[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 46.240588] ================================================================== [ 46.247962] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x146f/0x17d0 [ 46.255305] Read of size 8 at addr ffff8880962579a8 by task syz-executor167/7999 [ 46.262818] [ 46.264436] CPU: 1 PID: 7999 Comm: syz-executor167 Not tainted 4.14.285-syzkaller #0 [ 46.272306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2022 [ 46.281731] Call Trace: [ 46.284306] dump_stack+0x1b2/0x281 [ 46.287913] print_address_description.cold+0x54/0x1d3 [ 46.293187] kasan_report_error.cold+0x8a/0x191 [ 46.297835] ? unwind_next_frame+0x146f/0x17d0 [ 46.302397] __asan_report_load8_noabort+0x68/0x70 [ 46.307308] ? unwind_next_frame+0x146f/0x17d0 [ 46.311872] unwind_next_frame+0x146f/0x17d0 [ 46.316258] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 46.321595] ? deref_stack_reg+0x1a0/0x1a0 [ 46.325808] ? check_preemption_disabled+0x35/0x240 [ 46.330802] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 46.336158] perf_callchain_kernel+0x38c/0x520 [ 46.340718] ? arch_perf_update_userpage+0x300/0x300 [ 46.345802] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 46.351195] ? arch_perf_update_userpage+0x300/0x300 [ 46.356489] ? check_preemption_disabled+0x35/0x240 [ 46.361497] get_perf_callchain+0x2de/0x740 [ 46.365804] ? put_callchain_buffers+0x60/0x60 [ 46.370363] ? __perf_event_overflow+0x1b6/0x310 [ 46.375099] ? perf_swevent_event+0x299/0x460 [ 46.379580] perf_callchain+0x147/0x190 [ 46.383812] perf_prepare_sample+0xc9a/0x1370 [ 46.388294] ? perf_output_sample+0x16f0/0x16f0 [ 46.392944] perf_event_output_forward+0xc9/0x1f0 [ 46.397781] ? perf_prepare_sample+0x1370/0x1370 [ 46.402512] ? perf_swevent_event+0x460/0x460 [ 46.406984] ? check_preemption_disabled+0x35/0x240 [ 46.411995] __perf_event_overflow+0x113/0x310 [ 46.416571] perf_swevent_event+0x299/0x460 [ 46.420867] perf_tp_event+0x540/0x6e0 [ 46.424732] ? perf_swevent_event+0x460/0x460 [ 46.429203] ? perf_trace_run_bpf_submit+0x119/0x200 [ 46.434279] ? perf_trace_run_bpf_submit+0x119/0x200 [ 46.439358] ? perf_trace_lock+0x2d6/0x490 [ 46.443568] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 46.449426] ? perf_trace_run_bpf_submit+0x119/0x200 [ 46.454504] ? perf_trace_lock_acquire+0x510/0x510 [ 46.459428] ? __save_stack_trace+0x63/0x160 [ 46.463819] ? deref_stack_reg+0x124/0x1a0 [ 46.468029] ? is_bpf_text_address+0x91/0x150 [ 46.472501] ? lock_acquire+0x170/0x3f0 [ 46.476453] ? lock_downgrade+0x740/0x740 [ 46.480741] ? __lock_acquire+0x5fc/0x3f20 [ 46.484953] ? perf_trace_run_bpf_submit+0x119/0x200 [ 46.490135] ? check_preemption_disabled+0x35/0x240 [ 46.495391] perf_trace_run_bpf_submit+0x119/0x200 [ 46.500300] perf_trace_lock+0x2d6/0x490 [ 46.504337] ? kasan_slab_free+0x12d/0x1a0 [ 46.508550] ? perf_trace_lock_acquire+0x510/0x510 [ 46.513454] ? free_pgd_range+0x84b/0xcd0 [ 46.517580] ? free_pgtables+0x1ec/0x2b0 [ 46.521616] ? exit_mmap+0x27f/0x4d0 [ 46.525399] ? do_exit+0x984/0x2850 [ 46.529009] ? SyS_exit_group+0x19/0x20 [ 46.532958] ? do_syscall_64+0x1d5/0x640 [ 46.536995] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 46.542337] ? debug_check_no_obj_freed+0x2c0/0x680 [ 46.547328] ? perf_trace_lock_acquire+0x510/0x510 [ 46.552234] lock_release+0x4df/0x870 [ 46.556010] ? lock_acquire+0x170/0x3f0 [ 46.559979] ? lock_downgrade+0x740/0x740 [ 46.564136] _raw_spin_unlock_irqrestore+0x1b/0xe0 [ 46.569056] debug_check_no_obj_freed+0x2c0/0x680 [ 46.573881] ? debug_object_activate+0x490/0x490 [ 46.578621] kmem_cache_free+0x156/0x2b0 [ 46.582661] ___pmd_free_tlb+0xa3/0xf0 [ 46.586555] free_pgd_range+0x697/0xcd0 [ 46.590526] free_pgtables+0x1ec/0x2b0 [ 46.594393] exit_mmap+0x27f/0x4d0 [ 46.597909] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 46.602574] ? kmem_cache_free+0x23a/0x2b0 [ 46.606785] ? __khugepaged_exit+0x29b/0x3c0 [ 46.611170] mmput+0xfa/0x420 [ 46.614252] do_exit+0x984/0x2850 [ 46.617687] ? __do_page_fault+0x571/0xad0 [ 46.621897] ? mm_update_next_owner+0x5b0/0x5b0 [ 46.626540] ? lock_downgrade+0x740/0x740 [ 46.630664] do_group_exit+0x100/0x2e0 [ 46.634531] SyS_exit_group+0x19/0x20 [ 46.638304] ? do_group_exit+0x2e0/0x2e0 [ 46.642342] do_syscall_64+0x1d5/0x640 [ 46.646205] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 46.651373] RIP: 0033:0x7fa062930a89 [ 46.655057] RSP: 002b:00007ffe9f74b788 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 46.662736] RAX: ffffffffffffffda RBX: 00007fa0629a4330 RCX: 00007fa062930a89 [ 46.669981] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 46.677228] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 00007ffe9f74b978 [ 46.684483] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fa0629a4330 [ 46.691728] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 46.698976] [ 46.700578] The buggy address belongs to the page: [ 46.705656] page:ffffea00025895c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 46.713770] flags: 0xfff00000000000() [ 46.717547] raw: 00fff00000000000 0000000000000000 0000000000000000 00000000ffffffff [ 46.725405] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 46.733266] page dumped because: kasan: bad access detected [ 46.738966] [ 46.740579] Memory state around the buggy address: [ 46.745501] ffff888096257880: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 04 [ 46.752840] ffff888096257900: f2 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 [ 46.760178] >ffff888096257980: f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 [ 46.767526] ^ [ 46.772173] ffff888096257a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 [ 46.779507] ffff888096257a80: f1 f1 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 [ 46.786842] ================================================================== [ 46.794178] Disabling lock debugging due to kernel taint [ 46.800039] Kernel panic - not syncing: panic_on_warn set ... [ 46.800039] [ 46.807381] CPU: 1 PID: 7999 Comm: syz-executor167 Tainted: G B 4.14.285-syzkaller #0 [ 46.816451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2022 [ 46.825783] Call Trace: [ 46.828356] dump_stack+0x1b2/0x281 [ 46.831957] panic+0x1f9/0x42d [ 46.835121] ? add_taint.cold+0x16/0x16 [ 46.839068] ? lock_downgrade+0x740/0x740 [ 46.843192] kasan_end_report+0x43/0x49 [ 46.847142] kasan_report_error.cold+0xa7/0x191 [ 46.851788] ? unwind_next_frame+0x146f/0x17d0 [ 46.856344] __asan_report_load8_noabort+0x68/0x70 [ 46.861248] ? unwind_next_frame+0x146f/0x17d0 [ 46.865808] unwind_next_frame+0x146f/0x17d0 [ 46.870194] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 46.875536] ? deref_stack_reg+0x1a0/0x1a0 [ 46.879746] ? check_preemption_disabled+0x35/0x240 [ 46.884737] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 46.890076] perf_callchain_kernel+0x38c/0x520 [ 46.894633] ? arch_perf_update_userpage+0x300/0x300 [ 46.899712] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 46.905058] ? arch_perf_update_userpage+0x300/0x300 [ 46.910141] ? check_preemption_disabled+0x35/0x240 [ 46.915152] get_perf_callchain+0x2de/0x740 [ 46.919475] ? put_callchain_buffers+0x60/0x60 [ 46.924052] ? __perf_event_overflow+0x1b6/0x310 [ 46.928784] ? perf_swevent_event+0x299/0x460 [ 46.933257] perf_callchain+0x147/0x190 [ 46.937220] perf_prepare_sample+0xc9a/0x1370 [ 46.941692] ? perf_output_sample+0x16f0/0x16f0 [ 46.946336] perf_event_output_forward+0xc9/0x1f0 [ 46.951158] ? perf_prepare_sample+0x1370/0x1370 [ 46.955913] ? perf_swevent_event+0x460/0x460 [ 46.960476] ? check_preemption_disabled+0x35/0x240 [ 46.965474] __perf_event_overflow+0x113/0x310 [ 46.970052] perf_swevent_event+0x299/0x460 [ 46.974347] perf_tp_event+0x540/0x6e0 [ 46.978216] ? perf_swevent_event+0x460/0x460 [ 46.982703] ? perf_trace_run_bpf_submit+0x119/0x200 [ 46.987781] ? perf_trace_run_bpf_submit+0x119/0x200 [ 46.992860] ? perf_trace_lock+0x2d6/0x490 [ 46.997089] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 47.002949] ? perf_trace_run_bpf_submit+0x119/0x200 [ 47.008025] ? perf_trace_lock_acquire+0x510/0x510 [ 47.012927] ? __save_stack_trace+0x63/0x160 [ 47.017335] ? deref_stack_reg+0x124/0x1a0 [ 47.021603] ? is_bpf_text_address+0x91/0x150 [ 47.026072] ? lock_acquire+0x170/0x3f0 [ 47.030021] ? lock_downgrade+0x740/0x740 [ 47.034143] ? __lock_acquire+0x5fc/0x3f20 [ 47.038352] ? perf_trace_run_bpf_submit+0x119/0x200 [ 47.043434] ? check_preemption_disabled+0x35/0x240 [ 47.048434] perf_trace_run_bpf_submit+0x119/0x200 [ 47.053348] perf_trace_lock+0x2d6/0x490 [ 47.057389] ? kasan_slab_free+0x12d/0x1a0 [ 47.061598] ? perf_trace_lock_acquire+0x510/0x510 [ 47.066500] ? free_pgd_range+0x84b/0xcd0 [ 47.070638] ? free_pgtables+0x1ec/0x2b0 [ 47.074674] ? exit_mmap+0x27f/0x4d0 [ 47.078362] ? do_exit+0x984/0x2850 [ 47.081965] ? SyS_exit_group+0x19/0x20 [ 47.085920] ? do_syscall_64+0x1d5/0x640 [ 47.089961] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 47.095299] ? debug_check_no_obj_freed+0x2c0/0x680 [ 47.100290] ? perf_trace_lock_acquire+0x510/0x510 [ 47.105194] lock_release+0x4df/0x870 [ 47.108987] ? lock_acquire+0x170/0x3f0 [ 47.113377] ? lock_downgrade+0x740/0x740 [ 47.117514] _raw_spin_unlock_irqrestore+0x1b/0xe0 [ 47.122420] debug_check_no_obj_freed+0x2c0/0x680 [ 47.127254] ? debug_object_activate+0x490/0x490 [ 47.131987] kmem_cache_free+0x156/0x2b0 [ 47.136051] ___pmd_free_tlb+0xa3/0xf0 [ 47.139934] free_pgd_range+0x697/0xcd0 [ 47.143887] free_pgtables+0x1ec/0x2b0 [ 47.147763] exit_mmap+0x27f/0x4d0 [ 47.151294] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 47.155958] ? kmem_cache_free+0x23a/0x2b0 [ 47.160189] ? __khugepaged_exit+0x29b/0x3c0 [ 47.164571] mmput+0xfa/0x420 [ 47.167650] do_exit+0x984/0x2850 [ 47.171079] ? __do_page_fault+0x571/0xad0 [ 47.175290] ? mm_update_next_owner+0x5b0/0x5b0 [ 47.179937] ? lock_downgrade+0x740/0x740 [ 47.184096] do_group_exit+0x100/0x2e0 [ 47.187960] SyS_exit_group+0x19/0x20 [ 47.191910] ? do_group_exit+0x2e0/0x2e0 [ 47.195945] do_syscall_64+0x1d5/0x640 [ 47.199820] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 47.204986] RIP: 0033:0x7fa062930a89 [ 47.208671] RSP: 002b:00007ffe9f74b788 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 47.216462] RAX: ffffffffffffffda RBX: 00007fa0629a4330 RCX: 00007fa062930a89 [ 47.223708] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 47.230952] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 00007ffe9f74b978 [ 47.238198] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fa0629a4330 [ 47.245450] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 47.252968] Kernel Offset: disabled [ 47.256619] Rebooting in 86400 seconds..