[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 14.789777] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.789236] random: sshd: uninitialized urandom read (32 bytes read) [ 17.033048] random: sshd: uninitialized urandom read (32 bytes read) [ 17.786527] random: sshd: uninitialized urandom read (32 bytes read) [ 45.852673] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.20' (ECDSA) to the list of known hosts. [ 51.382183] random: sshd: uninitialized urandom read (32 bytes read) 2018/07/21 15:06:16 parsed 1 programs [ 52.595391] random: cc1: uninitialized urandom read (8 bytes read) 2018/07/21 15:06:18 executed programs: 0 [ 53.880626] IPVS: ftp: loaded support on port[0] = 21 [ 53.880955] IPVS: ftp: loaded support on port[0] = 21 [ 53.890598] IPVS: ftp: loaded support on port[0] = 21 [ 53.897305] IPVS: ftp: loaded support on port[0] = 21 [ 53.897439] IPVS: ftp: loaded support on port[0] = 21 [ 53.914132] IPVS: ftp: loaded support on port[0] = 21 [ 53.921713] IPVS: ftp: loaded support on port[0] = 21 [ 53.929963] IPVS: ftp: loaded support on port[0] = 21 [ 54.163469] FAULT_INJECTION: forcing a failure. [ 54.163469] name failslab, interval 1, probability 0, space 0, times 1 [ 54.174738] CPU: 0 PID: 4554 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 54.183120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.192455] Call Trace: [ 54.195025] dump_stack+0x1c9/0x2b4 [ 54.198632] ? dump_stack_print_info.cold.2+0x52/0x52 [ 54.203803] ? kasan_check_read+0x11/0x20 [ 54.207979] ? do_raw_spin_unlock+0xa7/0x2f0 [ 54.212366] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 54.216954] should_fail.cold.4+0xa/0x11 [ 54.221009] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 54.226092] ? depot_save_stack+0x291/0x470 [ 54.230396] ? save_stack+0xa9/0xd0 [ 54.234001] ? save_stack+0x43/0xd0 [ 54.237610] ? __kmalloc+0x14e/0x760 [ 54.241302] ? alloc_trace_uprobe+0x45e/0x8f0 [ 54.245774] ? create_local_trace_uprobe+0x139/0x5e0 [ 54.250857] ? perf_uprobe_init+0x19f/0x280 [ 54.255157] ? perf_uprobe_event_init+0xff/0x190 [ 54.259903] ? perf_try_init_event+0x137/0x2f0 [ 54.264476] ? perf_event_alloc.part.94+0x10a9/0x33c0 [ 54.266754] FAULT_INJECTION: forcing a failure. [ 54.266754] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 54.269642] ? inherit_event.isra.105+0x257/0xc00 [ 54.269658] ? inherit_task_group.isra.107.part.108+0x73/0x2a0 [ 54.292266] ? perf_event_init_task+0x313/0x870 [ 54.296919] ? copy_process.part.41+0x1d4e/0x73d0 [ 54.301738] ? _do_fork+0x291/0x12a0 [ 54.305428] ? __x64_sys_clone+0xbf/0x150 [ 54.309553] ? do_syscall_64+0x1b9/0x820 [ 54.313594] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.318941] ? lock_acquire+0x1e4/0x540 [ 54.322905] ? fs_reclaim_acquire+0x20/0x20 [ 54.327203] ? lock_downgrade+0x8f0/0x8f0 [ 54.331332] ? check_same_owner+0x340/0x340 [ 54.335632] ? rcu_note_context_switch+0x730/0x730 [ 54.340541] __should_failslab+0x124/0x180 [ 54.344753] should_failslab+0x9/0x14 [ 54.348546] __kmalloc_track_caller+0x2c4/0x760 [ 54.353191] ? __kmalloc+0x315/0x760 [ 54.356885] ? alloc_trace_uprobe+0x4af/0x8f0 [ 54.361361] kstrdup+0x39/0x70 [ 54.364530] alloc_trace_uprobe+0x4af/0x8f0 [ 54.368843] ? trace_uprobe_register+0xcf0/0xcf0 [ 54.373576] ? kasan_slab_alloc+0x12/0x20 [ 54.377703] ? kmem_cache_alloc+0x2fc/0x760 [ 54.382003] ? usercopy_warn+0x120/0x120 [ 54.386045] create_local_trace_uprobe+0x139/0x5e0 [ 54.390963] ? strncpy_from_user+0x3be/0x510 [ 54.395349] ? bpf_get_uprobe_info+0x350/0x350 [ 54.399906] ? mpi_free.cold.1+0x19/0x19 [ 54.403945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.409460] perf_uprobe_init+0x19f/0x280 [ 54.413596] perf_uprobe_event_init+0xff/0x190 [ 54.418166] perf_try_init_event+0x137/0x2f0 [ 54.422552] perf_event_alloc.part.94+0x10a9/0x33c0 [ 54.427548] ? perf_try_init_event+0x2f0/0x2f0 [ 54.432108] ? trace_hardirqs_on+0x10/0x10 [ 54.436320] ? trace_hardirqs_on+0x10/0x10 [ 54.440534] ? lock_release+0xa30/0xa30 [ 54.444499] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 54.449525] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 54.454305] ? lock_acquire+0x1e4/0x540 [ 54.458265] ? is_bpf_text_address+0xae/0x170 [ 54.462756] ? lock_downgrade+0x8f0/0x8f0 [ 54.466909] ? lock_release+0xa30/0xa30 [ 54.470879] ? lock_acquire+0x1e4/0x540 [ 54.474835] ? depot_save_stack+0x291/0x470 [ 54.479144] ? kasan_check_read+0x11/0x20 [ 54.483276] ? do_raw_spin_unlock+0xa7/0x2f0 [ 54.487684] ? kasan_check_write+0x14/0x20 [ 54.491898] ? trace_hardirqs_on+0xd/0x10 [ 54.496036] ? depot_save_stack+0x291/0x470 [ 54.500356] ? __lockdep_init_map+0x105/0x590 [ 54.504834] ? lockdep_init_map+0x9/0x10 [ 54.508878] ? debug_mutex_init+0x2d/0x60 [ 54.513011] ? __mutex_init+0x1f7/0x290 [ 54.516972] ? inherit_task_group.isra.107.part.108+0x158/0x2a0 [ 54.523017] ? __ia32_sys_membarrier+0x150/0x150 [ 54.527799] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.533162] ? lock_acquire+0x1e4/0x540 [ 54.537121] ? rcu_read_unlock+0x37/0xb0 [ 54.541160] ? lock_downgrade+0x8f0/0x8f0 [ 54.545286] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 54.550804] ? atomic_fetch_add_unless+0x1e4/0x2c0 [ 54.555718] inherit_event.isra.105+0x257/0xc00 [ 54.560371] ? perf_event_create_kernel_counter+0x360/0x360 [ 54.566069] ? kasan_kmalloc+0xc4/0xe0 [ 54.569939] ? kmem_cache_alloc_trace+0x318/0x780 [ 54.574771] ? trace_hardirqs_on+0xd/0x10 [ 54.578903] inherit_task_group.isra.107.part.108+0x73/0x2a0 [ 54.584680] perf_event_init_task+0x313/0x870 [ 54.589163] ? sched_fork+0x46d/0xbd0 [ 54.592968] ? perf_event_attrs+0x40/0x40 [ 54.597107] ? kmem_cache_alloc+0x2fc/0x760 [ 54.601406] ? __lockdep_init_map+0x105/0x590 [ 54.605881] ? __lockdep_init_map+0x105/0x590 [ 54.610360] copy_process.part.41+0x1d4e/0x73d0 [ 54.615015] ? lockdep_init_map+0x9/0x10 [ 54.619058] ? kasan_check_write+0x14/0x20 [ 54.623271] ? __init_rwsem+0x1cc/0x2a0 [ 54.627230] ? __cleanup_sighand+0x70/0x70 [ 54.631462] ? lock_release+0xa30/0xa30 [ 54.635429] ? xas_descend+0x20c/0x5f0 [ 54.639302] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 54.644298] ? check_pgprot+0xdf/0x180 [ 54.648180] ? put_page+0x280/0x280 [ 54.651798] ? kasan_check_write+0x14/0x20 [ 54.656021] ? do_raw_spin_lock+0xc1/0x200 [ 54.660237] ? alloc_set_pte+0xaf6/0x1790 [ 54.664374] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 54.669377] ? filemap_map_pages+0xca2/0x1990 [ 54.673852] ? trace_hardirqs_on+0x10/0x10 [ 54.678081] ? xa_set_tag+0x40/0x40 [ 54.681697] ? environ_open+0x90/0x90 [ 54.685480] ? trace_hardirqs_on+0x10/0x10 [ 54.689697] ? trace_hardirqs_on+0x10/0x10 [ 54.693925] ? trace_hardirqs_on+0x10/0x10 [ 54.698151] ? find_get_entries_tag+0x1410/0x1410 [ 54.702979] ? mntput_no_expire+0x18e/0xbc0 [ 54.707279] ? do_raw_spin_lock+0xc1/0x200 [ 54.711512] ? mnt_get_count+0x150/0x150 [ 54.715561] ? dput.part.26+0x276/0x7a0 [ 54.719519] ? shrink_dcache_sb+0x350/0x350 [ 54.723821] ? chown_common+0x730/0x730 [ 54.727779] ? lock_acquire+0x1e4/0x540 [ 54.731731] ? __fdget_pos+0x1bb/0x200 [ 54.735612] ? lock_release+0xa30/0xa30 [ 54.739568] ? check_same_owner+0x340/0x340 [ 54.743884] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.749401] ? _parse_integer+0x13b/0x190 [ 54.753529] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 54.759059] ? _kstrtoull+0x188/0x250 [ 54.762845] ? _parse_integer+0x190/0x190 [ 