Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. executing program [ 522.294439][ T7747] IPVS: ftp: loaded support on port[0] = 21 [ 522.400816][ T7749] IPVS: ftp: loaded support on port[0] = 21 executing program [ 522.611456][ T7753] IPVS: ftp: loaded support on port[0] = 21 executing program [ 522.824183][ T7757] IPVS: ftp: loaded support on port[0] = 21 executing program [ 523.035059][ T7761] IPVS: ftp: loaded support on port[0] = 21 executing program [ 523.248049][ T7765] IPVS: ftp: loaded support on port[0] = 21 executing program [ 523.458169][ T7769] IPVS: ftp: loaded support on port[0] = 21 executing program [ 523.669106][ T7773] IPVS: ftp: loaded support on port[0] = 21 executing program [ 523.879125][ T7777] IPVS: ftp: loaded support on port[0] = 21 executing program [ 524.089872][ T7781] IPVS: ftp: loaded support on port[0] = 21 executing program [ 524.303379][ T7785] IPVS: ftp: loaded support on port[0] = 21 executing program [ 524.514214][ T7789] IPVS: ftp: loaded support on port[0] = 21 executing program [ 524.725197][ T7793] IPVS: ftp: loaded support on port[0] = 21 executing program [ 524.937892][ T7797] IPVS: ftp: loaded support on port[0] = 21 executing program [ 525.150813][ T7801] IPVS: ftp: loaded support on port[0] = 21 executing program [ 525.361837][ T7805] IPVS: ftp: loaded support on port[0] = 21 executing program [ 525.571282][ T7809] IPVS: ftp: loaded support on port[0] = 21 executing program [ 525.781934][ T7813] IPVS: ftp: loaded support on port[0] = 21 executing program [ 525.994400][ T7817] IPVS: ftp: loaded support on port[0] = 21 executing program [ 526.205153][ T7821] IPVS: ftp: loaded support on port[0] = 21 executing program [ 526.414470][ T7825] IPVS: ftp: loaded support on port[0] = 21 executing program [ 526.626237][ T7829] IPVS: ftp: loaded support on port[0] = 21 executing program [ 526.836075][ T7833] IPVS: ftp: loaded support on port[0] = 21 executing program [ 527.047275][ T7837] IPVS: ftp: loaded support on port[0] = 21 executing program [ 527.257886][ T7841] IPVS: ftp: loaded support on port[0] = 21 executing program [ 527.467894][ T7845] IPVS: ftp: loaded support on port[0] = 21 executing program [ 527.676900][ T7849] IPVS: ftp: loaded support on port[0] = 21 executing program [ 527.887840][ T7853] IPVS: ftp: loaded support on port[0] = 21 executing program [ 528.109253][ T7857] IPVS: ftp: loaded support on port[0] = 21 executing program [ 528.319732][ T7861] IPVS: ftp: loaded support on port[0] = 21 [ 528.346043][ T7861] cgroup: fork rejected by pids controller in /syz0 [ 528.475457][ T7862] ================================================================== [ 528.483834][ T7862] BUG: KASAN: use-after-free in get_mem_cgroup_from_mm+0x28f/0x2b0 [ 528.491731][ T7862] Read of size 8 at addr ffff88808e6c3798 by task syz-executor295/7862 [ 528.499956][ T7862] [ 528.502287][ T7862] CPU: 0 PID: 7862 Comm: syz-executor295 Not tainted 5.1.0-rc5+ #71 [ 528.510257][ T7862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 528.520318][ T7862] Call Trace: [ 528.523705][ T7862] dump_stack+0x172/0x1f0 [ 528.528147][ T7862] ? get_mem_cgroup_from_mm+0x28f/0x2b0 [ 528.533759][ T7862] print_address_description.cold+0x7c/0x20d [ 528.539751][ T7862] ? get_mem_cgroup_from_mm+0x28f/0x2b0 [ 528.545304][ T7862] ? get_mem_cgroup_from_mm+0x28f/0x2b0 [ 528.551357][ T7862] kasan_report.cold+0x1b/0x40 [ 528.556124][ T7862] ? get_mem_cgroup_from_mm+0x28f/0x2b0 [ 528.561685][ T7862] __asan_report_load8_noabort+0x14/0x20 [ 528.567410][ T7862] get_mem_cgroup_from_mm+0x28f/0x2b0 [ 528.572802][ T7862] mem_cgroup_try_charge+0x238/0x5e0 [ 528.578345][ T7862] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 528.584638][ T7862] mcopy_atomic+0x893/0x2600 [ 528.589285][ T7862] ? find_held_lock+0x35/0x130 [ 528.594071][ T7862] ? mm_alloc_pmd+0x300/0x300 [ 528.598949][ T7862] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 528.605692][ T7862] ? _copy_from_user+0xdd/0x150 [ 528.610606][ T7862] userfaultfd_ioctl+0x4d8/0x3aa0 [ 528.615711][ T7862] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 