[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.176' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 37.732479] audit: type=1400 audit(1603161815.115:8): avc: denied { execmem } for pid=6354 comm="syz-executor127" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 37.756020] ================================================================== [ 37.763383] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x146f/0x17d0 [ 37.770732] Read of size 8 at addr ffff888097eaf9a8 by task syz-executor127/6355 [ 37.778249] [ 37.779853] CPU: 0 PID: 6355 Comm: syz-executor127 Not tainted 4.14.198-syzkaller #0 [ 37.787721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.797048] Call Trace: [ 37.799649] dump_stack+0x1b2/0x283 [ 37.803253] print_address_description.cold+0x54/0x1d3 [ 37.808518] kasan_report_error.cold+0x8a/0x194 [ 37.813183] ? unwind_next_frame+0x146f/0x17d0 [ 37.817761] __asan_report_load8_noabort+0x68/0x70 [ 37.822675] ? unwind_next_frame+0x146f/0x17d0 [ 37.827581] unwind_next_frame+0x146f/0x17d0 [ 37.832014] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 37.837357] ? deref_stack_reg+0x1a0/0x1a0 [ 37.841580] ? check_preemption_disabled+0x35/0x240 [ 37.847533] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 37.852876] perf_callchain_kernel+0x38c/0x520 [ 37.857443] ? arch_perf_update_userpage+0x300/0x300 [ 37.862525] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 37.867878] ? arch_perf_update_userpage+0x300/0x300 [ 37.872967] ? check_preemption_disabled+0x35/0x240 [ 37.877957] get_perf_callchain+0x2df/0x740 [ 37.882265] ? put_callchain_buffers+0x60/0x60 [ 37.886820] ? __perf_event_overflow+0x1b6/0x310 [ 37.891549] ? perf_swevent_event+0x299/0x460 [ 37.896015] perf_callchain+0x147/0x190 [ 37.899962] perf_prepare_sample+0xd77/0x1380 [ 37.904446] ? perf_output_sample+0x16f0/0x16f0 [ 37.909098] perf_event_output_forward+0xc9/0x1f0 [ 37.913917] ? perf_prepare_sample+0x1380/0x1380 [ 37.918663] ? perf_swevent_event+0x460/0x460 [ 37.923137] ? check_preemption_disabled+0x35/0x240 [ 37.928144] __perf_event_overflow+0x113/0x310 [ 37.932700] perf_swevent_event+0x299/0x460 [ 37.937004] perf_tp_event+0x540/0x6e0 [ 37.940865] ? perf_swevent_event+0x460/0x460 [ 37.945334] ? perf_trace_run_bpf_submit+0x119/0x200 [ 37.950477] ? perf_trace_run_bpf_submit+0x119/0x200 [ 37.955577] ? perf_trace_lock+0x2d6/0x490 [ 37.960048] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 37.965923] ? perf_trace_lock_acquire+0x510/0x510 [ 37.970832] ? __save_stack_trace+0x63/0x160 [ 37.975224] ? deref_stack_reg+0x124/0x1a0 [ 37.979449] ? is_bpf_text_address+0x91/0x150 [ 37.983936] ? lock_acquire+0x170/0x3f0 [ 37.987903] ? lock_downgrade+0x740/0x740 [ 37.992044] ? __lock_acquire+0x5fc/0x3f20 [ 37.996259] ? perf_trace_run_bpf_submit+0x119/0x200 [ 38.001357] ? check_preemption_disabled+0x35/0x240 [ 38.006359] perf_trace_run_bpf_submit+0x119/0x200 [ 38.011265] perf_trace_lock+0x2d6/0x490 [ 38.015305] ? kasan_slab_free+0x12d/0x1a0 [ 38.019514] ? perf_trace_lock_acquire+0x510/0x510 [ 38.024435] ? free_pgd_range+0x84b/0xcd0 [ 38.028554] ? free_pgtables+0x1ec/0x2b0 [ 38.032589] ? exit_mmap+0x27f/0x4d0 [ 38.036281] ? do_exit+0x948/0x27f0 [ 38.039891] ? SyS_exit_group+0x19/0x20 [ 38.043850] ? do_syscall_64+0x1d5/0x640 [ 38.047895] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 38.053238] ? debug_check_no_obj_freed+0x2c0/0x674 [ 38.058244] ? perf_trace_lock_acquire+0x510/0x510 [ 38.063150] lock_release+0x4df/0x870 [ 38.066938] ? lock_acquire+0x170/0x3f0 [ 38.070900] ? lock_downgrade+0x740/0x740 [ 38.075023] _raw_spin_unlock_irqrestore+0x1b/0xe0 [ 38.079942] debug_check_no_obj_freed+0x2c0/0x674 [ 38.084762] ? debug_object_activate+0x490/0x490 [ 38.089500] kmem_cache_free+0x156/0x2b0 [ 38.093537] ___pmd_free_tlb+0xa3/0xf0 [ 38.097402] free_pgd_range+0x697/0xcd0 [ 38.101384] free_pgtables+0x1ec/0x2b0 [ 38.105259] exit_mmap+0x27f/0x4d0 [ 38.108790] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 38.113448] ? kmem_cache_free+0x23a/0x2b0 [ 38.117853] ? __khugepaged_exit+0x29b/0x3c0 [ 38.122235] mmput+0xfa/0x420 [ 38.125318] do_exit+0x948/0x27f0 [ 38.128762] ? __do_page_fault+0x5a0/0xb50 [ 38.132977] ? mm_update_next_owner+0x5b0/0x5b0 [ 38.137641] ? lock_downgrade+0x740/0x740 [ 38.141769] do_group_exit+0x100/0x2e0 [ 38.145648] SyS_exit_group+0x19/0x20 [ 38.149440] ? do_group_exit+0x2e0/0x2e0 [ 38.153496] do_syscall_64+0x1d5/0x640 [ 38.157360] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 38.162540] RIP: 0033:0x43ff58 [ 38.165701] RSP: 002b:00007ffebb9669d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.173380] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ff58 [ 38.180623] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.187869] RBP: 00000000004bf7f0 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.195126] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001 [ 38.202375] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 38.209632] [ 38.211266] The buggy address belongs to the page: [ 38.216200] page:ffffea00025fabc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 38.224356] flags: 0xfffe0000000000() [ 38.228153] raw: 00fffe0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 38.236020] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 38.243873] page dumped because: kasan: bad access detected [ 38.249559] [ 38.251160] Memory state around the buggy address: [ 38.256061] ffff888097eaf880: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 04 [ 38.263395] ffff888097eaf900: f2 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 [ 38.270746] >ffff888097eaf980: f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 [ 38.278083] ^ [ 38.282751] ffff888097eafa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 [ 38.290083] ffff888097eafa80: f1 f1 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 [ 38.297427] ================================================================== [ 38.304843] Disabling lock debugging due to kernel taint [ 38.310265] Kernel panic - not syncing: panic_on_warn set ... [ 38.310265] [ 38.317612] CPU: 0 PID: 6355 Comm: syz-executor127 Tainted: G B 4.14.198-syzkaller #0 [ 38.326690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.336031] Call Trace: [ 38.338599] dump_stack+0x1b2/0x283 [ 38.342219] panic+0x1f9/0x42d [ 38.345387] ? add_taint.cold+0x16/0x16 [ 38.349338] ? lock_downgrade+0x740/0x740 [ 38.353488] kasan_end_report+0x43/0x49 [ 38.357466] kasan_report_error.cold+0xa7/0x194 [ 38.362127] ? unwind_next_frame+0x146f/0x17d0 [ 38.366680] __asan_report_load8_noabort+0x68/0x70 [ 38.373668] ? unwind_next_frame+0x146f/0x17d0 [ 38.378234] unwind_next_frame+0x146f/0x17d0 [ 38.382616] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 38.387952] ? deref_stack_reg+0x1a0/0x1a0 [ 38.392192] ? check_preemption_disabled+0x35/0x240 [ 38.397192] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 38.402549] perf_callchain_kernel+0x38c/0x520 [ 38.407130] ? arch_perf_update_userpage+0x300/0x300 [ 38.412215] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 38.417555] ? arch_perf_update_userpage+0x300/0x300 [ 