[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.13' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 44.614727] audit: type=1400 audit(1595646185.748:8): avc: denied { execmem } for pid=6349 comm="syz-executor876" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 44.669316] ================================================================== [ 44.676716] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x146f/0x17d0 [ 44.684063] Read of size 8 at addr ffff888094c5f790 by task syz-executor876/6360 [ 44.691675] [ 44.693294] CPU: 1 PID: 6360 Comm: syz-executor876 Not tainted 4.14.189-syzkaller #0 [ 44.701241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.710579] Call Trace: [ 44.713155] dump_stack+0x1b2/0x283 [ 44.716780] print_address_description.cold+0x54/0x1d3 [ 44.722043] kasan_report_error.cold+0x8a/0x194 [ 44.726699] ? unwind_next_frame+0x146f/0x17d0 [ 44.731358] __asan_report_load8_noabort+0x68/0x70 [ 44.736279] ? unwind_next_frame+0x146f/0x17d0 [ 44.740845] unwind_next_frame+0x146f/0x17d0 [ 44.745260] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 44.750705] ? deref_stack_reg+0x1a0/0x1a0 [ 44.754925] ? check_preemption_disabled+0x35/0x240 [ 44.759926] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 44.765443] perf_callchain_kernel+0x38c/0x520 [ 44.770010] ? lock_release+0x4df/0x870 [ 44.773973] ? arch_perf_update_userpage+0x300/0x300 [ 44.779365] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 44.784716] ? check_preemption_disabled+0x35/0x240 [ 44.789857] get_perf_callchain+0x2df/0x740 [ 44.794167] ? put_callchain_buffers+0x60/0x60 [ 44.798736] ? kvm_clock_read+0x1f/0x30 [ 44.802817] ? kvm_sched_clock_read+0x5/0x10 [ 44.807396] ? sched_clock+0x2a/0x40 [ 44.811100] ? sched_clock_cpu+0x18/0x1b0 [ 44.815240] perf_callchain+0x147/0x190 [ 44.819206] perf_prepare_sample+0xd77/0x1380 [ 44.823686] ? perf_output_sample+0x16f0/0x16f0 [ 44.828343] perf_event_output_forward+0xc9/0x1f0 [ 44.833179] ? perf_prepare_sample+0x1380/0x1380 [ 44.837934] ? check_preemption_disabled+0x35/0x240 [ 44.842944] __perf_event_overflow+0x113/0x310 [ 44.847671] perf_swevent_event+0x3c8/0x460 [ 44.851979] perf_tp_event+0x540/0x6e0 [ 44.855979] ? perf_swevent_event+0x460/0x460 [ 44.860481] ? perf_trace_run_bpf_submit+0x119/0x200 [ 44.865686] ? __lock_acquire+0x5fc/0x3f20 [ 44.869908] ? perf_trace_lock+0x2d6/0x490 [ 44.874132] ? deref_stack_reg+0x124/0x1a0 [ 44.878360] ? perf_trace_lock_acquire+0x510/0x510 [ 44.883432] ? lock_acquire+0x170/0x3f0 [ 44.887393] ? __lock_acquire+0x5fc/0x3f20 [ 44.891613] ? perf_trace_run_bpf_submit+0x119/0x200 [ 44.896702] perf_trace_run_bpf_submit+0x119/0x200 [ 44.901755] perf_trace_lock+0x2d6/0x490 [ 44.905806] ? kasan_slab_free+0x12d/0x1a0 [ 44.910237] ? perf_trace_lock_acquire+0x510/0x510 [ 44.915152] ? exit_mmap+0x280/0x4b0 [ 44.918855] ? mmput+0xfa/0x420 [ 44.922133] ? do_exit+0x948/0x27f0 [ 44.925921] ? get_signal+0x38d/0x1ca0 [ 44.929804] ? exit_to_usermode_loop+0x160/0x200 [ 44.934546] ? do_syscall_64+0x4a3/0x640 [ 44.938601] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 44.943959] ? debug_check_no_obj_freed+0x2c0/0x674 [ 44.948974] ? perf_trace_lock_acquire+0x510/0x510 [ 44.953891] lock_release+0x4df/0x870 [ 44.957685] ? lock_acquire+0x170/0x3f0 [ 44.961764] ? lock_downgrade+0x740/0x740 [ 44.965901] _raw_spin_unlock_irqrestore+0x1b/0xe0 [ 44.970824] debug_check_no_obj_freed+0x2c0/0x674 [ 44.975789] ? __anon_vma_interval_tree_augment_rotate+0x1a2/0x210 [ 44.982101] ? debug_object_activate+0x490/0x490 [ 44.986917] kmem_cache_free+0x156/0x2b0 [ 44.990968] unlink_anon_vmas+0x289/0x7e0 [ 44.995108] ? up_write+0x17/0x60 [ 44.998679] free_pgtables+0x178/0x2b0 [ 45.002552] exit_mmap+0x280/0x4b0 [ 45.006078] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 45.010830] ? kmem_cache_free+0x23a/0x2b0 [ 45.015049] ? __khugepaged_exit+0x29b/0x3c0 [ 45.019528] mmput+0xfa/0x420 [ 45.022622] do_exit+0x948/0x27f0 [ 45.026058] ? perf_trace_lock_acquire+0x510/0x510 [ 45.030974] ? mm_update_next_owner+0x5b0/0x5b0 [ 45.035628] ? get_signal+0x323/0x1ca0 [ 45.039504] ? lock_acquire+0x170/0x3f0 [ 45.043468] ? lock_downgrade+0x740/0x740 [ 45.047613] do_group_exit+0x100/0x2e0 [ 45.051492] get_signal+0x38d/0x1ca0 [ 45.055310] do_signal+0x7c/0x1550 [ 45.059020] ? setup_sigcontext+0x820/0x820 [ 45.063342] ? __fd_install+0x227/0x5c0 [ 45.067316] ? get_unused_fd_flags+0xc0/0xc0 [ 45.071710] ? sock_alloc_file+0x1ae/0x2e0 [ 45.075993] ? SyS_futex+0x1da/0x290 [ 45.079692] ? SyS_futex+0x1e3/0x290 [ 45.083394] ? exit_to_usermode_loop+0x41/0x200 [ 45.088048] exit_to_usermode_loop+0x160/0x200 [ 45.092639] do_syscall_64+0x4a3/0x640 [ 45.096513] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 45.101687] RIP: 0033:0x4468e9 [ 45.104858] RSP: 002b:00007f4c0e085db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 45.112550] RAX: fffffffffffffe00 RBX: 00000000006dbc28 RCX: 00000000004468e9 [ 45.119822] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dbc28 [ 45.127077] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 45.134439] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 45.141699] R13: 00007ffe98c6ca2f R14: 00007f4c0e0869c0 R15: 000000000000002d [ 45.148956] [ 45.150566] The buggy address belongs to the page: [ 45.155592] page:ffffea00025317c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 45.163719] flags: 0xfffe0000000000() [ 45.167509] raw: 00fffe0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 45.175626] raw: 0000000000000000 ffffea00025317e0 0000000000000000 0000000000000000 [ 45.183660] page dumped because: kasan: bad access detected [ 45.189354] [ 45.191069] Memory state around the buggy address: [ 45.195986] ffff888094c5f680: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 04 f2 00 f3 [ 45.203332] ffff888094c5f700: f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 45.210808] >ffff888094c5f780: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.218275] ^ [ 45.222150] ffff888094c5f800: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 [ 45.229748] ffff888094c5f880: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.237091] ================================================================== [ 45.244452] Disabling lock debugging due to kernel taint [ 45.249893] Kernel panic - not syncing: panic_on_warn set ... [ 45.249893] [ 45.257353] CPU: 1 PID: 6360 Comm: syz-executor876 Tainted: G B 4.14.189-syzkaller #0 [ 45.266606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.276037] Call Trace: [ 45.278617] dump_stack+0x1b2/0x283 [ 45.282230] panic+0x1f9/0x42d [ 45.285552] ? add_taint.cold+0x16/0x16 [ 45.289515] ? lock_downgrade+0x740/0x740 [ 45.294086] kasan_end_report+0x43/0x49 [ 45.298135] kasan_report_error.cold+0xa7/0x194 [ 45.302794] ? unwind_next_frame+0x146f/0x17d0 [ 45.307372] __asan_report_load8_noabort+0x68/0x70 [ 45.312295] ? unwind_next_frame+0x146f/0x17d0 [ 45.316860] unwind_next_frame+0x146f/0x17d0 [ 45.321252] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 45.326821] ? deref_stack_reg+0x1a0/0x1a0 [ 45.331045] ? check_preemption_disabled+0x35/0x240 [ 45.336048] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 45.341403] perf_callchain_kernel+0x38c/0x520 [ 45.345973] ? lock_release+0x4df/0x870 [ 45.349934] ? arch_perf_update_userpage+0x300/0x300 [ 45.355023] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 45.360372] ? check_preemption_disabled+0x35/0x240 [ 45.365375] get_perf_callchain+0x2df/0x740 [ 45.369826] ? put_callchain_buffers+0x60/0x60 [ 45.374391] ? kvm_clock_read+0x1f/0x30 [ 45.378347] ? kvm_sched_clock_read+0x5/0x10 [ 45.382739] ? sched_clock+0x2a/0x40 [ 45.386433] ? sched_clock_cpu+0x18/0x1b0 [ 45.390570] perf_callchain+0x147/0x190 [ 45.394528] perf_prepare_sample+0xd77/0x1380 [ 45.399006] ? perf_output_sample+0x16f0/0x16f0 [ 45.403660] perf_event_output_forward+0xc9/0x1f0 [ 45.408486] ? perf_prepare_sample+0x1380/0x1380 [ 45.413227] ? check_preemption_disabled+0x35/0x240 [ 45.418228] __perf_event_overflow+0x113/0x310 [ 45.422795] perf_swevent_event+0x3c8/0x460 [ 45.427112] perf_tp_event+0x540/0x6e0 [ 45.430988] ? perf_swevent_event+0x460/0x460 [ 45.435467] ? perf_trace_run_bpf_submit+0x119/0x200 [ 45.440573] ? __lock_acquire+0x5fc/0x3f20 [ 45.444802] ? perf_trace_lock+0x2d6/0x490 [ 45.449021] ? deref_stack_reg+0x124/0x1a0 [ 45.453246] ? perf_trace_lock_acquire+0x510/0x510 [ 45.458303] ? lock_acquire+0x170/0x3f0 [ 45.462263] ? __lock_acquire+0x5fc/0x3f20 [ 45.466489] ? perf_trace_run_bpf_submit+0x119/0x200 [ 45.471707] perf_trace_run_bpf_submit+0x119/0x200 [ 45.476744] perf_trace_lock+0x2d6/0x490 [ 45.480798] ? kasan_slab_free+0x12d/0x1a0 [ 45.485022] ? perf_trace_lock_acquire+0x510/0x510 [ 45.489937] ? exit_mmap+0x280/0x4b0 [ 45.493633] ? mmput+0xfa/0x420 [ 45.496894] ? do_exit+0x948/0x27f0 [ 45.500506] ? get_signal+0x38d/0x1ca0 [ 45.504518] ? exit_to_usermode_loop+0x160/0x200 [ 45.509434] ? do_syscall_64+0x4a3/0x640 [ 45.513492] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 45.518845] ? debug_check_no_obj_freed+0x2c0/0x674 [ 45.523847] ? perf_trace_lock_acquire+0x510/0x510 [ 45.528761] lock_release+0x4df/0x870 [ 45.532641] ? lock_acquire+0x170/0x3f0 [ 45.536601] ? lock_downgrade+0x740/0x740 [ 45.540739] _raw_spin_unlock_irqrestore+0x1b/0xe0 [ 45.545658] debug_check_no_obj_freed+0x2c0/0x674 [ 45.550518] ? __anon_vma_interval_tree_augment_rotate+0x1a2/0x210 [ 45.556826] ? debug_object_activate+0x490/0x490 [ 45.561668] kmem_cache_free+0x156/0x2b0 [ 45.565718] unlink_anon_vmas+0x289/0x7e0 [ 45.569859] ? up_write+0x17/0x60 [ 45.573297] free_pgtables+0x178/0x2b0 [ 45.577303] exit_mmap+0x280/0x4b0 [ 45.580828] ? SyS_remap_file_pages+0x6a0/0x6a0 [ 45.585484] ? kmem_cache_free+0x23a/0x2b0 [ 45.589699] ? __khugepaged_exit+0x29b/0x3c0 [ 45.594094] mmput+0xfa/0x420 [ 45.597339] do_exit+0x948/0x27f0 [ 45.600778] ? perf_trace_lock_acquire+0x510/0x510 [ 45.605696] ? mm_update_next_owner+0x5b0/0x5b0 [ 45.610370] ? get_signal+0x323/0x1ca0 [ 45.614352] ? lock_acquire+0x170/0x3f0 [ 45.618314] ? lock_downgrade+0x740/0x740 [ 45.622450] do_group_exit+0x100/0x2e0 [ 45.626322] get_signal+0x38d/0x1ca0 [ 45.630022] do_signal+0x7c/0x1550 [ 45.633554] ? setup_sigcontext+0x820/0x820 [ 45.638034] ? __fd_install+0x227/0x5c0 [ 45.641994] ? get_unused_fd_flags+0xc0/0xc0 [ 45.646387] ? sock_alloc_file+0x1ae/0x2e0 [ 45.650610] ? SyS_futex+0x1da/0x290 [ 45.654337] ? SyS_futex+0x1e3/0x290 [ 45.658036] ? exit_to_usermode_loop+0x41/0x200 [ 45.662687] exit_to_usermode_loop+0x160/0x200 [ 45.667257] do_syscall_64+0x4a3/0x640 [ 45.671132] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 45.676311] RIP: 0033:0x4468e9 [ 45.679486] RSP: 002b:00007f4c0e085db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 45.687178] RAX: fffffffffffffe00 RBX: 00000000006dbc28 RCX: 00000000004468e9 [ 45.694792] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dbc28 [ 45.702048] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 45.709447] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 45.716834] R13: 00007ffe98c6ca2f R14: 00007f4c0e0869c0 R15: 000000000000002d [ 45.725720] Kernel Offset: disabled [ 45.729343] Rebooting in 86400 seconds..