
Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.56' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   33.578676] audit: type=1400 audit(1598670721.632:8): avc:  denied  { execmem } for  pid=6357 comm="syz-executor556" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   33.603118] ==================================================================
[   33.610501] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x146f/0x17d0
[   33.617850] Read of size 8 at addr ffff888097d6fab0 by task syz-executor556/6358
[   33.625361] 
[   33.626975] CPU: 1 PID: 6358 Comm: syz-executor556 Not tainted 4.14.195-syzkaller #0
[   33.634837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.644169] Call Trace:
[   33.646736]  dump_stack+0x1b2/0x283
[   33.650344]  print_address_description.cold+0x54/0x1d3
[   33.655598]  kasan_report_error.cold+0x8a/0x194
[   33.660244]  ? unwind_next_frame+0x146f/0x17d0
[   33.664802]  __asan_report_load8_noabort+0x68/0x70
[   33.669732]  ? unwind_next_frame+0x146f/0x17d0
[   33.674291]  unwind_next_frame+0x146f/0x17d0
[   33.678683]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   33.684035]  ? deref_stack_reg+0x1a0/0x1a0
[   33.688249]  ? is_bpf_text_address+0xb8/0x150
[   33.692745]  ? check_preemption_disabled+0x35/0x240
[   33.697740]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   33.703082]  perf_callchain_kernel+0x38c/0x520
[   33.707641]  ? lock_release+0x4df/0x870
[   33.711594]  ? arch_perf_update_userpage+0x300/0x300
[   33.716687]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   33.722142]  ? check_preemption_disabled+0x35/0x240
[   33.727144]  get_perf_callchain+0x2df/0x740
[   33.731444]  ? put_callchain_buffers+0x60/0x60
[   33.736013]  ? startup_64+0x1/0x30
[   33.739547]  ? tracing_generic_entry_update+0x162/0x1d0
[   33.744906]  ? perf_swevent_event+0xf8/0x460
[   33.749317]  perf_callchain+0x147/0x190
[   33.753277]  perf_prepare_sample+0xd77/0x1380
[   33.757769]  ? perf_output_sample+0x16f0/0x16f0
[   33.762415]  perf_event_output_forward+0xc9/0x1f0
[   33.767242]  ? perf_prepare_sample+0x1380/0x1380
[   33.771977]  ? perf_callchain+0x147/0x190
[   33.776103]  ? perf_callchain+0x150/0x190
[   33.780237]  ? check_preemption_disabled+0x35/0x240
[   33.785235]  __perf_event_overflow+0x113/0x310
[   33.789804]  perf_swevent_event+0x3c8/0x460
[   33.794115]  perf_tp_event+0x540/0x6e0
[   33.797986]  ? perf_swevent_event+0x460/0x460
[   33.802465]  ? perf_trace_run_bpf_submit+0x119/0x200
[   33.807595]  ? __lock_acquire+0x5fc/0x3f20
[   33.811836]  ? perf_trace_run_bpf_submit+0x119/0x200
[   33.816935]  ? perf_trace_lock+0x2d6/0x490
[   33.821146]  ? deref_stack_reg+0x124/0x1a0
[   33.825363]  ? perf_trace_lock_acquire+0x510/0x510
[   33.830274]  ? lock_acquire+0x170/0x3f0
[   33.834233]  ? depot_save_stack+0x1d3/0x3e3
[   33.838545]  ? perf_trace_run_bpf_submit+0x119/0x200
[   33.843629]  ? check_preemption_disabled+0x35/0x240
[   33.848627]  perf_trace_run_bpf_submit+0x119/0x200
[   33.853564]  perf_trace_lock+0x2d6/0x490
[   33.857648]  ? kasan_slab_free+0xc3/0x1a0
[   33.861791]  ? kfree+0xc9/0x250
[   33.865050]  ? perf_trace_lock_acquire+0x510/0x510
[   33.869955]  ? __sock_release+0xcd/0x2b0
[   33.873991]  ? sock_close+0x15/0x20
[   33.877601]  ? __fput+0x25f/0x7a0
[   33.881038]  ? do_exit+0xa08/0x27f0
[   33.884672]  ? SyS_exit_group+0x19/0x20
[   33.888660]  ? do_syscall_64+0x1d5/0x640
[   33.892708]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   33.899274]  ? debug_check_no_obj_freed+0x2c0/0x674
[   33.904289]  ? perf_trace_lock_acquire+0x510/0x510
[   33.909210]  lock_release+0x4df/0x870
[   33.912992]  ? lock_acquire+0x170/0x3f0
[   33.916950]  ? lock_downgrade+0x740/0x740
[   33.921101]  _raw_spin_unlock_irqrestore+0x1b/0xe0
[   33.926011]  debug_check_no_obj_freed+0x2c0/0x674
