INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes [ 534.688091] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts. [ 540.171411] random: sshd: uninitialized urandom read (32 bytes read) [ 540.263503] audit: type=1400 audit(1560559458.166:7): avc: denied { map } for pid=1887 comm="syz-executor995" path="/root/syz-executor995891616" dev="sda1" ino=16461 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program [ 540.630047] hrtimer: interrupt took 36060 ns executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 542.784238] ================================================================== [ 542.791951] BUG: KASAN: use-after-free in perf_output_read+0xe58/0xfc0 [ 542.798623] Read of size 8 at addr ffff8881d2a3f008 by task syz-executor995/1914 [ 542.806150] [ 542.807777] CPU: 1 PID: 1914 Comm: syz-executor995 Not tainted 4.14.125+ #6 [ 542.814872] Call Trace: [ 542.817571] dump_stack+0xb9/0x10e [ 542.821126] ? perf_output_read+0xe58/0xfc0 [ 542.825523] print_address_description+0x60/0x226 [ 542.830380] ? perf_output_read+0xe58/0xfc0 [ 542.834704] kasan_report.cold+0xae/0x2d5 [ 542.838871] ? perf_output_read+0xe58/0xfc0 [ 542.843301] ? perf_event_exit_cpu_context+0x170/0x170 [ 542.848662] ? deref_stack_reg+0xaa/0xe0 [ 542.852793] ? perf_output_copy+0x149/0x1d0 [ 542.857137] ? perf_output_sample+0xcea/0x1700 [ 542.861723] ? __perf_event_header__init_id.isra.0+0x276/0x430 [ 542.867707] ? perf_prepare_sample+0x656/0x1330 [ 542.872393] ? perf_event__output_id_sample+0x70/0x70 [ 542.877598] ? perf_output_sample+0x1700/0x1700 [ 542.882341] ? lock_acquire+0x10f/0x380 [ 542.886329] ? perf_prepare_sample+0x1330/0x1330 [ 542.891109] ? perf_event_output_forward+0x10b/0x220 [ 542.896218] ? perf_prepare_sample+0x1330/0x1330 [ 542.901115] ? check_preemption_disabled+0x35/0x1f0 [ 542.906152] ? __perf_event_overflow+0x116/0x320 [ 542.910933] ? perf_swevent_overflow+0x17b/0x210 [ 542.915694] ? ___perf_sw_event+0x11b/0x4a0 [ 542.920026] ? perf_swevent_event+0x19c/0x270 [ 542.924535] ? ___perf_sw_event+0x2a4/0x4a0 [ 542.928870] ? perf_pending_event+0xd0/0xd0 [ 542.933285] ? __handle_mm_fault+0xd96/0x2640 [ 542.937806] ? lock_downgrade+0x5d0/0x5d0 [ 542.942047] ? __handle_mm_fault+0xcc0/0x2640 [ 542.946615] ? _raw_spin_unlock+0x29/0x40 [ 542.950776] ? __handle_mm_fault+0x6c5/0x2640 [ 542.955286] ? vm_insert_mixed_mkwrite+0x30/0x30 [ 542.960123] ? __brelse+0x43/0x60 [ 542.963598] ? __do_page_fault+0x48e/0xb80 [ 542.967843] ? __perf_sw_event+0x42/0x80 [ 542.971927] ? __perf_sw_event+0x42/0x80 [ 542.975994] ? __do_page_fault+0x785/0xb80 [ 542.980257] ? bad_area_access_error+0x340/0x340 [ 542.985092] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 542.989959] ? page_fault+0x22/0x50 [ 542.993758] ? iov_iter_fault_in_readable+0x29c/0x350 [ 542.999737] ? iov_iter_init+0x1c0/0x1c0 [ 543.003817] ? generic_perform_write+0x158/0x450 [ 543.008691] ? filemap_page_mkwrite+0x2d0/0x2d0 [ 543.013440] ? current_time+0xb0/0xb0 [ 543.017353] ? __generic_file_write_iter+0x32e/0x550 [ 543.022488] ? generic_write_checks+0x252/0x410 [ 