[ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.225' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.000872] ================================================================== [ 28.008242] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x146f/0x17d0 [ 28.015585] Read of size 8 at addr ffff8880937079a8 by task syz-executor280/7961 [ 28.023089] [ 28.024693] CPU: 0 PID: 7961 Comm: syz-executor280 Not tainted 4.14.285-syzkaller #0 [ 28.032548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2022 [ 28.041876] Call Trace: [ 28.044444] dump_stack+0x1b2/0x281 [ 28.048067] print_address_description.cold+0x54/0x1d3 [ 28.053320] kasan_report_error.cold+0x8a/0x191 [ 28.057969] ? unwind_next_frame+0x146f/0x17d0 [ 28.062536] __asan_report_load8_noabort+0x68/0x70 [ 28.067466] ? unwind_next_frame+0x146f/0x17d0 [ 28.072022] unwind_next_frame+0x146f/0x17d0 [ 28.076404] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.081742] ? deref_stack_reg+0x1a0/0x1a0 [ 28.085957] ? check_preemption_disabled+0x35/0x240 [ 28.090954] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.096293] perf_callchain_kernel+0x38c/0x520 [ 28.100853] ? arch_perf_update_userpage+0x300/0x300 [ 28.105931] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.111274] ? arch_perf_update_userpage+0x300/0x300 [ 28.116352] ? check_preemption_disabled+0x35/0x240 [ 28.121342] get_perf_callchain+0x2de/0x740 [ 28.125643] ? put_callchain_buffers+0x60/0x60 [ 28.130200] ? __perf_event_overflow+0x1b6/0x310 [ 28.134934] ? perf_swevent_event+0x299/0x460 [ 28.139400] perf_callchain+0x147/0x190 [ 28.143363] perf_prepare_sample+0xc9a/0x1370 [ 28.147834] ? perf_output_sample+0x16f0/0x16f0 [ 28.152478] perf_event_output_forward+0xc9/0x1f0 [ 28.157298] ? perf_prepare_sample+0x1370/0x1370 [ 28.162037] ? lock_release+0x4df/0x870 [ 28.165990] ? perf_swevent_event+0x460/0x460 [ 28.170599] ? check_preemption_disabled+0x35/0x240 [ 28.175592] __perf_event_overflow+0x113/0x310 [ 28.180149] perf_swevent_event+0x299/0x460 [ 28.184447] perf_tp_event+0x540/0x6e0 [ 28.188308] ? perf_swevent_event+0x460/0x460 [ 28.192775] ? perf_trace_run_bpf_submit+0x119/0x200 [ 28.197849] ? perf_trace_run_bpf_submit+0x119/0x200 [ 28.202933] ? lock_release+0x4df/0x870 [ 28.206899] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 28.212808] ? perf_trace_run_bpf_submit+0x119/0x200 [ 28.217887] ? perf_trace_lock_acquire+0x510/0x510 [ 28.222792] ? __save_stack_trace+0x63/0x160 [ 28.227265] ? deref_stack_reg+0x124/0x1a0 [ 28.231472] ? is_bpf_text_address+0x91/0x150 [ 28.235941] ? lock_acquire+0x170/0x3f0 [ 28.239887] ? lock_downgrade+0x740/0x740 [ 28.244014] ? __lock_acquire+0x5fc/0x3f20 [ 28.248222] ? perf_trace_run_bpf_submit+0x119/0x200 [ 28.253298] ? check_preemption_disabled+0x35/0x240 [ 28.258331] perf_trace_run_bpf_submit+0x119/0x200 [ 28.263237] perf_trace_lock+0x2d6/0x490 [ 28.267272] ? kasan_slab_free+0x12d/0x1a0 [ 28.271478] ? perf_trace_lock_acquire+0x510/0x510 [ 28.276381] ? free_pgd_range+0x84b/0xcd0 [ 28.280501] ? free_pgtables+0x1ec/0x2b0 [ 28.284536] ? exit_mmap+0x27f/0x4d0 [ 28.288224] ? do_exit+0x984/0x2850 [ 28.291829] ? SyS_exit_group+0x19/0x20 [ 28.295776] ? do_syscall_64+0x1d5/0x640 [ 28.299813] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.305153] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.310141] ? perf_trace_lock_acquire+0x510/0x510 [ 28.315041] lock_release+0x4df/0x870 [ 28.318839] ? lock_acquire+0x170/0x3f0 [ 28.322800] ? lock_downgrade+0x740/0x740 [ 28.326923] _raw_spin_unlock_irqrestore+0x1b/0xe0 [ 28.331829] debug_check_no_obj_freed+0x2c0/0x680 [ 