38.422643] ? check_preemption_disabled+0x35/0x240 [ 38.427633] get_perf_callchain+0x2df/0x740 [ 38.431931] ? put_callchain_buffers+0x60/0x60 [ 38.436495] ? __perf_event_overflow+0x1b6/0x310 [ 38.441238] ? perf_swevent_event+0x299/0x460 [ 38.445710] perf_callchain+0x147/0x190 [ 38.449661] perf_prepare_sample+0xd77/0x1380 [ 38.454134] ? perf_output_sample+0x16f0/0x16f0 [ 38.458789] perf_event_output_forward+0xc9/0x1f0 [ 38.463606] ? perf_prepare_sample+0x1380/0x1380 [ 38.468353] ? perf_swevent_event+0x460/0x460 [ 38.472836] ? check_preemption_disabled+0x35/0x240 [ 38.477841] __perf_event_overflow+0x113/0x310 [ 38.482402] perf_swevent_event+0x299/0x460 [ 38.486752] perf_tp_event+0x540/0x6e0 [ 38.490624] ? perf_swevent_event+0x460/0x460 [ 38.495094] ? perf_trace_run_bpf_submit+0x119/0x200 [ 38.500211] ? perf_trace_run_bpf_submit+0x119/0x200 [ 38.505309] ? perf_trace_lock+0x2d6/0x490 [ 38.509530] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 38.515420] ? perf_trace_lock_acquire+0x510/0x510 [ 38.520330] ? __save_stack_trace+0x63/0x160 [ 38.524714] ? deref_stack_reg+0x124/0x1a0 [ 38.528924] ? is_bpf_text_address+0x91/0x150 [ 38.533400] ? lock_acquire+0x170/0x3f0 [ 38.537348] ? lock_downgrade+0x740/0x740 [ 38.541492] ? __lock_acquire+0x5fc/0x3f20 [ 38.545706] ? perf_trace_run_bpf_submit+0x119/0x200 [ 38.550782] ? check_preemption_disabled+0x35/0x240 [ 38.555773] perf_trace_run_bpf_submit+0x119/0x200 [ 38.560691] perf_trace_lock+0x2d6/0x490 [ 38.564739] ? kasan_slab_free+0x12d/0x1a0 [ 38.568948] ? perf_trace_lock_acquire+0x510/0x510 [ 38.573861] ? free_pgd_range+0x84b/0xcd0 [ 38.577979] ? free_pgtables+0x1ec/0x2b0 [ 38.582012] ? exit_mmap+0x27f/0x4d0 [ 38.585709] ? do_exit+0x948/0x27f0 [ 38.589331] ? SyS_exit_group+0x19/0x20 [ 38.593301] ? do_syscall_64+0x1d5/0x640 [ 38.597351] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 38.602703] ? debug_check_no_obj_freed+0x2c0/0x674 [ 38.607708] ? perf_trace_lock_acquire+0x510/0x510 [ 38.612614] lock_release+0x4df/0x870 [ 38.616398] ? lock_acquire+0x170/0x3f0 [ 38.620360] ? lock_downgrade+0x740/0x740 [ 38.624520] _raw_spin_unlock_irqrestore+0x1b/0xe0 [ 38.629425] debug_check_no_obj_freed+0x2c0/0x674 [ 38.634245] ? debug_object_activate+0x490/0x490 [ 38.638977] kmem_cache_free+0x156/0x2b0 [ 38.643063] ___pmd_free_tlb+0xa3/0xf0 [ 38.647895] free_pgd_range+0x697/0xcd0 [ 38.651850] free_pgtables+0x1ec/0x2b0 [ 38.655725] exit_mmap+0x27f/0x4d0 [ 38.659238] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 38.663883] ? kmem_cache_free+0x23a/0x2b0 [ 38.668093] ? __khugepaged_exit+0x29b/0x3c0 [ 38.672481] mmput+0xfa/0x420 [ 38.675566] do_exit+0x948/0x27f0 [ 38.678995] ? __do_page_fault+0x5a0/0xb50 [ 38.683217] ? mm_update_next_owner+0x5b0/0x5b0 [ 38.687861] ? lock_downgrade+0x740/0x740 [ 38.691998] do_group_exit+0x100/0x2e0 [ 38.695860] SyS_exit_group+0x19/0x20 [ 38.699648] ? do_group_exit+0x2e0/0x2e0 [ 38.703686] do_syscall_64+0x1d5/0x640 [ 38.707564] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 38.712737] RIP: 0033:0x43ff58 [ 38.715909] RSP: 002b:00007ffebb9669d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.723592] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ff58 [ 38.730836] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 38.738091] RBP: 00000000004bf7f0 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 38.745336] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001 [ 38.752580] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 38.760942] Kernel Offset: disabled [ 38.764553] Rebooting in 86400 seconds..