Warning: Permanently added '10.128.15.205' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 44.885874] audit: type=1400 audit(1596907440.673:8): avc: denied { execmem } for pid=6481 comm="syz-executor804" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 44.921890] ================================================================== [ 44.929267] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x161c/0x1c60 [ 44.936637] Read of size 8 at addr ffff8880848df7f8 by task syz-executor804/6483 [ 44.944148] [ 44.945764] CPU: 0 PID: 6483 Comm: syz-executor804 Not tainted 4.19.138-syzkaller #0 [ 44.953622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.963956] Call Trace: [ 44.966530] dump_stack+0x1fc/0x2fe [ 44.970139] print_address_description.cold+0x54/0x219 [ 44.975448] kasan_report_error.cold+0x8a/0x1c7 [ 44.980099] ? unwind_next_frame+0x161c/0x1c60 [ 44.984659] __asan_report_load8_noabort+0x88/0x90 [ 44.989677] ? unwind_next_frame+0x161c/0x1c60 [ 44.994236] unwind_next_frame+0x161c/0x1c60 [ 44.998625] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.003968] ? deref_stack_reg+0x1d0/0x1d0 [ 45.008185] ? bpf_prog_kallsyms_find.part.0+0x1ad/0x270 [ 45.013620] ? check_preemption_disabled+0x41/0x280 [ 45.018615] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.023957] perf_callchain_kernel+0x3fa/0x5c0 [ 45.028523] ? arch_perf_update_userpage+0x360/0x360 [ 45.033604] ? do_syscall_64+0xf9/0x620 [ 45.037561] ? lock_acquire+0x298/0x3c0 [ 45.041522] ? perf_output_copy+0x230/0x230 [ 45.045840] get_perf_callchain+0x392/0x860 [ 45.050138] ? put_callchain_buffers+0x70/0x70 [ 45.054697] ? put_callchain_buffers+0x70/0x70 [ 45.059258] perf_callchain+0x165/0x1c0 [ 45.063212] perf_prepare_sample+0x81e/0x1620 [ 45.067692] ? perf_tp_event+0x5f4/0xaa0 [ 45.071729] ? perf_callchain+0x1c0/0x1c0 [ 45.075858] perf_event_output_forward+0xf3/0x270 [ 45.080685] ? perf_prepare_sample+0x1620/0x1620 [ 45.085438] ? check_preemption_disabled+0x41/0x280 [ 45.090435] __perf_event_overflow+0x13c/0x370 [ 45.094994] perf_swevent_event+0x4b9/0x550 [ 45.099294] perf_tp_event+0x29f/0xaa0 [ 45.103159] ? check_preemption_disabled+0x41/0x280 [ 45.108168] ? perf_swevent_event+0x550/0x550 [ 45.112642] ? perf_trace_run_bpf_submit+0x144/0x220 [ 45.117723] ? mark_held_locks+0xf0/0xf0 [ 45.126910] ? perf_trace_lock_acquire+0x36b/0x530 [ 45.131850] ? HARDIRQ_verbose+0x10/0x10 [ 45.135898] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 45.141761] ? is_bpf_text_address+0xd5/0x1b0 [ 45.146238] ? lock_downgrade+0x720/0x720 [ 45.150363] ? lock_acquire+0x170/0x3c0 [ 45.154320] ? __bpf_address_lookup+0x330/0x330 [ 45.158975] ? check_preemption_disabled+0x41/0x280 [ 45.163995] ? is_bpf_text_address+0xfc/0x1b0 [ 45.168515] ? perf_trace_run_bpf_submit+0x144/0x220 [ 45.173601] ? check_preemption_disabled+0x41/0x280 [ 45.178602] perf_trace_run_bpf_submit+0x144/0x220 [ 45.183515] perf_trace_lock_acquire+0x36b/0x530 [ 45.188253] ? kmem_cache_free+0x7f/0x260 [ 45.192389] ? HARDIRQ_verbose+0x10/0x10 [ 45.196442] ? __x64_sys_exit_group+0x3a/0x50 [ 45.200920] ? do_syscall_64+0xf9/0x620 [ 45.204875] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.210217] ? HARDIRQ_verbose+0x10/0x10 [ 45.214257] lock_acquire+0x298/0x3c0 [ 45.218038] ? debug_check_no_obj_freed+0xb5/0x482 [ 45.222945] _raw_spin_lock_irqsave+0x8c/0xc0 [ 45.227438] ? debug_check_no_obj_freed+0xb5/0x482 [ 45.232348] debug_check_no_obj_freed+0xb5/0x482 [ 45.237107] free_unref_page_prepare+0x1ea/0x5d0 [ 45.241850] free_unref_page+0x20/0x170 [ 45.245815] zap_huge_pmd+0xa00/0xe90 [ 45.249596] ? _paravirt_ident_32+0x10/0x10 [ 45.253914] unmap_page_range+0xe4d/0x2a70 [ 45.258145] ? lock_downgrade+0x720/0x720 [ 