Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts. executing program executing program executing program syzkaller login: [ 82.369091] audit: type=1400 audit(1602585854.852:8): avc: denied { execmem } for pid=6494 comm="syz-executor384" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 82.392581] ================================================================== [ 82.399971] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x18d5/0x2430 [ 82.407309] Read of size 8 at addr ffff8880895bf7f0 by task syz-executor384/6502 [ 82.414814] [ 82.416424] CPU: 0 PID: 6502 Comm: syz-executor384 Not tainted 4.19.150-syzkaller #0 [ 82.424281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.433612] Call Trace: [ 82.436197] dump_stack+0x22c/0x33e [ 82.439810] print_address_description.cold+0x56/0x25c [ 82.445085] kasan_report_error.cold+0x66/0xb9 [ 82.449649] ? unwind_next_frame+0x18d5/0x2430 [ 82.454212] __asan_report_load8_noabort+0x88/0x90 [ 82.459241] ? unwind_next_frame+0x18d5/0x2430 [ 82.463824] unwind_next_frame+0x18d5/0x2430 [ 82.468215] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.473576] ? deref_stack_reg+0x1d0/0x1d0 [ 82.477794] ? check_preemption_disabled+0x41/0x2b0 [ 82.482791] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.488139] perf_callchain_kernel+0x48d/0x660 [ 82.492798] ? arch_perf_update_userpage+0x360/0x360 [ 82.497895] ? do_syscall_64+0xf9/0x670 [ 82.501857] ? lock_acquire+0x298/0x3f0 [ 82.505815] ? perf_event_output_forward+0x1cd/0x2b0 [ 82.510901] get_perf_callchain+0x3f9/0x940 [ 82.515214] ? put_callchain_buffers+0x70/0x70 [ 82.519779] perf_callchain+0x165/0x1c0 [ 82.523734] perf_prepare_sample+0x817/0x1630 [ 82.528211] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 82.534074] ? perf_callchain+0x1c0/0x1c0 [ 82.538218] perf_event_output_forward+0x111/0x2b0 [ 82.543127] ? perf_prepare_sample+0x1630/0x1630 [ 82.547861] ? deref_stack_reg+0x1d0/0x1d0 [ 82.552092] ? lock_downgrade+0x750/0x750 [ 82.556220] ? unwind_next_frame+0xefa/0x2430 [ 82.560694] ? check_preemption_disabled+0x41/0x2b0 [ 82.565697] __perf_event_overflow+0x13c/0x370 [ 82.570259] perf_swevent_event+0x1d7/0x3f0 [ 82.574560] perf_tp_event+0x29f/0xb50 [ 82.578434] ? perf_swevent_event+0x3f0/0x3f0 [ 82.582909] ? __lock_acquire+0x2475/0x3ff0 [ 82.587214] ? mark_held_locks+0xf0/0xf0 [ 82.591255] ? perf_trace_lock_acquire+0x39a/0x580 [ 82.596168] ? find_held_lock+0x2d/0x110 [ 82.600211] ? depot_save_stack+0x213/0x564 [ 82.604600] ? lock_downgrade+0x750/0x750 [ 82.608734] ? lock_acquire+0x170/0x3f0 [ 82.612699] ? depot_save_stack+0x18d/0x564 [ 82.617009] ? perf_trace_run_bpf_submit+0x144/0x270 [ 82.622109] ? check_preemption_disabled+0x41/0x2b0 [ 82.627106] perf_trace_run_bpf_submit+0x144/0x270 [ 82.632020] perf_trace_lock_acquire+0x39a/0x580 [ 82.636770] ? kmem_cache_free+0x7f/0x2b0 [ 82.640905] ? noop_count+0x40/0x40 [ 82.644514] ? __x64_sys_exit_group+0x3a/0x50 [ 82.648989] ? do_syscall_64+0xf9/0x670 [ 82.652947] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.658292] ? find_held_lock+0x2d/0x110 [ 82.662335] lock_acquire+0x298/0x3f0 [ 82.666121] ? debug_check_no_obj_freed+0xb5/0x482 [ 82.671031] _raw_spin_lock_irqsave+0x90/0xe0 [ 82.675509] ? debug_check_no_obj_freed+0xb5/0x482 [ 82.680423] debug_check_no_obj_freed+0xb5/0x482 [ 82.685165] free_unref_page_prepare+0x1ea/0x5f0 [ 82.690134] free_unref_page+0x20/0x1a0 [ 82.694092] zap_huge_pmd+0xa26/0xf70 [ 82.697874] ? _paravirt_ident_32+0x10/0x10 [ 82.702177] unmap_page_range+0xe4a/0x2ec0 [ 82.706410] ? vm_normal_page_pmd+0x4d0/0x4d0 [ 82.710921] ? uprobe_munmap+0x2d/0x360 [ 82.714883] unmap_single_vma+0x198/0x300 [ 82.719017] unmap_vmas+0xa9/0x180 [ 82.722543] exit_mmap+0x2b9/0x530 [ 82.726071] ? __ia32_sys_munmap+0x80/0x80 [ 82.730293] ? __khugepaged_exit+0x2cc/0x420 [ 82.734688] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 82.739686] ? kmem_cache_free+0x284/0x2b0 [ 82.743901] ? __khugepaged_exit+0x2ed/0x420 [ 82.748300] mmput+0x14e/0x4a0 [ 82.751474] do_exit+0xb12/0x2d80 [ 82.754910] ? mm_update_next_owner+0x660/0x660 [ 82.759561] ? up_read+0x17/0x110 [ 82.763527] ? __do_page_fault+0x1ca/0xe00 [ 82.767744] do_group_exit+0x125/0x320 [ 82.771618] __x64_sys_exit_group+0x3a/0x50 [ 82.775930] do_syscall_64+0xf9/0x670 [ 82.779714] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.784883] RIP: 0033:0x440058 [ 82.788067] Code: Bad RIP value. [ 82.791411] RSP: 002b:00007ffe7c715ea8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 82.799110] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440058 [ 82.806361] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 82.813614] RBP: 00000000004bf890 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 82.820886] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001 [ 82.828160] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 82.835414] [ 82.837018] The buggy address belongs to the page: [ 82.841925] page:ffffea0002256fc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 82.850057] flags: 0xfffe0000000000() [ 82.853881] raw: 00fffe0000000000 0000000000000000 ffffffff02250101 0000000000000000 [ 82.861742] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 82.869596] page dumped because: kasan: bad access detected [ 82.875292] [ 82.876896] Memory state around the buggy address: [ 82.881806] ffff8880895bf680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 82.889143] ffff8880895bf700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 82.896478] >ffff8880895bf780: 00 00 00 00 f1 f1 f1 f1 f1 f1 04 f2 00 f3 f3 f3 [ 82.903812] ^ [ 82.910802] ffff8880895bf800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 82.918139] ffff8880895bf880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 82.925472] ================================================================== [ 82.932803] Disabling lock debugging due to kernel taint [ 82.938230] Kernel panic - not syncing: panic_on_warn set ... [ 82.938230] [ 82.945574] CPU: 0 PID: 6502 Comm: syz-executor384 Tainted: G B 4.19.150-syzkaller #0 [ 82.954819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.964148] Call Trace: [ 82.966720] dump_stack+0x22c/0x33e [ 82.970329] panic+0x2ac/0x565 [ 82.973502] ? __warn_printk+0xf3/0xf3 [ 82.977370] ? lock_downgrade+0x750/0x750 [ 82.981499] ? print_shadow_for_address+0xb8/0x116 [ 82.986417] ? trace_hardirqs_off+0x64/0x200 [ 82.990804] kasan_end_report+0x43/0x49 [ 82.994756] kasan_report_error.cold+0x83/0xb9 [ 82.999322] ? unwind_next_frame+0x18d5/0x2430 [ 83.003882] __asan_report_load8_noabort+0x88/0x90 [ 83.008792] ? unwind_next_frame+0x18d5/0x2430 [ 83.013355] unwind_next_frame+0x18d5/0x2430 [ 83.017744] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.023089] ? deref_stack_reg+0x1d0/0x1d0 [ 83.027306] ? check_preemption_disabled+0x41/0x2b0 [ 83.032338] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.037686] perf_callchain_kernel+0x48d/0x660 [ 83.042273] ? arch_perf_update_userpage+0x360/0x360 [ 83.047359] ? do_syscall_64+0xf9/0x670 [ 