54.767271] ? lock_release+0xa30/0xa30 [ 54.771223] ? check_same_owner+0x340/0x340 [ 54.775524] ? __check_object_size+0xa3/0x5d7 [ 54.779998] ? lock_acquire+0x1e4/0x540 [ 54.783969] ? get_pid_task+0xd8/0x1a0 [ 54.787834] ? lock_downgrade+0x8f0/0x8f0 [ 54.791974] ? lock_release+0xa30/0xa30 [ 54.795939] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 54.801453] ? pid_task+0x115/0x200 [ 54.805055] ? find_vpid+0xf0/0xf0 [ 54.808576] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 54.813400] ? __f_unlock_pos+0x19/0x20 [ 54.817360] ? lock_downgrade+0x8f0/0x8f0 [ 54.821511] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 54.827057] ? proc_fail_nth_write+0x9e/0x210 [ 54.831724] ? proc_cwd_link+0x1d0/0x1d0 [ 54.835767] ? lock_acquire+0x1e4/0x540 [ 54.839722] _do_fork+0x291/0x12a0 [ 54.843240] ? fork_idle+0x1a0/0x1a0 [ 54.846936] ? fsnotify_first_mark+0x350/0x350 [ 54.851495] ? __fsnotify_parent+0xcc/0x420 [ 54.855812] ? fsnotify+0x14e0/0x14e0 [ 54.859599] ? __sb_end_write+0xac/0xe0 [ 54.863553] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 54.869077] ? fput+0x130/0x1a0 [ 54.872335] ? ksys_write+0x1ae/0x260 [ 54.876128] ? __ia32_sys_read+0xb0/0xb0 [ 54.880173] ? syscall_slow_exit_work+0x500/0x500 [ 54.885005] __x64_sys_clone+0xbf/0x150 [ 54.888959] do_syscall_64+0x1b9/0x820 [ 54.892823] ? finish_task_switch+0x1d3/0x870 [ 54.897295] ? syscall_return_slowpath+0x5e0/0x5e0 [ 54.902207] ? syscall_return_slowpath+0x31d/0x5e0 [ 54.907114] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 54.912126] ? prepare_exit_to_usermode+0x291/0x3b0 [ 54.917123] ? perf_trace_sys_enter+0xb10/0xb10 [ 54.921775] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 54.926615] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.931786] RIP: 0033:0x455ab9 [ 54.934953] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.954075] RSP: 002b:00007f29fa819c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 54.961762] RAX: ffffffffffffffda RBX: 00007f29fa81a6d4 RCX: 0000000000455ab9 [ 54.969009] RDX: 0000000020000100 RSI: 0000000020000040 RDI: 0000000000000000 [ 54.976256] RBP: 000000000072bea0 R08: 0000000020000080 R09: 0000000000000000 [ 54.983504] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000006 [ 54.990765] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000c [ 54.998028] CPU: 1 PID: 4584 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 54.998211] trace_kprobe: Failed to allocate trace_uprobe.(-12) [ 55.006443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.006446] Call Trace: [ 55.006463] dump_stack+0x1c9/0x2b4 [ 55.006478] ? dump_stack_print_info.cold.2+0x52/0x52 [ 55.019275] FAULT_INJECTION: forcing a failure. [ 55.019275] name failslab, interval 1, probability 0, space 0, times 0 [ 55.021901] should_fail.cold.4+0xa/0x11 [ 55.021912] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 55.021926] ? trace_hardirqs_on+0x10/0x10 [ 55.021938] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 55.021945] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 55.021954] ? lock_acquire+0x1e4/0x540 [ 55.021960] ? is_bpf_text_address+0xae/0x170 [ 55.021968] ? lock_downgrade+0x8f0/0x8f0 [ 55.021977] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.021989] ? should_fail+0x246/0xd86 [ 55.089480] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 55.094568] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 55.099222] __alloc_pages_nodemask+0x36e/0xdb0 [ 55.103873] ? is_bpf_text_address+0xd7/0x170 [ 55.108350] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 55.113343] ? __kernel_text_address+0xd/0x40 [ 55.117818] ? unwind_get_return_address+0x61/0xa0 [ 55.122731] ? __save_stack_trace+0x8d/0xf0 [ 55.127039] ? lock_acquire+0x1e4/0x540 [ 55.131002] ? fs_reclaim_acquire+0x20/0x20 [ 55.135309] ? lock_downgrade+0x8f0/0x8f0 [ 55.139436] ? lock_release+0xa30/0xa30 [ 55.143391] ? perf_event_alloc.part.94+0x10a9/0x33c0 [ 55.148558] ? check_same_owner+0x340/0x340 [ 55.152858] ? __x64_sys_clone+0xbf/0x150 [ 55.156991] cache_grow_begin+0x91/0x710 [ 55.161034] kmem_cache_alloc+0x689/0x760 [ 55.165160] ? usercopy_warn+0x120/0x120 [ 55.169206] getname_kernel+0x54/0x370 [ 55.173074] kern_path+0x1e/0x40 [ 55.176420] create_local_trace_uprobe+0x95/0x5e0 [ 55.181252] ? strncpy_from_user+0x3be/0x510 [ 55.185644] ? bpf_get_uprobe_info+0x350/0x350 [ 55.190221] ? mpi_free.cold.1+0x19/0x19 [ 55.194263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.199785] perf_uprobe_init+0x19f/0x280 [ 55.203920] perf_uprobe_event_init+0xff/0x190 [ 55.208482] perf_try_init_event+0x137/0x2f0 [ 55.212888] perf_event_alloc.part.94+0x10a9/0x33c0 [ 55.217889] ? perf_try_init_event+0x2f0/0x2f0 [ 55.222457] ? trace_hardirqs_on+0x10/0x10 [ 55.226679] ? trace_hardirqs_on+0x10/0x10 [ 55.230894] ? lock_release+0xa30/0xa30 [ 55.234852] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 55.239846] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 55.244584] ? lock_acquire+0x1e4/0x540 [ 55.248535] ? is_bpf_text_address+0xae/0x170 [ 55.253012] ? lock_downgrade+0x8f0/0x8f0 [ 55.257143] ? lock_release+0xa30/0xa30 [ 55.261101] ? rcu_is_watching+0x8c/0x150 [ 55.265228] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 55.269880] ? is_bpf_text_address+0xd7/0x170 [ 55.274372] ? kernel_text_address+0x79/0xf0 [ 55.278761] ? __kernel_text_address+0xd/0x40 [ 55.283250] ? unwind_get_return_address+0x61/0xa0 [ 55.288159] ? __save_stack_trace+0x8d/0xf0 [ 55.292463] ? __lockdep_init_map+0x105/0x590 [ 55.296938] ? lockdep_init_map+0x9/0x10 [ 55.300977] ? debug_mutex_init+0x2d/0x60 [ 55.305101] ? __mutex_init+0x1f7/0x290 [ 55.309057] ? inherit_task_group.isra.107.part.108+0x158/0x2a0 [ 55.315093] ? __ia32_sys_membarrier+0x150/0x150 [ 55.319833] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.325177] ? lock_acquire+0x1e4/0x540 [ 55.329139] ? rcu_read_unlock+0x37/0xb0 [ 55.333180] ? lock_downgrade+0x8f0/0x8f0 [ 55.337307] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 55.342839] ? atomic_fetch_add_unless+0x1e4/0x2c0 [ 55.347756] inherit_event.isra.105+0x257/0xc00 [ 55.352410] ? perf_event_create_kernel_counter+0x360/0x360 [ 55.358104] ? kasan_kmalloc+0xc4/0xe0 [ 55.361971] ? kmem_cache_alloc_trace+0x318/0x780 [ 55.366795] ? trace_hardirqs_on+0xd/0x10 [ 55.370924] inherit_task_group.isra.107.part.108+0x73/0x2a0 [ 55.376701] perf_event_init_task+0x313/0x870 [ 55.381184] ? sched_fork+0x46d/0xbd0 [ 55.384968] ? perf_event_attrs+0x40/0x40 [ 55.389095] ? kmem_cache_alloc+0x2fc/0x760 [ 55.393406] ? __lockdep_init_map+0x105/0x590 [ 55.397883] ? __lockdep_init_map+0x105/0x590 [ 55.402357] copy_process.part.41+0x1d4e/0x73d0 [ 55.407018] ? lockdep_init_map+0x9/0x10 [ 55.411060] ? kasan_check_write+0x14/0x20 [ 55.415277] ? __init_rwsem+0x1cc/0x2a0 [ 55.419247] ? __cleanup_sighand+0x70/0x70 [ 55.423462] ? lock_release+0xa30/0xa30 [ 55.427414] ? xas_descend+0x20c/0x5f0 [ 55.431298] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 55.436294] ? check_pgprot+0xdf/0x180 [ 55.440163] ? put_page+0x280/0x280 [ 55.443773] ? kasan_check_write+0x14/0x20 [ 55.447987] ? do_raw_spin_lock+0xc1/0x200 [ 55.452205] ? alloc_set_pte+0xaf6/0x1790 [ 55.456337] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 55.461348] ? filemap_map_pages+0xca2/0x1990 [ 55.465834] ? trace_hardirqs_on+0x10/0x10 [ 55.470048] ? xa_set_tag+0x40/0x40 [ 55.473657] ? environ_open+0x90/0x90 [ 