INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   29.704699] FAULT_INJECTION: forcing a failure.
[   29.704699] name failslab, interval 1, probability 0, space 0, times 1
[   29.716011] CPU: 0 PID: 4452 Comm: syzkaller788882 Not tainted 4.16.0+ #17
[   29.723004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.732334] Call Trace:
[   29.734904]  dump_stack+0x1b9/0x294
[   29.738514]  ? dump_stack_print_info.cold.2+0x52/0x52
[   29.743952]  ? lock_release+0xa10/0xa10
[   29.747908]  ? check_same_owner+0x320/0x320
[   29.752210]  should_fail.cold.4+0xa/0x1a
[   29.756251]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   29.761332]  ? kasan_check_write+0x14/0x20
[   29.765546]  ? __mutex_lock+0x7d9/0x17f0
[   29.769583]  ? graph_lock+0x170/0x170
[   29.773365]  ? find_held_lock+0x36/0x1c0
[   29.777405]  ? __lock_is_held+0xb5/0x140
[   29.781450]  ? check_same_owner+0x320/0x320
[   29.785746]  ? find_held_lock+0x36/0x1c0
[   29.789787]  ? rcu_note_context_switch+0x710/0x710
[   29.794706]  __should_failslab+0x124/0x180
[   29.798922]  should_failslab+0x9/0x14
[   29.802706]  kmem_cache_alloc_trace+0x2cb/0x780
[   29.807351]  ? find_held_lock+0x36/0x1c0
[   29.811393]  create_filter_start+0xca/0x2e0
[   29.815694]  create_filter+0xfe/0x370
[   29.819480]  ? process_preds+0x19b0/0x19b0
[   29.823692]  ? wait_for_completion+0x870/0x870
[   29.828258]  ftrace_profile_set_filter+0x109/0x2b0
[   29.833168]  ? ftrace_profile_free_filter+0x70/0x70
[   29.838164]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   29.843679]  ? memdup_user+0x6b/0xa0
[   29.847374]  perf_event_set_filter+0x248/0x1230
[   29.852026]  ? mutex_trylock+0x2a0/0x2a0
[   29.856066]  ? put_ctx+0x140/0x140
[   29.859595]  ? __lock_acquire+0x7f5/0x5130
[   29.863812]  ? find_held_lock+0x36/0x1c0
[   29.867854]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   29.873368]  ? graph_lock+0x170/0x170
[   29.877149]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   29.882665]  ? _kstrtoull+0x180/0x230
[   29.886443]  ? graph_lock+0x170/0x170
[   29.890235]  ? graph_lock+0x170/0x170
[   29.894021]  ? lock_release+0xa10/0xa10
[   29.897988]  ? check_same_owner+0x320/0x320
[   29.902295]  ? find_held_lock+0x36/0x1c0
[   29.906338]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   29.911510]  _perf_ioctl+0x84c/0x1650
[   29.915291]  ? SYSC_perf_event_open+0x2fa0/0x2fa0
[   29.920115]  ? lock_downgrade+0x8e0/0x8e0
[   29.924247]  ? kasan_check_read+0x11/0x20
[   29.928374]  ? kasan_check_read+0x11/0x20
[   29.932500]  ? rcu_is_watching+0x85/0x140
[   29.936625]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   29.941793]  ? graph_lock+0x170/0x170
[   29.945574]  ? mutex_lock_nested+0x16/0x20
[   29.949789]  ? mutex_lock_nested+0x16/0x20
[   29.954004]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   29.959174]  ? perf_event_read_event+0x430/0x430
[   29.963913]  perf_ioctl+0x59/0x80
[   29.967346]  ? _perf_ioctl+0x1650/0x1650
[   29.971385]  do_vfs_ioctl+0x1cf/0x1650
[   29.975252]  ? ioctl_preallocate+0x2e0/0x2e0
[   29.979640]  ? fget_raw+0x20/0x20
[   29.983071]  ? __sb_end_write+0xac/0xe0
[   29.987029]  ? ksys_write+0x1a6/0x250
[   29.990810]  ? security_file_ioctl+0x94/0xc0
[   29.995201]  ksys_ioctl+0xa9/0xd0
[   29.998636]  SyS_ioctl+0x24/0x30
[   30.001981]  ? ksys_ioctl+0xd0/0xd0
[   30.005598]  do_syscall_64+0x29e/0x9d0
[   30.009468]  ? vmalloc_sync_all+0x30/0x30
[   30.013594]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.018328]  ? syscall_return_slowpath+0x5c0/0x5c0
[   30.023240]  ? syscall_return_slowpath+0x30f/0x5c0
[   30.028152]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   30.033495]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.038317]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.043482] RIP: 0033:0x440519
[   30.046648] RSP: 002b:00007ffe7642b3a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   30.054335] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440519
[   30.061584] RDX: 000000002099aff9 RSI: 0000000040082406 RDI: 0000000000000003
[   30.068834] RBP: 00000000006cb018 R08: 0000000000000001 R09: 00007ffe76420032
[   30.076082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[   30.083341] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   30.092190] ==================================================================
[   30.099608] BUG: KASAN: stack-out-of-bounds in __free_filter.part.6+0x1ac/0x1d0
[   30.107032] Read of size 8 at addr ffff8801b2cd7698 by task syzkaller788882/4452
[   30.114540] 
[   30.116153] CPU: 0 PID: 4452 Comm: syzkaller788882 Not tainted 4.16.0+ #17
[   30.123139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.132469] Call Trace:
