INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   24.845132] ==================================================================
[   24.852556] BUG: KASAN: slab-out-of-bounds in process_preds+0x1958/0x19b0
[   24.859461] Write of size 4 at addr ffff8801cf5782f0 by task syzkaller146357/4463
[   24.867058] 
[   24.868676] CPU: 1 PID: 4463 Comm: syzkaller146357 Not tainted 4.16.0+ #3
[   24.875574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.884902] Call Trace:
[   24.887470]  dump_stack+0x1b9/0x294
[   24.891088]  ? dump_stack_print_info.cold.2+0x52/0x52
[   24.896261]  ? printk+0x9e/0xba
[   24.899521]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   24.904267]  ? kasan_check_write+0x14/0x20
[   24.908494]  print_address_description+0x6c/0x20b
[   24.913323]  ? process_preds+0x1958/0x19b0
[   24.917540]  kasan_report.cold.7+0x242/0x2fe
[   24.922020]  __asan_report_store4_noabort+0x17/0x20
[   24.927023]  process_preds+0x1958/0x19b0
[   24.931088]  ? create_filter_start.constprop.12+0xfb/0x2b0
[   24.936696]  ? parse_pred+0x28e0/0x28e0
[   24.940650]  ? create_filter_start.constprop.12+0x55/0x2b0
[   24.946254]  create_filter+0x155/0x270
[   24.950121]  ? process_preds+0x19b0/0x19b0
[   24.954339]  ftrace_profile_set_filter+0x130/0x2e0
[   24.959247]  ? ftrace_profile_free_filter+0x70/0x70
[   24.964243]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   24.969759]  ? memdup_user+0x6b/0xa0
[   24.973453]  perf_event_set_filter+0x248/0x1230
[   24.978105]  ? mutex_trylock+0x2a0/0x2a0
[   24.982142]  ? __thp_get_unmapped_area+0x180/0x180
[   24.987057]  ? put_ctx+0x140/0x140
[   24.990588]  ? __lock_acquire+0x7f5/0x5140
[   24.994804]  ? perf_trace_lock_acquire+0xe3/0x980
[   24.999628]  ? perf_trace_lock+0x900/0x900
[   25.003845]  ? graph_lock+0x170/0x170
[   25.007623]  ? kasan_check_read+0x11/0x20
[   25.011748]  ? rcu_pm_notify+0xc0/0xc0
[   25.015617]  ? perf_trace_lock_acquire+0xe3/0x980
[   25.020439]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   25.025615]  _perf_ioctl+0x84c/0x15e0
[   25.029394]  ? SYSC_perf_event_open+0x2fa0/0x2fa0
[   25.034223]  ? lock_downgrade+0x8e0/0x8e0
[   25.038359]  ? kasan_check_read+0x11/0x20
[   25.042488]  ? rcu_is_watching+0x85/0x140
[   25.046621]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   25.051792]  ? graph_lock+0x170/0x170
[   25.055576]  ? mutex_lock_nested+0x16/0x20
[   25.059790]  ? mutex_lock_nested+0x16/0x20
[   25.064010]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   25.069179]  ? perf_event_read_event+0x430/0x430
[   25.073914]  ? find_held_lock+0x36/0x1c0
[   25.077959]  perf_ioctl+0x59/0x80
[   25.081391]  ? _perf_ioctl+0x15e0/0x15e0
[   25.085433]  do_vfs_ioctl+0x1cf/0x16a0
[   25.089305]  ? ioctl_preallocate+0x2e0/0x2e0
[   25.093694]  ? fget_raw+0x20/0x20
[   25.097129]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   25.102649]  ? __do_page_fault+0x441/0xe40
[   25.106866]  ? exit_to_usermode_loop+0x87/0x310
[   25.111519]  ? security_file_ioctl+0x94/0xc0
[   25.115907]  ksys_ioctl+0xa9/0xd0
[   25.119341]  SyS_ioctl+0x24/0x30
[   25.122683]  ? ksys_ioctl+0xd0/0xd0
[   25.126289]  do_syscall_64+0x29e/0x9d0
[   25.130152]  ? vmalloc_sync_all+0x30/0x30
[   25.134277]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   25.139102]  ? syscall_return_slowpath+0x5c0/0x5c0
[   25.144017]  ? syscall_return_slowpath+0x30f/0x5c0
[   25.148932]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   25.154447]  ? retint_user+0x18/0x18
[   25.158143]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   25.162968]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   25.168134] RIP: 0033:0x43fe09
