INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.840415] ================================================================== [ 28.847878] BUG: KASAN: slab-out-of-bounds in process_preds+0x1958/0x19b0 [ 28.854784] Write of size 4 at addr ffff8801dad75370 by task syzkaller210155/4453 [ 28.862374] [ 28.863984] CPU: 1 PID: 4453 Comm: syzkaller210155 Not tainted 4.16.0+ #17 [ 28.870968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.880297] Call Trace: [ 28.882863] dump_stack+0x1b9/0x294 [ 28.886475] ? dump_stack_print_info.cold.2+0x52/0x52 [ 28.891642] ? printk+0x9e/0xba [ 28.894897] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 28.899631] ? kasan_check_write+0x14/0x20 [ 28.903845] print_address_description+0x6c/0x20b [ 28.908678] ? process_preds+0x1958/0x19b0 [ 28.912929] kasan_report.cold.7+0xac/0x2f5 [ 28.917232] __asan_report_store4_noabort+0x17/0x20 [ 28.922241] process_preds+0x1958/0x19b0 [ 28.926286] ? create_filter_start+0x122/0x2e0 [ 28.930850] ? parse_pred+0x28e0/0x28e0 [ 28.934808] ? create_filter_start+0x55/0x2e0 [ 28.939283] create_filter+0x1a8/0x370 [ 28.943151] ? process_preds+0x19b0/0x19b0 [ 28.947367] ? wait_for_completion+0x870/0x870 [ 28.951933] ftrace_profile_set_filter+0x109/0x2b0 [ 28.956840] ? ftrace_profile_free_filter+0x70/0x70 [ 28.961839] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 28.967352] ? memdup_user+0x6b/0xa0 [ 28.971055] perf_event_set_filter+0x248/0x1230 [ 28.975713] ? kasan_check_write+0x14/0x20 [ 28.979926] ? mutex_trylock+0x2a0/0x2a0 [ 28.983966] ? put_ctx+0x140/0x140 [ 28.987482] ? lockdep_init_map+0x9/0x10 [ 28.991523] ? debug_mutex_init+0x2d/0x60 [ 28.995652] ? mutex_trylock+0x2a0/0x2a0 [ 28.999697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.005218] ? graph_lock+0x170/0x170 [ 29.008993] ? lock_downgrade+0x8e0/0x8e0 [ 29.013121] ? kasan_check_read+0x11/0x20 [ 29.017248] ? rcu_is_watching+0x85/0x140 [ 29.021374] ? __lock_is_held+0xb5/0x140 [ 29.025412] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 29.030583] _perf_ioctl+0x84c/0x1650 [ 29.034371] ? SYSC_perf_event_open+0x2fa0/0x2fa0 [ 29.039193] ? lock_downgrade+0x8e0/0x8e0 [ 29.043325] ? get_unused_fd_flags+0x190/0x190 [ 29.047900] ? kasan_check_read+0x11/0x20 [ 29.052046] ? rcu_is_watching+0x85/0x140 [ 29.056190] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 29.061366] ? mark_held_locks+0xc9/0x160 [ 29.065497] ? mutex_lock_nested+0x16/0x20 [ 29.069711] ? mutex_lock_nested+0x16/0x20 [ 29.073925] ? perf_event_ctx_lock_nested+0x40d/0x4e0 [ 29.079091] ? perf_event_read_event+0x430/0x430 [ 29.083826] ? SYSC_perf_event_open+0x7b4/0x2fa0 [ 29.088575] ? find_held_lock+0x36/0x1c0 [ 29.092624] perf_ioctl+0x59/0x80 [ 29.096064] ? _perf_ioctl+0x1650/0x1650 [ 29.100106] do_vfs_ioctl+0x1cf/0x1650 [ 29.103972] ? ioctl_preallocate+0x2e0/0x2e0 [ 29.108356] ? fget_raw+0x20/0x20 [ 29.111794] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.117312] ? security_file_ioctl+0x94/0xc0 [ 29.121697] ksys_ioctl+0xa9/0xd0 [ 29.125127] SyS_ioctl+0x24/0x30 [ 29.128469] ? ksys_ioctl+0xd0/0xd0 [ 29.132072] do_syscall_64+0x29e/0x9d0 [ 29.135934] ? vmalloc_sync_all+0x30/0x30 [ 29.140059] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 29.144881] ? syscall_return_slowpath+0x5c0/0x5c0 [ 29.149785] ? syscall_return_slowpath+0x30f/0x5c0 [ 29.154693] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 29.160039] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.164875] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.170044] RIP: 0033:0x43fde9 [ 29.173207] RSP: 002b:00007ffdc01b5fd8 EFLAGS: 00000213 ORIG_RAX: 0000000000000010 [ 29.180890] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fde9 [ 29.188138] RDX: 00000000200000c0 RSI: 0000000040082406 RDI: 0000000000000003 [ 29.195386] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 29.202636] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401710 [ 29.209882] R13: 00000000004017a0 R14: 0000000000000000 R15: 0000000000000000 [ 29.217133] [ 29.218735] Allocated by task 0: [ 29.222078] save_stack+0x43/0xd0 [ 29.225506] kasan_kmalloc+0xc4/0xe0 [ 29.229193] kmem_cache_alloc_trace+0x152/0x780 [ 29.233837] allocate_cgrp_cset_links+0x257/0x350 [ 29.238666] cgroup_setup_root+0x2a7/0xd70 [ 29.242876] cgroup_init+0x2db/0xc63 [ 29.246565] start_kernel+0x897/0x923 [ 29.250339] x86_64_start_reservations+0x29/0x2b [ 29.255071] x86_64_start_kernel+0x76/0x79 [ 29.259283] secondary_startup_64+0xa5/0xb0 [ 29.263573] [ 29.265173] Freed by task 0: [ 29.268163] (stack is not available) [ 29.271851] [ 29.273471] The buggy address belongs to the object at ffff8801dad75300 [ 29.273471] which belongs to the cache kmalloc-64 of size 64 [ 29.285931] The buggy address is located 48 bytes to the right of [ 29.285931] 64-byte region [ffff8801dad75300, ffff8801dad75340) [ 29.298124] The buggy address belongs to the page: [ 29.303034] page:ffffea00076b5d40 count:1 mapcount:0 mapping:ffff8801dad75000 index:0x0 [ 29.311151] flags: 0x2fffc0000000100(slab) [ 29.315364] raw: 02fffc0000000100 ffff8801dad75000 0000000000000000 0000000100000020 [ 29.323221] raw: ffffea00076b0560 ffff8801dac01348 ffff8801dac00340 0000000000000000 [ 29.331073] page dumped because: kasan: bad access detected [ 29.336755] [ 29.338374] Memory state around the buggy address: [ 29.343278] ffff8801dad75200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 29.350613] ffff8801dad75280: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 29.357945] >ffff8801dad75300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.365276] ^ [ 29.372262] ffff8801dad75380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.379597] ffff8801dad75400: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 29.386930] ================================================================== [ 29.394348] Disabling lock debugging due to kernel taint [ 29.399880] Kernel panic - not syncing: panic_on_warn set ... [ 29.399880] [ 29.407246] CPU: 1 PID: 4453 Comm: syzkaller210155 Tainted: G B 4.16.0+ #17 [ 29.415537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.424863] Call Trace: [ 29.427428] dump_stack+0x1b9/0x294 [ 29.431036] ? dump_stack_print_info.cold.2+0x52/0x52 [ 29.436201] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.440935] ? process_preds+0x18d0/0x19b0 [ 29.445142] panic+0x22f/0x4de [ 29.448309] ? add_taint.cold.5+0x16/0x16 [ 29.452431] ? do_raw_spin_unlock+0x9e/0x2e0 [ 29.456812] ? do_raw_spin_unlock+0x9e/0x2e0 [ 29.461195] ? process_preds+0x1958/0x19b0 [ 29.465406] kasan_end_report+0x47/0x4f [ 29.469354] kasan_report.cold.7+0xc9/0x2f5 [ 