Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. [ 476.224281] audit: type=1400 audit(1555391102.268:36): avc: denied { map } for pid=7817 comm="syz-executor671" path="/root/syz-executor671384224" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 476.260516] IPVS: ftp: loaded support on port[0] = 21 executing program [ 476.291363] audit: type=1400 audit(1555391102.338:37): avc: denied { associate } for pid=7818 comm="syz-executor671" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 476.382170] IPVS: ftp: loaded support on port[0] = 21 executing program [ 476.593906] IPVS: ftp: loaded support on port[0] = 21 executing program [ 476.803559] IPVS: ftp: loaded support on port[0] = 21 executing program [ 477.013734] IPVS: ftp: loaded support on port[0] = 21 executing program [ 477.223758] IPVS: ftp: loaded support on port[0] = 21 executing program [ 477.436156] IPVS: ftp: loaded support on port[0] = 21 executing program [ 477.646812] IPVS: ftp: loaded support on port[0] = 21 executing program [ 477.857838] IPVS: ftp: loaded support on port[0] = 21 executing program [ 478.069180] IPVS: ftp: loaded support on port[0] = 21 executing program [ 478.282751] IPVS: ftp: loaded support on port[0] = 21 executing program [ 478.496927] IPVS: ftp: loaded support on port[0] = 21 executing program [ 478.714318] IPVS: ftp: loaded support on port[0] = 21 executing program [ 478.929242] IPVS: ftp: loaded support on port[0] = 21 executing program [ 479.144306] IPVS: ftp: loaded support on port[0] = 21 executing program [ 479.359092] IPVS: ftp: loaded support on port[0] = 21 executing program [ 479.575422] IPVS: ftp: loaded support on port[0] = 21 executing program [ 479.789025] IPVS: ftp: loaded support on port[0] = 21 executing program [ 480.001318] IPVS: ftp: loaded support on port[0] = 21 executing program [ 480.215939] IPVS: ftp: loaded support on port[0] = 21 executing program [ 480.430095] IPVS: ftp: loaded support on port[0] = 21 executing program [ 480.650005] IPVS: ftp: loaded support on port[0] = 21 executing program [ 480.862223] IPVS: ftp: loaded support on port[0] = 21 executing program [ 481.078320] IPVS: ftp: loaded support on port[0] = 21 executing program [ 481.292051] IPVS: ftp: loaded support on port[0] = 21 executing program [ 481.507778] IPVS: ftp: loaded support on port[0] = 21 executing program [ 481.732099] IPVS: ftp: loaded support on port[0] = 21 executing program [ 481.945522] IPVS: ftp: loaded support on port[0] = 21 executing program [ 482.156829] IPVS: ftp: loaded support on port[0] = 21 executing program [ 482.371792] IPVS: ftp: loaded support on port[0] = 21 [ 482.397223] cgroup: fork rejected by pids controller in /syz0 [ 482.531734] ================================================================== [ 482.540983] BUG: KASAN: use-after-free in get_mem_cgroup_from_mm+0x28f/0x2b0 [ 482.548826] Read of size 8 at addr ffff888098c13788 by task syz-executor671/7933 [ 482.559629] [ 482.561587] CPU: 0 PID: 7933 Comm: syz-executor671 Not tainted 4.19.34 #2 [ 482.569531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 482.579950] Call Trace: [ 482.582787] dump_stack+0x172/0x1f0 [ 482.586549] ? get_mem_cgroup_from_mm+0x28f/0x2b0 [ 482.591626] print_address_description.cold+0x7c/0x20d [ 482.596972] ? get_mem_cgroup_from_mm+0x28f/0x2b0 [ 482.602048] kasan_report.cold+0x8c/0x2ba [ 482.606747] __asan_report_load8_noabort+0x14/0x20 [ 482.611861] get_mem_cgroup_from_mm+0x28f/0x2b0 [ 482.617114] mem_cgroup_try_charge+0x238/0x5e0 [ 482.621892] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 