28.336648] ? debug_object_activate+0x490/0x490 [ 28.341377] kmem_cache_free+0x156/0x2b0 [ 28.345428] ___pmd_free_tlb+0xa3/0xf0 [ 28.349289] free_pgd_range+0x697/0xcd0 [ 28.353242] free_pgtables+0x1ec/0x2b0 [ 28.357116] exit_mmap+0x27f/0x4d0 [ 28.360641] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 28.365293] ? kmem_cache_free+0x23a/0x2b0 [ 28.369508] ? __khugepaged_exit+0x29b/0x3c0 [ 28.373890] mmput+0xfa/0x420 [ 28.376995] do_exit+0x984/0x2850 [ 28.380428] ? __do_page_fault+0x571/0xad0 [ 28.384641] ? mm_update_next_owner+0x5b0/0x5b0 [ 28.389286] ? lock_downgrade+0x740/0x740 [ 28.393407] do_group_exit+0x100/0x2e0 [ 28.397271] SyS_exit_group+0x19/0x20 [ 28.401048] ? do_group_exit+0x2e0/0x2e0 [ 28.405087] do_syscall_64+0x1d5/0x640 [ 28.408949] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.414114] RIP: 0033:0x7fb030714a89 [ 28.417800] RSP: 002b:00007ffcbd3e0d58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 28.425482] RAX: ffffffffffffffda RBX: 00007fb030788330 RCX: 00007fb030714a89 [ 28.432727] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 28.439973] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 00007ffcbd3e0f48 [ 28.447215] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fb030788330 [ 28.454460] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 28.461710] [ 28.463316] The buggy address belongs to the page: [ 28.468224] page:ffffea00024dc1c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 28.476346] flags: 0xfff00000000000() [ 28.480125] raw: 00fff00000000000 0000000000000000 0000000000000000 00000000ffffffff [ 28.487981] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 28.495842] page dumped because: kasan: bad access detected [ 28.501528] [ 28.503130] Memory state around the buggy address: [ 28.508031] ffff888093707880: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 04 [ 28.515362] ffff888093707900: f2 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 [ 28.522694] >ffff888093707980: f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 [ 28.530024] ^ [ 28.534664] ffff888093707a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 [ 28.541994] ffff888093707a80: f1 f1 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 [ 28.549332] ================================================================== [ 28.556669] Disabling lock debugging due to kernel taint [ 28.562109] Kernel panic - not syncing: panic_on_warn set ... [ 28.562109] [ 28.569447] CPU: 0 PID: 7961 Comm: syz-executor280 Tainted: G B 4.14.285-syzkaller #0 [ 28.578522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2022 [ 28.587857] Call Trace: [ 28.590430] dump_stack+0x1b2/0x281 [ 28.594035] panic+0x1f9/0x42d [ 28.597201] ? add_taint.cold+0x16/0x16 [ 28.601149] ? lock_downgrade+0x740/0x740 [ 28.605392] kasan_end_report+0x43/0x49 [ 28.609361] kasan_report_error.cold+0xa7/0x191 [ 28.614011] ? unwind_next_frame+0x146f/0x17d0 [ 28.618569] __asan_report_load8_noabort+0x68/0x70 [ 28.623474] ? unwind_next_frame+0x146f/0x17d0 [ 28.628057] unwind_next_frame+0x146f/0x17d0 [ 28.632444] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.637786] ? deref_stack_reg+0x1a0/0x1a0 [ 28.642003] ? check_preemption_disabled+0x35/0x240 [ 28.647023] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.652363] perf_callchain_kernel+0x38c/0x520 [ 28.656923] ? arch_perf_update_userpage+0x300/0x300 [ 28.662003] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.667340] ? arch_perf_update_userpage+0x300/0x300 [ 28.672422] ? check_preemption_disabled+0x35/0x240 [ 28.677416] get_perf_callchain+0x2de/0x740 [ 