[   33.930836]  ? mark_held_locks+0xa6/0xf0
[   33.934893]  ? debug_object_activate+0x490/0x490
[   33.939645]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   33.945098]  kfree+0xb9/0x250
[   33.948200]  __sk_destruct+0x577/0x6e0
[   33.952062]  __sk_free+0xd9/0x2d0
[   33.955503]  sk_free+0x2b/0x40
[   33.958687]  llc_sk_free+0x112/0x140
[   33.962395]  llc_ui_release+0x12b/0x230
[   33.966354]  __sock_release+0xcd/0x2b0
[   33.970221]  ? __sock_release+0x2b0/0x2b0
[   33.974355]  sock_close+0x15/0x20
[   33.977791]  __fput+0x25f/0x7a0
[   33.981066]  task_work_run+0x11f/0x190
[   33.984931]  do_exit+0xa08/0x27f0
[   33.988363]  ? __do_page_fault+0x5a0/0xb50
[   33.992945]  ? mm_update_next_owner+0x5b0/0x5b0
[   33.997594]  ? lock_downgrade+0x740/0x740
[   34.001719]  do_group_exit+0x100/0x2e0
[   34.005642]  SyS_exit_group+0x19/0x20
[   34.009445]  ? do_group_exit+0x2e0/0x2e0
[   34.013502]  do_syscall_64+0x1d5/0x640
[   34.017397]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.022572] RIP: 0033:0x43ff78
[   34.025742] RSP: 002b:00007ffff8c9ab08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   34.033430] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ff78
[   34.040681] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   34.047969] RBP: 00000000004bf810 R08: 00000000000000e7 R09: ffffffffffffffd0
[   34.055227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   34.062496] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000
[   34.069748] 
[   34.071357] The buggy address belongs to the page:
[   34.076269] page:ffffea00025f5bc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   34.084386] flags: 0xfffe0000000000()
[   34.088170] raw: 00fffe0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   34.096132] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   34.103989] page dumped because: kasan: bad access detected
[   34.109709] 
[   34.111311] Memory state around the buggy address:
[   34.116217]  ffff888097d6f980: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1
[   34.123552]  ffff888097d6fa00: 04 f2 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
[   34.130932] >ffff888097d6fa80: f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00 00
[   34.138270]                                      ^
[   34.143180]  ffff888097d6fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[   34.150537]  ffff888097d6fb80: f1 f1 f1 00 f3 f3 f3 00 00 00 00 00 00 00 00 00
[   34.157887] ==================================================================
[   34.165249] Disabling lock debugging due to kernel taint
[   34.170696] Kernel panic - not syncing: panic_on_warn set ...
[   34.170696] 
[   34.178039] CPU: 1 PID: 6358 Comm: syz-executor556 Tainted: G    B           4.14.195-syzkaller #0
[   34.187114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.196467] Call Trace:
[   34.199060]  dump_stack+0x1b2/0x283
[   34.202682]  panic+0x1f9/0x42d
[   34.205851]  ? add_taint.cold+0x16/0x16
[   34.209827]  ? lock_downgrade+0x740/0x740
[   34.213954]  kasan_end_report+0x43/0x49
[   34.217922]  kasan_report_error.cold+0xa7/0x194
[   34.222570]  ? unwind_next_frame+0x146f/0x17d0
[   34.227135]  __asan_report_load8_noabort+0x68/0x70
[   34.232050]  ? unwind_next_frame+0x146f/0x17d0
[   34.236615]  unwind_next_frame+0x146f/0x17d0
[   34.241020]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.246375]  ? deref_stack_reg+0x1a0/0x1a0
[   34.250597]  ? is_bpf_text_address+0xb8/0x150
[   34.255093]  ? check_preemption_disabled+0x35/0x240
[   34.260094]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.265464]  perf_callchain_kernel+0x38c/0x520
[   34.270030]  ? lock_release+0x4df/0x870
[   34.273988]  ? arch_perf_update_userpage+0x300/0x300
[   34.279079]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.284428]  ? check_preemption_disabled+0x35/0x240