482.627694] mcopy_atomic+0x893/0x2600 [ 482.631981] ? find_held_lock+0x35/0x130 [ 482.636549] ? mm_alloc_pmd+0x300/0x300 [ 482.640762] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 482.647259] ? _copy_from_user+0xdd/0x150 [ 482.651752] userfaultfd_ioctl+0x4dd/0x39e0 [ 482.656228] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 482.662395] ? userfaultfd_read+0x18c0/0x18c0 [ 482.666929] ? mark_held_locks+0x100/0x100 [ 482.673206] ? do_futex+0x178/0x1d50 [ 482.678658] ? file_has_perm+0x26d/0x390 [ 482.683961] ? find_held_lock+0x35/0x130 [ 482.688872] ? __fget+0x340/0x540 [ 482.693136] ? userfaultfd_read+0x18c0/0x18c0 [ 482.697900] do_vfs_ioctl+0xd6e/0x1390 [ 482.702613] ? userfaultfd_read+0x18c0/0x18c0 [ 482.707652] ? do_vfs_ioctl+0xd6e/0x1390 [ 482.714299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 482.719964] ? selinux_file_ioctl+0x125/0x5e0 [ 482.725020] ? ioctl_preallocate+0x210/0x210 [ 482.729749] ? selinux_file_mprotect+0x620/0x620 [ 482.734817] ? iterate_fd+0x360/0x360 [ 482.738817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 482.744763] ? security_file_ioctl+0x93/0xc0 [ 482.749468] ksys_ioctl+0xab/0xd0 [ 482.753247] __x64_sys_ioctl+0x73/0xb0 [ 482.758663] do_syscall_64+0x103/0x610 [ 482.765739] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 482.772289] RIP: 0033:0x4471a9 [ 482.775614] Code: e8 4c bb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 482.797293] RSP: 002b:00007fcfa1242db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 482.805729] RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 00000000004471a9 [ 482.813582] RDX: 0000000020000100 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 482.821789] RBP: 00000000006dcc30 R08: 0000000000000000 R09: 0000000000000000 [ 482.829691] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc3c [ 482.838464] R13: 00007ffd131302ff R14: 00007fcfa12439c0 R15: 0000000000000001 [ 482.845926] [ 482.847738] Allocated by task 7932: [ 482.851769] save_stack+0x45/0xd0 [ 482.855358] kasan_kmalloc+0xce/0xf0 [ 482.859611] kasan_slab_alloc+0xf/0x20 [ 482.863722] kmem_cache_alloc_node+0x144/0x710 [ 482.868548] copy_process.part.0+0x1cd5/0x7970 [ 482.874014] _do_fork+0x257/0xfe0 [ 482.877515] __x64_sys_clone+0xbf/0x150 [ 482.883646] do_syscall_64+0x103/0x610 [ 482.888534] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 482.894008] [ 482.895745] Freed by task 7932: [ 482.899119] save_stack+0x45/0xd0 [ 482.902613] __kasan_slab_free+0x102/0x150 [ 482.907109] kasan_slab_free+0xe/0x10 [ 482.910938] kmem_cache_free+0x86/0x260 [ 482.914930] free_task+0xdd/0x120 [ 482.919024] copy_process.part.0+0x1a07/0x7970 [ 482.923883] _do_fork+0x257/0xfe0 [ 482.927418] __x64_sys_clone+0xbf/0x150 [ 482.931518] do_syscall_64+0x103/0x610 [ 482.935461] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 482.940916] [ 482.942551] The buggy address belongs to the object at ffff888098c126c0 [ 482.942551] which belongs to the cache task_struct(17:syz0) of size 6080 [ 482.956719] The buggy address is located 4296 bytes inside of [ 482.956719] 6080-byte region [ffff888098c126c0, ffff888098c13e80) [ 482.970111] The buggy address belongs to the page: [ 482.975145] page:ffffea0002630480 count:1 mapcount:0 mapping:ffff88809b659900 index:0x0 compound_mapcount: 0 [ 482.985239] flags: 0x1fffc0000008100(slab|head) [ 482.990347] raw: 01fffc0000008100 ffffea0002630408 ffffea0002738c88 ffff88809b659900 [ 482.998867] raw: 0000000000000000 ffff888098c126c0 0000000100000001 ffff88809639acc0 [ 483.007363] page dumped because: kasan: bad access detected [ 483.014574] page->mem_cgroup:ffff88809639acc0 [ 483.020005] [ 483.021647] Memory state around the buggy address: [ 483.027326] ffff888098c13680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 483.034789] ffff888098c13700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 483.042465] >ffff888098c13780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 483.050514] ^ [ 483.054335] ffff888098c13800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 483.061894] ffff888098c13880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 483.069867] ================================================================== [ 483.077762] Disabling lock debugging due to kernel taint [ 483.084448] Kernel panic - not syncing: panic_on_warn set ... [ 483.084448] [ 483.092492] CPU: 0 PID: 7933 Comm: syz-executor671 Tainted: G B 4.19.34 #2 [ 483.102228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 483.112639] Call Trace: [ 483.115250] dump_stack+0x172/0x1f0 [ 483.118985] ? get_mem_cgroup_from_mm+0x28f/0x2b0 [ 483.124337] panic+0x263/0x51d [ 483.127752] ? __warn_printk+0xf3/0xf3 [ 483.131884] ? get_mem_cgroup_from_mm+0x28f/0x2b0 [ 483.137561] ? preempt_schedule+0x4b/0x60 [ 483.141989] ? ___preempt_schedule+0x16/0x18 [ 483.146672] ? trace_hardirqs_on+0x5e/0x230 [ 483.151143] ? get_mem_cgroup_from_mm+0x28f/0x2b0 [ 483.156204] kasan_end_report+0x47/0x4f [ 483.160209] kasan_report.cold+0xa9/0x2ba [ 483.164549] __asan_report_load8_noabort+0x14/0x20 [ 483.169848] get_mem_cgroup_from_mm+0x28f/0x2b0 [ 483.174721] mem_cgroup_try_charge+0x238/0x5e0 [ 483.179336] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 483.184955] mcopy_atomic+0x893/0x2600 [ 483.189175] ? find_held_lock+0x35/0x130 [ 483.193548] ? mm_alloc_pmd+0x300/0x300 [ 483.197715] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 483.203412] ? _copy_from_user+0xdd/0x150 [ 483.207773] userfaultfd_ioctl+0x4dd/0x39e0 [ 483.212443] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 483.217549] ? userfaultfd_read+0x18c0/0x18c0 [ 483.222347] ? mark_held_locks+0x100/0x100 [ 483.226762] ? do_futex+0x178/0x1d50 [ 483.230604] ? file_has_perm+0x26d/0x390 [ 483.238752] ? find_held_lock+0x35/0x130 [ 483.243677] ? __fget+0x340/0x540 [ 483.247249] ? userfaultfd_read+0x18c0/0x18c0 [ 483.251959] do_vfs_ioctl+0xd6e/0x1390 [ 483.255921] ? userfaultfd_read+0x18c0/0x18c0 [ 483.260516] ? do_vfs_ioctl+0xd6e/0x1390 [ 483.264696] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 483.270373] ? selinux_file_ioctl+0x125/0x5e0 [ 483.274889] ? ioctl_preallocate+0x210/0x210 [ 483.279316] ? selinux_file_mprotect+0x620/0x620 [ 483.284096] ? iterate_fd+0x360/0x360 [ 483.287915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 483.293466] ? security_file_ioctl+0x93/0xc0 [ 483.297891] ksys_ioctl+0xab/0xd0 [ 483.301452] __x64_sys_ioctl+0x73/0xb0 [ 483.305490] do_syscall_64+0x103/0x610 [ 483.309410] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 483.314619] RIP: 0033:0x4471a9 [ 483.317822] Code: e8 4c bb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 483.336854] RSP: 002b:00007fcfa1242db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 483.344733] RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 00000000004471a9 [ 483.352022] RDX: 0000000020000100 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 483.359583] RBP: 00000000006dcc30 R08: 0000000000000000 R09: 0000000000000000 [ 483.367097] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc3c [ 483.374463] R13: 00007ffd131302ff R14: 00007fcfa12439c0 R15: 0000000000000001 [ 483.382919] Kernel Offset: disabled [ 483.386587] Rebooting in 86400 seconds..