INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes [ 159.083141] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts. [ 164.719377] random: sshd: uninitialized urandom read (32 bytes read) Cannot find device "nr0" Cannot find device "nr0" Cannot find device "nr0" Cannot find device "nr0" [ 164.810573] audit: type=1400 audit(1545970421.246:7): avc: denied { map } for pid=1823 comm="syz-executor830" path="/root/syz-executor830308559" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 Cannot find device "rose0" Cannot find device "rose0" Cannot find device "rose0" net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "bridge0" is wrong: Device does not exist Error: argument "bridge0" is wrong: Device does not exist RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "bond0" is wrong: Device does not exist Error: argument "bond0" is wrong: Device does not exist RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "team0" is wrong: Device does not exist Error: argument "team0" is wrong: Device does not exist Cannot find device "bridge_slave_0" Cannot find device "bridge_slave_1" RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Garbage instead of arguments "slave1 ...". Try "ip link help". Cannot find device "hsr_slave_0" Cannot find device "hsr_slave_1" RTNETLINK answers: Operation not supported Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "tunl0" Cannot find device "tunl0" Cannot find device "tunl0" Cannot find device "tunl0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gretap0" Cannot find device "gretap0" Cannot find device "gretap0" Cannot find device "gretap0" RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument Cannot find device "ip6gre0" Cannot find device "ip6gre0" Cannot find device "ip6gre0" Cannot find device "ip6gre0" Cannot find device "ip6gretap0" Cannot find device "ip6gretap0" Cannot find device "ip6gretap0" Cannot find device "ip6gretap0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "veth0" Cannot find device "veth0" Cannot find device "veth0" Cannot find device "veth0" Cannot find device "veth1" Cannot find device "veth1" Cannot find device "veth1" Cannot find device "veth1" Cannot find device "team0" Cannot find device "team0" Cannot find device "team0" Cannot find device "team0" Cannot find device "veth0_to_bridge" Cannot find device "veth0_to_bridge" Cannot find device "veth0_to_bridge" Cannot find device "veth0_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth0_to_bond" Cannot find device "veth0_to_bond" Cannot find device "veth0_to_bond" Cannot find device "veth0_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth0_to_team" Cannot find device "veth0_to_team" Cannot find device "veth0_to_team" Cannot find device "veth0_to_team" Cannot find device "veth1_to_team" Cannot find device "veth1_to_team" Cannot find device "veth1_to_team" Cannot find device "veth1_to_team" Cannot find device "veth0_to_hsr" Cannot find device "veth0_to_hsr" Cannot find device "veth0_to_hsr" Cannot find device "veth0_to_hsr" Cannot find device "veth1_to_hsr" Cannot find device "veth1_to_hsr" Cannot find device "veth1_to_hsr" Cannot find device "veth1_to_hsr" Cannot find device "hsr0" Cannot find device "hsr0" Cannot find device "hsr0" Cannot find device "hsr0" Cannot find device "ip6erspan0" Cannot find device "ip6erspan0" Cannot find device "ip6erspan0" Cannot find device "ip6erspan0" Cannot find device "dummy0" Cannot find device "dummy0" Cannot find device "dummy0" Cannot find device "dummy0" Cannot find device "nlmon0" Cannot find device "nlmon0" Cannot find device "nlmon0" Cannot find device "nlmon0" Cannot find device "vxcan1" Cannot find device "vxcan1" Cannot find device "vxcan1" Cannot find device "vxcan1" Cannot find device "caif0" Cannot find device "caif0" Cannot find device "caif0" Cannot find device "caif0" Cannot find device "batadv0" Cannot find device "batadv0" Cannot find device "batadv0" Cannot find device "batadv0" Cannot find device "netdevsim0" Cannot find device "netdevsim0" Cannot find device "netdevsim0" Cannot find device "netdevsim0" executing program [ 167.220811] ================================================================== [ 167.228209] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x1595/0x1930 [ 167.235568] Read of size 8 at addr ffff8881c4c276b8 by task syz-executor830/2462 [ 167.243221] [ 167.244860] CPU: 0 PID: 2462 Comm: syz-executor830 Not tainted 4.14.90+ #29 [ 167.252092] Call Trace: [ 167.254660] dump_stack+0xb9/0x11b [ 167.258191] print_address_description+0x60/0x22b [ 167.263013] kasan_report.cold.6+0x11b/0x2dd [ 167.267392] ? unwind_next_frame+0x1595/0x1930 [ 167.271950] unwind_next_frame+0x1595/0x1930 [ 167.276352] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 167.281847] ? deref_stack_reg+0xe0/0xe0 [ 167.285888] ? perf_event_output_forward+0x145/0x230 [ 167.291209] ? lock_downgrade+0x560/0x560 [ 167.295462] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 167.300810] perf_callchain_kernel+0x39c/0x540 [ 167.305371] ? arch_perf_update_userpage+0x330/0x330 [ 167.310563] ? check_preemption_disabled+0x34/0x1e0 [ 167.315582] ? do_group_exit+0x100/0x2e0 [ 167.319627] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 167.324976] ? check_preemption_disabled+0x34/0x1e0 [ 167.329972] get_perf_callchain+0x2eb/0x760 [ 167.334274] ? put_callchain_buffers+0x60/0x60 [ 167.338899] perf_callchain+0x14a/0x190 [ 167.342859] perf_prepare_sample+0x704/0x13c0 [ 167.347343] ? perf_tp_event+0x4b2/0x7e0 [ 167.351379] ? perf_output_sample+0x1780/0x1780 [ 167.356023] ? perf_swevent_put_recursion_context+0xa0/0xa0 [ 167.361727] perf_event_output_forward+0xeb/0x230 [ 167.366653] ? perf_prepare_sample+0x13c0/0x13c0 [ 167.371387] ? __perf_event_overflow+0x1b9/0x320 [ 167.376227] ? check_preemption_disabled+0x34/0x1e0 [ 167.381266] __perf_event_overflow+0x116/0x320 [ 167.385849] perf_swevent_overflow+0x166/0x1f0 [ 167.390406] perf_swevent_event+0x112/0x270 [ 167.394702] perf_tp_event+0x620/0x7e0 [ 167.398565] ? perf_swevent_put_recursion_context+0xa0/0xa0 [ 167.404254] ? perf_trace_run_bpf_submit+0x10f/0x170 [ 167.409340] ? perf_trace_run_bpf_submit+0x10f/0x170 [ 167.414428] ? perf_trace_lock+0x2f6/0x4c0 [ 167.418641] ? unwind_next_frame+0xea9/0x1930 [ 167.423117] ? perf_trace_lock_acquire+0x4d0/0x4d0 [ 167.428067] ? __is_insn_slot_addr+0x112/0x1f0 [ 167.432629] ? lock_downgrade+0x560/0x560 [ 167.436761] ? lock_acquire+0x10f/0x380 [ 167.440843] ? __free_insn_slot+0x490/0x490 [ 167.445142] ? depot_save_stack+0x20a/0x428 [ 167.449441] ? perf_trace_run_bpf_submit+0x10f/0x170 [ 167.454581] perf_trace_run_bpf_submit+0x10f/0x170 [ 167.459507] perf_trace_lock+0x2f6/0x4c0 [ 167.463699] ? kasan_slab_free+0x119/0x190 [ 167.467916] ? perf_trace_lock_acquire+0x4d0/0x4d0 [ 167.472840] ? kfree_skb+0xc8/0x340 [ 167.476448] ? __tun_detach+0x3bc/0xd10 [ 167.480585] ? tun_chr_close+0x40/0x50 [ 167.484465] ? __fput+0x25e/0x6f0 [ 167.487988] ? task_work_run+0x116/0x190 [ 167.492030] ? do_exit+0x8fb/0x28c0 [ 167.495633] ? do_group_exit+0x100/0x2e0 [ 167.499671] ? get_signal+0x4e5/0x1470 [ 167.503642] ? exit_to_usermode_loop+0x116/0x150 [ 167.508473] ? do_syscall_64+0x35d/0x4b0 [ 167.512514] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 167.517855] ? perf_trace_lock_acquire+0x4d0/0x4d0 [ 167.522760] lock_release+0x4dc/0x720 [ 167.526549] ? debug_check_no_obj_freed+0x2b2/0x77c [ 167.531555] ? lock_downgrade+0x560/0x560 [ 167.535677] ? lock_acquire+0x10f/0x380 [ 167.539625] ? debug_check_no_obj_freed+0x150/0x77c [ 167.544624] _raw_spin_unlock_irqrestore+0x1b/0x70 [ 167.549539] debug_check_no_obj_freed+0x2b2/0x77c [ 167.554371] ? debug_object_activate+0x4e0/0x4e0 [ 167.559165] ? mark_held_locks+0xc2/0x130 [ 167.563294] ? kmem_cache_free+0x10c/0x350 [ 167.567509] ? kfree_skbmem+0x9e/0x100 [ 167.571374] kmem_cache_free+0x218/0x350 [ 167.575412] ? tun_queue_purge+0x108/0x300 [ 167.579620] kfree_skbmem+0x9e/0x100 [ 167.583311] ? tun_queue_purge+0x108/0x300 [ 167.587525] kfree_skb+0xd0/0x340 [ 167.590965] tun_queue_purge+0x108/0x300 [ 167.595012] __tun_detach+0x3bc/0xd10 [ 167.598793] ? __tun_detach+0xd10/0xd10 [ 167.602741] tun_chr_close+0x40/0x50 [ 167.606439] __fput+0x25e/0x6f0 [ 167.609700] task_work_run+0x116/0x190 [ 167.613634] do_exit+0x8fb/0x28c0 [ 167.617235] ? mm_update_next_owner+0x670/0x670 [ 167.621888] ? get_signal+0x547/0x1470 [ 167.625751] ? recalc_sigpending+0x5c/0x90 [ 167.629958] ? lock_downgrade+0x560/0x560 [ 167.634079] ? get_signal+0x1da/0x1470 [ 167.637945] do_group_exit+0x100/0x2e0 [ 167.641814] get_signal+0x4e5/0x1470 [ 167.645504] ? lock_acquire+0x10f/0x380 [ 167.649456] do_signal+0x8f/0x1660 [ 167.653150] ? get_unused_fd_flags+0xc0/0xc0 [ 167.657535] ? wait_for_completion_io+0x10/0x10 [ 167.662185] ? setup_sigcontext+0x810/0x810 [ 167.666491] ? SyS_perf_event_open+0x687/0x27d0 [ 167.671148] ? do_futex+0x17b0/0x17b0 [ 167.674930] ? exit_to_usermode_loop+0xc6/0x150 [ 167.679619] exit_to_usermode_loop+0x116/0x150 [ 167.684181] do_syscall_64+0x35d/0x4b0 [ 167.688221] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 167.693498] RIP: 0033:0x447b29 [ 167.696664] RSP: 002b:00007fd0f1ce8cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 167.704344] RAX: fffffffffffffe00 RBX: 00000000006dec28 RCX: 0000000000447b29 [ 167.711658] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dec28 [ 167.718912] RBP: 00000000006dec20 R08: 0000000000000000 R09: 0000000000000000 [ 167.726257] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dec2c [ 167.733507] R13: 00007ffd130a38cf R14: 00007fd0f1ce99c0 R15: 00000000006dec20 [ 167.740755] [ 167.742356] The buggy address belongs to the page: [ 167.747260] page:ffffea00071309c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 