INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   31.211479] ==================================================================
[   31.218959] BUG: KASAN: slab-out-of-bounds in process_preds+0x1958/0x19b0
[   31.225871] Write of size 4 at addr ffff8801cd4b1870 by task syzkaller618592/4522
[   31.233469] 
[   31.235082] CPU: 0 PID: 4522 Comm: syzkaller618592 Not tainted 4.16.0+ #17
[   31.242074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.251410] Call Trace:
[   31.253985]  dump_stack+0x1b9/0x294
[   31.257601]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.262774]  ? printk+0x9e/0xba
[   31.266040]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   31.270781]  ? kasan_check_write+0x14/0x20
[   31.275002]  print_address_description+0x6c/0x20b
[   31.279829]  ? process_preds+0x1958/0x19b0
[   31.284048]  kasan_report.cold.7+0xac/0x2f5
[   31.288358]  __asan_report_store4_noabort+0x17/0x20
[   31.293357]  process_preds+0x1958/0x19b0
[   31.297407]  ? create_filter_start+0x122/0x2e0
[   31.301985]  ? parse_pred+0x28e0/0x28e0
[   31.305950]  ? create_filter_start+0x55/0x2e0
[   31.310436]  create_filter+0x1a8/0x370
[   31.314325]  ? process_preds+0x19b0/0x19b0
[   31.318548]  ? wait_for_completion+0x870/0x870
[   31.323125]  ftrace_profile_set_filter+0x109/0x2b0
[   31.328041]  ? ftrace_profile_free_filter+0x70/0x70
[   31.333043]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   31.338564]  ? memdup_user+0x6b/0xa0
[   31.342267]  perf_event_set_filter+0x248/0x1230
[   31.346948]  ? perf_tp_event+0xc30/0xc30
[   31.351017]  ? kasan_check_write+0x14/0x20
[   31.355244]  ? mutex_trylock+0x2a0/0x2a0
[   31.359290]  ? put_ctx+0x140/0x140
[   31.362819]  ? perf_trace_lock_acquire+0x4f1/0x980
[   31.367740]  ? perf_trace_lock+0x900/0x900
[   31.371965]  ? graph_lock+0x170/0x170
[   31.375751]  ? lock_downgrade+0x8e0/0x8e0
[   31.379887]  ? kasan_check_read+0x11/0x20
[   31.384022]  ? rcu_is_watching+0x85/0x140
[   31.388158]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   31.393334]  _perf_ioctl+0x84c/0x1650
[   31.397118]  ? SYSC_perf_event_open+0x2fa0/0x2fa0
[   31.401947]  ? lock_downgrade+0x8e0/0x8e0
[   31.406083]  ? kasan_check_read+0x11/0x20
[   31.410213]  ? rcu_is_watching+0x85/0x140
[   31.414342]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   31.419515]  ? mark_held_locks+0xc9/0x160
[   31.423653]  ? mutex_lock_nested+0x16/0x20
[   31.427870]  ? mutex_lock_nested+0x16/0x20
[   31.432087]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   31.437263]  ? perf_event_read_event+0x430/0x430
[   31.442004]  ? SYSC_perf_event_open+0x7b4/0x2fa0
[   31.446740]  ? find_held_lock+0x36/0x1c0
[   31.450793]  perf_ioctl+0x59/0x80
[   31.454228]  ? _perf_ioctl+0x1650/0x1650
[   31.458270]  do_vfs_ioctl+0x1cf/0x1650
[   31.462145]  ? ioctl_preallocate+0x2e0/0x2e0
[   31.466536]  ? fget_raw+0x20/0x20
[   31.469983]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.475509]  ? security_file_ioctl+0x94/0xc0
[   31.479905]  ksys_ioctl+0xa9/0xd0
[   31.483346]  SyS_ioctl+0x24/0x30
[   31.486694]  ? ksys_ioctl+0xd0/0xd0
[   31.490304]  do_syscall_64+0x29e/0x9d0
[   31.494174]  ? vmalloc_sync_all+0x30/0x30
[   31.498308]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.503046]  ? syscall_return_slowpath+0x5c0/0x5c0
