Warning: Permanently added '10.128.0.173' (ECDSA) to the list of known hosts. [ 20.455376] urandom_read: 1 callbacks suppressed [ 20.455381] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/07 04:43:28 parsed 1 programs [ 20.553562] audit: type=1400 audit(1567831407.949:7): avc: denied { map } for pid=1774 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 20.614952] audit: type=1400 audit(1567831408.009:8): avc: denied { map } for pid=1774 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5044 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 21.187812] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/07 04:43:29 executed programs: 0 [ 22.169419] audit: type=1400 audit(1567831409.559:9): avc: denied { map } for pid=1774 comm="syz-execprog" path="/root/syzkaller-shm624653427" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2019/09/07 04:43:34 executed programs: 102 [ 28.050748] ================================================================== [ 28.058146] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x169f/0x1810 [ 28.065486] Read of size 8 at addr ffff8881cea07860 by task syz-executor.4/3186 [ 28.072906] [ 28.074515] CPU: 0 PID: 3186 Comm: syz-executor.4 Not tainted 4.14.142+ #0 [ 28.081499] Call Trace: [ 28.084068] dump_stack+0xca/0x134 [ 28.087583] ? unwind_next_frame+0x169f/0x1810 [ 28.092156] ? unwind_next_frame+0x169f/0x1810 [ 28.096719] print_address_description+0x60/0x226 [ 28.101535] ? unwind_next_frame+0x169f/0x1810 [ 28.107224] ? unwind_next_frame+0x169f/0x1810 [ 28.111787] __kasan_report.cold+0x1a/0x41 [ 28.115998] ? unwind_next_frame+0x169f/0x1810 [ 28.120554] unwind_next_frame+0x169f/0x1810 [ 28.124949] ? retint_kernel+0x2d/0x2d [ 28.129853] ? perf_callchain_user+0x4a7/0xf80 [ 28.134408] ? deref_stack_reg+0xe0/0xe0 [ 28.139069] ? perf_callchain_user+0x2d1/0xf80 [ 28.143625] ? retint_kernel+0x2d/0x2d [ 28.147496] perf_callchain_kernel+0x3a0/0x540 [ 28.152054] ? perf_callchain_kernel+0x540/0x540 [ 28.156789] ? arch_perf_update_userpage+0x330/0x330 [ 28.161872] ? perf_callchain+0x147/0x190 [ 28.166003] ? futex_wait_setup+0x132/0x330 [ 28.170302] get_perf_callchain+0x2f5/0x770 [ 28.174608] ? put_callchain_buffers+0x60/0x60 [ 28.179175] ? perf_callchain+0x150/0x190 [ 28.183302] perf_callchain+0x147/0x190 [ 28.187253] perf_prepare_sample+0x6a8/0x1360 [ 28.191723] ? perf_output_sample+0x1700/0x1700 [ 28.196369] ? perf_prepare_sample+0x1360/0x1360 [ 28.201096] ? perf_swevent_put_recursion_context+0x1a/0xa0 [ 28.206781] perf_event_output_forward+0xdc/0x220 [ 28.211597] ? perf_prepare_sample+0x1360/0x1360 [ 28.216326] ? __perf_event_overflow+0x1cc/0x340 [ 28.221057] ? check_preemption_disabled+0x35/0x1f0 [ 28.226050] __perf_event_overflow+0x12d/0x340 [ 28.230605] perf_swevent_overflow+0x7a/0xf0 [ 28.234990] perf_swevent_event+0x112/0x270 [ 28.239297] perf_tp_event+0x633/0x7f0 [ 28.243161] ? perf_swevent_put_recursion_context+0xa0/0xa0 [ 28.248854] ? trace_hardirqs_on+0x10/0x10 [ 28.253062] ? __lock_acquire+0x5d7/0x4320 [ 28.257280] ? perf_trace_run_bpf_submit+0x113/0x170 [ 28.262357] ? check_preemption_disabled+0x35/0x1f0 [ 28.267346] perf_trace_run_bpf_submit+0x113/0x170 [ 28.272252] perf_trace_lock_acquire+0x341/0x4e0 [ 28.276996] ? HARDIRQ_verbose+0x10/0x10 [ 28.281042] ? retint_kernel+0x2d/0x2d [ 28.284917] ? get_futex_key+0x4c1/0xf90 [ 28.288956] lock_acquire+0x279/0x360 [ 28.292730] ? futex_wait_setup+0x132/0x330 [ 28.297026] _raw_spin_lock+0x2a/0x40 [ 28.300803] ? futex_wait_setup+0x132/0x330 [ 28.305097] futex_wait_setup+0x132/0x330 [ 28.309222] ? get_futex_key+0xf90/0xf90 [ 28.313262] futex_wait+0x1ad/0x570 [ 28.316866] ? futex_wait_setup+0x330/0x330 [ 28.321165] ? wake_up_q+0xea/0x150 [ 28.324769] ? drop_futex_key_refs.isra.0+0x17/0xb0 [ 28.329760] ? futex_wake+0x15b/0x440 [ 28.333541] do_futex+0x13f/0x1980 [ 28.337058] ? trace_hardirqs_on+0x10/0x10 [ 28.341266] ? perf_trace_lock_acquire+0x341/0x4e0 [ 28.346169] ? exit_robust_list+0x240/0x240 [ 28.350468] ? HARDIRQ_verbose+0x10/0x10 [ 28.354529] ? __might_fault+0x104/0x1b0 [ 28.358564] ? lock_downgrade+0x5d0/0x5d0 [ 28.362686] ? lock_acquire+0x12b/0x360 [ 28.366635] ? __might_fault+0xd4/0x1b0 [ 28.370596] ? __might_fault+0x177/0x1b0 [ 28.374643] ? _copy_to_user+0x82/0xd0 [ 28.378508] SyS_futex+0x1c5/0x2c3 [ 28.382024] ? do_futex+0x1980/0x1980 [ 28.385798] ? SyS_clock_gettime+0x7d/0xe0 [ 28.390007] ? do_clock_gettime+0xd0/0xd0 [ 28.394142] ? do_syscall_64+0x43/0x520 [ 28.398089] ? do_futex+0x1980/0x1980 [ 28.401864] do_syscall_64+0x19b/0x520 [ 28.405763] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 28.410964] RIP: 0033:0x4598e9 [ 28.414129] RSP: 002b:00007fb88c24dcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 28.421816] RAX: ffffffffffffffda RBX: 000000000075bf28 RCX: 00000000004598e9 [ 28.430021] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf28 [ 28.437272] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 28.444526] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf2c [ 28.451770] R13: 00007ffccc7d04cf R14: 00007fb88c24e9c0 R15: 000000000075bf2c [ 28.459027] [ 28.460632] The buggy address belongs to the page: [ 28.465537] page:ffffea00073a81c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 28.473652] flags: 0x4000000000000000() [ 28.477601] raw: 4000000000000000 0000000000000000 0000000000000000 00000000ffffffff [ 28.485454] raw: 0000000000000000 ffffea00073a81e0 0000000000000000 0000000000000000 [ 28.493311] page dumped because: kasan: bad access detected [ 28.498994] [ 28.500596] Memory state around the buggy address: [ 28.505499] ffff8881cea07700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.512832] ffff8881cea07780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.520171] >ffff8881cea07800: 00 00 00 f1 f1 f1 f1 f1 f1 04 f2 00 f3 f3 f3 00 [ 28.527504] ^ [ 28.533978] ffff8881cea07880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.541311] ffff8881cea07900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.548641] ================================================================== [ 28.555973] Disabling lock debugging due to kernel taint [ 28.561395] Kernel panic - not syncing: panic_on_warn set ... [ 28.561395] [ 28.568733] CPU: 0 PID: 3186 Comm: syz-executor.4 Tainted: G B 4.14.142+ #0 [ 28.577018] Call Trace: [ 28.579583] dump_stack+0xca/0x134 [ 28.583103] panic+0x1ea/0x3d3 [ 28.586270] ? add_taint.cold+0x16/0x16 [ 28.590220] ? lock_downgrade+0x5d0/0x5d0 [ 28.594353] ? unwind_next_frame+0x169f/0x1810 [ 28.598913] end_report+0x43/0x49 [ 28.602341] ? unwind_next_frame+0x169f/0x1810 [ 28.606899] __kasan_report.cold+0xd/0x41 [ 28.611021] ? unwind_next_frame+0x169f/0x1810 [ 28.615576] unwind_next_frame+0x169f/0x1810 [ 28.619969] ? retint_kernel+0x2d/0x2d [ 28.623831] ? perf_callchain_user+0x4a7/0xf80 [ 28.628473] ? deref_stack_reg+0xe0/0xe0 [ 28.632509] ? perf_callchain_user+0x2d1/0xf80 [ 28.637069] ? retint_kernel+0x2d/0x2d [ 28.640932] perf_callchain_kernel+0x3a0/0x540 [ 28.645593] ? perf_callchain_kernel+0x540/0x540 [ 28.650377] ? arch_perf_update_userpage+0x330/0x330 [ 28.655636] ? perf_callchain+0x147/0x190 [ 28.659764] ? futex_wait_setup+0x132/0x330 [ 28.664067] get_perf_callchain+0x2f5/0x770 [ 28.668369] ? put_callchain_buffers+0x60/0x60 [ 28.672926] ? perf_callchain+0x150/0x190 [ 28.677061] perf_callchain+0x147/0x190 [ 28.681027] perf_prepare_sample+0x6a8/0x1360 [ 28.685514] ? perf_output_sample+0x1700/0x1700 [ 28.690166] ? perf_prepare_sample+0x1360/0x1360 [ 28.694993] ? perf_swevent_put_recursion_context+0x1a/0xa0 [ 28.700771] perf_event_output_forward+0xdc/0x220 [ 28.705595] ? perf_prepare_sample+0x1360/0x1360 [ 28.710330] ? __perf_event_overflow+0x1cc/0x340 [ 28.715532] ? check_preemption_disabled+0x35/0x1f0 [ 28.720531] __perf_event_overflow+0x12d/0x340 [ 28.725097] perf_swevent_overflow+0x7a/0xf0 [ 28.729486] perf_swevent_event+0x112/0x270 [ 28.733787] perf_tp_event+0x633/0x7f0 [ 28.737656] ? perf_swevent_put_recursion_context+0xa0/0xa0 [ 28.743352] ? trace_hardirqs_on+0x10/0x10 [ 28.747565] ? __lock_acquire+0x5d7/0x4320 [ 28.751874] ? perf_trace_run_bpf_submit+0x113/0x170 [ 28.756953] ? check_preemption_disabled+0x35/0x1f0 [ 28.761945] perf_trace_run_bpf_submit+0x113/0x170 [ 28.766862] perf_trace_lock_acquire+0x341/0x4e0 [ 28.771595] ? HARDIRQ_verbose+0x10/0x10 [ 28.775632] ? retint_kernel+0x2d/0x2d [ 28.779509] ? get_futex_key+0x4c1/0xf90 [ 28.783555] lock_acquire+0x279/0x360 [ 28.787330] ? futex_wait_setup+0x132/0x330 [ 28.791716] _raw_spin_lock+0x2a/0x40 [ 28.795500] ? futex_wait_setup+0x132/0x330 [ 28.799801] futex_wait_setup+0x132/0x330 [ 28.803927] ? get_futex_key+0xf90/0xf90 [ 28.807968] futex_wait+0x1ad/0x570 [ 28.811571] ? futex_wait_setup+0x330/0x330 [ 28.815866] ? wake_up_q+0xea/0x150 [ 28.819471] ? drop_futex_key_refs.isra.0+0x17/0xb0 [ 28.824462] ? futex_wake+0x15b/0x440 [ 28.828257] do_futex+0x13f/0x1980 [ 28.831774] ? trace_hardirqs_on+0x10/0x10 [ 28.835983] ? perf_trace_lock_acquire+0x341/0x4e0 [ 28.840896] ? exit_robust_list+0x240/0x240 [ 28.845193] ? HARDIRQ_verbose+0x10/0x10 [ 28.850013] ? __might_fault+0x104/0x1b0 [ 28.854051] ? lock_downgrade+0x5d0/0x5d0 [ 28.858173] ? lock_acquire+0x12b/0x360 [ 28.862123] ? __might_fault+0xd4/0x1b0 [ 28.866073] ? __might_fault+0x177/0x1b0 [ 28.870110] ? _copy_to_user+0x82/0xd0 [ 28.873988] SyS_futex+0x1c5/0x2c3 [ 28.877509] ? do_futex+0x1980/0x1980 [ 28.881296] ? SyS_clock_gettime+0x7d/0xe0 [ 28.885509] ? do_clock_gettime+0xd0/0xd0 [ 28.889648] ? do_syscall_64+0x43/0x520 [ 28.894122] ? do_futex+0x1980/0x1980 [ 28.897912] do_syscall_64+0x19b/0x520 [ 28.901787] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 28.906959] RIP: 0033:0x4598e9 [ 28.910129] RSP: 002b:00007fb88c24dcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 28.917820] RAX: ffffffffffffffda RBX: 000000000075bf28 RCX: 00000000004598e9 [ 28.925066] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf28 [ 28.932315] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 28.939561] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf2c [ 28.946825] R13: 00007ffccc7d04cf R14: 00007fb88c24e9c0 R15: 000000000075bf2c [ 28.954799] Kernel Offset: 0x29800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 28.965694] Rebooting in 86400 seconds..