[   30.135049]  dump_stack+0x1b9/0x294
[   30.138662]  ? dump_stack_print_info.cold.2+0x52/0x52
[   30.143830]  ? printk+0x9e/0xba
[   30.147096]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   30.151835]  ? kasan_check_write+0x14/0x20
[   30.156058]  print_address_description+0x6c/0x20b
[   30.160881]  ? __free_filter.part.6+0x1ac/0x1d0
[   30.165526]  kasan_report.cold.7+0xac/0x2f5
[   30.169837]  __asan_report_load8_noabort+0x14/0x20
[   30.174745]  __free_filter.part.6+0x1ac/0x1d0
[   30.179220]  ? filter_match_preds+0x340/0x340
[   30.183696]  ftrace_profile_set_filter+0x159/0x2b0
[   30.188603]  ? ftrace_profile_free_filter+0x70/0x70
[   30.193599]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   30.199114]  ? memdup_user+0x6b/0xa0
[   30.202808]  perf_event_set_filter+0x248/0x1230
[   30.207460]  ? mutex_trylock+0x2a0/0x2a0
[   30.211495]  ? put_ctx+0x140/0x140
[   30.215017]  ? __lock_acquire+0x7f5/0x5130
[   30.219235]  ? find_held_lock+0x36/0x1c0
[   30.223273]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   30.228788]  ? graph_lock+0x170/0x170
[   30.232566]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   30.238081]  ? _kstrtoull+0x180/0x230
[   30.241862]  ? graph_lock+0x170/0x170
[   30.245642]  ? graph_lock+0x170/0x170
[   30.249418]  ? lock_release+0xa10/0xa10
[   30.253372]  ? check_same_owner+0x320/0x320
[   30.257673]  ? find_held_lock+0x36/0x1c0
[   30.261713]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   30.266882]  _perf_ioctl+0x84c/0x1650
[   30.270662]  ? SYSC_perf_event_open+0x2fa0/0x2fa0
[   30.275486]  ? lock_downgrade+0x8e0/0x8e0
[   30.279612]  ? kasan_check_read+0x11/0x20
[   30.283740]  ? kasan_check_read+0x11/0x20
[   30.287868]  ? rcu_is_watching+0x85/0x140
[   30.291997]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   30.297174]  ? graph_lock+0x170/0x170
[   30.300959]  ? mutex_lock_nested+0x16/0x20
[   30.305178]  ? mutex_lock_nested+0x16/0x20
[   30.309389]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   30.314556]  ? perf_event_read_event+0x430/0x430
[   30.319293]  perf_ioctl+0x59/0x80
[   30.322725]  ? _perf_ioctl+0x1650/0x1650
[   30.326764]  do_vfs_ioctl+0x1cf/0x1650
[   30.330632]  ? ioctl_preallocate+0x2e0/0x2e0
[   30.335017]  ? fget_raw+0x20/0x20
[   30.338448]  ? __sb_end_write+0xac/0xe0
[   30.342406]  ? ksys_write+0x1a6/0x250
[   30.346185]  ? security_file_ioctl+0x94/0xc0
[   30.350571]  ksys_ioctl+0xa9/0xd0
[   30.354012]  SyS_ioctl+0x24/0x30
[   30.357355]  ? ksys_ioctl+0xd0/0xd0
[   30.360965]  do_syscall_64+0x29e/0x9d0
[   30.364829]  ? vmalloc_sync_all+0x30/0x30
[   30.368953]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.373690]  ? syscall_return_slowpath+0x5c0/0x5c0
[   30.378608]  ? syscall_return_slowpath+0x30f/0x5c0
[   30.383516]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   30.388857]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.393680]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.398845] RIP: 0033:0x440519
[   30.402015] RSP: 002b:00007ffe7642b3a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   30.409702] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440519
[   30.416951] RDX: 000000002099aff9 RSI: 0000000040082406 RDI: 0000000000000003
[   30.424215] RBP: 00000000006cb018 R08: 0000000000000001 R09: 00007ffe76420032
[   30.431472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[   30.438733] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   30.445990] 
[   30.447590] The buggy address belongs to the page:
[   30.452496] page:ffffea0006cb35c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   30.460612] flags: 0x2fffc0000000000()
[   30.464477] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   30.472335] raw: 0000000000000000 ffffea0006cb0101 0000000000000000 0000000000000000
[   30.480188] page dumped because: kasan: bad access detected
[   30.485868] 
[   30.487471] Memory state around the buggy address:
[   30.492375]  ffff8801b2cd7580: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f3
[   30.499708]  ffff8801b2cd7600: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
[   30.507040] >ffff8801b2cd7680: f1 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00
[   30.514380]                             ^
[   30.518517]  ffff8801b2cd7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[   30.525861]  ffff8801b2cd7780: f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2
[   30.533197] ==================================================================
[   30.540531] Disabling lock debugging due to kernel taint
[   30.546068] Kernel panic - not syncing: panic_on_warn set ...