[   31.507968]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.512881]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   31.518232]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.523063]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   31.528230] RIP: 0033:0x43fdb9
[   31.531399] RSP: 002b:00007ffe4453d468 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[   31.539098] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9
[   31.546349] RDX: 0000000020000140 RSI: 0000000040082406 RDI: 0000000000000003
[   31.553598] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   31.560848] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0
[   31.568100] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   31.575365] 
[   31.576972] Allocated by task 2217:
[   31.580579]  save_stack+0x43/0xd0
[   31.584013]  kasan_kmalloc+0xc4/0xe0
[   31.587705]  kmem_cache_alloc_trace+0x152/0x780
[   31.592356]  __request_module+0x386/0xcdd
[   31.596483]  crypto_alg_mod_lookup+0x1c1/0x6b0
[   31.601048]  crypto_find_alg+0xba/0xe0
[   31.604916]  crypto_grab_spawn+0x4f/0xe0
[   31.608957]  crypto_grab_skcipher+0x50/0x60
[   31.613263]  crypto_fpu_create+0x1ea/0x9f0
[   31.617479]  cryptomgr_probe+0x6d/0x280
[   31.621438]  kthread+0x345/0x410
[   31.624805]  ret_from_fork+0x3a/0x50
[   31.628494] 
[   31.630099] Freed by task 2217:
[   31.633362]  save_stack+0x43/0xd0
[   31.636798]  __kasan_slab_free+0x11a/0x170
[   31.641014]  kasan_slab_free+0xe/0x10
[   31.644797]  kfree+0xd9/0x260
[   31.647888]  free_modprobe_argv+0x74/0xa0
[   31.652019]  call_usermodehelper_exec+0x274/0x4f0
[   31.656840]  __request_module+0x4ba/0xcdd
[   31.660971]  crypto_alg_mod_lookup+0x1c1/0x6b0
[   31.665540]  crypto_find_alg+0xba/0xe0
[   31.669583]  crypto_grab_spawn+0x4f/0xe0
[   31.673633]  crypto_grab_skcipher+0x50/0x60
[   31.677935]  crypto_fpu_create+0x1ea/0x9f0
[   31.682148]  cryptomgr_probe+0x6d/0x280
[   31.686102]  kthread+0x345/0x410
[   31.689449]  ret_from_fork+0x3a/0x50
[   31.693136] 
[   31.694745] The buggy address belongs to the object at ffff8801cd4b1800
[   31.694745]  which belongs to the cache kmalloc-64 of size 64
[   31.707208] The buggy address is located 48 bytes to the right of
[   31.707208]  64-byte region [ffff8801cd4b1800, ffff8801cd4b1840)
[   31.719410] The buggy address belongs to the page:
[   31.724317] page:ffffea0007352c40 count:1 mapcount:0 mapping:ffff8801cd4b1000 index:0x0
[   31.732441] flags: 0x2fffc0000000100(slab)
[   31.736659] raw: 02fffc0000000100 ffff8801cd4b1000 0000000000000000 0000000100000020
[   31.744522] raw: ffffea00073b1260 ffffea000735e960 ffff8801dac00340 0000000000000000
[   31.752376] page dumped because: kasan: bad access detected
[   31.758061] 
[   31.759668] Memory state around the buggy address:
[   31.764577]  ffff8801cd4b1700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   31.771918]  ffff8801cd4b1780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   31.779256] >ffff8801cd4b1800: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   31.786591]                                                              ^
[   31.793583]  ffff8801cd4b1880: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   31.800929]  ffff8801cd4b1900: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   31.808261] ==================================================================
[   31.815592] Disabling lock debugging due to kernel taint
[   31.821141] Kernel panic - not syncing: panic_on_warn set ...