[   34.289440]  get_perf_callchain+0x2df/0x740
[   34.293746]  ? put_callchain_buffers+0x60/0x60
[   34.298332]  ? startup_64+0x1/0x30
[   34.301872]  ? tracing_generic_entry_update+0x162/0x1d0
[   34.307219]  ? perf_swevent_event+0xf8/0x460
[   34.311607]  perf_callchain+0x147/0x190
[   34.315581]  perf_prepare_sample+0xd77/0x1380
[   34.320068]  ? perf_output_sample+0x16f0/0x16f0
[   34.324741]  perf_event_output_forward+0xc9/0x1f0
[   34.329567]  ? perf_prepare_sample+0x1380/0x1380
[   34.334311]  ? perf_callchain+0x147/0x190
[   34.338446]  ? perf_callchain+0x150/0x190
[   34.342598]  ? check_preemption_disabled+0x35/0x240
[   34.347600]  __perf_event_overflow+0x113/0x310
[   34.352172]  perf_swevent_event+0x3c8/0x460
[   34.356475]  perf_tp_event+0x540/0x6e0
[   34.360348]  ? perf_swevent_event+0x460/0x460
[   34.364823]  ? perf_trace_run_bpf_submit+0x119/0x200
[   34.369908]  ? __lock_acquire+0x5fc/0x3f20
[   34.374127]  ? perf_trace_run_bpf_submit+0x119/0x200
[   34.379215]  ? perf_trace_lock+0x2d6/0x490
[   34.383431]  ? deref_stack_reg+0x124/0x1a0
[   34.387664]  ? perf_trace_lock_acquire+0x510/0x510
[   34.392586]  ? lock_acquire+0x170/0x3f0
[   34.396563]  ? depot_save_stack+0x1d3/0x3e3
[   34.400883]  ? perf_trace_run_bpf_submit+0x119/0x200
[   34.405981]  ? check_preemption_disabled+0x35/0x240
[   34.410984]  perf_trace_run_bpf_submit+0x119/0x200
[   34.415920]  perf_trace_lock+0x2d6/0x490
[   34.419991]  ? kasan_slab_free+0xc3/0x1a0
[   34.424145]  ? kfree+0xc9/0x250
[   34.427415]  ? perf_trace_lock_acquire+0x510/0x510
[   34.432346]  ? __sock_release+0xcd/0x2b0
[   34.436418]  ? sock_close+0x15/0x20
[   34.440045]  ? __fput+0x25f/0x7a0
[   34.443487]  ? do_exit+0xa08/0x27f0
[   34.447097]  ? SyS_exit_group+0x19/0x20
[   34.451050]  ? do_syscall_64+0x1d5/0x640
[   34.455091]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.460447]  ? debug_check_no_obj_freed+0x2c0/0x674
[   34.465457]  ? perf_trace_lock_acquire+0x510/0x510
[   34.470387]  lock_release+0x4df/0x870
[   34.474172]  ? lock_acquire+0x170/0x3f0
[   34.478132]  ? lock_downgrade+0x740/0x740
[   34.482313]  _raw_spin_unlock_irqrestore+0x1b/0xe0
[   34.487225]  debug_check_no_obj_freed+0x2c0/0x674
[   34.492071]  ? mark_held_locks+0xa6/0xf0
[   34.496113]  ? debug_object_activate+0x490/0x490
[   34.500845]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   34.506283]  kfree+0xb9/0x250
[   34.509397]  __sk_destruct+0x577/0x6e0
[   34.513283]  __sk_free+0xd9/0x2d0
[   34.517844]  sk_free+0x2b/0x40
[   34.521036]  llc_sk_free+0x112/0x140
[   34.524746]  llc_ui_release+0x12b/0x230
[   34.528712]  __sock_release+0xcd/0x2b0
[   34.532588]  ? __sock_release+0x2b0/0x2b0
[   34.536719]  sock_close+0x15/0x20
[   34.540156]  __fput+0x25f/0x7a0
[   34.543419]  task_work_run+0x11f/0x190
[   34.547299]  do_exit+0xa08/0x27f0
[   34.550732]  ? __do_page_fault+0x5a0/0xb50
[   34.554946]  ? mm_update_next_owner+0x5b0/0x5b0
[   34.559609]  ? lock_downgrade+0x740/0x740
[   34.563827]  do_group_exit+0x100/0x2e0
[   34.567699]  SyS_exit_group+0x19/0x20
[   34.571484]  ? do_group_exit+0x2e0/0x2e0
[   34.575530]  do_syscall_64+0x1d5/0x640
[   34.579422]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.584593] RIP: 0033:0x43ff78
[   34.587775] RSP: 002b:00007ffff8c9ab08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   34.595476] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ff78
[   34.602727] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   34.609992] RBP: 00000000004bf810 R08: 00000000000000e7 R09: ffffffffffffffd0
[   34.617261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   34.624514] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000
[   34.632950] Kernel Offset: disabled
[   34.636564] Rebooting in 86400 seconds..