[   25.171299] RSP: 002b:00007fffe46638f8 EFLAGS: 00000217 ORIG_RAX: 0000000000000010
[   25.178989] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe09
[   25.186241] RDX: 0000000020000040 RSI: 0000000040082406 RDI: 0000000000000004
[   25.193493] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   25.200745] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401730
[   25.207997] R13: 00000000004017c0 R14: 0000000000000000 R15: 0000000000000000
[   25.215255] 
[   25.216858] Allocated by task 1:
[   25.220207]  save_stack+0x43/0xd0
[   25.223635]  kasan_kmalloc+0xc4/0xe0
[   25.227324]  __kmalloc+0x14e/0x760
[   25.230840]  kobject_get_path+0xc2/0x1a0
[   25.234879]  kobject_uevent_env+0x234/0xea0
[   25.239177]  kobject_uevent+0x1f/0x30
[   25.242953]  driver_bound+0x1a3/0x220
[   25.246731]  driver_probe_device+0x733/0x960
[   25.251117]  __driver_attach+0x1b2/0x1f0
[   25.255154]  bus_for_each_dev+0x151/0x1d0
[   25.259276]  driver_attach+0x3d/0x50
[   25.262963]  bus_add_driver+0x4b2/0x600
[   25.266917]  driver_register+0x1bf/0x320
[   25.270955]  register_virtio_driver+0x79/0xd0
[   25.275434]  init+0xa3/0x114
[   25.278432]  do_one_initcall+0x127/0x913
[   25.282475]  kernel_init_freeable+0x49b/0x58e
[   25.286958]  kernel_init+0x11/0x1b3
[   25.290563]  ret_from_fork+0x3a/0x50
[   25.294251] 
[   25.295854] Freed by task 1:
[   25.298849]  save_stack+0x43/0xd0
[   25.302278]  __kasan_slab_free+0x11a/0x170
[   25.306490]  kasan_slab_free+0xe/0x10
[   25.310268]  kfree+0xd9/0x260
[   25.313357]  kobject_uevent_env+0x275/0xea0
[   25.317653]  kobject_uevent+0x1f/0x30
[   25.321429]  driver_bound+0x1a3/0x220
[   25.325204]  driver_probe_device+0x733/0x960
[   25.329589]  __driver_attach+0x1b2/0x1f0
[   25.333629]  bus_for_each_dev+0x151/0x1d0
[   25.337759]  driver_attach+0x3d/0x50
[   25.341463]  bus_add_driver+0x4b2/0x600
[   25.345429]  driver_register+0x1bf/0x320
[   25.349470]  register_virtio_driver+0x79/0xd0
[   25.353940]  init+0xa3/0x114
[   25.356942]  do_one_initcall+0x127/0x913
[   25.360987]  kernel_init_freeable+0x49b/0x58e
[   25.365460]  kernel_init+0x11/0x1b3
[   25.369063]  ret_from_fork+0x3a/0x50
[   25.372747] 
[   25.374351] The buggy address belongs to the object at ffff8801cf578280
[   25.374351]  which belongs to the cache kmalloc-64 of size 64
[   25.386812] The buggy address is located 48 bytes to the right of
[   25.386812]  64-byte region [ffff8801cf578280, ffff8801cf5782c0)
[   25.399013] The buggy address belongs to the page:
[   25.403928] page:ffffea00073d5e00 count:1 mapcount:0 mapping:ffff8801cf578000 index:0x0
[   25.412046] flags: 0x2fffc0000000100(slab)
[   25.416259] raw: 02fffc0000000100 ffff8801cf578000 0000000000000000 0000000100000020
[   25.424116] raw: ffffea00073922e0 ffffea00073d4620 ffff8801dac00340 0000000000000000
[   25.431969] page dumped because: kasan: bad access detected
[   25.437648] 
[   25.439251] Memory state around the buggy address:
[   25.444156]  ffff8801cf578180: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   25.451494]  ffff8801cf578200: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   25.458831] >ffff8801cf578280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   25.466165]                                                              ^
[   25.473154]  ffff8801cf578300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   25.480490]  ffff8801cf578380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   25.487826] ==================================================================
[   25.495159] Disabling lock debugging due to kernel taint
[   25.500700] Kernel panic - not syncing: panic_on_warn set ...