[   31.821141] 
[   31.828492] CPU: 0 PID: 4522 Comm: syzkaller618592 Tainted: G    B            4.16.0+ #17
[   31.836785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.846118] Call Trace:
[   31.848689]  dump_stack+0x1b9/0x294
[   31.852297]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.857471]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.862212]  ? process_preds+0x18d0/0x19b0
[   31.866428]  panic+0x22f/0x4de
[   31.869601]  ? add_taint.cold.5+0x16/0x16
[   31.873735]  ? do_raw_spin_unlock+0x9e/0x2e0
[   31.878122]  ? do_raw_spin_unlock+0x9e/0x2e0
[   31.882512]  ? process_preds+0x1958/0x19b0
[   31.886729]  kasan_end_report+0x47/0x4f
[   31.890684]  kasan_report.cold.7+0xc9/0x2f5
[   31.894988]  __asan_report_store4_noabort+0x17/0x20
[   31.899982]  process_preds+0x1958/0x19b0
[   31.904026]  ? create_filter_start+0x122/0x2e0
[   31.908591]  ? parse_pred+0x28e0/0x28e0
[   31.912545]  ? create_filter_start+0x55/0x2e0
[   31.917023]  create_filter+0x1a8/0x370
[   31.920892]  ? process_preds+0x19b0/0x19b0
[   31.925110]  ? wait_for_completion+0x870/0x870
[   31.929680]  ftrace_profile_set_filter+0x109/0x2b0
[   31.934590]  ? ftrace_profile_free_filter+0x70/0x70
[   31.939591]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   31.945106]  ? memdup_user+0x6b/0xa0
[   31.948803]  perf_event_set_filter+0x248/0x1230
[   31.953452]  ? perf_tp_event+0xc30/0xc30
[   31.957495]  ? kasan_check_write+0x14/0x20
[   31.961710]  ? mutex_trylock+0x2a0/0x2a0
[   31.965752]  ? put_ctx+0x140/0x140
[   31.969282]  ? perf_trace_lock_acquire+0x4f1/0x980
[   31.974196]  ? perf_trace_lock+0x900/0x900
[   31.978411]  ? graph_lock+0x170/0x170
[   31.982193]  ? lock_downgrade+0x8e0/0x8e0
[   31.986323]  ? kasan_check_read+0x11/0x20
[   31.990451]  ? rcu_is_watching+0x85/0x140
[   31.994580]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   31.999751]  _perf_ioctl+0x84c/0x1650
[   32.003532]  ? SYSC_perf_event_open+0x2fa0/0x2fa0
[   32.008359]  ? lock_downgrade+0x8e0/0x8e0
[   32.012493]  ? kasan_check_read+0x11/0x20
[   32.016617]  ? rcu_is_watching+0x85/0x140
[   32.020746]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   32.025922]  ? mark_held_locks+0xc9/0x160
[   32.030054]  ? mutex_lock_nested+0x16/0x20
[   32.034267]  ? mutex_lock_nested+0x16/0x20
[   32.038480]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   32.043653]  ? perf_event_read_event+0x430/0x430
[   32.048392]  ? SYSC_perf_event_open+0x7b4/0x2fa0
[   32.053128]  ? find_held_lock+0x36/0x1c0
[   32.057174]  perf_ioctl+0x59/0x80
[   32.060605]  ? _perf_ioctl+0x1650/0x1650
[   32.064644]  do_vfs_ioctl+0x1cf/0x1650
[   32.068516]  ? ioctl_preallocate+0x2e0/0x2e0
[   32.072909]  ? fget_raw+0x20/0x20
[   32.076348]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.081876]  ? security_file_ioctl+0x94/0xc0
[   32.086268]  ksys_ioctl+0xa9/0xd0
[   32.089707]  SyS_ioctl+0x24/0x30
[   32.093053]  ? ksys_ioctl+0xd0/0xd0
[   32.096659]  do_syscall_64+0x29e/0x9d0
[   32.100525]  ? vmalloc_sync_all+0x30/0x30
[   32.104651]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   32.109389]  ? syscall_return_slowpath+0x5c0/0x5c0
[   32.114298]  ? syscall_return_slowpath+0x30f/0x5c0
[   32.119209]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   32.124554]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.129381]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   32.134549] RIP: 0033:0x43fdb9
[   32.137718] RSP: 002b:00007ffe4453d468 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[   32.145407] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9
[   32.152656] RDX: 0000000020000140 RSI: 0000000040082406 RDI: 0000000000000003
[   32.159908] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   32.167155] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0
[   32.174406] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   32.182015] Dumping ftrace buffer:
[   32.185533]    (ftrace buffer empty)
[   32.189220] Kernel Offset: disabled
[   32.192836] Rebooting in 86400 seconds..