INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.54' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   39.080008] ==================================================================
[   39.087447] BUG: KASAN: slab-out-of-bounds in process_preds+0x1958/0x19b0
[   39.094354] Write of size 4 at addr ffff8801ced9e0f0 by task syz-executor563/4475
[   39.101949] 
[   39.103562] CPU: 0 PID: 4475 Comm: syz-executor563 Not tainted 4.17.0-rc1+ #12
[   39.110899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.120234] Call Trace:
[   39.122806]  dump_stack+0x1b9/0x294
[   39.126426]  ? dump_stack_print_info.cold.2+0x52/0x52
[   39.131598]  ? printk+0x9e/0xba
[   39.134864]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   39.139608]  ? kasan_check_write+0x14/0x20
[   39.143831]  print_address_description+0x6c/0x20b
[   39.148668]  ? process_preds+0x1958/0x19b0
[   39.152887]  kasan_report.cold.7+0x242/0x2fe
[   39.157282]  __asan_report_store4_noabort+0x17/0x20
[   39.162282]  process_preds+0x1958/0x19b0
[   39.166331]  ? create_filter_start.constprop.12+0xfb/0x2b0
[   39.171948]  ? parse_pred+0x28e0/0x28e0
[   39.175910]  ? create_filter_start.constprop.12+0x55/0x2b0
[   39.181520]  create_filter+0x155/0x270
[   39.185400]  ? process_preds+0x19b0/0x19b0
[   39.189629]  ftrace_profile_set_filter+0x130/0x2e0
[   39.194546]  ? ftrace_profile_free_filter+0x70/0x70
[   39.199552]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   39.205072]  ? memdup_user+0x6b/0xa0
[   39.208777]  perf_event_set_filter+0x248/0x1230
[   39.213436]  ? perf_tp_event+0xc30/0xc30
[   39.217489]  ? mutex_trylock+0x2a0/0x2a0
[   39.221545]  ? perf_pmu_unregister+0x530/0x530
[   39.226113]  ? perf_trace_lock_acquire+0x4f1/0x980
[   39.231036]  ? perf_trace_lock+0x900/0x900
[   39.235253]  ? perf_tp_event+0xc30/0xc30
[   39.239298]  ? graph_lock+0x170/0x170
[   39.243085]  ? memset+0x31/0x40
[   39.246362]  ? perf_trace_lock_acquire+0x4f1/0x980
[   39.251274]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   39.256448]  _perf_ioctl+0x84c/0x15e0
[   39.260231]  ? __do_sys_perf_event_open+0x3040/0x3040
[   39.265410]  ? lock_downgrade+0x8e0/0x8e0
[   39.269549]  ? kasan_check_read+0x11/0x20
[   39.273679]  ? rcu_is_watching+0x85/0x140
[   39.277822]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   39.283001]  ? mutex_lock_nested+0x16/0x20
[   39.287218]  ? mutex_lock_nested+0x16/0x20
[   39.291434]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   39.296613]  ? perf_event_read_event+0x430/0x430
[   39.301349]  ? find_held_lock+0x36/0x1c0
[   39.305405]  perf_ioctl+0x59/0x80
[   39.308839]  ? _perf_ioctl+0x15e0/0x15e0
[   39.312882]  do_vfs_ioctl+0x1cf/0x16a0
[   39.316751]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   39.322282]  ? ioctl_preallocate+0x2e0/0x2e0
[   39.326673]  ? fget_raw+0x20/0x20
[   39.330115]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.335635]  ? __do_page_fault+0x441/0xe40
[   39.339860]  ? mm_fault_error+0x380/0x380
[   39.343992]  ? security_file_ioctl+0x94/0xc0
[   39.348386]  ksys_ioctl+0xa9/0xd0
[   39.351825]  __x64_sys_ioctl+0x73/0xb0
[   39.355699]  do_syscall_64+0x1b1/0x800
[   39.359572]  ? syscall_return_slowpath+0x5c0/0x5c0
[   39.364483]  ? syscall_return_slowpath+0x30f/0x5c0
[   39.369399]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.374919]  ? retint_user+0x18/0x18
[   39.378630]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.383462]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.388633] RIP: 0033:0x43fdb9