28.681717] ? put_callchain_buffers+0x60/0x60 [ 28.686272] ? __perf_event_overflow+0x1b6/0x310 [ 28.691007] ? perf_swevent_event+0x299/0x460 [ 28.695477] perf_callchain+0x147/0x190 [ 28.699437] perf_prepare_sample+0xc9a/0x1370 [ 28.703910] ? perf_output_sample+0x16f0/0x16f0 [ 28.708552] perf_event_output_forward+0xc9/0x1f0 [ 28.713378] ? perf_prepare_sample+0x1370/0x1370 [ 28.718114] ? lock_release+0x4df/0x870 [ 28.722068] ? perf_swevent_event+0x460/0x460 [ 28.726545] ? check_preemption_disabled+0x35/0x240 [ 28.731542] __perf_event_overflow+0x113/0x310 [ 28.736104] perf_swevent_event+0x299/0x460 [ 28.740400] perf_tp_event+0x540/0x6e0 [ 28.744261] ? perf_swevent_event+0x460/0x460 [ 28.748729] ? perf_trace_run_bpf_submit+0x119/0x200 [ 28.753805] ? perf_trace_run_bpf_submit+0x119/0x200 [ 28.758885] ? lock_release+0x4df/0x870 [ 28.762859] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 28.768725] ? perf_trace_run_bpf_submit+0x119/0x200 [ 28.773808] ? perf_trace_lock_acquire+0x510/0x510 [ 28.778714] ? __save_stack_trace+0x63/0x160 [ 28.783098] ? deref_stack_reg+0x124/0x1a0 [ 28.787315] ? is_bpf_text_address+0x91/0x150 [ 28.791800] ? lock_acquire+0x170/0x3f0 [ 28.795753] ? lock_downgrade+0x740/0x740 [ 28.799888] ? __lock_acquire+0x5fc/0x3f20 [ 28.804099] ? perf_trace_run_bpf_submit+0x119/0x200 [ 28.809261] ? check_preemption_disabled+0x35/0x240 [ 28.814253] perf_trace_run_bpf_submit+0x119/0x200 [ 28.819329] perf_trace_lock+0x2d6/0x490 [ 28.823364] ? kasan_slab_free+0x12d/0x1a0 [ 28.827577] ? perf_trace_lock_acquire+0x510/0x510 [ 28.832481] ? free_pgd_range+0x84b/0xcd0 [ 28.836602] ? free_pgtables+0x1ec/0x2b0 [ 28.840636] ? exit_mmap+0x27f/0x4d0 [ 28.844323] ? do_exit+0x984/0x2850 [ 28.848010] ? SyS_exit_group+0x19/0x20 [ 28.851963] ? do_syscall_64+0x1d5/0x640 [ 28.855996] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.861338] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.866343] ? perf_trace_lock_acquire+0x510/0x510 [ 28.871249] lock_release+0x4df/0x870 [ 28.875025] ? lock_acquire+0x170/0x3f0 [ 28.878974] ? lock_downgrade+0x740/0x740 [ 28.883097] _raw_spin_unlock_irqrestore+0x1b/0xe0 [ 28.888004] debug_check_no_obj_freed+0x2c0/0x680 [ 28.892823] ? debug_object_activate+0x490/0x490 [ 28.897554] kmem_cache_free+0x156/0x2b0 [ 28.901592] ___pmd_free_tlb+0xa3/0xf0 [ 28.905453] free_pgd_range+0x697/0xcd0 [ 28.909399] free_pgtables+0x1ec/0x2b0 [ 28.913274] exit_mmap+0x27f/0x4d0 [ 28.916788] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 28.921442] ? kmem_cache_free+0x23a/0x2b0 [ 28.925650] ? __khugepaged_exit+0x29b/0x3c0 [ 28.930032] mmput+0xfa/0x420 [ 28.933120] do_exit+0x984/0x2850 [ 28.936563] ? __do_page_fault+0x571/0xad0 [ 28.940781] ? mm_update_next_owner+0x5b0/0x5b0 [ 28.945423] ? lock_downgrade+0x740/0x740 [ 28.949543] do_group_exit+0x100/0x2e0 [ 28.953402] SyS_exit_group+0x19/0x20 [ 28.957435] ? do_group_exit+0x2e0/0x2e0 [ 28.961468] do_syscall_64+0x1d5/0x640 [ 28.965330] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.970491] RIP: 0033:0x7fb030714a89 [ 28.974176] RSP: 002b:00007ffcbd3e0d58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 28.981854] RAX: ffffffffffffffda RBX: 00007fb030788330 RCX: 00007fb030714a89 [ 28.989095] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 28.996336] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 00007ffcbd3e0f48 [ 29.003579] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fb030788330 [ 29.010911] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 30.107382] Shutting down cpus with NMI [ 30.111576] Kernel Offset: disabled [ 30.115194] Rebooting in 86400 seconds..