INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts. 2018/04/12 08:05:37 parsed 1 programs 2018/04/12 08:05:37 executed programs: 0 syzkaller login: [ 32.711122] IPVS: ftp: loaded support on port[0] = 21 [ 33.070979] ================================================================== [ 33.078402] BUG: KASAN: slab-out-of-bounds in perf_callchain_user+0xe31/0xfe0 [ 33.085656] Write of size 8 at addr ffff8801d87f2d40 by task udevd/2377 [ 33.092382] [ 33.094011] CPU: 0 PID: 2377 Comm: udevd Not tainted 4.16.0+ #3 [ 33.100051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.109383] Call Trace: [ 33.111956] dump_stack+0x1b9/0x29f [ 33.115568] ? arch_local_irq_restore+0x52/0x52 [ 33.120219] ? printk+0x9e/0xba [ 33.123478] ? show_regs_print_info+0x18/0x18 [ 33.127957] ? kasan_check_write+0x14/0x20 [ 33.132173] print_address_description+0x6c/0x20b [ 33.136998] ? perf_callchain_user+0xe31/0xfe0 [ 33.141566] kasan_report.cold.7+0xac/0x2f5 [ 33.145868] __asan_report_store8_noabort+0x17/0x20 [ 33.150863] perf_callchain_user+0xe31/0xfe0 [ 33.155265] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.160784] ? perf_callchain_kernel+0x4a6/0x630 [ 33.165526] ? perf_callchain_kernel+0x630/0x630 [ 33.170265] ? find_held_lock+0x36/0x1c0 [ 33.174310] get_perf_callchain+0x798/0xb20 [ 33.178701] ? put_callchain_buffers+0x120/0x120 [ 33.183450] ? rcu_is_watching+0x85/0x140 [ 33.187579] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 33.192760] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.198282] ? __perf_event_header__init_id.isra.73+0x33a/0x490 [ 33.204319] perf_prepare_sample+0x123d/0x1900 [ 33.208900] ? perf_output_sample+0x1d10/0x1d10 [ 33.213551] ? lock_release+0xa10/0xa10 [ 33.217509] ? account_entity_enqueue+0x3db/0x6f0 [ 33.222333] ? __enqueue_entity+0x10d/0x1f0 [ 33.226638] perf_event_output_forward+0x10a/0x2b0 [ 33.231548] ? perf_prepare_sample+0x1900/0x1900 [ 33.236298] ? print_usage_bug+0xc0/0xc0 [ 33.240340] ? __account_cfs_rq_runtime+0x600/0x600 [ 33.245335] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 33.250857] ? __perf_event_account_interrupt+0xee/0x290 [ 33.256288] ? perf_prepare_sample+0x1900/0x1900 [ 33.261031] __perf_event_overflow+0x231/0x4b0 [ 33.265597] ? __perf_event_account_interrupt+0x290/0x290 [ 33.271116] ? graph_lock+0x170/0x170 [ 33.274902] ? __lock_acquire+0x7f5/0x5130 [ 33.279119] ? perf_prepare_sample+0x1900/0x1900 [ 33.283859] ? debug_check_no_locks_freed+0x310/0x310 [ 33.289032] ? activate_page+0x3dc/0x980 [ 33.293076] perf_swevent_overflow+0xad/0x150 [ 33.297552] perf_swevent_event+0x1f0/0x2e0 [ 33.301857] perf_tp_event+0x4da/0xc30 [ 33.305727] ? update_load_avg+0x2d9/0x2540 [ 33.310034] ? update_load_avg+0x2d9/0x2540 [ 33.314337] ? perf_swevent_event+0x2e0/0x2e0 [ 33.318817] ? graph_lock+0x170/0x170 [ 33.322608] ? kasan_check_read+0x11/0x20 [ 33.326734] ? do_raw_spin_unlock+0x9e/0x2e0 [ 33.331128] ? graph_lock+0x170/0x170 [ 33.334909] ? find_held_lock+0x36/0x1c0 [ 33.338955] ? lock_downgrade+0x8e0/0x8e0 [ 33.343086] ? kasan_check_read+0x11/0x20 [ 33.347217] ? rcu_is_watching+0x85/0x140 [ 33.351346] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 33.356517] ? update_curr+0x4d8/0xbf0 [ 33.360385] ? graph_lock+0x170/0x170 [ 33.364169] perf_trace_run_bpf_submit+0x23f/0x370 [ 33.369078] ? perf_trace_run_bpf_submit+0x23f/0x370 [ 33.374162] ? perf_tp_event+0xc30/0xc30 [ 33.378208] ? __lock_is_held+0xb5/0x140 [ 33.382263] ? memset+0x31/0x40 [ 33.385525] perf_trace_lock_acquire+0x4f1/0x980 [ 33.390263] ? update_load_avg+0x2540/0x2540 [ 33.394654] ? perf_trace_lock+0x900/0x900 [ 33.399056] ? put_prev_entity+0x49/0x2a0 [ 33.403188] ? pick_next_task_fair+0x97f/0x1670 [ 33.407846] ? kasan_check_read+0x11/0x20 [ 33.411976] ? rcu_pm_notify+0xc0/0xc0 [ 33.415847] lock_acquire+0x38e/0x520 [ 33.419630] ? finish_task_switch+0x182/0x820 [ 33.424110] ? lock_release+0xa10/0xa10 [ 33.428071] ? compat_start_thread+0x80/0x80 [ 33.432461] finish_task_switch+0x1c2/0x820 [ 33.436771] ? finish_task_switch+0x182/0x820 [ 33.441250] ? copy_overflow+0x20/0x20 [ 33.445119] ? lock_repin_lock+0x410/0x410 [ 33.449338] __schedule+0x80f/0x1e40 [ 33.453037] ? __sched_text_start+0x8/0x8 [ 33.457168] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 33.462179] ? mutex_unlock+0xd/0x10 [ 33.465880] ? ep_scan_ready_list+0xa0a/0xf10 [ 33.470357] ? sock_def_readable+0x2f2/0x710 [ 33.474751] ? ep_poll_callback+0x10d0/0x10d0 [ 33.479239] ? refcount_sub_and_test+0x212/0x330 [ 33.483978] schedule+0xef/0x430 [ 33.487327] ? __schedule+0x1e40/0x1e40 [ 33.491284] ? find_held_lock+0x36/0x1c0 [ 33.495330] schedule_hrtimeout_range_clock+0x3c0/0x470 [ 33.500677] ? hrtimer_nanosleep_restart+0x190/0x190 [ 33.505765] ? kasan_check_read+0x11/0x20 [ 33.509898] ? do_raw_spin_unlock+0x9e/0x2e0 [ 33.514288] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 33.518857] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 33.523944] schedule_hrtimeout_range+0x2a/0x40 [ 33.528595] ep_poll+0xf2e/0x11d0 [ 33.532035] ? do_epoll_create+0x5b0/0x5b0 [ 33.536254] ? copy_msghdr_from_user+0x560/0x560 [ 33.540991] ? graph_lock+0x170/0x170 [ 33.544781] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.550299] ? __fget_light+0x2ef/0x430 [ 33.554252] ? fget_raw+0x20/0x20 [ 33.557686] ? find_held_lock+0x36/0x1c0 [ 33.561736] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 33.567254] ? __fget_light+0x2ef/0x430 [ 33.571208] ? fget_raw+0x20/0x20 [ 33.574643] ? SyS_shutdown+0x30/0x30 [ 33.578448] ? __sb_end_write+0xac/0xe0 [ 33.582405] ? wake_up_q+0x100/0x100 [ 33.586114] do_epoll_wait+0x1b0/0x200 [ 33.589984] SyS_epoll_wait+0x2c/0x40 [ 33.593768] ? SyS_epoll_ctl+0x1ac0/0x1ac0 [ 33.597986] do_syscall_64+0x29e/0x9d0 [ 33.601859] ? vmalloc_sync_all+0x30/0x30 [ 33.605990] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 33.610821] ? syscall_return_slowpath+0x5c0/0x5c0 [ 33.615737] ? syscall_return_slowpath+0x30f/0x5c0 [ 33.620652] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 