55.477440] ? trace_hardirqs_on+0x10/0x10 [ 55.481661] ? trace_hardirqs_on+0x10/0x10 [ 55.485879] ? trace_hardirqs_on+0x10/0x10 [ 55.490099] ? find_get_entries_tag+0x1410/0x1410 [ 55.494929] ? mntput_no_expire+0x18e/0xbc0 [ 55.499230] ? do_raw_spin_lock+0xc1/0x200 [ 55.503445] ? mnt_get_count+0x150/0x150 [ 55.507491] ? dput.part.26+0x276/0x7a0 [ 55.511444] ? shrink_dcache_sb+0x350/0x350 [ 55.515749] ? chown_common+0x730/0x730 [ 55.519726] ? lock_acquire+0x1e4/0x540 [ 55.523679] ? __fdget_pos+0x1bb/0x200 [ 55.527547] ? lock_release+0xa30/0xa30 [ 55.531512] ? check_same_owner+0x340/0x340 [ 55.535815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.541333] ? _parse_integer+0x13b/0x190 [ 55.545464] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 55.550980] ? _kstrtoull+0x188/0x250 [ 55.554761] ? _parse_integer+0x190/0x190 [ 55.558892] ? lock_release+0xa30/0xa30 [ 55.562863] ? check_same_owner+0x340/0x340 [ 55.567183] ? __check_object_size+0xa3/0x5d7 [ 55.571662] ? lock_acquire+0x1e4/0x540 [ 55.575618] ? get_pid_task+0xd8/0x1a0 [ 55.579488] ? lock_downgrade+0x8f0/0x8f0 [ 55.583618] ? lock_release+0xa30/0xa30 [ 55.587579] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 55.593095] ? pid_task+0x115/0x200 [ 55.596701] ? find_vpid+0xf0/0xf0 [ 55.600226] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 55.605047] ? __f_unlock_pos+0x19/0x20 [ 55.609015] ? lock_downgrade+0x8f0/0x8f0 [ 55.613146] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 55.618679] ? proc_fail_nth_write+0x9e/0x210 [ 55.623155] ? proc_cwd_link+0x1d0/0x1d0 [ 55.627200] ? lock_acquire+0x1e4/0x540 [ 55.631156] _do_fork+0x291/0x12a0 [ 55.634677] ? fork_idle+0x1a0/0x1a0 [ 55.638369] ? fsnotify_first_mark+0x350/0x350 [ 55.642933] ? __fsnotify_parent+0xcc/0x420 [ 55.647238] ? fsnotify+0x14e0/0x14e0 [ 55.651023] ? __sb_end_write+0xac/0xe0 [ 55.654983] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 55.660500] ? fput+0x130/0x1a0 [ 55.663758] ? ksys_write+0x1ae/0x260 [ 55.667539] ? __ia32_sys_read+0xb0/0xb0 [ 55.671582] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 55.677100] __x64_sys_clone+0xbf/0x150 [ 55.681056] do_syscall_64+0x1b9/0x820 [ 55.684923] ? finish_task_switch+0x1d3/0x870 [ 55.689398] ? syscall_return_slowpath+0x5e0/0x5e0 [ 55.694305] ? syscall_return_slowpath+0x31d/0x5e0 [ 55.699212] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 55.704212] ? prepare_exit_to_usermode+0x291/0x3b0 [ 55.709221] ? perf_trace_sys_enter+0xb10/0xb10 [ 55.713871] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.718698] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.723867] RIP: 0033:0x455ab9 [ 55.727031] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.746150] RSP: 002b:00007fb40e015c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 55.753841] RAX: ffffffffffffffda RBX: 00007fb40e0166d4 RCX: 0000000000455ab9 [ 55.761093] RDX: 0000000020000100 RSI: 0000000020000040 RDI: 0000000000000000 [ 55.768340] RBP: 000000000072bea0 R08: 0000000020000080 R09: 0000000000000000 [ 55.775601] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000006 [ 55.782853] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000c [ 55.790115] CPU: 0 PID: 4588 Comm: syz-executor6 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 55.794501] FAULT_INJECTION: forcing a failure. [ 55.794501] name failslab, interval 1, probability 0, space 0, times 0 [ 55.798535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.798538] Call Trace: [ 55.798553] dump_stack+0x1c9/0x2b4 [ 55.798569] ? dump_stack_print_info.cold.2+0x52/0x52 [ 55.830418] ? unwind_get_return_address+0x61/0xa0 [ 55.835333] should_fail.cold.4+0xa/0x11 [ 55.839374] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 55.844454] ? save_stack+0xa9/0xd0 [ 55.848059] ? save_stack+0x43/0xd0 [ 55.851663] ? __kasan_slab_free+0x11a/0x170 [ 55.856049] ? kasan_slab_free+0xe/0x10 [ 55.860005] ? putname+0xf2/0x130 [ 55.863446] ? filename_lookup+0x397/0x510 [ 55.867662] ? kern_path+0x33/0x40 [ 55.871183] ? create_local_trace_uprobe+0x95/0x5e0 [ 55.876180] ? perf_uprobe_init+0x19f/0x280 [ 55.880491] ? perf_uprobe_event_init+0xff/0x190 [ 55.885241] ? perf_try_init_event+0x137/0x2f0 [ 55.889806] ? inherit_event.isra.105+0x257/0xc00 [ 55.894639] ? inherit_task_group.isra.107.part.108+0x73/0x2a0 [ 55.900592] ? perf_event_init_task+0x313/0x870 [ 55.905243] ? copy_process.part.41+0x1d4e/0x73d0 [ 55.910062] ? _do_fork+0x291/0x12a0 [ 55.913755] ? __x64_sys_clone+0xbf/0x150 [ 55.917882] ? do_syscall_64+0x1b9/0x820 [ 55.921922] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.927267] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 55.931845] ? kasan_check_write+0x14/0x20 [ 55.936059] ? do_raw_spin_lock+0xc1/0x200 [ 55.940277] ? lock_acquire+0x1e4/0x540 [ 55.944230] ? fs_reclaim_acquire+0x20/0x20 [ 55.948537] ? lock_downgrade+0x8f0/0x8f0 [ 55.952677] ? check_same_owner+0x340/0x340 [ 55.956990] ? rcu_note_context_switch+0x730/0x730 [ 55.961912] __should_failslab+0x124/0x180 [ 55.966124] should_failslab+0x9/0x14 [ 55.969903] __kmalloc+0x2c8/0x760 [ 55.973422] ? filename_lookup+0x39c/0x510 [ 55.977639] ? alloc_trace_uprobe+0x45e/0x8f0 [ 55.982114] alloc_trace_uprobe+0x45e/0x8f0 [ 55.986414] ? trace_uprobe_register+0xcf0/0xcf0 [ 55.991158] ? kasan_slab_alloc+0x12/0x20 [ 55.995306] ? kmem_cache_alloc+0x2fc/0x760 [ 55.999611] ? usercopy_warn+0x120/0x120 [ 56.003656] create_local_trace_uprobe+0x139/0x5e0 [ 56.008565] ? strncpy_from_user+0x3be/0x510 [ 56.012961] ? bpf_get_uprobe_info+0x350/0x350 [ 56.017531] ? mpi_free.cold.1+0x19/0x19 [ 56.021578] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.027101] perf_uprobe_init+0x19f/0x280 [ 56.031231] perf_uprobe_event_init+0xff/0x190 [ 56.035805] perf_try_init_event+0x137/0x2f0 [ 56.040197] perf_event_alloc.part.94+0x10a9/0x33c0 [ 56.045197] ? perf_try_init_event+0x2f0/0x2f0 [ 56.049761] ? trace_hardirqs_on+0x10/0x10 [ 56.053987] ? pinned_sched_in+0xc70/0xc70 [ 56.058205] ? trace_hardirqs_on+0x10/0x10 [ 56.062421] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 56.067431] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 56.072170] ? lock_acquire+0x1e4/0x540 [ 56.076125] ? is_bpf_text_address+0xae/0x170 [ 56.080598] ? lock_downgrade+0x8f0/0x8f0 [ 56.084726] ? lock_release+0xa30/0xa30 [ 56.088685] ? rcu_is_watching+0x8c/0x150 [ 56.092812] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 56.097460] ? is_bpf_text_address+0xd7/0x170 [ 56.101935] ? kernel_text_address+0x79/0xf0 [ 56.106324] ? __kernel_text_address+0xd/0x40 [ 56.110801] ? unwind_get_return_address+0x61/0xa0 [ 56.115728] ? __save_stack_trace+0x8d/0xf0 [ 56.120045] ? __lockdep_init_map+0x105/0x590 [ 56.124528] ? lockdep_init_map+0x9/0x10 [ 56.128571] ? debug_mutex_init+0x2d/0x60 [ 56.132696] ? __mutex_init+0x1f7/0x290 [ 56.136666] ? inherit_task_group.isra.107.part.108+0x158/0x2a0 [ 56.142707] ? __ia32_sys_membarrier+0x150/0x150 [ 56.147456] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.152811] ? lock_acquire+0x1e4/0x540 [ 56.156766] ? rcu_read_unlock+0x37/0xb0 [ 56.160807] ? lock_downgrade+0x8f0/0x8f0 [ 56.164936] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 56.170448] ? atomic_fetch_add_unless+0x1e4/0x2c0 [ 56.175361] inherit_event.isra.105+0x257/0xc00 [ 56.180012] ? perf_event_create_kernel_counter+0x360/0x360 [ 56.185715] ? kasan_kmalloc+0xc4/0xe0 [ 