45.262280] ? vm_normal_page_pmd+0x4b0/0x4b0 [ 45.266760] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 45.271844] ? uprobe_munmap+0x2d/0x4d0 [ 45.275800] unmap_single_vma+0x198/0x300 [ 45.279929] unmap_vmas+0xa9/0x180 [ 45.283448] exit_mmap+0x2b9/0x510 [ 45.286970] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 45.292230] ? __khugepaged_exit+0x2a6/0x3e0 [ 45.296617] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 45.301636] ? kmem_cache_free+0x226/0x260 [ 45.305849] ? __khugepaged_exit+0x2c7/0x3e0 [ 45.310237] mmput+0x14e/0x4a0 [ 45.313410] do_exit+0xab5/0x2b70 [ 45.316857] ? lock_downgrade+0x720/0x720 [ 45.320987] ? mm_update_next_owner+0x650/0x650 [ 45.325635] ? up_read+0x17/0x110 [ 45.329071] ? __do_page_fault+0x1ca/0xde0 [ 45.333414] do_group_exit+0x125/0x310 [ 45.337317] __x64_sys_exit_group+0x3a/0x50 [ 45.341617] do_syscall_64+0xf9/0x620 [ 45.345417] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.350591] RIP: 0033:0x43ffc8 [ 45.353794] Code: Bad RIP value. [ 45.357139] RSP: 002b:00007ffc3e9f7658 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 45.365698] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ffc8 [ 45.373045] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 45.380313] RBP: 00000000004bf850 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 45.387561] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 45.394807] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 45.402055] [ 45.403661] The buggy address belongs to the page: [ 45.408568] page:ffffea00021237c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 45.416701] flags: 0xfffe0000000000() [ 45.420489] raw: 00fffe0000000000 0000000000000000 ffffffff02120101 0000000000000000 [ 45.428354] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 45.436214] page dumped because: kasan: bad access detected [ 45.441907] [ 45.443519] Memory state around the buggy address: [ 45.448552] ffff8880848df680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.455905] ffff8880848df700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.463246] >ffff8880848df780: 00 00 00 00 00 f1 f1 f1 f1 f1 f1 04 f2 00 f3 f3 [ 45.470579] ^ [ 45.478352] ffff8880848df800: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.485688] ffff8880848df880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.493026] ================================================================== [ 45.500357] Disabling lock debugging due to kernel taint [ 45.505782] Kernel panic - not syncing: panic_on_warn set ... [ 45.505782] [ 45.513134] CPU: 0 PID: 6483 Comm: syz-executor804 Tainted: G B 4.19.138-syzkaller #0 [ 45.522399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.531728] Call Trace: [ 45.534408] dump_stack+0x1fc/0x2fe [ 45.538109] panic+0x26a/0x50e [ 45.541290] ? __warn_printk+0xf3/0xf3 [ 45.545169] ? lock_downgrade+0x720/0x720 [ 45.549298] ? print_shadow_for_address+0xb8/0x114 [ 45.554207] ? trace_hardirqs_off+0x64/0x200 [ 45.558596] kasan_end_report+0x43/0x49 [ 45.562548] kasan_report_error.cold+0xa7/0x1c7 [ 45.567196] ? unwind_next_frame+0x161c/0x1c60 [ 45.571753] __asan_report_load8_noabort+0x88/0x90 [ 45.576667] ? unwind_next_frame+0x161c/0x1c60 [ 45.581228] unwind_next_frame+0x161c/0x1c60 [ 45.585618] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.591009] ? deref_stack_reg+0x1d0/0x1d0 [ 45.595321] ? bpf_prog_kallsyms_find.part.0+0x1ad/0x270 [ 45.600760] ? check_preemption_disabled+0x41/0x280 [ 45.605761] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.611637] perf_callchain_kernel+0x3fa/0x5c0 [ 45.616207] ? arch_perf_update_userpage+0x360/0x360 [ 45.621292] ? do_syscall_64+0xf9/0x620 [ 45.625253] ? lock_acquire+0x298/0x3c0 [ 45.629214] ? perf_output_copy+0x230/0x230 [ 45.633517] get_perf_callchain+0x392/0x860 [ 45.637818] ? put_callchain_buffers+0x70/0x70 [ 45.642413] ? put_callchain_buffers+0x70/0x70 [ 45.646984] perf_callchain+0x165/0x1c0 [ 45.650939] perf_prepare_sample+0x81e/0x1620 [ 45.655422] ? perf_tp_event+0x5f4/0xaa0 [ 45.659466] ? perf_callchain+0x1c0/0x1c0 [ 45.663599] perf_event_output_forward+0xf3/0x270 [ 45.668423] ? perf_prepare_sample+0x1620/0x1620 [ 45.673170] ? check_preemption_disabled+0x41/0x280 [ 45.678170] __perf_event_overflow+0x13c/0x370 [ 45.682735] perf_swevent_event+0x4b9/0x550 [ 45.687040] perf_tp_event+0x29f/0xaa0 [ 45.690916] ? check_preemption_disabled+0x41/0x280 [ 45.695945] ? perf_swevent_event+0x550/0x550 [ 45.700421] ? perf_trace_run_bpf_submit+0x144/0x220 [ 45.705505] ? mark_held_locks+0xf0/0xf0 [ 45.709545] ? perf_trace_lock_acquire+0x36b/0x530 [ 45.714456] ? HARDIRQ_verbose+0x10/0x10 [ 45.718499] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 45.724365] ? is_bpf_text_address+0xd5/0x1b0 [ 45.728841] ? lock_downgrade+0x720/0x720 [ 45.732968] ? lock_acquire+0x170/0x3c0 [ 45.737010] ? __bpf_address_lookup+0x330/0x330 [ 45.741658] ? check_preemption_disabled+0x41/0x280 [ 45.746654] ? is_bpf_text_address+0xfc/0x1b0 [ 45.751133] ? perf_trace_run_bpf_submit+0x144/0x220 [ 45.756231] ? check_preemption_disabled+0x41/0x280 [ 45.761230] perf_trace_run_bpf_submit+0x144/0x220 [ 45.766139] perf_trace_lock_acquire+0x36b/0x530 [ 45.770873] ? kmem_cache_free+0x7f/0x260 [ 45.775021] ? HARDIRQ_verbose+0x10/0x10 [ 45.779068] ? __x64_sys_exit_group+0x3a/0x50 [ 45.783547] ? do_syscall_64+0xf9/0x620 [ 45.787500] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.792842] ? HARDIRQ_verbose+0x10/0x10 [ 45.796891] lock_acquire+0x298/0x3c0 [ 45.800675] ? debug_check_no_obj_freed+0xb5/0x482 [ 45.805634] _raw_spin_lock_irqsave+0x8c/0xc0 [ 45.810114] ? debug_check_no_obj_freed+0xb5/0x482 [ 45.815029] debug_check_no_obj_freed+0xb5/0x482 [ 45.819772] free_unref_page_prepare+0x1ea/0x5d0 [ 45.824506] free_unref_page+0x20/0x170 [ 45.828496] zap_huge_pmd+0xa00/0xe90 [ 45.832287] ? _paravirt_ident_32+0x10/0x10 [ 45.836588] unmap_page_range+0xe4d/0x2a70 [ 45.840806] ? lock_downgrade+0x720/0x720 [ 45.844936] ? vm_normal_page_pmd+0x4b0/0x4b0 [ 45.849435] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 45.854516] ? uprobe_munmap+0x2d/0x4d0 [ 45.858521] unmap_single_vma+0x198/0x300 [ 45.862703] unmap_vmas+0xa9/0x180 [ 45.866225] exit_mmap+0x2b9/0x510 [ 45.869787] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 45.875046] ? __khugepaged_exit+0x2a6/0x3e0 [ 45.879452] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 45.884461] ? kmem_cache_free+0x226/0x260 [ 45.888674] ? __khugepaged_exit+0x2c7/0x3e0 [ 45.893061] mmput+0x14e/0x4a0 [ 45.896236] do_exit+0xab5/0x2b70 [ 45.899674] ? lock_downgrade+0x720/0x720 [ 45.903801] ? mm_update_next_owner+0x650/0x650 [ 45.908446] ? up_read+0x17/0x110 [ 45.911883] ? __do_page_fault+0x1ca/0xde0 [ 45.916098] do_group_exit+0x125/0x310 [ 45.919973] __x64_sys_exit_group+0x3a/0x50 [ 45.924277] do_syscall_64+0xf9/0x620 [ 45.928063] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.933233] RIP: 0033:0x43ffc8 [ 45.936424] Code: Bad RIP value. [ 45.939799] RSP: 002b:00007ffc3e9f7658 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 45.947491] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043ffc8 [ 45.954738] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 45.961987] RBP: 00000000004bf850 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 45.969383] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 45.976672] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 45.985139] Kernel Offset: disabled [ 45.988755] Rebooting in 86400 seconds..