29.473651] __asan_report_store4_noabort+0x17/0x20 [ 29.478641] process_preds+0x1958/0x19b0 [ 29.482679] ? create_filter_start+0x122/0x2e0 [ 29.487235] ? parse_pred+0x28e0/0x28e0 [ 29.491189] ? create_filter_start+0x55/0x2e0 [ 29.495659] create_filter+0x1a8/0x370 [ 29.499524] ? process_preds+0x19b0/0x19b0 [ 29.503733] ? wait_for_completion+0x870/0x870 [ 29.508296] ftrace_profile_set_filter+0x109/0x2b0 [ 29.513198] ? ftrace_profile_free_filter+0x70/0x70 [ 29.518189] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 29.523698] ? memdup_user+0x6b/0xa0 [ 29.527385] perf_event_set_filter+0x248/0x1230 [ 29.532032] ? kasan_check_write+0x14/0x20 [ 29.536243] ? mutex_trylock+0x2a0/0x2a0 [ 29.540277] ? put_ctx+0x140/0x140 [ 29.543788] ? lockdep_init_map+0x9/0x10 [ 29.547825] ? debug_mutex_init+0x2d/0x60 [ 29.551947] ? mutex_trylock+0x2a0/0x2a0 [ 29.555984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.561497] ? graph_lock+0x170/0x170 [ 29.565270] ? lock_downgrade+0x8e0/0x8e0 [ 29.569392] ? kasan_check_read+0x11/0x20 [ 29.573516] ? rcu_is_watching+0x85/0x140 [ 29.577638] ? __lock_is_held+0xb5/0x140 [ 29.581691] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 29.586865] _perf_ioctl+0x84c/0x1650 [ 29.590640] ? SYSC_perf_event_open+0x2fa0/0x2fa0 [ 29.595456] ? lock_downgrade+0x8e0/0x8e0 [ 29.599577] ? get_unused_fd_flags+0x190/0x190 [ 29.604134] ? kasan_check_read+0x11/0x20 [ 29.608256] ? rcu_is_watching+0x85/0x140 [ 29.612377] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 29.617540] ? mark_held_locks+0xc9/0x160 [ 29.621662] ? mutex_lock_nested+0x16/0x20 [ 29.625869] ? mutex_lock_nested+0x16/0x20 [ 29.630079] ? perf_event_ctx_lock_nested+0x40d/0x4e0 [ 29.635242] ? perf_event_read_event+0x430/0x430 [ 29.639973] ? SYSC_perf_event_open+0x7b4/0x2fa0 [ 29.644705] ? find_held_lock+0x36/0x1c0 [ 29.648741] perf_ioctl+0x59/0x80 [ 29.652170] ? _perf_ioctl+0x1650/0x1650 [ 29.656205] do_vfs_ioctl+0x1cf/0x1650 [ 29.660068] ? ioctl_preallocate+0x2e0/0x2e0 [ 29.664449] ? fget_raw+0x20/0x20 [ 29.667889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 29.673404] ? security_file_ioctl+0x94/0xc0 [ 29.677787] ksys_ioctl+0xa9/0xd0 [ 29.681222] SyS_ioctl+0x24/0x30 [ 29.684562] ? ksys_ioctl+0xd0/0xd0 [ 29.688165] do_syscall_64+0x29e/0x9d0 [ 29.692029] ? vmalloc_sync_all+0x30/0x30 [ 29.696154] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 29.700970] ? syscall_return_slowpath+0x5c0/0x5c0 [ 29.705875] ? syscall_return_slowpath+0x30f/0x5c0 [ 29.710780] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 29.716117] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.720933] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.726094] RIP: 0033:0x43fde9 [ 29.729255] RSP: 002b:00007ffdc01b5fd8 EFLAGS: 00000213 ORIG_RAX: 0000000000000010 [ 29.736938] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fde9 [ 29.744180] RDX: 00000000200000c0 RSI: 0000000040082406 RDI: 0000000000000003 [ 29.751425] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 29.758667] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401710 [ 29.765909] R13: 00000000004017a0 R14: 0000000000000000 R15: 0000000000000000 [ 29.773621] Dumping ftrace buffer: [ 29.777136] (ftrace buffer empty) [ 29.780818] Kernel Offset: disabled [ 29.784417] Rebooting in 86400 seconds..