56.189599] ? kmem_cache_alloc_trace+0x318/0x780 [ 56.194433] ? trace_hardirqs_on+0xd/0x10 [ 56.198577] inherit_task_group.isra.107.part.108+0x73/0x2a0 [ 56.204369] perf_event_init_task+0x313/0x870 [ 56.208849] ? sched_fork+0x46d/0xbd0 [ 56.212632] ? perf_event_attrs+0x40/0x40 [ 56.216769] ? kmem_cache_alloc+0x2fc/0x760 [ 56.221074] ? __lockdep_init_map+0x105/0x590 [ 56.225551] ? __lockdep_init_map+0x105/0x590 [ 56.230039] copy_process.part.41+0x1d4e/0x73d0 [ 56.234709] ? lockdep_init_map+0x9/0x10 [ 56.238765] ? kasan_check_write+0x14/0x20 [ 56.242978] ? __init_rwsem+0x1cc/0x2a0 [ 56.246938] ? __cleanup_sighand+0x70/0x70 [ 56.251155] ? lock_release+0xa30/0xa30 [ 56.255108] ? xas_descend+0x20c/0x5f0 [ 56.258980] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 56.263974] ? check_pgprot+0xdf/0x180 [ 56.267840] ? put_page+0x280/0x280 [ 56.271456] ? kasan_check_write+0x14/0x20 [ 56.275670] ? do_raw_spin_lock+0xc1/0x200 [ 56.279887] ? alloc_set_pte+0xaf6/0x1790 [ 56.284017] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 56.289018] ? filemap_map_pages+0xca2/0x1990 [ 56.293496] ? trace_hardirqs_on+0x10/0x10 [ 56.297729] ? xa_set_tag+0x40/0x40 [ 56.301350] ? environ_open+0x90/0x90 [ 56.305143] ? trace_hardirqs_on+0x10/0x10 [ 56.309370] ? trace_hardirqs_on+0x10/0x10 [ 56.313601] ? trace_hardirqs_on+0x10/0x10 [ 56.317829] ? find_get_entries_tag+0x1410/0x1410 [ 56.322668] ? mntput_no_expire+0x18e/0xbc0 [ 56.326977] ? do_raw_spin_lock+0xc1/0x200 [ 56.331204] ? mnt_get_count+0x150/0x150 [ 56.335253] ? dput.part.26+0x276/0x7a0 [ 56.339214] ? shrink_dcache_sb+0x350/0x350 [ 56.343524] ? chown_common+0x730/0x730 [ 56.347491] ? lock_acquire+0x1e4/0x540 [ 56.351448] ? __fdget_pos+0x1bb/0x200 [ 56.355323] ? lock_release+0xa30/0xa30 [ 56.359283] ? check_same_owner+0x340/0x340 [ 56.363594] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.369121] ? _parse_integer+0x13b/0x190 [ 56.373258] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 56.378780] ? _kstrtoull+0x188/0x250 [ 56.382573] ? _parse_integer+0x190/0x190 [ 56.386716] ? lock_release+0xa30/0xa30 [ 56.390682] ? check_same_owner+0x340/0x340 [ 56.394996] ? __check_object_size+0xa3/0x5d7 [ 56.399493] ? lock_acquire+0x1e4/0x540 [ 56.403459] ? get_pid_task+0xd8/0x1a0 [ 56.407339] ? lock_downgrade+0x8f0/0x8f0 [ 56.411482] ? lock_release+0xa30/0xa30 [ 56.415469] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 56.421007] ? pid_task+0x115/0x200 [ 56.424626] ? find_vpid+0xf0/0xf0 [ 56.428158] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 56.432994] ? __f_unlock_pos+0x19/0x20 [ 56.436960] ? lock_downgrade+0x8f0/0x8f0 [ 56.441103] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 56.446629] ? proc_fail_nth_write+0x9e/0x210 [ 56.451113] ? proc_cwd_link+0x1d0/0x1d0 [ 56.455162] ? lock_acquire+0x1e4/0x540 [ 56.459128] _do_fork+0x291/0x12a0 [ 56.462659] ? fork_idle+0x1a0/0x1a0 [ 56.466360] ? fsnotify_first_mark+0x350/0x350 [ 56.470928] ? __fsnotify_parent+0xcc/0x420 [ 56.475236] ? fsnotify+0x14e0/0x14e0 [ 56.479030] ? __sb_end_write+0xac/0xe0 [ 56.482999] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 56.488530] ? fput+0x130/0x1a0 [ 56.491800] ? ksys_write+0x1ae/0x260 [ 56.495589] ? __ia32_sys_read+0xb0/0xb0 [ 56.499642] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 56.505171] __x64_sys_clone+0xbf/0x150 [ 56.509139] do_syscall_64+0x1b9/0x820 [ 56.513021] ? finish_task_switch+0x1d3/0x870 [ 56.517512] ? syscall_return_slowpath+0x5e0/0x5e0 [ 56.522432] ? syscall_return_slowpath+0x31d/0x5e0 [ 56.527351] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 56.532357] ? prepare_exit_to_usermode+0x291/0x3b0 [ 56.537362] ? perf_trace_sys_enter+0xb10/0xb10 [ 56.542024] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.546859] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.552066] RIP: 0033:0x455ab9 [ 56.555238] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.574445] RSP: 002b:00007f598db7bc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 56.582144] RAX: ffffffffffffffda RBX: 00007f598db7c6d4 RCX: 0000000000455ab9 [ 56.589402] RDX: 0000000020000100 RSI: 0000000020000040 RDI: 0000000000000000 [ 56.596659] RBP: 000000000072bea0 R08: 0000000020000080 R09: 0000000000000000 [ 56.603920] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000006 [ 56.611190] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000c [ 56.618481] CPU: 1 PID: 4589 Comm: syz-executor3 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 56.618501] trace_kprobe: Failed to allocate trace_uprobe.(-12) [ 56.626878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.626882] Call Trace: [ 56.626901] dump_stack+0x1c9/0x2b4 [ 56.626917] ? dump_stack_print_info.cold.2+0x52/0x52 [ 56.637304] FAULT_INJECTION: forcing a failure. [ 56.637304] name failslab, interval 1, probability 0, space 0, times 0 [ 56.642297] ? is_bpf_text_address+0xae/0x170 [ 56.642313] ? lock_downgrade+0x8f0/0x8f0 [ 56.673397] should_fail.cold.4+0xa/0x11 [ 56.677452] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 56.682545] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 56.687202] ? is_bpf_text_address+0xd7/0x170 [ 56.691687] ? __kernel_text_address+0xd/0x40 [ 56.696168] ? unwind_get_return_address+0x61/0xa0 [ 56.701088] ? __save_stack_trace+0x8d/0xf0 [ 56.705403] ? lock_acquire+0x1e4/0x540 [ 56.709364] ? fs_reclaim_acquire+0x20/0x20 [ 56.713673] ? lock_downgrade+0x8f0/0x8f0 [ 56.717809] ? perf_event_alloc.part.94+0x10a9/0x33c0 [ 56.722987] ? check_same_owner+0x340/0x340 [ 56.727295] ? __x64_sys_clone+0xbf/0x150 [ 56.731433] ? do_syscall_64+0x1b9/0x820 [ 56.735484] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.740833] ? rcu_note_context_switch+0x730/0x730 [ 56.745752] __should_failslab+0x124/0x180 [ 56.749975] should_failslab+0x9/0x14 [ 56.753760] kmem_cache_alloc+0x2af/0x760 [ 56.757896] ? usercopy_warn+0x120/0x120 [ 56.761942] ? kasan_check_read+0x11/0x20 [ 56.766082] getname_kernel+0x54/0x370 [ 56.769962] kern_path+0x1e/0x40 [ 56.773318] create_local_trace_uprobe+0x95/0x5e0 [ 56.778151] ? strncpy_from_user+0x3be/0x510 [ 56.782549] ? bpf_get_uprobe_info+0x350/0x350 [ 56.787121] ? mpi_free.cold.1+0x19/0x19 [ 56.791176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.796706] perf_uprobe_init+0x19f/0x280 [ 56.800849] perf_uprobe_event_init+0xff/0x190 [ 56.805425] perf_try_init_event+0x137/0x2f0 [ 56.809829] perf_event_alloc.part.94+0x10a9/0x33c0 [ 56.814841] ? perf_try_init_event+0x2f0/0x2f0 [ 56.819415] ? trace_hardirqs_on+0x10/0x10 [ 56.823694] ? trace_hardirqs_on+0x10/0x10 [ 56.827931] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 56.832945] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 56.837699] ? lock_acquire+0x1e4/0x540 [ 56.841664] ? is_bpf_text_address+0xae/0x170 [ 56.846151] ? lock_downgrade+0x8f0/0x8f0 [ 56.850290] ? lock_release+0xa30/0xa30 [ 56.854258] ? rcu_is_watching+0x8c/0x150 [ 56.858399] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 56.863063] ? is_bpf_text_address+0xd7/0x170 [ 56.867551] ? kernel_text_address+0x79/0xf0 [ 56.871953] ? __kernel_text_address+0xd/0x40 [ 56.876438] ? unwind_get_return_address+0x61/0xa0 [ 56.881354] ? __save_stack_trace+0x8d/0xf0 [ 56.885670] ? __lockdep_init_map+0x105/0x590 [ 56.890158] ? lockdep_init_map+0x9/0x10 [ 56.894209] ? debug_mutex_init+0x2d/0x60 [ 56.898393] ? __mutex_init+0x1f7/0x290 [ 