[   39.391805] RSP: 002b:00007ffc931889f8 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[   39.399498] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9
[   39.406751] RDX: 0000000020000040 RSI: 0000000040082406 RDI: 0000000000000003
[   39.414008] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   39.421260] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0
[   39.428512] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   39.435777] 
[   39.437386] Allocated by task 1:
[   39.440736]  save_stack+0x43/0xd0
[   39.444170]  kasan_kmalloc+0xc4/0xe0
[   39.447863]  __kmalloc+0x14e/0x760
[   39.451384]  kobject_get_path+0xc2/0x1a0
[   39.455428]  kobject_uevent_env+0x234/0xea0
[   39.459734]  kobject_uevent+0x1f/0x30
[   39.463521]  net_rx_queue_update_kobjects+0x493/0x610
[   39.468690]  netdev_register_kobject+0x276/0x380
[   39.473427]  register_netdevice+0x997/0x11c0
[   39.477816]  ieee80211_if_add+0xc04/0x1a20
[   39.482034]  ieee80211_register_hw+0x2ab0/0x35d0
[   39.486773]  mac80211_hwsim_new_radio+0x1d9b/0x3410
[   39.491789]  init_mac80211_hwsim+0x6ec/0x88f
[   39.496180]  do_one_initcall+0x127/0x913
[   39.500224]  kernel_init_freeable+0x49b/0x58e
[   39.504707]  kernel_init+0x11/0x1b3
[   39.508314]  ret_from_fork+0x3a/0x50
[   39.512005] 
[   39.513612] Freed by task 1:
[   39.516609]  save_stack+0x43/0xd0
[   39.520039]  __kasan_slab_free+0x11a/0x170
[   39.524251]  kasan_slab_free+0xe/0x10
[   39.528036]  kfree+0xd9/0x260
[   39.531123]  kobject_uevent_env+0x275/0xea0
[   39.535427]  kobject_uevent+0x1f/0x30
[   39.539210]  net_rx_queue_update_kobjects+0x493/0x610
[   39.544390]  netdev_register_kobject+0x276/0x380
[   39.549132]  register_netdevice+0x997/0x11c0
[   39.553523]  ieee80211_if_add+0xc04/0x1a20
[   39.557738]  ieee80211_register_hw+0x2ab0/0x35d0
[   39.562474]  mac80211_hwsim_new_radio+0x1d9b/0x3410
[   39.567475]  init_mac80211_hwsim+0x6ec/0x88f
[   39.571869]  do_one_initcall+0x127/0x913
[   39.575914]  kernel_init_freeable+0x49b/0x58e
[   39.580388]  kernel_init+0x11/0x1b3
[   39.583993]  ret_from_fork+0x3a/0x50
[   39.587682] 
[   39.589291] The buggy address belongs to the object at ffff8801ced9e080
[   39.589291]  which belongs to the cache kmalloc-64 of size 64
[   39.601758] The buggy address is located 48 bytes to the right of
[   39.601758]  64-byte region [ffff8801ced9e080, ffff8801ced9e0c0)
[   39.613957] The buggy address belongs to the page:
[   39.619154] page:ffffea00073b6780 count:1 mapcount:0 mapping:ffff8801ced9e000 index:0xffff8801ced9ed80
[   39.628597] flags: 0x2fffc0000000100(slab)
[   39.632819] raw: 02fffc0000000100 ffff8801ced9e000 ffff8801ced9ed80 0000000100000016
[   39.640680] raw: ffff8801da801338 ffffea00073119a0 ffff8801da800340 0000000000000000
[   39.648537] page dumped because: kasan: bad access detected
[   39.654224] 
[   39.655832] Memory state around the buggy address:
[   39.660749]  ffff8801ced9df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.668091]  ffff8801ced9e000: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   39.675432] >ffff8801ced9e080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   39.682771]                                                              ^
[   39.689767]  ffff8801ced9e100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   39.697107]  ffff8801ced9e180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   39.704443] ==================================================================
[   39.711780] Disabling lock debugging due to kernel taint
[   39.717340] Kernel panic - not syncing: panic_on_warn set ...
