INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.16' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 23.915490] ================================================================== [ 23.922951] BUG: KASAN: slab-out-of-bounds in process_preds+0x1958/0x19b0 [ 23.929863] Write of size 4 at addr ffff8801d2cc52f0 by task syzkaller805061/4413 [ 23.937458] [ 23.939070] CPU: 1 PID: 4413 Comm: syzkaller805061 Not tainted 4.16.0+ #4 [ 23.945974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.955308] Call Trace: [ 23.957884] dump_stack+0x1b9/0x294 [ 23.961498] ? dump_stack_print_info.cold.2+0x52/0x52 [ 23.966668] ? printk+0x9e/0xba [ 23.969929] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 23.974675] ? kasan_check_write+0x14/0x20 [ 23.978896] print_address_description+0x6c/0x20b [ 23.983722] ? process_preds+0x1958/0x19b0 [ 23.987938] kasan_report.cold.7+0x242/0x2fe [ 23.992329] __asan_report_store4_noabort+0x17/0x20 [ 23.997326] process_preds+0x1958/0x19b0 [ 24.001370] ? create_filter_start+0x122/0x2e0 [ 24.005939] ? parse_pred+0x28e0/0x28e0 [ 24.009918] ? create_filter_start+0x55/0x2e0 [ 24.014407] create_filter+0x1a8/0x370 [ 24.018275] ? process_preds+0x19b0/0x19b0 [ 24.022494] ? wait_for_completion+0x870/0x870 [ 24.027061] ftrace_profile_set_filter+0x109/0x2b0 [ 24.031974] ? ftrace_profile_free_filter+0x70/0x70 [ 24.036992] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 24.042525] ? memdup_user+0x6b/0xa0 [ 24.046222] perf_event_set_filter+0x248/0x1230 [ 24.050883] ? mutex_trylock+0x2a0/0x2a0 [ 24.054932] ? __thp_get_unmapped_area+0x180/0x180 [ 24.059846] ? put_ctx+0x140/0x140 [ 24.063369] ? __lock_acquire+0x7f5/0x5140 [ 24.067588] ? debug_mutex_init+0x2d/0x60 [ 24.071723] ? debug_check_no_locks_freed+0x310/0x310 [ 24.076897] ? graph_lock+0x170/0x170 [ 24.080685] ? kasan_check_read+0x11/0x20 [ 24.084824] ? rcu_is_watching+0x85/0x140 [ 24.088954] ? __lock_is_held+0xb5/0x140 [ 24.093000] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 24.098182] _perf_ioctl+0x84c/0x15e0 [ 24.101965] ? SYSC_perf_event_open+0x2fa0/0x2fa0 [ 24.106794] ? lock_downgrade+0x8e0/0x8e0 [ 24.110934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 24.116467] ? kasan_check_read+0x11/0x20 [ 24.120603] ? rcu_is_watching+0x85/0x140 [ 24.124734] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 24.129906] ? graph_lock+0x170/0x170 [ 24.133686] ? mark_held_locks+0xc9/0x160 [ 24.137818] ? mutex_lock_nested+0x16/0x20 [ 24.142043] ? mutex_lock_nested+0x16/0x20 [ 24.146264] ? perf_event_ctx_lock_nested+0x40d/0x4e0 [ 24.151445] ? perf_event_read_event+0x430/0x430 [ 24.156196] ? find_held_lock+0x36/0x1c0 [ 24.160242] perf_ioctl+0x59/0x80 [ 24.163675] ? _perf_ioctl+0x15e0/0x15e0 [ 24.167719] do_vfs_ioctl+0x1cf/0x16a0 [ 24.171591] ? ioctl_preallocate+0x2e0/0x2e0 [ 24.175979] ? fget_raw+0x20/0x20 [ 24.179419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 24.184938] ? __do_page_fault+0x441/0xe40 [ 24.189159] ? security_file_ioctl+0x94/0xc0 [ 24.193552] ksys_ioctl+0xa9/0xd0 [ 24.196987] SyS_ioctl+0x24/0x30 [ 24.200337] ? ksys_ioctl+0xd0/0xd0 [ 24.203947] do_syscall_64+0x29e/0x9d0 [ 24.207820] ? vmalloc_sync_all+0x30/0x30 [ 24.211952] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.216692] ? syscall_return_slowpath+0x5c0/0x5c0 [ 24.221611] ? syscall_return_slowpath+0x30f/0x5c0 [ 24.226523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 24.232039] ? retint_user+0x18/0x18 [ 24.235735] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.240563] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 24.245732] RIP: 0033:0x43fda9 [ 24.248901] RSP: 002b:00007fffc1641498 EFLAGS: 00000213 ORIG_RAX: 0000000000000010 [ 24.256587] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fda9 [ 24.263835] RDX: 0000000020000100 RSI: 0000000040082406 RDI: 0000000000000003 [ 24.271086] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 24.278335] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016d0 [ 24.285584] R13: 0000000000401760 R14: 0000000000000000 R15: 0000000000000000 [ 24.293255] [ 24.294859] Allocated by task 1: [ 24.298204] save_stack+0x43/0xd0 [ 24.301633] kasan_kmalloc+0xc4/0xe0 [ 24.305322] __kmalloc_node+0x47/0x70 [ 24.309103] disk_expand_part_tbl+0x236/0x3c0 [ 24.313577] __alloc_disk_node+0x16f/0x500 [ 24.317791] nbd_dev_add+0xdc/0x9f0 [ 24.321399] nbd_init+0x20e/0x22f [ 24.324831] do_one_initcall+0x127/0x913 [ 24.328869] kernel_init_freeable+0x49b/0x58e [ 24.333342] kernel_init+0x11/0x1b3 [ 24.336945] ret_from_fork+0x3a/0x50 [ 24.340630] [ 24.342235] Freed by task 0: [ 24.345225] (stack is not available) [ 24.348909] [ 24.350515] The buggy address belongs to the object at ffff8801d2cc5280 [ 24.350515] which belongs to the cache kmalloc-64 of size 64 [ 24.362977] The buggy address is located 48 bytes to the right of [ 24.362977] 64-byte region [ffff8801d2cc5280, ffff8801d2cc52c0) [ 24.375175] The buggy address belongs to the page: [ 24.380082] page:ffffea00074b3140 count:1 mapcount:0 mapping:ffff8801d2cc5000 index:0x0 [ 24.388201] flags: 0x2fffc0000000100(slab) [ 24.392416] raw: 02fffc0000000100 ffff8801d2cc5000 0000000000000000 0000000100000020 [ 24.400276] raw: ffffea00074c9f60 ffffea00074968e0 ffff8801dac00340 0000000000000000 [ 24.408128] page dumped because: kasan: bad access detected [ 24.413811] [ 24.415412] Memory state around the buggy address: [ 24.420320] ffff8801d2cc5180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 24.427657] ffff8801d2cc5200: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 24.434994] >ffff8801d2cc5280: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 24.442338] ^ [ 24.449332] ffff8801d2cc5300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.456681] ffff8801d2cc5380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 24.464022] ================================================================== [ 24.471363] Disabling lock debugging due to kernel taint [ 24.477104] Kernel panic - not syncing: panic_on_warn set ... [ 24.477104] [ 24.484470] CPU: 1 PID: 4413 Comm: syzkaller805061 Tainted: G B 4.16.0+ #4 [ 24.492762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.502103] Call Trace: [ 24.504676] dump_stack+0x1b9/0x294 [ 24.508284] ? dump_stack_print_info.cold.2+0x52/0x52 [ 24.513465] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.518201] ? process_preds+0x1900/0x19b0 [ 24.522417] panic+0x22f/0x4de [ 24.525590] ? add_taint.cold.5+0x16/0x16 [ 24.529719] ? do_raw_spin_unlock+0x9e/0x2e0 [ 24.534109] ? do_raw_spin_unlock+0x9e/0x2e0 [ 24.538497] ? process_preds+0x1958/0x19b0 [ 24.542709] kasan_end_report+0x47/0x4f [ 24.546665] kasan_report.cold.7+0x76/0x2fe [ 24.550967] __asan_report_store4_noabort+0x17/0x20 [ 24.555962] process_preds+0x1958/0x19b0 [ 24.560004] ? create_filter_start+0x122/0x2e0 [ 24.564579] ? parse_pred+0x28e0/0x28e0 [ 24.568532] ? create_filter_start+0x55/0x2e0 [ 24.573011] create_filter+0x1a8/0x370 [ 24.576884] ? process_preds+0x19b0/0x19b0 [ 24.581099] ? wait_for_completion+0x870/0x870 [ 24.585673] ftrace_profile_set_filter+0x109/0x2b0 [ 24.590586] ? ftrace_profile_free_filter+0x70/0x70 [ 24.595592] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 24.601117] ? memdup_user+0x6b/0xa0 [ 24.604810] perf_event_set_filter+0x248/0x1230 [ 24.609462] ? mutex_trylock+0x2a0/0x2a0 [ 24.613511] ? __thp_get_unmapped_area+0x180/0x180 [ 24.618421] ? put_ctx+0x140/0x140 [ 24.621940] ? __lock_acquire+0x7f5/0x5140 [ 24.626163] ? debug_mutex_init+0x2d/0x60 [ 24.630300] ? debug_check_no_locks_freed+0x310/0x310 [ 24.635470] ? graph_lock+0x170/0x170 [ 24.639251] ? kasan_check_read+0x11/0x20 [ 24.643377] ? rcu_is_watching+0x85/0x140 [ 24.647501] ? __lock_is_held+0xb5/0x140 [ 24.651540] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 24.656710] _perf_ioctl+0x84c/0x15e0 [ 24.660492] ? SYSC_perf_event_open+0x2fa0/0x2fa0 [ 24.665313] ? lock_downgrade+0x8e0/0x8e0 [ 24.669439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 24.674957] ? kasan_check_read+0x11/0x20 [ 24.679083] ? rcu_is_watching+0x85/0x140 [ 24.683212] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 24.688381] ? graph_lock+0x170/0x170 [ 24.692167] ? mark_held_locks+0xc9/0x160 [ 24.696295] ? mutex_lock_nested+0x16/0x20 [ 24.700511] ? mutex_lock_nested+0x16/0x20 [ 24.704731] ? perf_event_ctx_lock_nested+0x40d/0x4e0 [ 24.709899] ? perf_event_read_event+0x430/0x430 [ 24.714633] ? find_held_lock+0x36/0x1c0 [ 24.718679] perf_ioctl+0x59/0x80 [ 24.722111] ? _perf_ioctl+0x15e0/0x15e0 [ 24.726159] do_vfs_ioctl+0x1cf/0x16a0 [ 24.730089] ? ioctl_preallocate+0x2e0/0x2e0 [ 24.734473] ? fget_raw+0x20/0x20 [ 24.737904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 24.743422] ? __do_page_fault+0x441/0xe40 [ 24.747638] ? security_file_ioctl+0x94/0xc0 [ 24.752028] ksys_ioctl+0xa9/0xd0 [ 24.755458] SyS_ioctl+0x24/0x30 [ 24.758798] ? ksys_ioctl+0xd0/0xd0 [ 24.762401] do_syscall_64+0x29e/0x9d0 [ 24.766273] ? vmalloc_sync_all+0x30/0x30 [ 24.770394] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.775126] ? syscall_return_slowpath+0x5c0/0x5c0 [ 24.780035] ? syscall_return_slowpath+0x30f/0x5c0 [ 24.784943] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 24.790457] ? retint_user+0x18/0x18 [ 24.794147] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.798965] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 24.804127] RIP: 0033:0x43fda9 [ 24.807293] RSP: 002b:00007fffc1641498 EFLAGS: 00000213 ORIG_RAX: 0000000000000010 [ 24.814977] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fda9 [ 24.822224] RDX: 0000000020000100 RSI: 0000000040082406 RDI: 0000000000000003 [ 24.829467] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 24.836714] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016d0 [ 24.843958] R13: 0000000000401760 R14: 0000000000000000 R15: 0000000000000000 [ 24.851655] Dumping ftrace buffer: [ 24.855173] (ftrace buffer empty) [ 24.858855] Kernel Offset: disabled [ 24.862458] Rebooting in 86400 seconds..