[   25.500700] 
[   25.508068] CPU: 1 PID: 4463 Comm: syzkaller146357 Tainted: G    B             4.16.0+ #3
[   25.516368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.525694] Call Trace:
[   25.528260]  dump_stack+0x1b9/0x294
[   25.531862]  ? dump_stack_print_info.cold.2+0x52/0x52
[   25.537032]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.541767]  ? process_preds+0x1910/0x19b0
[   25.545976]  panic+0x22f/0x4de
[   25.549144]  ? add_taint.cold.5+0x16/0x16
[   25.553271]  ? do_raw_spin_unlock+0x9e/0x2e0
[   25.557654]  ? do_raw_spin_unlock+0x9e/0x2e0
[   25.562040]  ? process_preds+0x1958/0x19b0
[   25.566252]  kasan_end_report+0x47/0x4f
[   25.570204]  kasan_report.cold.7+0x76/0x2fe
[   25.574503]  __asan_report_store4_noabort+0x17/0x20
[   25.579492]  process_preds+0x1958/0x19b0
[   25.583529]  ? create_filter_start.constprop.12+0xfb/0x2b0
[   25.589131]  ? parse_pred+0x28e0/0x28e0
[   25.593087]  ? create_filter_start.constprop.12+0x55/0x2b0
[   25.598689]  create_filter+0x155/0x270
[   25.602554]  ? process_preds+0x19b0/0x19b0
[   25.606765]  ftrace_profile_set_filter+0x130/0x2e0
[   25.611669]  ? ftrace_profile_free_filter+0x70/0x70
[   25.616662]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   25.622173]  ? memdup_user+0x6b/0xa0
[   25.625862]  perf_event_set_filter+0x248/0x1230
[   25.630506]  ? mutex_trylock+0x2a0/0x2a0
[   25.634542]  ? __thp_get_unmapped_area+0x180/0x180
[   25.639447]  ? put_ctx+0x140/0x140
[   25.642962]  ? __lock_acquire+0x7f5/0x5140
[   25.647174]  ? perf_trace_lock_acquire+0xe3/0x980
[   25.651994]  ? perf_trace_lock+0x900/0x900
[   25.656210]  ? graph_lock+0x170/0x170
[   25.659986]  ? kasan_check_read+0x11/0x20
[   25.664113]  ? rcu_pm_notify+0xc0/0xc0
[   25.667976]  ? perf_trace_lock_acquire+0xe3/0x980
[   25.672793]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   25.677957]  _perf_ioctl+0x84c/0x15e0
[   25.681733]  ? SYSC_perf_event_open+0x2fa0/0x2fa0
[   25.686555]  ? lock_downgrade+0x8e0/0x8e0
[   25.690677]  ? kasan_check_read+0x11/0x20
[   25.694798]  ? rcu_is_watching+0x85/0x140
[   25.698919]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   25.704086]  ? graph_lock+0x170/0x170
[   25.707861]  ? mutex_lock_nested+0x16/0x20
[   25.712070]  ? mutex_lock_nested+0x16/0x20
[   25.716279]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   25.721445]  ? perf_event_read_event+0x430/0x430
[   25.726178]  ? find_held_lock+0x36/0x1c0
[   25.730215]  perf_ioctl+0x59/0x80
[   25.733642]  ? _perf_ioctl+0x15e0/0x15e0
[   25.737677]  do_vfs_ioctl+0x1cf/0x16a0
[   25.741540]  ? ioctl_preallocate+0x2e0/0x2e0
[   25.745923]  ? fget_raw+0x20/0x20
[   25.749357]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   25.754870]  ? __do_page_fault+0x441/0xe40
[   25.759080]  ? exit_to_usermode_loop+0x87/0x310
[   25.763727]  ? security_file_ioctl+0x94/0xc0
[   25.768111]  ksys_ioctl+0xa9/0xd0
[   25.771541]  SyS_ioctl+0x24/0x30
[   25.774880]  ? ksys_ioctl+0xd0/0xd0
[   25.778483]  do_syscall_64+0x29e/0x9d0
[   25.782346]  ? vmalloc_sync_all+0x30/0x30
[   25.786469]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   25.791287]  ? syscall_return_slowpath+0x5c0/0x5c0
[   25.796190]  ? syscall_return_slowpath+0x30f/0x5c0
[   25.801097]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   25.806608]  ? retint_user+0x18/0x18
[   25.810298]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   25.815117]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   25.820278] RIP: 0033:0x43fe09
[   25.823440] RSP: 002b:00007fffe46638f8 EFLAGS: 00000217 ORIG_RAX: 0000000000000010
[   25.831122] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe09
[   25.838365] RDX: 0000000020000040 RSI: 0000000040082406 RDI: 0000000000000004
[   25.845609] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   25.852853] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401730
[   25.860096] R13: 00000000004017c0 R14: 0000000000000000 R15: 0000000000000000
[   25.867750] Dumping ftrace buffer:
[   25.871264]    (ftrace buffer empty)
[   25.874946] Kernel Offset: disabled
[   25.878546] Rebooting in 86400 seconds..