186468] raw: 00fffe0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 41.194339] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 41.202195] page dumped because: kasan: bad access detected [ 41.207899] [ 41.209498] Memory state around the buggy address: [ 41.214411] ffff888097a87880: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 04 [ 41.221767] ffff888097a87900: f2 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 [ 41.229105] >ffff888097a87980: f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 [ 41.236449] ^ [ 41.241093] ffff888097a87a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 [ 41.248428] ffff888097a87a80: f1 f1 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 [ 41.255774] ================================================================== [ 41.263108] Disabling lock debugging due to kernel taint [ 41.268530] Kernel panic - not syncing: panic_on_warn set ... [ 41.268530] [ 41.275882] CPU: 0 PID: 6350 Comm: syz-executor036 Tainted: G B 4.14.189-syzkaller #0 [ 41.284951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.294314] Call Trace: [ 41.296894] dump_stack+0x1b2/0x283 [ 41.300497] panic+0x1f9/0x42d [ 41.303676] ? add_taint.cold+0x16/0x16 [ 41.307629] ? lock_downgrade+0x740/0x740 [ 41.311752] kasan_end_report+0x43/0x49 [ 41.315714] kasan_report_error.cold+0xa7/0x194 [ 41.320358] ? unwind_next_frame+0x146f/0x17d0 [ 41.324937] __asan_report_load8_noabort+0x68/0x70 [ 41.329849] ? unwind_next_frame+0x146f/0x17d0 [ 41.334408] unwind_next_frame+0x146f/0x17d0 [ 41.338810] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 41.344151] ? deref_stack_reg+0x1a0/0x1a0 [ 41.348359] ? check_preemption_disabled+0x35/0x240 [ 41.353350] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 41.358687] perf_callchain_kernel+0x38c/0x520 [ 41.363254] ? kvm_sched_clock_read+0x5/0x10 [ 41.367634] ? sched_clock+0x2a/0x40 [ 41.371338] ? arch_perf_update_userpage+0x300/0x300 [ 41.376417] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 41.381765] ? arch_perf_update_userpage+0x300/0x300 [ 41.386843] ? check_preemption_disabled+0x35/0x240 [ 41.391834] get_perf_callchain+0x2df/0x740 [ 41.396132] ? put_callchain_buffers+0x60/0x60 [ 41.400688] ? kvm_clock_read+0x1f/0x30 [ 41.404635] ? kvm_sched_clock_read+0x5/0x10 [ 41.409028] ? sched_clock+0x2a/0x40 [ 41.412713] ? sched_clock_cpu+0x18/0x1b0 [ 41.416836] perf_callchain+0x147/0x190 [ 41.420787] perf_prepare_sample+0xd77/0x1380 [ 41.425256] ? perf_output_sample+0x16f0/0x16f0 [ 41.429915] perf_event_output_forward+0xc9/0x1f0 [ 41.434829] ? perf_prepare_sample+0x1380/0x1380 [ 41.439575] ? check_preemption_disabled+0x35/0x240 [ 41.444569] __perf_event_overflow+0x113/0x310 [ 41.449138] perf_swevent_event+0x299/0x460 [ 41.453453] perf_tp_event+0x540/0x6e0 [ 41.457319] ? perf_swevent_event+0x460/0x460 [ 41.461792] ? perf_trace_run_bpf_submit+0x119/0x200 [ 41.466870] ? perf_trace_run_bpf_submit+0x119/0x200 [ 41.471957] ? perf_trace_lock+0x2d6/0x490 [ 41.476170] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 41.482054] ? perf_trace_run_bpf_submit+0x119/0x200 [ 41.487139] ? perf_trace_lock_acquire+0x510/0x510 [ 41.492065] ? __save_stack_trace+0x63/0x160 [ 41.497153] ? deref_stack_reg+0x124/0x1a0 [ 41.501361] ? is_bpf_text_address+0x91/0x150 [ 41.505844] ? lock_acquire+0x170/0x3f0 [ 41.509803] ? lock_downgrade+0x740/0x740 [ 41.513929] ? __lock_acquire+0x5fc/0x3f20 [ 41.518140] ? perf_trace_run_bpf_submit+0x119/0x200 [ 41.523218] ? check_preemption_disabled+0x35/0x240 [ 41.528207] perf_trace_run_bpf_submit+0x119/0x200 [ 41.533113] perf_trace_lock+0x2d6/0x490 [ 41.537162] ? kasan_slab_free+0x12d/0x1a0 [ 41.541382] ? perf_trace_lock_acquire+0x510/0x510 [ 41.546295] ? free_pgd_range+0x84b/0xcd0 [ 41.550425] ? free_pgtables+0x1ec/0x2b0 [ 41.554478] ? exit_mmap+0x280/0x4b0 [ 41.558170] ? do_exit+0x948/0x27f0 [ 41.561857] ? SyS_exit_group+0x19/0x20 [ 41.575035] ? do_syscall_64+0x1d5/0x640 [ 41.579098] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 41.584444] ? debug_check_no_obj_freed+0x2c0/0x674 [ 41.589435] ? perf_trace_lock_acquire+0x510/0x510 [ 41.594340] lock_release+0x4df/0x870 [ 41.598120] ? lock_acquire+0x170/0x3f0 [ 41.602068] ? lock_downgrade+0x740/0x740 [ 41.606203] _raw_spin_unlock_irqrestore+0x1b/0xe0 [ 41.611125] debug_check_no_obj_freed+0x2c0/0x674 [ 41.615943] ? debug_object_activate+0x490/0x490 [ 41.620689] kmem_cache_free+0x156/0x2b0 [ 41.624736] ___pmd_free_tlb+0xa3/0xf0 [ 41.628607] free_pgd_range+0x697/0xcd0 [ 41.632553] free_pgtables+0x1ec/0x2b0 [ 41.636422] exit_mmap+0x280/0x4b0 [ 41.639946] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 41.644599] ? kmem_cache_free+0x23a/0x2b0 [ 41.648804] ? __khugepaged_exit+0x29b/0x3c0 [ 41.653181] mmput+0xfa/0x420 [ 41.656258] do_exit+0x948/0x27f0 [ 41.659769] ? __do_page_fault+0x5a0/0xb50 [ 41.663974] ? mm_update_next_owner+0x5b0/0x5b0 [ 41.668613] ? lock_downgrade+0x740/0x740 [ 41.672730] do_group_exit+0x100/0x2e0 [ 41.676605] SyS_exit_group+0x19/0x20 [ 41.680378] ? do_group_exit+0x2e0/0x2e0 [ 41.684433] do_syscall_64+0x1d5/0x640 [ 41.688473] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 41.693637] RIP: 0033:0x440058 [ 41.696798] RSP: 002b:00007ffc92f98708 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 41.704484] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440058 [ 41.712340] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 41.719581] RBP: 00000000004bf890 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 41.726841] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001 [ 41.734079] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 42.827527] Shutting down cpus with NMI [ 42.832528] Kernel Offset: disabled [ 42.836141] Rebooting in 86400 seconds..