[   39.717340] 
[   39.724725] CPU: 0 PID: 4475 Comm: syz-executor563 Tainted: G    B             4.17.0-rc1+ #12
[   39.733454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.742786] Call Trace:
[   39.745356]  dump_stack+0x1b9/0x294
[   39.748974]  ? dump_stack_print_info.cold.2+0x52/0x52
[   39.754147]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   39.758888]  ? process_preds+0x18c0/0x19b0
[   39.763104]  panic+0x22f/0x4de
[   39.766277]  ? add_taint.cold.5+0x16/0x16
[   39.770412]  ? do_raw_spin_unlock+0x9e/0x2e0
[   39.774805]  ? do_raw_spin_unlock+0x9e/0x2e0
[   39.779195]  ? process_preds+0x1958/0x19b0
[   39.783413]  kasan_end_report+0x47/0x4f
[   39.787373]  kasan_report.cold.7+0x76/0x2fe
[   39.791680]  __asan_report_store4_noabort+0x17/0x20
[   39.796678]  process_preds+0x1958/0x19b0
[   39.800722]  ? create_filter_start.constprop.12+0xfb/0x2b0
[   39.806330]  ? parse_pred+0x28e0/0x28e0
[   39.810290]  ? create_filter_start.constprop.12+0x55/0x2b0
[   39.815899]  create_filter+0x155/0x270
[   39.819771]  ? process_preds+0x19b0/0x19b0
[   39.823995]  ftrace_profile_set_filter+0x130/0x2e0
[   39.828908]  ? ftrace_profile_free_filter+0x70/0x70
[   39.833916]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   39.839434]  ? memdup_user+0x6b/0xa0
[   39.843137]  perf_event_set_filter+0x248/0x1230
[   39.847789]  ? perf_tp_event+0xc30/0xc30
[   39.851838]  ? mutex_trylock+0x2a0/0x2a0
[   39.855881]  ? perf_pmu_unregister+0x530/0x530
[   39.860445]  ? perf_trace_lock_acquire+0x4f1/0x980
[   39.865360]  ? perf_trace_lock+0x900/0x900
[   39.869574]  ? perf_tp_event+0xc30/0xc30
[   39.873619]  ? graph_lock+0x170/0x170
[   39.877404]  ? memset+0x31/0x40
[   39.880673]  ? perf_trace_lock_acquire+0x4f1/0x980
[   39.885585]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   39.890760]  _perf_ioctl+0x84c/0x15e0
[   39.894545]  ? __do_sys_perf_event_open+0x3040/0x3040
[   39.899718]  ? lock_downgrade+0x8e0/0x8e0
[   39.903852]  ? kasan_check_read+0x11/0x20
[   39.907980]  ? rcu_is_watching+0x85/0x140
[   39.912108]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   39.917283]  ? mutex_lock_nested+0x16/0x20
[   39.921498]  ? mutex_lock_nested+0x16/0x20
[   39.925715]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   39.930899]  ? perf_event_read_event+0x430/0x430
[   39.935641]  ? find_held_lock+0x36/0x1c0
[   39.939693]  perf_ioctl+0x59/0x80
[   39.943126]  ? _perf_ioctl+0x15e0/0x15e0
[   39.947170]  do_vfs_ioctl+0x1cf/0x16a0
[   39.951040]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   39.956565]  ? ioctl_preallocate+0x2e0/0x2e0
[   39.960954]  ? fget_raw+0x20/0x20
[   39.964395]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.969912]  ? __do_page_fault+0x441/0xe40
[   39.974131]  ? mm_fault_error+0x380/0x380
[   39.978264]  ? security_file_ioctl+0x94/0xc0
[   39.982657]  ksys_ioctl+0xa9/0xd0
[   39.986093]  __x64_sys_ioctl+0x73/0xb0
[   39.989965]  do_syscall_64+0x1b1/0x800
[   39.993836]  ? syscall_return_slowpath+0x5c0/0x5c0
[   39.998747]  ? syscall_return_slowpath+0x30f/0x5c0
[   40.003664]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.009196]  ? retint_user+0x18/0x18
[   40.012898]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.017727]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.022897] RIP: 0033:0x43fdb9
[   40.026069] RSP: 002b:00007ffc931889f8 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[   40.033759] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9
[   40.041012] RDX: 0000000020000040 RSI: 0000000040082406 RDI: 0000000000000003
[   40.048272] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   40.055523] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0
[   40.062775] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   40.070438] Dumping ftrace buffer:
[   40.073956]    (ftrace buffer empty)
[   40.077648] Kernel Offset: disabled
[   40.081261] Rebooting in 86400 seconds..