83.051312] ? lock_acquire+0x298/0x3f0 [ 83.055266] ? perf_event_output_forward+0x1cd/0x2b0 [ 83.060376] get_perf_callchain+0x3f9/0x940 [ 83.064679] ? put_callchain_buffers+0x70/0x70 [ 83.069243] perf_callchain+0x165/0x1c0 [ 83.073196] perf_prepare_sample+0x817/0x1630 [ 83.077676] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 83.083538] ? perf_callchain+0x1c0/0x1c0 [ 83.087668] perf_event_output_forward+0x111/0x2b0 [ 83.092577] ? perf_prepare_sample+0x1630/0x1630 [ 83.097313] ? deref_stack_reg+0x1d0/0x1d0 [ 83.101528] ? lock_downgrade+0x750/0x750 [ 83.105659] ? unwind_next_frame+0xefa/0x2430 [ 83.110132] ? check_preemption_disabled+0x41/0x2b0 [ 83.115129] __perf_event_overflow+0x13c/0x370 [ 83.119691] perf_swevent_event+0x1d7/0x3f0 [ 83.123992] perf_tp_event+0x29f/0xb50 [ 83.127870] ? perf_swevent_event+0x3f0/0x3f0 [ 83.132345] ? __lock_acquire+0x2475/0x3ff0 [ 83.136650] ? mark_held_locks+0xf0/0xf0 [ 83.140693] ? perf_trace_lock_acquire+0x39a/0x580 [ 83.145604] ? find_held_lock+0x2d/0x110 [ 83.149647] ? depot_save_stack+0x213/0x564 [ 83.153946] ? lock_downgrade+0x750/0x750 [ 83.158071] ? lock_acquire+0x170/0x3f0 [ 83.162025] ? depot_save_stack+0x18d/0x564 [ 83.166340] ? perf_trace_run_bpf_submit+0x144/0x270 [ 83.171421] ? check_preemption_disabled+0x41/0x2b0 [ 83.176416] perf_trace_run_bpf_submit+0x144/0x270 [ 83.181328] perf_trace_lock_acquire+0x39a/0x580 [ 83.186064] ? kmem_cache_free+0x7f/0x2b0 [ 83.190192] ? noop_count+0x40/0x40 [ 83.193800] ? __x64_sys_exit_group+0x3a/0x50 [ 83.198275] ? do_syscall_64+0xf9/0x670 [ 83.202243] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.207585] ? find_held_lock+0x2d/0x110 [ 83.211626] lock_acquire+0x298/0x3f0 [ 83.215406] ? debug_check_no_obj_freed+0xb5/0x482 [ 83.220314] _raw_spin_lock_irqsave+0x90/0xe0 [ 83.224786] ? debug_check_no_obj_freed+0xb5/0x482 [ 83.229693] debug_check_no_obj_freed+0xb5/0x482 [ 83.234432] free_unref_page_prepare+0x1ea/0x5f0 [ 83.240134] free_unref_page+0x20/0x1a0 [ 83.244101] zap_huge_pmd+0xa26/0xf70 [ 83.247882] ? _paravirt_ident_32+0x10/0x10 [ 83.252185] unmap_page_range+0xe4a/0x2ec0 [ 83.256403] ? vm_normal_page_pmd+0x4d0/0x4d0 [ 83.260878] ? uprobe_munmap+0x2d/0x360 [ 83.264835] unmap_single_vma+0x198/0x300 [ 83.268963] unmap_vmas+0xa9/0x180 [ 83.272485] exit_mmap+0x2b9/0x530 [ 83.276005] ? __ia32_sys_munmap+0x80/0x80 [ 83.280220] ? __khugepaged_exit+0x2cc/0x420 [ 83.284610] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 83.289606] ? kmem_cache_free+0x284/0x2b0 [ 83.293822] ? __khugepaged_exit+0x2ed/0x420 [ 83.298216] mmput+0x14e/0x4a0 [ 83.301389] do_exit+0xb12/0x2d80 [ 83.304828] ? mm_update_next_owner+0x660/0x660 [ 83.309474] ? up_read+0x17/0x110 [ 83.312907] ? __do_page_fault+0x1ca/0xe00 [ 83.317121] do_group_exit+0x125/0x320 [ 83.320991] __x64_sys_exit_group+0x3a/0x50 [ 83.325294] do_syscall_64+0xf9/0x670 [ 83.329092] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.334272] RIP: 0033:0x440058 [ 83.337453] Code: Bad RIP value. [ 83.340798] RSP: 002b:00007ffe7c715ea8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 83.348487] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440058 [ 83.355733] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 83.362979] RBP: 00000000004bf890 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 83.370227] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001 [ 83.377481] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 83.385968] Kernel Offset: disabled [ 83.389579] Rebooting in 86400 seconds..