33.626001] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.630835] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 33.636004] RIP: 0033:0x7fe39adf3943 [ 33.639883] RSP: 002b:00007ffc13750708 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8 [ 33.647571] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fe39adf3943 [ 33.654823] RDX: 0000000000000008 RSI: 00007ffc13750800 RDI: 000000000000000a [ 33.662075] RBP: 0000000001b676c0 R08: 0000000000000000 R09: 00007fe39ae3ca60 [ 33.669339] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000a56 [ 33.676589] R13: 0000000000000000 R14: 0000000001b674a0 R15: 0000000001b4e250 [ 33.683838] [ 33.685445] Allocated by task 4544: [ 33.689059] save_stack+0x43/0xd0 [ 33.692492] kasan_kmalloc+0xc4/0xe0 [ 33.696187] __kmalloc_node+0x47/0x70 [ 33.699970] get_callchain_buffers+0x31a/0x4b0 [ 33.704533] perf_event_alloc.part.91+0x2274/0x30a0 [ 33.709532] SYSC_perf_event_open+0xa8a/0x2fa0 [ 33.714097] SyS_perf_event_open+0x35/0x40 [ 33.718311] do_syscall_64+0x29e/0x9d0 [ 33.722703] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 33.727871] [ 33.729477] Freed by task 0: [ 33.732471] (stack is not available) [ 33.736160] [ 33.737771] The buggy address belongs to the object at ffff8801d87f1c40 [ 33.737771] which belongs to the cache kmalloc-8192 of size 8192 [ 33.750581] The buggy address is located 4352 bytes inside of [ 33.750581] 8192-byte region [ffff8801d87f1c40, ffff8801d87f3c40) [ 33.762613] The buggy address belongs to the page: [ 33.767526] page:ffffea000761fc00 count:1 mapcount:0 mapping:ffff8801d87f1c40 index:0x0 compound_mapcount: 0 [ 33.777472] flags: 0x2fffc0000008100(slab|head) [ 33.782126] raw: 02fffc0000008100 ffff8801d87f1c40 0000000000000000 0000000100000001 [ 33.789993] raw: ffffea0007612020 ffffea0006b0ff20 ffff8801dac02080 0000000000000000 [ 33.797866] page dumped because: kasan: bad access detected [ 33.803548] [ 33.805153] Memory state around the buggy address: [ 33.810065] ffff8801d87f2c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.817404] ffff8801d87f2c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.824742] >ffff8801d87f2d00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 33.832076] ^ [ 33.837764] ffff8801d87f2d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.845105] ffff8801d87f2e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.852439] ================================================================== [ 33.859782] Disabling lock debugging due to kernel taint [ 33.865211] Kernel panic - not syncing: panic_on_warn set ... [ 33.865211] [ 33.872560] CPU: 0 PID: 2377 Comm: udevd Tainted: G B 4.16.0+ #3 [ 33.879895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.889227] Call Trace: [ 33.891803] dump_stack+0x1b9/0x29f [ 33.895414] ? arch_local_irq_restore+0x52/0x52 [ 33.900066] ? lock_downgrade+0x8e0/0x8e0 [ 33.904194] ? vprintk_default+0x28/0x30 [ 33.908248] ? perf_callchain_user+0xdf0/0xfe0 [ 33.912814] panic+0x22f/0x4de [ 33.916001] ? add_taint.cold.5+0x16/0x16 [ 