random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) IPVS: ftp: loaded support on port[0] = 21 ================================================================== BUG: KASAN: slab-out-of-bounds in predicate_parse kernel/trace/trace_events_filter.c:557 [inline] BUG: KASAN: slab-out-of-bounds in process_preds+0x191f/0x19d0 kernel/trace/trace_events_filter.c:1505 Write of size 4 at addr ffff8801ce48ac70 by task syz-executor0/4543 CPU: 1 PID: 4543 Comm: syz-executor0 Not tainted 4.17.0-rc4+ #64 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412 __asan_report_store4_noabort+0x17/0x20 mm/kasan/report.c:437 predicate_parse kernel/trace/trace_events_filter.c:557 [inline] process_preds+0x191f/0x19d0 kernel/trace/trace_events_filter.c:1505 create_filter+0x155/0x270 kernel/trace/trace_events_filter.c:1713 ftrace_profile_set_filter+0x130/0x2e0 kernel/trace/trace_events_filter.c:2038 perf_event_set_filter+0x248/0x1230 kernel/events/core.c:9079 _perf_ioctl+0x84c/0x15e0 kernel/events/core.c:5059 perf_ioctl+0x59/0x80 kernel/events/core.c:5110 perf_compat_ioctl+0x44/0x90 kernel/events/core.c:5130 __do_compat_sys_ioctl fs/compat_ioctl.c:1461 [inline] __se_compat_sys_ioctl fs/compat_ioctl.c:1407 [inline] __ia32_compat_sys_ioctl+0x221/0x640 fs/compat_ioctl.c:1407 do_syscall_32_irqs_on arch/x86/entry/common.c:323 [inline] do_fast_syscall_32+0x345/0xf9b arch/x86/entry/common.c:394 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7f24cb9 RSP: 002b:00000000ff8ec47c EFLAGS: 00000282 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040082406 RDX: 0000000020000200 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Allocated by task 1: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc4/0xe0 mm/kasan/kasan.c:553 kmem_cache_alloc_trace+0x152/0x780 mm/slab.c:3620 kmalloc include/linux/slab.h:512 [inline] kzalloc include/linux/slab.h:701 [inline] minstrel_alloc+0x51/0x650 net/mac80211/rc80211_minstrel.c:659 minstrel_ht_alloc+0x42/0x50 net/mac80211/rc80211_minstrel_ht.c:1346 rate_control_alloc net/mac80211/rate.c:246 [inline] ieee80211_init_rate_ctrl_alg+0x1fd/0x4f0 net/mac80211/rate.c:968 ieee80211_register_hw+0x16e9/0x35d0 net/mac80211/main.c:1100 mac80211_hwsim_new_radio+0x1d9b/0x3410 drivers/net/wireless/mac80211_hwsim.c:2772 init_mac80211_hwsim+0x6ec/0x88f drivers/net/wireless/mac80211_hwsim.c:3667 do_one_initcall+0x127/0x913 init/main.c:883 do_initcall_level init/main.c:951 [inline] do_initcalls init/main.c:959 [inline] do_basic_setup init/main.c:977 [inline] kernel_init_freeable+0x49b/0x58e init/main.c:1127 kernel_init+0x11/0x1b3 init/main.c:1053 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412 Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff8801ce48ac00 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 48 bytes to the right of 64-byte region [ffff8801ce48ac00, ffff8801ce48ac40) The buggy address belongs to the page: page:ffffea0007392280 count:1 mapcount:0 mapping:ffff8801ce48a000 index:0x0 flags: 0x2fffc0000000100(slab) raw: 02fffc0000000100 ffff8801ce48a000 0000000000000000 0000000100000020 raw: ffffea00073a9fe0 ffffea000739c3a0 ffff8801da800340 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801ce48ab00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff8801ce48ab80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc >ffff8801ce48ac00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ^ ffff8801ce48ac80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ffff8801ce48ad00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ==================================================================