56.902362] ? inherit_task_group.isra.107.part.108+0x158/0x2a0 [ 56.908410] ? __ia32_sys_membarrier+0x150/0x150 [ 56.913197] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.918551] ? lock_acquire+0x1e4/0x540 [ 56.922514] ? rcu_read_unlock+0x37/0xb0 [ 56.926563] ? lock_downgrade+0x8f0/0x8f0 [ 56.930700] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 56.936238] inherit_event.isra.105+0x257/0xc00 [ 56.940903] ? perf_event_create_kernel_counter+0x360/0x360 [ 56.946605] ? kasan_kmalloc+0xc4/0xe0 [ 56.950485] ? kmem_cache_alloc_trace+0x318/0x780 [ 56.955316] ? trace_hardirqs_on+0xd/0x10 [ 56.959460] inherit_task_group.isra.107.part.108+0x73/0x2a0 [ 56.965248] perf_event_init_task+0x313/0x870 [ 56.969731] ? sched_fork+0x46d/0xbd0 [ 56.973522] ? perf_event_attrs+0x40/0x40 [ 56.977660] ? kmem_cache_alloc+0x2fc/0x760 [ 56.981969] ? __lockdep_init_map+0x105/0x590 [ 56.986453] ? __lockdep_init_map+0x105/0x590 [ 56.990946] copy_process.part.41+0x1d4e/0x73d0 [ 56.995606] ? lockdep_init_map+0x9/0x10 [ 56.999659] ? kasan_check_write+0x14/0x20 [ 57.003881] ? __init_rwsem+0x1cc/0x2a0 [ 57.007850] ? __cleanup_sighand+0x70/0x70 [ 57.012077] ? lock_release+0xa30/0xa30 [ 57.016043] ? xas_descend+0x20c/0x5f0 [ 57.019921] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 57.024962] ? check_pgprot+0xdf/0x180 [ 57.028838] ? put_page+0x280/0x280 [ 57.032455] ? kasan_check_write+0x14/0x20 [ 57.036678] ? do_raw_spin_lock+0xc1/0x200 [ 57.040902] ? alloc_set_pte+0xaf6/0x1790 [ 57.045060] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 57.050069] ? filemap_map_pages+0xca2/0x1990 [ 57.054557] ? trace_hardirqs_on+0x10/0x10 [ 57.058783] ? xa_set_tag+0x40/0x40 [ 57.062399] ? environ_open+0x90/0x90 [ 57.066191] ? trace_hardirqs_on+0x10/0x10 [ 57.070422] ? trace_hardirqs_on+0x10/0x10 [ 57.074646] ? trace_hardirqs_on+0x10/0x10 [ 57.078874] ? find_get_entries_tag+0x1410/0x1410 [ 57.083710] ? mntput_no_expire+0x18e/0xbc0 [ 57.088020] ? do_raw_spin_lock+0xc1/0x200 [ 57.092244] ? mnt_get_count+0x150/0x150 [ 57.096291] ? dput.part.26+0x276/0x7a0 [ 57.100255] ? shrink_dcache_sb+0x350/0x350 [ 57.104593] ? chown_common+0x730/0x730 [ 57.108561] ? lock_acquire+0x1e4/0x540 [ 57.112526] ? __fdget_pos+0x1bb/0x200 [ 57.116404] ? lock_release+0xa30/0xa30 [ 57.120382] ? check_same_owner+0x340/0x340 [ 57.124692] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.130218] ? _parse_integer+0x13b/0x190 [ 57.134355] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 57.139877] ? _kstrtoull+0x188/0x250 [ 57.143667] ? _parse_integer+0x190/0x190 [ 57.147804] ? lock_release+0xa30/0xa30 [ 57.151766] ? check_same_owner+0x340/0x340 [ 57.156075] ? __check_object_size+0xa3/0x5d7 [ 57.160563] ? lock_acquire+0x1e4/0x540 [ 57.164528] ? get_pid_task+0xd8/0x1a0 [ 57.168419] ? lock_downgrade+0x8f0/0x8f0 [ 57.172570] ? lock_release+0xa30/0xa30 [ 57.176535] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 57.182060] ? pid_task+0x115/0x200 [ 57.185686] ? find_vpid+0xf0/0xf0 [ 57.189220] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 57.194050] ? __f_unlock_pos+0x19/0x20 [ 57.198015] ? lock_downgrade+0x8f0/0x8f0 [ 57.202150] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 57.207676] ? proc_fail_nth_write+0x9e/0x210 [ 57.212159] ? proc_cwd_link+0x1d0/0x1d0 [ 57.216209] ? lock_acquire+0x1e4/0x540 [ 57.220175] _do_fork+0x291/0x12a0 [ 57.223708] ? fork_idle+0x1a0/0x1a0 [ 57.227425] ? fsnotify_first_mark+0x350/0x350 [ 57.231996] ? __fsnotify_parent+0xcc/0x420 [ 57.236306] ? fsnotify+0x14e0/0x14e0 [ 57.240101] ? __sb_end_write+0xac/0xe0 [ 57.244065] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 57.249592] ? fput+0x130/0x1a0 [ 57.252860] ? ksys_write+0x1ae/0x260 [ 57.256649] ? __ia32_sys_read+0xb0/0xb0 [ 57.260699] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 57.266231] __x64_sys_clone+0xbf/0x150 [ 57.270198] do_syscall_64+0x1b9/0x820 [ 57.274073] ? finish_task_switch+0x1d3/0x870 [ 57.278562] ? syscall_return_slowpath+0x5e0/0x5e0 [ 57.283482] ? syscall_return_slowpath+0x31d/0x5e0 [ 57.288401] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 57.293427] ? prepare_exit_to_usermode+0x291/0x3b0 [ 57.298439] ? perf_trace_sys_enter+0xb10/0xb10 [ 57.303114] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.307952] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.313131] RIP: 0033:0x455ab9 [ 57.316303] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.335505] RSP: 002b:00007fd9aa6b4c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 57.343207] RAX: ffffffffffffffda RBX: 00007fd9aa6b56d4 RCX: 0000000000455ab9 [ 57.350467] RDX: 0000000020000100 RSI: 0000000020000040 RDI: 0000000000000000 [ 57.357723] RBP: 000000000072bea0 R08: 0000000020000080 R09: 0000000000000000 [ 57.364980] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000006 [ 57.372238] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000c [ 57.379514] CPU: 0 PID: 4587 Comm: syz-executor2 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 57.387924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.397272] Call Trace: [ 57.399862] dump_stack+0x1c9/0x2b4 [ 57.403497] ? dump_stack_print_info.cold.2+0x52/0x52 [ 57.408688] ? unwind_get_return_address+0x61/0xa0 [ 57.413631] should_fail.cold.4+0xa/0x11 [ 57.417783] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 57.422887] ? save_stack+0xa9/0xd0 [ 57.426513] ? save_stack+0x43/0xd0 [ 57.430139] ? __kasan_slab_free+0x11a/0x170 [ 57.434547] ? kasan_slab_free+0xe/0x10 [ 57.438522] ? putname+0xf2/0x130 [ 57.441975] ? filename_lookup+0x397/0x510 [ 57.446209] ? kern_path+0x33/0x40 [ 57.449754] ? create_local_trace_uprobe+0x95/0x5e0 [ 57.454769] ? perf_uprobe_init+0x19f/0x280 [ 57.459090] ? perf_uprobe_event_init+0xff/0x190 [ 57.463845] ? perf_try_init_event+0x137/0x2f0 [ 57.468446] ? inherit_event.isra.105+0x257/0xc00 [ 57.473272] ? inherit_task_group.isra.107.part.108+0x73/0x2a0 [ 57.479235] ? perf_event_init_task+0x313/0x870 [ 57.483898] ? copy_process.part.41+0x1d4e/0x73d0 [ 57.488730] ? _do_fork+0x291/0x12a0 [ 57.492432] ? __x64_sys_clone+0xbf/0x150 [ 57.496564] ? do_syscall_64+0x1b9/0x820 [ 57.500609] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.505966] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 57.510534] ? kasan_check_write+0x14/0x20 [ 57.514752] ? do_raw_spin_lock+0xc1/0x200 [ 57.518967] ? lock_acquire+0x1e4/0x540 [ 57.522924] ? fs_reclaim_acquire+0x20/0x20 [ 57.527227] ? lock_downgrade+0x8f0/0x8f0 [ 57.531362] ? check_same_owner+0x340/0x340 [ 57.535675] ? rcu_note_context_switch+0x730/0x730 [ 57.540588] __should_failslab+0x124/0x180 [ 57.544802] should_failslab+0x9/0x14 [ 57.548581] __kmalloc+0x2c8/0x760 [ 57.552108] ? filename_lookup+0x39c/0x510 [ 57.556331] ? alloc_trace_uprobe+0x45e/0x8f0 [ 57.560807] alloc_trace_uprobe+0x45e/0x8f0 [ 57.565116] ? trace_uprobe_register+0xcf0/0xcf0 [ 57.569855] ? kasan_slab_alloc+0x12/0x20 [ 57.573985] ? kmem_cache_alloc+0x2fc/0x760 [ 57.578302] ? usercopy_warn+0x120/0x120 [ 57.582355] create_local_trace_uprobe+0x139/0x5e0 [ 57.587269] ? strncpy_from_user+0x3be/0x510 [ 57.591657] ? bpf_get_uprobe_info+0x350/0x350 [ 57.596220] ? mpi_free.cold.1+0x19/0x19 [ 57.600265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.605783] perf_uprobe_init+0x19f/0x280 [ 57.609915] perf_uprobe_event_init+0xff/0x190 [ 57.614480] perf_try_init_event+0x137/0x2f0 [ 57.618873] perf_event_alloc.part.94+0x10a9/0x33c0 [ 57.623877] ? perf_try_init_event+0x2f0/0x2f0 [ 57.628441] ? trace_hardirqs_on+0x10/0x10 [ 57.632675] ? trace_hardirqs_on+0x10/0x10 [ 57.636902] ? lock_release+0xa30/0xa30 [ 57.640867] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 57.645864] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 57.650603] ? lock_acquire+0x1e4/0x540 [ 57.654568] ? is_bpf_text_address+0xae/0x170 [ 57.659045] ? lock_downgrade+0x8f0/0x8f0 [ 57.663176] ? lock_release+0xa30/0xa30 [ 57.667133] ? rcu_is_watching+0x8c/0x150 [ 57.671261] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 57.675921] ? is_bpf_text_address+0xd7/0x170 [ 57.680409] ? kernel_text_address+0x79/0xf0 [ 57.684811] ? __kernel_text_address+0xd/0x40 [ 57.689287] ? unwind_get_return_address+0x61/0xa0 [ 57.694208] ? __save_stack_trace+0x8d/0xf0 [ 57.698514] ? __lockdep_init_map+0x105/0x590 [ 57.702995] ? lockdep_init_map+0x9/0x10 [ 57.707046] ? debug_mutex_init+0x2d/0x60 [ 57.711172] ? __mutex_init+0x1f7/0x290 [ 57.715130] ? inherit_task_group.isra.107.part.108+0x158/0x2a0 [ 57.721166] ? __ia32_sys_membarrier+0x150/0x150 [ 57.725905] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.731247] ? lock_acquire+0x1e4/0x540 [ 57.735201] ? rcu_read_unlock+0x37/0xb0 [ 57.739242] ? lock_downgrade+0x8f0/0x8f0 [ 57.743391] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 57.748922] ? atomic_fetch_add_unless+0x1e4/0x2c0 [ 57.753837] inherit_event.isra.105+0x257/0xc00 [ 57.758495] ? perf_event_create_kernel_counter+0x360/0x360 [ 57.764185] ? kasan_kmalloc+0xc4/0xe0 [ 57.768058] ? kmem_cache_alloc_trace+0x318/0x780 [ 57.772881] ? trace_hardirqs_on+0xd/0x10 [ 57.777020] inherit_task_group.isra.107.part.108+0x73/0x2a0 [ 57.782804] perf_event_init_task+0x313/0x870 [ 57.787279] ? sched_fork+0x46d/0xbd0 [ 57.791066] ? perf_event_attrs+0x40/0x40 [ 57.795197] ? kmem_cache_alloc+0x2fc/0x760 [ 57.799499] ? __lockdep_init_map+0x105/0x590 [ 57.803975] ? __lockdep_init_map+0x105/0x590 [ 57.808452] copy_process.part.41+0x1d4e/0x73d0 [ 57.813103] ? lockdep_init_map+0x9/0x10 [ 57.817147] ? kasan_check_write+0x14/0x20 [ 57.821386] ? __init_rwsem+0x1cc/0x2a0 [ 57.825349] ? __cleanup_sighand+0x70/0x70 [ 57.829578] ? lock_release+0xa30/0xa30 [ 57.833535] ? xas_descend+0x20c/0x5f0 [ 57.837403] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 57.842403] ? check_pgprot+0xdf/0x180 [ 57.846271] ? put_page+0x280/0x280 [ 57.849878] ? kasan_check_write+0x14/0x20 [ 57.854092] ? do_raw_spin_lock+0xc1/0x200 [ 57.858310] ? alloc_set_pte+0xaf6/0x1790 [ 57.862441] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 57.867439] ? filemap_map_pages+0xca2/0x1990 [ 57.871918] ? trace_hardirqs_on+0x10/0x10 [ 57.876136] ? xa_set_tag+0x40/0x40 [ 57.879745] ? environ_open+0x90/0x90 [ 57.883541] ? trace_hardirqs_on+0x10/0x10 [ 57.887758] ? trace_hardirqs_on+0x10/0x10 [ 57.891973] ? trace_hardirqs_on+0x10/0x10 [ 57.896190] ? find_get_entries_tag+0x1410/0x1410 [ 57.901025] ? mntput_no_expire+0x18e/0xbc0 [ 57.905344] ? do_raw_spin_lock+0xc1/0x200 [ 57.909568] ? mnt_get_count+0x150/0x150 [ 57.913611] ? dput.part.26+0x276/0x7a0 [ 57.917566] ? shrink_dcache_sb+0x350/0x350 [ 57.921869] ? chown_common+0x730/0x730 [ 57.925832] ? lock_acquire+0x1e4/0x540 [ 57.929786] ? __fdget_pos+0x1bb/0x200 [ 57.933655] ? lock_release+0xa30/0xa30 [ 57.937626] ? check_same_owner+0x340/0x340 [ 57.941930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.947450] ? _parse_integer+0x13b/0x190 [ 57.951580] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 57.957581] ? _kstrtoull+0x188/0x250 [ 57.961376] ? _parse_integer+0x190/0x190 [ 57.965504] ? lock_release+0xa30/0xa30 [ 57.969468] ? check_same_owner+0x340/0x340 [ 57.973785] ? __check_object_size+0xa3/0x5d7 [ 57.978283] ? lock_acquire+0x1e4/0x540 [ 57.982251] ? get_pid_task+0xd8/0x1a0 [ 57.986130] ? lock_downgrade+0x8f0/0x8f0 [ 57.990265] ? lock_release+0xa30/0xa30 [ 57.994238] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 57.999755] ? pid_task+0x115/0x200 [ 58.003385] ? find_vpid+0xf0/0xf0 [ 58.006910] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 58.011737] ? __f_unlock_pos+0x19/0x20 [ 58.015692] ? lock_downgrade+0x8f0/0x8f0 [ 58.019825] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 58.025343] ? proc_fail_nth_write+0x9e/0x210 [ 58.029824] ? proc_cwd_link+0x1d0/0x1d0 [ 58.033866] ? lock_acquire+0x1e4/0x540 [ 58.037824] _do_fork+0x291/0x12a0 [ 58.041344] ? fork_idle+0x1a0/0x1a0 [ 58.045045] ? fsnotify_first_mark+0x350/0x350 [ 58.049609] ? __fsnotify_parent+0xcc/0x420 [ 58.053919] ? fsnotify+0x14e0/0x14e0 [ 58.057713] ? __sb_end_write+0xac/0xe0 [ 58.061669] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 58.067182] ? fput+0x130/0x1a0 [ 58.070442] ? ksys_write+0x1ae/0x260 [ 58.074224] ? __ia32_sys_read+0xb0/0xb0 [ 58.078265] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 58.083786] __x64_sys_clone+0xbf/0x150 [ 58.087744] do_syscall_64+0x1b9/0x820 [ 58.091612] ? finish_task_switch+0x1d3/0x870 [ 58.096101] ? syscall_return_slowpath+0x5e0/0x5e0 [ 58.101024] ? syscall_return_slowpath+0x31d/0x5e0 [ 58.105943] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 58.110947] ? prepare_exit_to_usermode+0x291/0x3b0 [ 58.115945] ? perf_trace_sys_enter+0xb10/0xb10 [ 58.120594] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 58.125420] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.130595] RIP: 0033:0x455ab9 [ 58.133773] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.152897] RSP: 002b:00007fa3c8d32c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 58.160602] RAX: ffffffffffffffda RBX: 00007fa3c8d336d4 RCX: 0000000000455ab9 [ 58.167855] RDX: 0000000020000100 RSI: 0000000020000040 RDI: 0000000000000000 [ 58.175110] RBP: 000000000072bea0 R08: 0000000020000080 R09: 0000000000000000 [ 58.182375] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000006 [ 58.189638] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000c [ 58.197894] trace_kprobe: Failed to allocate trace_uprobe.(-12) [ 58.235172] ================================================================== [ 58.242598] BUG: KASAN: use-after-free in _free_event+0x49a/0x15e0 [ 58.248915] Write of size 4 at addr ffff8801d7b300a0 by task syz-executor3/4578 [ 58.256339] [ 58.257954] CPU: 1 PID: 4578 Comm: syz-executor3 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 58.266335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.275671] Call Trace: [ 58.278244] dump_stack+0x1c9/0x2b4 [ 58.281853] ? dump_stack_print_info.cold.2+0x52/0x52 [ 58.287026] ? printk+0xa7/0xcf [ 58.290300] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 58.295048] ? _free_event+0x49a/0x15e0 [ 58.299007] print_address_description+0x6c/0x20b [ 58.303846] ? _free_event+0x49a/0x15e0 [ 58.307806] kasan_report.cold.7+0x242/0x30d [ 58.312213] check_memory_region+0x13e/0x1b0 [ 58.316605] kasan_check_write+0x14/0x20 [ 58.320645] _free_event+0x49a/0x15e0 [ 58.324426] ? do_raw_spin_unlock+0xa7/0x2f0 [ 58.328815] ? ring_buffer_attach+0x840/0x840 [ 58.333307] ? __perf_remove_from_context+0x1d8/0x440 [ 58.338476] ? do_raw_spin_lock+0xc1/0x200 [ 58.342703] ? kasan_check_write+0x14/0x20 [ 58.346924] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 58.351837] ? event_sched_out.isra.100+0xf10/0xf10 [ 58.356847] ? wait_for_completion+0x8d0/0x8d0 [ 58.361417] ? perf_event_release_kernel+0x2e3/0xfc0 [ 58.366512] ? event_sched_out.isra.100+0xf10/0xf10 [ 58.371513] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.377032] ? get_ctx+0x218/0x300 [ 58.380555] free_event+0xb4/0x180 [ 58.384076] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 58.388640] ? _free_event+0x15e0/0x15e0 [ 58.392697] perf_event_release_kernel+0x7d5/0xfc0 [ 58.397611] ? put_event+0x60/0x60 [ 58.401131] ? kasan_check_write+0x14/0x20 [ 58.405344] ? do_raw_spin_lock+0xc1/0x200 [ 58.409559] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 58.414296] ? retint_kernel+0x10/0x10 [ 58.418163] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 58.423679] ? locks_remove_posix+0x464/0x860 [ 58.428151] ? do_lock_file_wait.part.30+0x260/0x260 [ 58.433240] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.438756] ? locks_remove_file+0x3df/0x590 [ 58.443145] ? fcntl_setlk+0x1010/0x1010 [ 58.447187] ? fsnotify_first_mark+0x350/0x350 [ 58.451749] ? fsnotify+0x14e0/0x14e0 [ 58.455539] ? perf_event_release_kernel+0xfc0/0xfc0 [ 58.460630] perf_release+0x37/0x50 [ 58.464239] __fput+0x376/0x8a0 [ 58.467505] ? __alloc_file+0x400/0x400 [ 58.471478] ? kasan_check_write+0x14/0x20 [ 58.475695] ? do_raw_spin_lock+0xc1/0x200 [ 58.479910] ____fput+0x15/0x20 [ 58.483173] task_work_run+0x1ec/0x2a0 [ 58.487048] ? task_work_cancel+0x250/0x250 [ 58.491363] ? copy_fd_bitmaps+0x210/0x210 [ 58.495599] exit_to_usermode_loop+0x318/0x380 [ 58.500167] ? syscall_slow_exit_work+0x500/0x500 [ 58.504993] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.510514] do_syscall_64+0x6be/0x820 [ 58.514381] ? syscall_return_slowpath+0x5e0/0x5e0 [ 58.519290] ? syscall_return_slowpath+0x31d/0x5e0 [ 58.524200] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 58.529206] ? prepare_exit_to_usermode+0x291/0x3b0 [ 58.534203] ? perf_trace_sys_enter+0xb10/0xb10 [ 58.538852] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 58.543689] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.548863] RIP: 0033:0x40fb91 [ 58.552032] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 58.571193] RSP: 002b:00007ffd21ab83b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 58.578880] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 000000000040fb91 [ 58.586134] RDX: 0000000000000000 RSI: 0000000000730ad8 RDI: 0000000000000004 [ 58.593385] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 58.600632] R10: 00007ffd21ab8230 R11: 0000000000000293 R12: 00000000000003e0 [ 58.607880] R13: 0000000000000000 R14: 00007ffd21ab8a60 R15: 0000000000000000 [ 58.615131] [ 58.616740] Allocated by task 4589: [ 58.620356] save_stack+0x43/0xd0 [ 58.623798] kasan_kmalloc+0xc4/0xe0 [ 58.627501] kasan_slab_alloc+0x12/0x20 [ 58.631455] kmem_cache_alloc_node+0x144/0x780 [ 58.636023] copy_process.part.41+0x176a/0x73d0 [ 58.640674] _do_fork+0x291/0x12a0 [ 58.644204] __x64_sys_clone+0xbf/0x150 [ 58.648163] do_syscall_64+0x1b9/0x820 [ 58.652045] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.657216] [ 58.658829] Freed by task 4589: [ 58.662086] save_stack+0x43/0xd0 [ 58.665529] __kasan_slab_free+0x11a/0x170 [ 58.669744] kasan_slab_free+0xe/0x10 [ 58.673525] kmem_cache_free+0x86/0x2d0 [ 58.677477] free_task+0x16e/0x1f0 [ 58.680998] copy_process.part.41+0x167e/0x73d0 [ 58.685653] _do_fork+0x291/0x12a0 [ 58.689170] __x64_sys_clone+0xbf/0x150 [ 58.693123] do_syscall_64+0x1b9/0x820 [ 58.696990] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.702167] [ 58.703777] The buggy address belongs to the object at ffff8801d7b30080 [ 58.703777] which belongs to the cache task_struct(49:syz3) of size 6016 [ 58.717290] The buggy address is located 32 bytes inside of [ 58.717290] 6016-byte region [ffff8801d7b30080, ffff8801d7b31800) [ 58.729140] The buggy address belongs to the page: [ 58.734052] page:ffffea00075ecc00 count:1 mapcount:0 mapping:ffff8801d81554c0 index:0x0 compound_mapcount: 0 [ 58.744000] flags: 0x2fffc0000010200(slab|head) [ 58.748656] raw: 02fffc0000010200 ffffea0006ac5c08 ffff8801ccf28548 ffff8801d81554c0 [ 58.756628] raw: 0000000000000000 ffff8801d7b30080 0000000100000001 ffff8801d7c06bc0 [ 58.764486] page dumped because: kasan: bad access detected [ 58.770178] page->mem_cgroup:ffff8801d7c06bc0 [ 58.774656] [ 58.776260] Memory state around the buggy address: [ 58.781168] ffff8801d7b2ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.788518] ffff8801d7b30000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.795865] >ffff8801d7b30080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.803201] ^ [ 58.807600] ffff8801d7b30100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.814937] ffff8801d7b30180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.822278] ================================================================== [ 58.829692] Kernel panic - not syncing: panic_on_warn set ... [ 58.829692] [ 58.837063] CPU: 1 PID: 4578 Comm: syz-executor3 Tainted: G B 4.18.0-rc5-next-20180720+ #12 [ 58.846842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.856564] Call Trace: [ 58.859142] dump_stack+0x1c9/0x2b4 [ 58.862771] ? dump_stack_print_info.cold.2+0x52/0x52 [ 58.867949] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 58.872687] panic+0x238/0x4e7 [ 58.875859] ? add_taint.cold.5+0x16/0x16 [ 58.879988] ? do_raw_spin_unlock+0xa7/0x2f0 [ 58.884381] ? _free_event+0x49a/0x15e0 [ 58.888336] kasan_end_report+0x47/0x4f [ 58.892292] kasan_report.cold.7+0x76/0x30d [ 58.896596] check_memory_region+0x13e/0x1b0 [ 58.900985] kasan_check_write+0x14/0x20 [ 58.905034] _free_event+0x49a/0x15e0 [ 58.908818] ? do_raw_spin_unlock+0xa7/0x2f0 [ 58.913209] ? ring_buffer_attach+0x840/0x840 [ 58.917687] ? __perf_remove_from_context+0x1d8/0x440 [ 58.922862] ? do_raw_spin_lock+0xc1/0x200 [ 58.927092] ? kasan_check_write+0x14/0x20 [ 58.931318] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 58.936229] ? event_sched_out.isra.100+0xf10/0xf10 [ 58.941231] ? wait_for_completion+0x8d0/0x8d0 [ 58.945802] ? perf_event_release_kernel+0x2e3/0xfc0 [ 58.950885] ? event_sched_out.isra.100+0xf10/0xf10 [ 58.955884] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.961402] ? get_ctx+0x218/0x300 [ 58.964931] free_event+0xb4/0x180 [ 58.968455] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 58.973027] ? _free_event+0x15e0/0x15e0 [ 58.977085] perf_event_release_kernel+0x7d5/0xfc0 [ 58.982005] ? put_event+0x60/0x60 [ 58.985533] ? kasan_check_write+0x14/0x20 [ 58.989751] ? do_raw_spin_lock+0xc1/0x200 [ 58.993979] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 58.998721] ? retint_kernel+0x10/0x10 [ 59.002594] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 59.008123] ? locks_remove_posix+0x464/0x860 [ 59.010541] FAULT_INJECTION: forcing a failure. [ 59.010541] name failslab, interval 1, probability 0, space 0, times 0 [ 59.012616] ? do_lock_file_wait.part.30+0x260/0x260 [ 59.012638] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.012648] ? locks_remove_file+0x3df/0x590 [ 59.012666] ? fcntl_setlk+0x1010/0x1010 [ 59.042863] ? fsnotify_first_mark+0x350/0x350 [ 59.047440] ? fsnotify+0x14e0/0x14e0 [ 59.051236] ? perf_event_release_kernel+0xfc0/0xfc0 [ 59.056333] perf_release+0x37/0x50 [ 59.059955] __fput+0x376/0x8a0 [ 59.063226] ? __alloc_file+0x400/0x400 [ 59.067192] ? kasan_check_write+0x14/0x20 [ 59.071418] ? do_raw_spin_lock+0xc1/0x200 [ 59.075648] ____fput+0x15/0x20 [ 