33.920139] ? add_taint.cold.5+0x5/0x16 [ 33.924183] ? do_raw_spin_unlock+0x9e/0x2e0 [ 33.929183] ? perf_callchain_user+0xe31/0xfe0 [ 33.933748] kasan_end_report+0x47/0x4f [ 33.937706] kasan_report.cold.7+0xc9/0x2f5 [ 33.942016] __asan_report_store8_noabort+0x17/0x20 [ 33.947021] perf_callchain_user+0xe31/0xfe0 [ 33.951412] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.956931] ? perf_callchain_kernel+0x4a6/0x630 [ 33.961668] ? perf_callchain_kernel+0x630/0x630 [ 33.966405] ? find_held_lock+0x36/0x1c0 [ 33.970448] get_perf_callchain+0x798/0xb20 [ 33.974753] ? put_callchain_buffers+0x120/0x120 [ 33.979493] ? rcu_is_watching+0x85/0x140 [ 33.983626] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 33.988801] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.994325] ? __perf_event_header__init_id.isra.73+0x33a/0x490 [ 34.000381] perf_prepare_sample+0x123d/0x1900 [ 34.004946] ? perf_output_sample+0x1d10/0x1d10 [ 34.009596] ? lock_release+0xa10/0xa10 [ 34.013570] ? account_entity_enqueue+0x3db/0x6f0 [ 34.018394] ? __enqueue_entity+0x10d/0x1f0 [ 34.022704] perf_event_output_forward+0x10a/0x2b0 [ 34.027613] ? perf_prepare_sample+0x1900/0x1900 [ 34.032355] ? print_usage_bug+0xc0/0xc0 [ 34.036398] ? __account_cfs_rq_runtime+0x600/0x600 [ 34.041394] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.046925] ? __perf_event_account_interrupt+0xee/0x290 [ 34.052357] ? perf_prepare_sample+0x1900/0x1900 [ 34.057094] __perf_event_overflow+0x231/0x4b0 [ 34.061661] ? __perf_event_account_interrupt+0x290/0x290 [ 34.067181] ? graph_lock+0x170/0x170 [ 34.070965] ? __lock_acquire+0x7f5/0x5130 [ 34.075183] ? perf_prepare_sample+0x1900/0x1900 [ 34.079925] ? debug_check_no_locks_freed+0x310/0x310 [ 34.085097] ? activate_page+0x3dc/0x980 [ 34.089138] perf_swevent_overflow+0xad/0x150 [ 34.093613] perf_swevent_event+0x1f0/0x2e0 [ 34.097916] perf_tp_event+0x4da/0xc30 [ 34.101785] ? update_load_avg+0x2d9/0x2540 [ 34.106087] ? update_load_avg+0x2d9/0x2540 [ 34.110391] ? perf_swevent_event+0x2e0/0x2e0 [ 34.114870] ? graph_lock+0x170/0x170 [ 34.118658] ? kasan_check_read+0x11/0x20 [ 34.122785] ? do_raw_spin_unlock+0x9e/0x2e0 [ 34.127178] ? graph_lock+0x170/0x170 [ 34.130963] ? find_held_lock+0x36/0x1c0 [ 34.135016] ? lock_downgrade+0x8e0/0x8e0 [ 34.139150] ? kasan_check_read+0x11/0x20 [ 34.143279] ? rcu_is_watching+0x85/0x140 [ 34.147410] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 34.152584] ? update_curr+0x4d8/0xbf0 [ 34.156452] ? graph_lock+0x170/0x170 [ 34.160237] perf_trace_run_bpf_submit+0x23f/0x370 [ 34.165149] ? perf_trace_run_bpf_submit+0x23f/0x370 [ 34.170232] ? perf_tp_event+0xc30/0xc30 [ 34.174285] ? __lock_is_held+0xb5/0x140 [ 34.178330] ? memset+0x31/0x40 [ 34.181591] perf_trace_lock_acquire+0x4f1/0x980 [ 34.186330] ? update_load_avg+0x2540/0x2540 [ 34.190721] ? perf_trace_lock+0x900/0x900 [ 34.194940] ? put_prev_entity+0x49/0x2a0 [ 34.199070] ? pick_next_task_fair+0x97f/0x1670 [ 34.203739] ? kasan_check_read+0x11/0x20 [ 34.207869] ? rcu_pm_notify+0xc0/0xc0 [ 