528.621454][ T7862] ? futex_wake+0x179/0x4d0 [ 528.625975][ T7862] ? userfaultfd_read+0x1940/0x1940 [ 528.631186][ T7862] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 528.637520][ T7862] ? tomoyo_init_request_info+0x105/0x1d0 [ 528.643252][ T7862] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 528.649499][ T7862] ? tomoyo_path_number_perm+0x263/0x520 [ 528.655142][ T7862] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 528.660994][ T7862] ? __fget+0x35a/0x550 [ 528.665171][ T7862] ? userfaultfd_read+0x1940/0x1940 [ 528.670440][ T7862] do_vfs_ioctl+0xd6e/0x1390 [ 528.675048][ T7862] ? userfaultfd_read+0x1940/0x1940 [ 528.680252][ T7862] ? do_vfs_ioctl+0xd6e/0x1390 [ 528.685026][ T7862] ? ioctl_preallocate+0x210/0x210 [ 528.690140][ T7862] ? __fget+0x381/0x550 [ 528.694329][ T7862] ? ksys_dup3+0x3e0/0x3e0 [ 528.698762][ T7862] ? tomoyo_file_ioctl+0x23/0x30 [ 528.703724][ T7862] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 528.710046][ T7862] ? security_file_ioctl+0x93/0xc0 [ 528.715175][ T7862] ksys_ioctl+0xab/0xd0 [ 528.719351][ T7862] __x64_sys_ioctl+0x73/0xb0 [ 528.723997][ T7862] do_syscall_64+0x103/0x610 [ 528.728636][ T7862] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 528.734553][ T7862] RIP: 0033:0x4471a9 [ 528.738459][ T7862] Code: e8 4c bb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 528.758175][ T7862] RSP: 002b:00007fd85ca50db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 528.766689][ T7862] RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 00000000004471a9 [ 528.774686][ T7862] RDX: 0000000020000100 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 528.782667][ T7862] RBP: 00000000006dcc30 R08: 0000000000000000 R09: 0000000000000000 [ 528.790674][ T7862] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc3c [ 528.798661][ T7862] R13: 00007ffc48ed0aff R14: 00007fd85ca519c0 R15: 0000000000000001 [ 528.807188][ T7862] [ 528.809525][ T7862] Allocated by task 7861: [ 528.813923][ T7862] save_stack+0x45/0xd0 [ 528.818090][ T7862] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 528.823742][ T7862] kasan_slab_alloc+0xf/0x20 [ 528.828334][ T7862] kmem_cache_alloc_node+0x131/0x710 [ 528.833673][ T7862] copy_process.part.0+0x1d08/0x7980 [ 528.838967][ T7862] _do_fork+0x257/0xfd0 [ 528.843128][ T7862] __x64_sys_clone+0xbf/0x150 [ 528.847834][ T7862] do_syscall_64+0x103/0x610 [ 528.852425][ T7862] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 528.858307][ T7862] [ 528.860637][ T7862] Freed by task 7861: [ 528.864625][ T7862] save_stack+0x45/0xd0 [ 528.868785][ T7862] __kasan_slab_free+0x102/0x150 [ 528.873716][ T7862] kasan_slab_free+0xe/0x10 [ 528.878216][ T7862] kmem_cache_free+0x86/0x260 [ 528.882892][ T7862] free_task+0xdd/0x120 [ 528.887050][ T7862] copy_process.part.0+0x1a3a/0x7980 [ 528.892361][ T7862] _do_fork+0x257/0xfd0 [ 528.896513][ T7862] __x64_sys_clone+0xbf/0x150 [ 528.901187][ T7862] do_syscall_64+0x103/0x610 [ 528.905862][ T7862] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 528.912817][ T7862] [ 528.915170][ T7862] The buggy address belongs to the object at ffff88808e6c26c0 [ 528.915170][ T7862] which belongs to the cache task_struct(17:syz0) of size 6080 [ 528.930099][ T7862] The buggy address is located 4312 bytes inside of [ 528.930099][ T7862] 6080-byte region [ffff88808e6c26c0, ffff88808e6c3e80) [ 528.943558][ T7862] The buggy address belongs to the page: [ 528.949210][ T7862] page:ffffea000239b080 count:1 mapcount:0 mapping:ffff888099aa1540 index:0x0 compound_mapcount: 0 [ 528.959892][ T7862] flags: 0x1fffc0000010200(slab|head) [ 528.965295][ T7862] raw: 01fffc0000010200 ffffea000239b008 ffffea0002664d88 ffff888099aa1540 [ 528.973888][ T7862] raw: 0000000000000000 ffff88808e6c26c0 0000000100000001 ffff8880988e01c0 [ 528.982475][ T7862] page dumped because: kasan: bad access detected [ 528.988900][ T7862] page->mem_cgroup:ffff8880988e01c0 [ 528.994106][ T7862] [ 528.996432][ T7862] Memory state around the buggy address: [ 529.002063][ T7862] ffff88808e6c3680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 