59.078918] task_work_run+0x1ec/0x2a0 [ 59.082802] ? task_work_cancel+0x250/0x250 [ 59.087112] ? copy_fd_bitmaps+0x210/0x210 [ 59.091339] exit_to_usermode_loop+0x318/0x380 [ 59.095911] ? syscall_slow_exit_work+0x500/0x500 [ 59.100746] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.106276] do_syscall_64+0x6be/0x820 [ 59.110153] ? syscall_return_slowpath+0x5e0/0x5e0 [ 59.115071] ? syscall_return_slowpath+0x31d/0x5e0 [ 59.119990] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 59.124999] ? prepare_exit_to_usermode+0x291/0x3b0 [ 59.130009] ? perf_trace_sys_enter+0xb10/0xb10 [ 59.134668] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 59.139505] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.144683] RIP: 0033:0x40fb91 [ 59.147854] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 59.167062] RSP: 002b:00007ffd21ab83b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 59.174761] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 000000000040fb91 [ 59.182024] RDX: 0000000000000000 RSI: 0000000000730ad8 RDI: 0000000000000004 [ 59.189298] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 59.196559] R10: 00007ffd21ab8230 R11: 0000000000000293 R12: 00000000000003e0 [ 59.203814] R13: 0000000000000000 R14: 00007ffd21ab8a60 R15: 0000000000000000 [ 59.211088] CPU: 0 PID: 4609 Comm: syz-executor7 Tainted: G B 4.18.0-rc5-next-20180720+ #12 [ 59.220873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.230210] Call Trace: [ 59.232789] dump_stack+0x1c9/0x2b4 [ 59.236401] ? dump_stack_print_info.cold.2+0x52/0x52 [ 59.241576] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 59.246235] should_fail.cold.4+0xa/0x11 [ 59.250285] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 59.255375] ? unwind_get_return_address+0x61/0xa0 [ 59.260293] ? __save_stack_trace+0x8d/0xf0 [ 59.264607] ? save_stack+0xa9/0xd0 [ 59.268218] ? save_stack+0x43/0xd0 [ 59.271846] ? kasan_kmalloc+0xc4/0xe0 [ 59.275718] ? __kmalloc_node+0x47/0x70 [ 59.279680] ? kvmalloc_node+0x65/0xf0 [ 59.283551] ? alloc_fdtable+0xd9/0x280 [ 59.287507] ? dup_fd+0xa7d/0xf60 [ 59.290945] ? copy_process.part.41+0x1ef5/0x73d0 [ 59.295768] ? _do_fork+0x291/0x12a0 [ 59.299464] ? __x64_sys_clone+0xbf/0x150 [ 59.303600] ? lock_acquire+0x1e4/0x540 [ 59.307560] ? fs_reclaim_acquire+0x20/0x20 [ 59.311863] ? lock_downgrade+0x8f0/0x8f0 [ 59.315995] ? check_same_owner+0x340/0x340 [ 59.320299] ? rcu_note_context_switch+0x730/0x730 [ 59.325211] __should_failslab+0x124/0x180 [ 59.329428] should_failslab+0x9/0x14 [ 59.333212] kmem_cache_alloc_node_trace+0x26f/0x770 [ 59.338295] ? kasan_unpoison_shadow+0x35/0x50 [ 59.342864] __kmalloc_node+0x33/0x70 [ 59.346651] kvmalloc_node+0x65/0xf0 [ 59.350350] alloc_fdtable+0x145/0x280 [ 59.354218] dup_fd+0xa7d/0xf60 [ 59.357481] ? __fdget+0x20/0x20 [ 59.360831] ? do_raw_spin_lock+0xc1/0x200 [ 59.365050] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.370570] ? perf_event_init_task+0x1fa/0x870 [ 59.375232] ? sched_fork+0x46d/0xbd0 [ 59.379022] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 59.384542] ? copy_semundo+0xca/0x360 [ 59.388414] ? __ia32_sys_semop+0xb0/0xb0 [ 59.392548] ? kmem_cache_alloc+0x2fc/0x760 [ 59.396851] ? __lockdep_init_map+0x105/0x590 [ 59.401330] ? __lockdep_init_map+0x105/0x590 [ 59.405809] copy_process.part.41+0x1ef5/0x73d0 [ 59.410465] ? lockdep_init_map+0x9/0x10 [ 59.414509] ? kasan_check_write+0x14/0x20 [ 59.418725] ? __init_rwsem+0x1cc/0x2a0 [ 59.422687] ? __cleanup_sighand+0x70/0x70 [ 59.426918] ? lock_release+0xa30/0xa30 [ 59.430879] ? xas_descend+0x20c/0x5f0 [ 59.434762] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 59.439763] ? check_pgprot+0xdf/0x180 [ 59.443632] ? put_page+0x280/0x280 [ 59.447244] ? kasan_check_write+0x14/0x20 [ 59.451464] ? do_raw_spin_lock+0xc1/0x200 [ 59.455685] ? alloc_set_pte+0xaf6/0x1790 [ 59.459817] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 59.464817] ? filemap_map_pages+0xca2/0x1990 [ 59.469295] ? trace_hardirqs_on+0x10/0x10 [ 59.473513] ? xa_set_tag+0x40/0x40 [ 59.477136] ? environ_open+0x90/0x90 [ 59.480920] ? trace_hardirqs_on+0x10/0x10 [ 59.485150] ? trace_hardirqs_on+0x10/0x10 [ 59.489366] ? trace_hardirqs_on+0x10/0x10 [ 59.493588] ? find_get_entries_tag+0x1410/0x1410 [ 59.498418] ? mntput_no_expire+0x18e/0xbc0 [ 59.502723] ? do_raw_spin_lock+0xc1/0x200 [ 59.506940] ? mnt_get_count+0x150/0x150 [ 59.510986] ? dput.part.26+0x276/0x7a0 [ 59.514942] ? shrink_dcache_sb+0x350/0x350 [ 59.519250] ? chown_common+0x730/0x730 [ 59.523207] ? lock_acquire+0x1e4/0x540 [ 59.527162] ? __fdget_pos+0x1bb/0x200 [ 59.531035] ? lock_release+0xa30/0xa30 [ 59.534989] ? check_same_owner+0x340/0x340 [ 59.539307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.544826] ? _parse_integer+0x13b/0x190 [ 59.548958] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 59.554477] ? _kstrtoull+0x188/0x250 [ 59.558264] ? _parse_integer+0x190/0x190 [ 59.562401] ? lock_release+0xa30/0xa30 [ 59.566360] ? check_same_owner+0x340/0x340 [ 59.570665] ? __check_object_size+0xa3/0x5d7 [ 59.575146] ? lock_acquire+0x1e4/0x540 [ 59.579101] ? get_pid_task+0xd8/0x1a0 [ 59.582972] ? lock_downgrade+0x8f0/0x8f0 [ 59.587103] ? lock_release+0xa30/0xa30 [ 59.591063] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 59.596583] ? pid_task+0x115/0x200 [ 59.600192] ? find_vpid+0xf0/0xf0 [ 59.603720] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 59.608547] ? __f_unlock_pos+0x19/0x20 [ 59.612506] ? lock_downgrade+0x8f0/0x8f0 [ 59.616651] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 59.622169] ? proc_fail_nth_write+0x9e/0x210 [ 59.626671] ? proc_cwd_link+0x1d0/0x1d0 [ 59.630715] ? lock_acquire+0x1e4/0x540 [ 59.634676] _do_fork+0x291/0x12a0 [ 59.638200] ? fork_idle+0x1a0/0x1a0 [ 59.641897] ? fsnotify_first_mark+0x350/0x350 [ 59.646460] ? __fsnotify_parent+0xcc/0x420 [ 59.650775] ? fsnotify+0x14e0/0x14e0 [ 59.654562] ? __sb_end_write+0xac/0xe0 [ 59.658520] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 59.664036] ? fput+0x130/0x1a0 [ 59.667310] ? ksys_write+0x1ae/0x260 [ 59.671091] ? __ia32_sys_read+0xb0/0xb0 [ 59.675135] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 59.680654] __x64_sys_clone+0xbf/0x150 [ 59.684612] do_syscall_64+0x1b9/0x820 [ 59.688481] ? finish_task_switch+0x1d3/0x870 [ 59.692956] ? syscall_return_slowpath+0x5e0/0x5e0 [ 59.697868] ? syscall_return_slowpath+0x31d/0x5e0 [ 59.702782] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 59.707780] ? prepare_exit_to_usermode+0x291/0x3b0 [ 59.712779] ? perf_trace_sys_enter+0xb10/0xb10 [ 59.717431] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 59.722264] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.727434] RIP: 0033:0x455ab9 [ 59.730602] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.749774] RSP: 002b:00007ff23ee9ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 59.757464] RAX: ffffffffffffffda RBX: 00007ff23ee9b6d4 RCX: 0000000000455ab9 [ 59.764713] RDX: 0000000020000100 RSI: 0000000020000040 RDI: 0000000000000000 [ 59.771966] RBP: 000000000072bf48 R08: 0000000020000080 R09: 0000000000000000 [ 59.779215] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000006 [ 59.786472] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000c [ 59.794253] Dumping ftrace buffer: [ 59.797791] (ftrace buffer empty) [ 59.801479] Kernel Offset: disabled [ 59.805084] Rebooting in 86400 seconds..