[   30.546068] 
[   30.553418] CPU: 0 PID: 4452 Comm: syzkaller788882 Tainted: G    B            4.16.0+ #17
[   30.561710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.571040] Call Trace:
[   30.573610]  dump_stack+0x1b9/0x294
[   30.577212]  ? dump_stack_print_info.cold.2+0x52/0x52
[   30.582383]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.587121]  ? __free_filter.part.6+0x170/0x1d0
[   30.591772]  panic+0x22f/0x4de
[   30.594940]  ? add_taint.cold.5+0x16/0x16
[   30.599072]  ? do_raw_spin_unlock+0x9e/0x2e0
[   30.603461]  ? do_raw_spin_unlock+0x9e/0x2e0
[   30.607849]  ? __free_filter.part.6+0x1ac/0x1d0
[   30.612587]  kasan_end_report+0x47/0x4f
[   30.616538]  kasan_report.cold.7+0xc9/0x2f5
[   30.620843]  __asan_report_load8_noabort+0x14/0x20
[   30.625747]  __free_filter.part.6+0x1ac/0x1d0
[   30.630218]  ? filter_match_preds+0x340/0x340
[   30.634690]  ftrace_profile_set_filter+0x159/0x2b0
[   30.639596]  ? ftrace_profile_free_filter+0x70/0x70
[   30.644590]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   30.650105]  ? memdup_user+0x6b/0xa0
[   30.653795]  perf_event_set_filter+0x248/0x1230
[   30.658444]  ? mutex_trylock+0x2a0/0x2a0
[   30.662478]  ? put_ctx+0x140/0x140
[   30.665995]  ? __lock_acquire+0x7f5/0x5130
[   30.670206]  ? find_held_lock+0x36/0x1c0
[   30.674243]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   30.679757]  ? graph_lock+0x170/0x170
[   30.683534]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   30.689054]  ? _kstrtoull+0x180/0x230
[   30.692836]  ? graph_lock+0x170/0x170
[   30.696608]  ? graph_lock+0x170/0x170
[   30.700382]  ? lock_release+0xa10/0xa10
[   30.704331]  ? check_same_owner+0x320/0x320
[   30.708632]  ? find_held_lock+0x36/0x1c0
[   30.712672]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   30.717838]  _perf_ioctl+0x84c/0x1650
[   30.721614]  ? SYSC_perf_event_open+0x2fa0/0x2fa0
[   30.726432]  ? lock_downgrade+0x8e0/0x8e0
[   30.730556]  ? kasan_check_read+0x11/0x20
[   30.734685]  ? kasan_check_read+0x11/0x20
[   30.738808]  ? rcu_is_watching+0x85/0x140
[   30.743067]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   30.748234]  ? graph_lock+0x170/0x170
[   30.752018]  ? mutex_lock_nested+0x16/0x20
[   30.756240]  ? mutex_lock_nested+0x16/0x20
[   30.760452]  ? perf_event_ctx_lock_nested+0x40d/0x4e0
[   30.765621]  ? perf_event_read_event+0x430/0x430
[   30.770360]  perf_ioctl+0x59/0x80
[   30.773793]  ? _perf_ioctl+0x1650/0x1650
[   30.778014]  do_vfs_ioctl+0x1cf/0x1650
[   30.781881]  ? ioctl_preallocate+0x2e0/0x2e0
[   30.786266]  ? fget_raw+0x20/0x20
[   30.789698]  ? __sb_end_write+0xac/0xe0
[   30.793658]  ? ksys_write+0x1a6/0x250
[   30.797444]  ? security_file_ioctl+0x94/0xc0
[   30.801832]  ksys_ioctl+0xa9/0xd0
[   30.805263]  SyS_ioctl+0x24/0x30
[   30.808616]  ? ksys_ioctl+0xd0/0xd0
[   30.812221]  do_syscall_64+0x29e/0x9d0
[   30.816090]  ? vmalloc_sync_all+0x30/0x30
[   30.820214]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.824944]  ? syscall_return_slowpath+0x5c0/0x5c0
[   30.830031]  ? syscall_return_slowpath+0x30f/0x5c0
[   30.834938]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   30.840278]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.845097]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.850260] RIP: 0033:0x440519
[   30.853425] RSP: 002b:00007ffe7642b3a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   30.861108] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440519
[   30.868359] RDX: 000000002099aff9 RSI: 0000000040082406 RDI: 0000000000000003
[   30.875611] RBP: 00000000006cb018 R08: 0000000000000001 R09: 00007ffe76420032
[   30.882860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[   30.890110] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   30.897754] Dumping ftrace buffer:
[   30.901278]    (ftrace buffer empty)
[   30.904966] Kernel Offset: disabled
[   30.908573] Rebooting in 86400 seconds..