INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.43' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   32.414735] ==================================================================
[   32.423520] BUG: KASAN: slab-out-of-bounds in process_preds+0x1958/0x19b0
[   32.430434] Write of size 4 at addr ffff8801cb5fbaf0 by task syzkaller752392/4531
[   32.438027] 
[   32.439639] CPU: 0 PID: 4531 Comm: syzkaller752392 Not tainted 4.16.0+ #19
[   32.446629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.455961] Call Trace:
[   32.458537]  dump_stack+0x1b9/0x294
[   32.462149]  ? dump_stack_print_info.cold.2+0x52/0x52
[   32.467324]  ? printk+0x9e/0xba
[   32.470586]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   32.475331]  ? kasan_check_write+0x14/0x20
[   32.479558]  print_address_description+0x6c/0x20b
[   32.484385]  ? process_preds+0x1958/0x19b0
[   32.488601]  kasan_report.cold.7+0xac/0x2f5
[   32.492907]  __asan_report_store4_noabort+0x17/0x20
[   32.497904]  process_preds+0x1958/0x19b0
[   32.501948]  ? create_filter_start+0x122/0x2e0
[   32.506521]  ? parse_pred+0x28e0/0x28e0
[   32.510487]  ? create_filter_start+0x55/0x2e0
[   32.514965]  create_filter+0x1a8/0x370
[   32.518837]  ? process_preds+0x19b0/0x19b0
[   32.523054]  ? wait_for_completion+0x870/0x870
[   32.527805]  ftrace_profile_set_filter+0x109/0x2b0
[   32.532719]  ? ftrace_profile_free_filter+0x70/0x70
[   32.537719]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   32.543236]  ? memdup_user+0x6b/0xa0
[   32.546930]  perf_event_set_filter+0x248/0x1230
[   32.551591]  ? kasan_check_write+0x14/0x20
[   32.555812]  ? mutex_trylock+0x2a0/0x2a0
[   32.559853]  ? put_ctx+0x140/0x140
[   32.563378]  ? lockdep_init_map+0x9/0x10
[   32.567422]  ? debug_mutex_init+0x2d/0x60
[   32.571551]  ? mutex_trylock+0x2a0/0x2a0
[   32.575595]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.581119]  ? graph_lock+0x170/0x170
[   32.584898]  ? lock_downgrade+0x8e0/0x8e0
[   32.589037]  ? kasan_check_read+0x11/0x20
[   32.593164]  ? rcu_is_watching+0x85/0x140
[   32.597290]  ? __lock_is_held+0xb5/0x140
[   32.601337]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   32.606510]  _perf_ioctl+0x84c/0x1650
[   32.610297]  ? SYSC_perf_event_open+0x2fa0/0x2fa0
[   32.615123]  ? lock_downgrade+0x8e0/0x8e0
[   32.619252]  ? get_unused_fd_flags+0x190/0x190
[   32.623816]  ? kasan_check_read+0x11/0x20
[   32.627945]  ? rcu_is_watching+0x85/0x140
[   32.632072]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   32.637256]  ? mark_held_locks+0xc9/0x160
[   32.641391]  ? mutex_lock_nested+0x16/0x20
[   32.645615]  ? mutex_lock_nested+0x16/0x20
[   32.649834]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   32.655006]  ? perf_event_read_event+0x430/0x430
[   32.659741]  ? SYSC_perf_event_open+0x7b4/0x2fa0
[   32.664476]  ? find_held_lock+0x36/0x1c0
[   32.668521]  perf_ioctl+0x59/0x80
[   32.671955]  ? _perf_ioctl+0x1650/0x1650
[   32.675997]  do_vfs_ioctl+0x1cf/0x1650
[   32.679876]  ? ioctl_preallocate+0x2e0/0x2e0
[   32.684263]  ? fget_raw+0x20/0x20
[   32.687701]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.693222]  ? security_file_ioctl+0x94/0xc0
[   32.697610]  ksys_ioctl+0xa9/0xd0
[   32.701058]  SyS_ioctl+0x24/0x30
[   32.704403]  ? ksys_ioctl+0xd0/0xd0
[   32.708025]  do_syscall_64+0x29e/0x9d0
[   32.711897]  ? vmalloc_sync_all+0x30/0x30