167.755465] flags: 0x4000000000000000() [ 167.759431] raw: 4000000000000000 0000000000000000 0000000000000000 00000000ffffffff [ 167.767290] raw: 0000000000000000 ffffea00071309e0 0000000000000000 0000000000000000 [ 167.775146] page dumped because: kasan: bad access detected [ 167.780871] [ 167.782476] Memory state around the buggy address: [ 167.787378] ffff8881c4c27580: 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 f2 [ 167.794854] ffff8881c4c27600: f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 [ 167.802194] >ffff8881c4c27680: 00 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 00 00 00 [ 167.809530] ^ [ 167.814824] ffff8881c4c27700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 167.822175] ffff8881c4c27780: 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 00 [ 167.829508] ================================================================== [ 167.836842] Disabling lock debugging due to kernel taint [ 167.842323] Kernel panic - not syncing: panic_on_warn set ... [ 167.842323] [ 167.849669] CPU: 0 PID: 2462 Comm: syz-executor830 Tainted: G B 4.14.90+ #29 [ 167.857960] Call Trace: [ 167.860527] dump_stack+0xb9/0x11b [ 167.864065] panic+0x1bf/0x3a4 [ 167.867234] ? add_taint.cold.4+0x16/0x16 [ 167.871362] kasan_end_report+0x43/0x49 [ 167.875414] kasan_report.cold.6+0x77/0x2dd [ 167.879714] ? unwind_next_frame+0x1595/0x1930 [ 167.884278] unwind_next_frame+0x1595/0x1930 [ 167.888669] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 167.894027] ? deref_stack_reg+0xe0/0xe0 [ 167.898074] ? perf_event_output_forward+0x145/0x230 [ 167.903166] ? lock_downgrade+0x560/0x560 [ 167.907290] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 167.913002] perf_callchain_kernel+0x39c/0x540 [ 167.917585] ? arch_perf_update_userpage+0x330/0x330 [ 167.922664] ? check_preemption_disabled+0x34/0x1e0 [ 167.927653] ? do_group_exit+0x100/0x2e0 [ 167.931697] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 167.937039] ? check_preemption_disabled+0x34/0x1e0 [ 167.942201] get_perf_callchain+0x2eb/0x760 [ 167.946519] ? put_callchain_buffers+0x60/0x60 [ 167.951078] perf_callchain+0x14a/0x190 [ 167.955028] perf_prepare_sample+0x704/0x13c0 [ 167.959496] ? perf_tp_event+0x4b2/0x7e0 [ 167.963531] ? perf_output_sample+0x1780/0x1780 [ 167.968184] ? perf_swevent_put_recursion_context+0xa0/0xa0 [ 167.973879] perf_event_output_forward+0xeb/0x230 [ 167.978806] ? perf_prepare_sample+0x13c0/0x13c0 [ 167.983553] ? __perf_event_overflow+0x1b9/0x320 [ 167.988419] ? check_preemption_disabled+0x34/0x1e0 [ 167.993527] __perf_event_overflow+0x116/0x320 [ 168.004203] perf_swevent_overflow+0x166/0x1f0 [ 168.008774] perf_swevent_event+0x112/0x270 [ 168.013075] perf_tp_event+0x620/0x7e0 [ 168.016939] ? perf_swevent_put_recursion_context+0xa0/0xa0 [ 168.022624] ? perf_trace_run_bpf_submit+0x10f/0x170 [ 168.027701] ? perf_trace_run_bpf_submit+0x10f/0x170 [ 168.032783] ? perf_trace_lock+0x2f6/0x4c0 [ 168.036997] ? unwind_next_frame+0xea9/0x1930 [ 168.041467] ? perf_trace_lock_acquire+0x4d0/0x4d0 [ 168.046378] ? __is_insn_slot_addr+0x112/0x1f0 [ 168.050939] ? lock_downgrade+0x560/0x560 [ 168.055060] ? lock_acquire+0x10f/0x380 [ 168.059005] ? __free_insn_slot+0x490/0x490 [ 168.063307] ? depot_save_stack+0x20a/0x428 [ 168.067606] ? perf_trace_run_bpf_submit+0x10f/0x170 [ 168.072698] perf_trace_run_bpf_submit+0x10f/0x170 [ 168.077605] perf_trace_lock+0x2f6/0x4c0 [ 168.081642] ? kasan_slab_free+0x119/0x190 [ 168.085852] ? perf_trace_lock_acquire+0x4d0/0x4d0 [ 168.090757] ? kfree_skb+0xc8/0x340 [ 168.094361] ? __tun_detach+0x3bc/0xd10 [ 168.098308] ? tun_chr_close+0x40/0x50 [ 168.102166] ? __fput+0x25e/0x6f0 [ 168.105593] ? task_work_run+0x116/0x190 [ 168.109626] ? do_exit+0x8fb/0x28c0 [ 168.113228] ? do_group_exit+0x100/0x2e0 [ 168.117261] ? get_signal+0x4e5/0x1470 [ 168.121127] ? exit_to_usermode_loop+0x116/0x150 [ 168.125853] ? do_syscall_64+0x35d/0x4b0 [ 168.129889] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 168.135225] ? perf_trace_lock_acquire+0x4d0/0x4d0 [ 168.140128] lock_release+0x4dc/0x720 [ 168.143902] ? debug_check_no_obj_freed+0x2b2/0x77c [ 168.148891] ? lock_downgrade+0x560/0x560 [ 168.153030] ? lock_acquire+0x10f/0x380 [ 168.156997] ? debug_check_no_obj_freed+0x150/0x77c [ 168.161989] _raw_spin_unlock_irqrestore+0x1b/0x70 [ 168.166894] debug_check_no_obj_freed+0x2b2/0x77c [ 168.171719] ? debug_object_activate+0x4e0/0x4e0 [ 168.176448] ? mark_held_locks+0xc2/0x130 [ 168.180571] ? kmem_cache_free+0x10c/0x350 [ 168.184779] ? kfree_skbmem+0x9e/0x100 [ 168.188642] kmem_cache_free+0x218/0x350 [ 168.192683] ? tun_queue_purge+0x108/0x300 [ 168.196894] kfree_skbmem+0x9e/0x100 [ 168.200581] ? tun_queue_purge+0x108/0x300 [ 168.204803] kfree_skb+0xd0/0x340 [ 168.208251] tun_queue_purge+0x108/0x300 [ 168.212291] __tun_detach+0x3bc/0xd10 [ 168.216068] ? __tun_detach+0xd10/0xd10 [ 168.220015] tun_chr_close+0x40/0x50 [ 168.223718] __fput+0x25e/0x6f0 [ 168.226979] task_work_run+0x116/0x190 [ 168.230842] do_exit+0x8fb/0x28c0 [ 168.234273] ? mm_update_next_owner+0x670/0x670 [ 168.238917] ? get_signal+0x547/0x1470 [ 168.242776] ? recalc_sigpending+0x5c/0x90 [ 168.246985] ? lock_downgrade+0x560/0x560 [ 168.251108] ? get_signal+0x1da/0x1470 [ 168.254972] do_group_exit+0x100/0x2e0 [ 168.258833] get_signal+0x4e5/0x1470 [ 168.262522] ? lock_acquire+0x10f/0x380 [ 168.266482] do_signal+0x8f/0x1660 [ 168.269997] ? get_unused_fd_flags+0xc0/0xc0 [ 168.274400] ? wait_for_completion_io+0x10/0x10 [ 168.279045] ? setup_sigcontext+0x810/0x810 [ 168.283343] ? SyS_perf_event_open+0x687/0x27d0 [ 168.287987] ? do_futex+0x17b0/0x17b0 [ 168.291763] ? exit_to_usermode_loop+0xc6/0x150 [ 168.296406] exit_to_usermode_loop+0x116/0x150 [ 168.300960] do_syscall_64+0x35d/0x4b0 [ 168.304824] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 168.309988] RIP: 0033:0x447b29 [ 168.313157] RSP: 002b:00007fd0f1ce8cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 168.320838] RAX: fffffffffffffe00 RBX: 00000000006dec28 RCX: 0000000000447b29 [ 168.328079] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dec28 [ 168.335322] RBP: 00000000006dec20 R08: 0000000000000000 R09: 0000000000000000 [ 168.342568] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dec2c [ 168.349815] R13: 00007ffd130a38cf R14: 00007fd0f1ce99c0 R15: 00000000006dec20 [ 168.357389] Kernel Offset: 0x2f200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 168.368288] Rebooting in 86400 seconds..