543.027210] ? ext4_file_write_iter+0x551/0xd60 [ 543.031901] ? ext4_llseek+0x7f0/0x7f0 [ 543.035802] ? trace_hardirqs_on+0x10/0x10 [ 543.040514] ? mark_held_locks+0xa6/0xf0 [ 543.045019] ? __vfs_write+0x401/0x5a0 [ 543.049024] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 543.053782] ? kernel_read+0x110/0x110 [ 543.057770] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 543.063251] ? rcu_read_lock_sched_held+0x10a/0x130 [ 543.068278] ? vfs_write+0x17f/0x4d0 [ 543.072019] ? SyS_write+0x102/0x250 [ 543.075736] ? SyS_read+0x250/0x250 [ 543.079367] ? do_syscall_64+0x43/0x510 [ 543.083353] ? SyS_read+0x250/0x250 [ 543.087126] ? do_syscall_64+0x19b/0x510 [ 543.091208] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 543.096583] [ 543.098207] Allocated by task 1844: [ 543.101874] kasan_kmalloc.part.0+0x4f/0xd0 [ 543.106209] __kmalloc_track_caller+0xf1/0x310 [ 543.111919] __kmalloc_reserve.isra.0+0x2d/0xc0 [ 543.116594] __alloc_skb+0x105/0x550 [ 543.120454] sock_wmalloc+0xa5/0xf0 [ 543.124376] unix_stream_connect+0x1e4/0x1140 [ 543.129048] SyS_connect+0x19b/0x280 [ 543.132757] do_syscall_64+0x19b/0x510 [ 543.137088] [ 543.138716] Freed by task 1844: [ 543.141991] kasan_slab_free+0xb0/0x190 [ 543.145968] kfree+0xf5/0x310 [ 543.149093] skb_free_head+0x83/0xa0 [ 543.152805] skb_release_data+0x4ae/0x730 [ 543.156951] skb_release_all+0x46/0x60 [ 543.160857] kfree_skb+0xc5/0x350 [ 543.164309] unix_stream_connect+0xfa0/0x1140 [ 543.168994] SyS_connect+0x19b/0x280 [ 543.172716] do_syscall_64+0x19b/0x510 [ 543.176597] [ 543.178219] The buggy address belongs to the object at ffff8881d2a3ef00 [ 543.178219] which belongs to the cache kmalloc-512 of size 512 [ 543.190966] The buggy address is located 264 bytes inside of [ 543.190966] 512-byte region [ffff8881d2a3ef00, ffff8881d2a3f100) [ 543.202841] The buggy address belongs to the page: [ 543.209168] page:ffffea00074a8f80 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 543.219144] flags: 0x4000000000010200(slab|head) [ 543.223908] raw: 4000000000010200 0000000000000000 0000000000000000 00000001800c000c [ 543.231795] raw: dead000000000100 dead000000000200 ffff8881da802c00 0000000000000000 [ 543.239674] page dumped because: kasan: bad access detected [ 543.245384] [ 543.247007] Memory state around the buggy address: [ 543.251941] ffff8881d2a3ef00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 543.259304] ffff8881d2a3ef80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 543.266671] >ffff8881d2a3f000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 543.274118] ^ [ 543.277739] ffff8881d2a3f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 543.285099] ffff8881d2a3f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 543.293807] ================================================================== [ 543.301168] Disabling lock debugging due to kernel taint [ 543.306757] Kernel panic - not syncing: panic_on_warn set ... [ 543.306757] [ 543.314133] CPU: 1 PID: 1914 Comm: syz-executor995 Tainted: G B 4.14.125+ #6 [ 543.322552] Call Trace: [ 543.325131] dump_stack+0xb9/0x10e [ 543.328711] panic+0x1d9/0x3c2 [ 543.331944] ? add_taint.cold+0x16/0x16 [ 543.335915] ? retint_kernel+0x2d/0x2d [ 543.339794] ? perf_output_read+0xe58/0xfc0 [ 543.344106] kasan_end_report+0x43/0x49 [ 543.348088] kasan_report.cold+0xca/0x2d5 [ 543.352236] ? perf_output_read+0xe58/0xfc0 [ 543.356551] ? perf_event_exit_cpu_context+0x170/0x170 [ 543.361819] ? deref_stack_reg+0xaa/0xe0 [ 543.365885] ? perf_output_copy+0x149/0x1d0 [ 543.370212] ? perf_output_sample+0xcea/0x1700 [ 543.374798] ? __perf_event_header__init_id.isra.0+0x276/0x430 [ 543.380762] ? perf_prepare_sample+0x656/0x1330 [ 543.385425] ? perf_event__output_id_sample+0x70/0x70 [ 543.390608] ? perf_output_sample+0x1700/0x1700 [ 543.395267] ? lock_acquire+0x10f/0x380 [ 543.399233] ? perf_prepare_sample+0x1330/0x1330 [ 543.403982] ? perf_event_output_forward+0x10b/0x220 [ 543.409099] ? perf_prepare_sample+0x1330/0x1330 [ 543.413854] ? check_preemption_disabled+0x35/0x1f0 [ 543.418870] ? __perf_event_overflow+0x116/0x320 [ 543.423640] ? perf_swevent_overflow+0x17b/0x210 [ 543.428498] ? ___perf_sw_event+0x11b/0x4a0 [ 543.432812] ? perf_swevent_event+0x19c/0x270 [ 543.437298] ? ___perf_sw_event+0x2a4/0x4a0 [ 543.441612] ? perf_pending_event+0xd0/0xd0 [ 543.445945] ? __handle_mm_fault+0xd96/0x2640 [ 543.450448] ? lock_downgrade+0x5d0/0x5d0 [ 543.454597] ? __handle_mm_fault+0xcc0/0x2640 [ 543.459111] ? _raw_spin_unlock+0x29/0x40 [ 543.463340] ? __handle_mm_fault+0x6c5/0x2640 [ 543.467841] ? vm_insert_mixed_mkwrite+0x30/0x30 [ 543.472586] ? __brelse+0x43/0x60 [ 543.476027] ? __do_page_fault+0x48e/0xb80 [ 543.480251] ? __perf_sw_event+0x42/0x80 [ 543.484296] ? __perf_sw_event+0x42/0x80 [ 543.488353] ? __do_page_fault+0x785/0xb80 [ 543.492587] ? bad_area_access_error+0x340/0x340 [ 543.497331] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 543.502168] ? page_fault+0x22/0x50 [ 543.505789] ? iov_iter_fault_in_readable+0x29c/0x350 [ 543.510985] ? iov_iter_init+0x1c0/0x1c0 [ 543.515038] ? generic_perform_write+0x158/0x450 [ 543.519782] ? filemap_page_mkwrite+0x2d0/0x2d0 [ 543.524448] ? current_time+0xb0/0xb0 [ 543.528267] ? __generic_file_write_iter+0x32e/0x550 [ 543.533398] ? generic_write_checks+0x252/0x410 [ 543.538061] ? ext4_file_write_iter+0x551/0xd60 [ 543.542722] ? ext4_llseek+0x7f0/0x7f0 [ 543.546598] ? trace_hardirqs_on+0x10/0x10 [ 543.550849] ? mark_held_locks+0xa6/0xf0 [ 543.554903] ? __vfs_write+0x401/0x5a0 [ 543.558776] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 543.564318] ? kernel_read+0x110/0x110 [ 543.568223] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 543.573677] ? rcu_read_lock_sched_held+0x10a/0x130 [ 543.578712] ? vfs_write+0x17f/0x4d0 [ 543.582423] ? SyS_write+0x102/0x250 [ 543.586148] ? SyS_read+0x250/0x250 [ 543.589786] ? do_syscall_64+0x43/0x510 [ 543.593741] ? SyS_read+0x250/0x250 [ 543.597351] ? do_syscall_64+0x19b/0x510 [ 543.601410] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 543.607083] Kernel Offset: 0x12400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 543.618030] Rebooting in 86400 seconds..