[   32.716024]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   32.720763]  ? syscall_return_slowpath+0x5c0/0x5c0
[   32.725672]  ? syscall_return_slowpath+0x30f/0x5c0
[   32.730589]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   32.736025]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.740863]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   32.746034] RIP: 0033:0x43fde9
[   32.749222] RSP: 002b:00007fff4707bc18 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[   32.756914] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fde9
[   32.764163] RDX: 00000000200000c0 RSI: 0000000040082406 RDI: 0000000000000003
[   32.771411] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   32.778661] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401710
[   32.785911] R13: 00000000004017a0 R14: 0000000000000000 R15: 0000000000000000
[   32.793169] 
[   32.794783] Allocated by task 2371:
[   32.798399]  save_stack+0x43/0xd0
[   32.801832]  kasan_kmalloc+0xc4/0xe0
[   32.805527]  __kmalloc+0x14e/0x760
[   32.809048]  ext4_htree_store_dirent+0x8b/0x5a0
[   32.813696]  htree_dirblock_to_tree+0x563/0xac0
[   32.818342]  ext4_htree_fill_tree+0x404/0xd40
[   32.822830]  ext4_readdir+0x1c82/0x3bb0
[   32.826806]  iterate_dir+0x4b0/0x5d0
[   32.830499]  SyS_getdents+0x22c/0x450
[   32.834281]  do_syscall_64+0x29e/0x9d0
[   32.838335]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   32.843498] 
[   32.845101] Freed by task 2371:
[   32.848367]  save_stack+0x43/0xd0
[   32.851809]  __kasan_slab_free+0x11a/0x170
[   32.856109]  kasan_slab_free+0xe/0x10
[   32.859886]  kfree+0xd9/0x260
[   32.863060]  free_rb_tree_fname+0x85/0xe0
[   32.867186]  ext4_release_dir+0x44/0x60
[   32.871138]  __fput+0x34d/0x890
[   32.874394]  ____fput+0x15/0x20
[   32.877655]  task_work_run+0x1e4/0x290
[   32.881526]  exit_to_usermode_loop+0x2bd/0x310
[   32.886086]  do_syscall_64+0x792/0x9d0
[   32.889959]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   32.895124] 
[   32.896735] The buggy address belongs to the object at ffff8801cb5fba80
[   32.896735]  which belongs to the cache kmalloc-64 of size 64
[   32.909815] The buggy address is located 48 bytes to the right of
[   32.909815]  64-byte region [ffff8801cb5fba80, ffff8801cb5fbac0)
[   32.922016] The buggy address belongs to the page:
[   32.926928] page:ffffea00072d7ec0 count:1 mapcount:0 mapping:ffff8801cb5fb000 index:0x0
[   32.935052] flags: 0x2fffc0000000100(slab)
[   32.939295] raw: 02fffc0000000100 ffff8801cb5fb000 0000000000000000 0000000100000020
[   32.947168] raw: ffffea0007393c20 ffffea000738d220 ffff8801dac00340 0000000000000000
[   32.955032] page dumped because: kasan: bad access detected
[   32.960718] 
[   32.962319] Memory state around the buggy address:
[   32.967229]  ffff8801cb5fb980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   32.974568]  ffff8801cb5fba00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   32.981905] >ffff8801cb5fba80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   32.989240]                                                              ^
[   32.996230]  ffff8801cb5fbb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   33.003571]  ffff8801cb5fbb80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   33.010907] ==================================================================
[   33.018243] Disabling lock debugging due to kernel taint
[   33.023934] Kernel panic - not syncing: panic_on_warn set ...