529.010157][ T7862] ffff88808e6c3700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 529.018236][ T7862] >ffff88808e6c3780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 529.026299][ T7862] ^ [ 529.031156][ T7862] ffff88808e6c3800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 529.039224][ T7862] ffff88808e6c3880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 529.047303][ T7862] ================================================================== [ 529.055363][ T7862] Disabling lock debugging due to kernel taint [ 529.063365][ T7862] Kernel panic - not syncing: panic_on_warn set ... [ 529.069978][ T7862] CPU: 0 PID: 7862 Comm: syz-executor295 Tainted: G B 5.1.0-rc5+ #71 [ 529.079329][ T7862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 529.089717][ T7862] Call Trace: [ 529.092992][ T7862] dump_stack+0x172/0x1f0 [ 529.097424][ T7862] panic+0x2cb/0x65c [ 529.101319][ T7862] ? __warn_printk+0xf3/0xf3 [ 529.105915][ T7862] ? get_mem_cgroup_from_mm+0x28f/0x2b0 [ 529.111493][ T7862] ? preempt_schedule+0x4b/0x60 [ 529.116338][ T7862] ? ___preempt_schedule+0x16/0x18 [ 529.121525][ T7862] ? trace_hardirqs_on+0x5e/0x230 [ 529.126547][ T7862] ? get_mem_cgroup_from_mm+0x28f/0x2b0 [ 529.132078][ T7862] end_report+0x47/0x4f [ 529.136215][ T7862] ? get_mem_cgroup_from_mm+0x28f/0x2b0 [ 529.141871][ T7862] kasan_report.cold+0xe/0x40 [ 529.146530][ T7862] ? get_mem_cgroup_from_mm+0x28f/0x2b0 [ 529.152055][ T7862] __asan_report_load8_noabort+0x14/0x20 [ 529.157669][ T7862] get_mem_cgroup_from_mm+0x28f/0x2b0 [ 529.163027][ T7862] mem_cgroup_try_charge+0x238/0x5e0 [ 529.168296][ T7862] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 529.174792][ T7862] mcopy_atomic+0x893/0x2600 [ 529.179433][ T7862] ? find_held_lock+0x35/0x130 [ 529.184190][ T7862] ? mm_alloc_pmd+0x300/0x300 [ 529.188945][ T7862] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 529.195166][ T7862] ? _copy_from_user+0xdd/0x150 [ 529.200002][ T7862] userfaultfd_ioctl+0x4d8/0x3aa0 [ 529.205073][ T7862] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 529.210844][ T7862] ? futex_wake+0x179/0x4d0 [ 529.215339][ T7862] ? userfaultfd_read+0x1940/0x1940 [ 529.220523][ T7862] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 529.226750][ T7862] ? tomoyo_init_request_info+0x105/0x1d0 [ 529.232520][ T7862] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 529.238744][ T7862] ? tomoyo_path_number_perm+0x263/0x520 [ 529.244356][ T7862] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 529.250154][ T7862] ? __fget+0x35a/0x550 [ 529.254295][ T7862] ? userfaultfd_read+0x1940/0x1940 [ 529.259474][ T7862] do_vfs_ioctl+0xd6e/0x1390 [ 529.264046][ T7862] ? userfaultfd_read+0x1940/0x1940 [ 529.269233][ T7862] ? do_vfs_ioctl+0xd6e/0x1390 [ 529.273988][ T7862] ? ioctl_preallocate+0x210/0x210 [ 529.279224][ T7862] ? __fget+0x381/0x550 [ 529.283375][ T7862] ? ksys_dup3+0x3e0/0x3e0 [ 529.287777][ T7862] ? tomoyo_file_ioctl+0x23/0x30 [ 529.292701][ T7862] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 529.299125][ T7862] ? security_file_ioctl+0x93/0xc0 [ 529.304217][ T7862] ksys_ioctl+0xab/0xd0 [ 529.308357][ T7862] __x64_sys_ioctl+0x73/0xb0 [ 529.312940][ T7862] do_syscall_64+0x103/0x610 [ 529.317513][ T7862] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 529.323395][ T7862] RIP: 0033:0x4471a9 [ 529.327381][ T7862] Code: e8 4c bb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 529.347129][ T7862] RSP: 002b:00007fd85ca50db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 529.355519][ T7862] RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 00000000004471a9 [ 529.363473][ T7862] RDX: 0000000020000100 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 529.371425][ T7862] RBP: 00000000006dcc30 R08: 0000000000000000 R09: 0000000000000000 [ 529.379377][ T7862] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc3c [ 529.387329][ T7862] R13: 00007ffc48ed0aff R14: 00007fd85ca519c0 R15: 0000000000000001 [ 529.395994][ T7862] Kernel Offset: disabled [ 529.400314][ T7862] Rebooting in 86400 seconds..