34.211740] lock_acquire+0x38e/0x520 [ 34.215521] ? finish_task_switch+0x182/0x820 [ 34.220001] ? lock_release+0xa10/0xa10 [ 34.223965] ? compat_start_thread+0x80/0x80 [ 34.228360] finish_task_switch+0x1c2/0x820 [ 34.232675] ? finish_task_switch+0x182/0x820 [ 34.237160] ? copy_overflow+0x20/0x20 [ 34.241031] ? lock_repin_lock+0x410/0x410 [ 34.245248] __schedule+0x80f/0x1e40 [ 34.248953] ? __sched_text_start+0x8/0x8 [ 34.253086] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 34.258094] ? mutex_unlock+0xd/0x10 [ 34.261800] ? ep_scan_ready_list+0xa0a/0xf10 [ 34.266278] ? sock_def_readable+0x2f2/0x710 [ 34.270672] ? ep_poll_callback+0x10d0/0x10d0 [ 34.275156] ? refcount_sub_and_test+0x212/0x330 [ 34.279896] schedule+0xef/0x430 [ 34.283246] ? __schedule+0x1e40/0x1e40 [ 34.287205] ? find_held_lock+0x36/0x1c0 [ 34.291249] schedule_hrtimeout_range_clock+0x3c0/0x470 [ 34.296594] ? hrtimer_nanosleep_restart+0x190/0x190 [ 34.301682] ? kasan_check_read+0x11/0x20 [ 34.305824] ? do_raw_spin_unlock+0x9e/0x2e0 [ 34.310214] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 34.314781] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 34.319870] schedule_hrtimeout_range+0x2a/0x40 [ 34.324519] ep_poll+0xf2e/0x11d0 [ 34.327953] ? do_epoll_create+0x5b0/0x5b0 [ 34.332175] ? copy_msghdr_from_user+0x560/0x560 [ 34.336915] ? graph_lock+0x170/0x170 [ 34.340700] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.346251] ? __fget_light+0x2ef/0x430 [ 34.350207] ? fget_raw+0x20/0x20 [ 34.353642] ? find_held_lock+0x36/0x1c0 [ 34.357694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.363221] ? __fget_light+0x2ef/0x430 [ 34.367175] ? fget_raw+0x20/0x20 [ 34.370613] ? SyS_shutdown+0x30/0x30 [ 34.374393] ? __sb_end_write+0xac/0xe0 [ 34.378351] ? wake_up_q+0x100/0x100 [ 34.382049] do_epoll_wait+0x1b0/0x200 [ 34.385920] SyS_epoll_wait+0x2c/0x40 [ 34.389703] ? SyS_epoll_ctl+0x1ac0/0x1ac0 [ 34.393919] do_syscall_64+0x29e/0x9d0 [ 34.397788] ? vmalloc_sync_all+0x30/0x30 [ 34.401917] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 34.406740] ? syscall_return_slowpath+0x5c0/0x5c0 [ 34.411653] ? syscall_return_slowpath+0x30f/0x5c0 [ 34.416577] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 34.421925] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.426751] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 34.431919] RIP: 0033:0x7fe39adf3943 [ 34.435609] RSP: 002b:00007ffc13750708 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8 [ 34.443310] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fe39adf3943 [ 34.450561] RDX: 0000000000000008 RSI: 00007ffc13750800 RDI: 000000000000000a [ 34.457811] RBP: 0000000001b676c0 R08: 0000000000000000 R09: 00007fe39ae3ca60 [ 34.465060] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000a56 [ 34.472310] R13: 0000000000000000 R14: 0000000001b674a0 R15: 0000000001b4e250 [ 34.479998] Dumping ftrace buffer: [ 34.483533] (ftrace buffer empty) [ 34.487218] Kernel Offset: disabled [ 34.490821] Rebooting in 86400 seconds..