[   33.023934] 
[   33.031298] CPU: 0 PID: 4531 Comm: syzkaller752392 Tainted: G    B            4.16.0+ #19
[   33.039604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.048935] Call Trace:
[   33.051515]  dump_stack+0x1b9/0x294
[   33.055122]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.060291]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   33.065024]  ? process_preds+0x18d0/0x19b0
[   33.069236]  panic+0x22f/0x4de
[   33.072403]  ? add_taint.cold.5+0x16/0x16
[   33.076530]  ? do_raw_spin_unlock+0x9e/0x2e0
[   33.080913]  ? do_raw_spin_unlock+0x9e/0x2e0
[   33.085299]  ? process_preds+0x1958/0x19b0
[   33.089516]  kasan_end_report+0x47/0x4f
[   33.093468]  kasan_report.cold.7+0xc9/0x2f5
[   33.097772]  __asan_report_store4_noabort+0x17/0x20
[   33.102766]  process_preds+0x1958/0x19b0
[   33.106806]  ? create_filter_start+0x122/0x2e0
[   33.111365]  ? parse_pred+0x28e0/0x28e0
[   33.115318]  ? create_filter_start+0x55/0x2e0
[   33.119789]  create_filter+0x1a8/0x370
[   33.123671]  ? process_preds+0x19b0/0x19b0
[   33.127896]  ? wait_for_completion+0x870/0x870
[   33.132457]  ftrace_profile_set_filter+0x109/0x2b0
[   33.137363]  ? ftrace_profile_free_filter+0x70/0x70
[   33.142357]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   33.147873]  ? memdup_user+0x6b/0xa0
[   33.151601]  perf_event_set_filter+0x248/0x1230
[   33.156252]  ? kasan_check_write+0x14/0x20
[   33.160471]  ? mutex_trylock+0x2a0/0x2a0
[   33.164507]  ? put_ctx+0x140/0x140
[   33.168032]  ? lockdep_init_map+0x9/0x10
[   33.172083]  ? debug_mutex_init+0x2d/0x60
[   33.176214]  ? mutex_trylock+0x2a0/0x2a0
[   33.180257]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.185776]  ? graph_lock+0x170/0x170
[   33.189572]  ? lock_downgrade+0x8e0/0x8e0
[   33.193708]  ? kasan_check_read+0x11/0x20
[   33.197833]  ? rcu_is_watching+0x85/0x140
[   33.201956]  ? __lock_is_held+0xb5/0x140
[   33.205993]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   33.211166]  _perf_ioctl+0x84c/0x1650
[   33.214947]  ? SYSC_perf_event_open+0x2fa0/0x2fa0
[   33.219779]  ? lock_downgrade+0x8e0/0x8e0
[   33.223908]  ? get_unused_fd_flags+0x190/0x190
[   33.228467]  ? kasan_check_read+0x11/0x20
[   33.232591]  ? rcu_is_watching+0x85/0x140
[   33.236717]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   33.241882]  ? mark_held_locks+0xc9/0x160
[   33.246011]  ? mutex_lock_nested+0x16/0x20
[   33.250220]  ? mutex_lock_nested+0x16/0x20
[   33.254443]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   33.259625]  ? perf_event_read_event+0x430/0x430
[   33.264361]  ? SYSC_perf_event_open+0x7b4/0x2fa0
[   33.269102]  ? find_held_lock+0x36/0x1c0
[   33.273142]  perf_ioctl+0x59/0x80
[   33.276570]  ? _perf_ioctl+0x1650/0x1650
[   33.280608]  do_vfs_ioctl+0x1cf/0x1650
[   33.284477]  ? ioctl_preallocate+0x2e0/0x2e0
[   33.288867]  ? fget_raw+0x20/0x20
[   33.292303]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.297820]  ? security_file_ioctl+0x94/0xc0
[   33.302207]  ksys_ioctl+0xa9/0xd0
[   33.305637]  SyS_ioctl+0x24/0x30
[   33.308977]  ? ksys_ioctl+0xd0/0xd0
[   33.312582]  do_syscall_64+0x29e/0x9d0
[   33.316447]  ? vmalloc_sync_all+0x30/0x30
[   33.320572]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   33.325305]  ? syscall_return_slowpath+0x5c0/0x5c0
[   33.330220]  ? syscall_return_slowpath+0x30f/0x5c0
[   33.335129]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   33.340472]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.345292]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   33.350458] RIP: 0033:0x43fde9
[   33.353631] RSP: 002b:00007fff4707bc18 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[   33.361895] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fde9
[   33.369142] RDX: 00000000200000c0 RSI: 0000000040082406 RDI: 0000000000000003
[   33.376396] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   33.383641] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401710
[   33.390885] R13: 00000000004017a0 R14: 0000000000000000 R15: 0000000000000000
[   33.398530] Dumping ftrace buffer:
[   33.402044]    (ftrace buffer empty)
[   33.405729] Kernel Offset: disabled
[   33.409343] Rebooting in 86400 seconds..