INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 31.500441] ================================================================== [ 31.507930] BUG: KASAN: slab-out-of-bounds in process_preds+0x1958/0x19b0 [ 31.514837] Write of size 4 at addr ffff8801ceecdef0 by task syzkaller992239/4513 [ 31.522430] [ 31.524042] CPU: 0 PID: 4513 Comm: syzkaller992239 Not tainted 4.16.0+ #17 [ 31.531036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.540386] Call Trace: [ 31.542962] dump_stack+0x1b9/0x294 [ 31.546575] ? dump_stack_print_info.cold.2+0x52/0x52 [ 31.551746] ? printk+0x9e/0xba [ 31.555006] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 31.559750] ? kasan_check_write+0x14/0x20 [ 31.563966] print_address_description+0x6c/0x20b [ 31.568788] ? process_preds+0x1958/0x19b0 [ 31.573014] kasan_report.cold.7+0xac/0x2f5 [ 31.577330] __asan_report_store4_noabort+0x17/0x20 [ 31.582322] process_preds+0x1958/0x19b0 [ 31.586363] ? create_filter_start+0x122/0x2e0 [ 31.590929] ? parse_pred+0x28e0/0x28e0 [ 31.594890] ? create_filter_start+0x55/0x2e0 [ 31.599363] create_filter+0x1a8/0x370 [ 31.603229] ? process_preds+0x19b0/0x19b0 [ 31.607445] ? wait_for_completion+0x870/0x870 [ 31.612021] ftrace_profile_set_filter+0x109/0x2b0 [ 31.616937] ? ftrace_profile_free_filter+0x70/0x70 [ 31.621935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 31.627459] ? memdup_user+0x6b/0xa0 [ 31.631157] perf_event_set_filter+0x248/0x1230 [ 31.635809] ? kasan_check_write+0x14/0x20 [ 31.640032] ? mutex_trylock+0x2a0/0x2a0 [ 31.644073] ? put_ctx+0x140/0x140 [ 31.647592] ? lockdep_init_map+0x9/0x10 [ 31.651631] ? debug_mutex_init+0x2d/0x60 [ 31.655762] ? mutex_trylock+0x2a0/0x2a0 [ 31.659802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.665330] ? graph_lock+0x170/0x170 [ 31.669109] ? lock_downgrade+0x8e0/0x8e0 [ 31.673244] ? kasan_check_read+0x11/0x20 [ 31.677371] ? rcu_is_watching+0x85/0x140 [ 31.681494] ? __lock_is_held+0xb5/0x140 [ 31.685538] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 31.690710] _perf_ioctl+0x84c/0x1650 [ 31.694489] ? SYSC_perf_event_open+0x2fa0/0x2fa0 [ 31.699310] ? lock_downgrade+0x8e0/0x8e0 [ 31.703437] ? get_unused_fd_flags+0x190/0x190 [ 31.708009] ? kasan_check_read+0x11/0x20 [ 31.712141] ? rcu_is_watching+0x85/0x140 [ 31.716267] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 31.721433] ? mark_held_locks+0xc9/0x160 [ 31.725567] ? mutex_lock_nested+0x16/0x20 [ 31.729776] ? mutex_lock_nested+0x16/0x20 [ 31.733987] ? perf_event_ctx_lock_nested+0x40d/0x4e0 [ 31.739158] ? perf_event_read_event+0x430/0x430 [ 31.743894] ? SYSC_perf_event_open+0x7b4/0x2fa0 [ 31.748626] ? find_held_lock+0x36/0x1c0 [ 31.752670] perf_ioctl+0x59/0x80 [ 31.756102] ? _perf_ioctl+0x1650/0x1650 [ 31.760144] do_vfs_ioctl+0x1cf/0x1650 [ 31.764027] ? ioctl_preallocate+0x2e0/0x2e0 [ 31.768423] ? fget_raw+0x20/0x20 [ 31.771864] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 31.777384] ? security_file_ioctl+0x94/0xc0 [ 31.781770] ksys_ioctl+0xa9/0xd0 [ 31.785205] SyS_ioctl+0x24/0x30 [ 31.788555] ? ksys_ioctl+0xd0/0xd0 [ 31.792161] do_syscall_64+0x29e/0x9d0 [ 31.796032] ? vmalloc_sync_all+0x30/0x30 [ 31.800157] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 31.804978] ? syscall_return_slowpath+0x5c0/0x5c0 [ 31.809892] ? syscall_return_slowpath+0x30f/0x5c0 [ 31.814804] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 31.820149] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.824974] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 31.830142] RIP: 0033:0x43fdb9 [ 31.833308] RSP: 002b:00007ffc7afb3e88 EFLAGS: 00000213 ORIG_RAX: 0000000000000010 [ 31.840995] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9 [ 31.848247] RDX: 0000000020000040 RSI: 0000000040082406 RDI: 0000000000000003 [ 31.855493] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 31.862740] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0 [ 31.869986] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000 [ 31.877243] [ 31.878850] Allocated by task 1: [ 31.882197] save_stack+0x43/0xd0 [ 31.885628] kasan_kmalloc+0xc4/0xe0 [ 31.889321] kmem_cache_alloc_trace+0x152/0x780 [ 31.893967] __request_module+0x386/0xcdd [ 31.898096] adfdrv_init+0x1b/0x5f [ 31.901613] do_one_initcall+0x127/0x913 [ 31.905657] kernel_init_freeable+0x49b/0x58e [ 31.910131] kernel_init+0x11/0x1b3 [ 31.913740] ret_from_fork+0x3a/0x50 [ 31.917423] [ 31.919032] Freed by task 1: [ 31.922036] save_stack+0x43/0xd0 [ 31.925465] __kasan_slab_free+0x11a/0x170 [ 31.929675] kasan_slab_free+0xe/0x10 [ 31.933462] kfree+0xd9/0x260 [ 31.936543] free_modprobe_argv+0x74/0xa0 [ 31.940668] call_usermodehelper_exec+0x274/0x4f0 [ 31.945487] __request_module+0x4ba/0xcdd [ 31.949612] adfdrv_init+0x1b/0x5f [ 31.953129] do_one_initcall+0x127/0x913 [ 31.957165] kernel_init_freeable+0x49b/0x58e [ 31.961637] kernel_init+0x11/0x1b3 [ 31.965242] ret_from_fork+0x3a/0x50 [ 31.968927] [ 31.970532] The buggy address belongs to the object at ffff8801ceecde80 [ 31.970532] which belongs to the cache kmalloc-64 of size 64 [ 31.983339] The buggy address is located 48 bytes to the right of [ 31.983339] 64-byte region [ffff8801ceecde80, ffff8801ceecdec0) [ 31.995533] The buggy address belongs to the page: [ 32.000442] page:ffffea00073bb340 count:1 mapcount:0 mapping:ffff8801ceecd000 index:0x0 [ 32.008564] flags: 0x2fffc0000000100(slab) [ 32.012781] raw: 02fffc0000000100 ffff8801ceecd000 0000000000000000 0000000100000020 [ 32.020647] raw: ffffea0007392ba0 ffffea0007509220 ffff8801dac00340 0000000000000000 [ 32.028500] page dumped because: kasan: bad access detected [ 32.034184] [ 32.035784] Memory state around the buggy address: [ 32.040690] ffff8801ceecdd80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.048030] ffff8801ceecde00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 32.055369] >ffff8801ceecde80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.062700] ^ [ 32.069686] ffff8801ceecdf00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.077029] ffff8801ceecdf80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.084361] ================================================================== [ 32.091692] Disabling lock debugging due to kernel taint [ 32.097252] Kernel panic - not syncing: panic_on_warn set ... [ 32.097252] [ 32.104612] CPU: 0 PID: 4513 Comm: syzkaller992239 Tainted: G B 4.16.0+ #17 [ 32.112901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.122228] Call Trace: [ 32.124800] dump_stack+0x1b9/0x294 [ 32.128407] ? dump_stack_print_info.cold.2+0x52/0x52 [ 32.133579] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 32.138319] ? process_preds+0x18d0/0x19b0 [ 32.142550] panic+0x22f/0x4de [ 32.145722] ? add_taint.cold.5+0x16/0x16 [ 32.149851] ? do_raw_spin_unlock+0x9e/0x2e0 [ 32.154240] ? do_raw_spin_unlock+0x9e/0x2e0 [ 32.158636] ? process_preds+0x1958/0x19b0 [ 32.162854] kasan_end_report+0x47/0x4f [ 32.166807] kasan_report.cold.7+0xc9/0x2f5 [ 32.171107] __asan_report_store4_noabort+0x17/0x20 [ 32.176112] process_preds+0x1958/0x19b0 [ 32.180164] ? create_filter_start+0x122/0x2e0 [ 32.184725] ? parse_pred+0x28e0/0x28e0 [ 32.188686] ? create_filter_start+0x55/0x2e0 [ 32.193158] create_filter+0x1a8/0x370 [ 32.197030] ? process_preds+0x19b0/0x19b0 [ 32.201244] ? wait_for_completion+0x870/0x870 [ 32.205803] ftrace_profile_set_filter+0x109/0x2b0 [ 32.210716] ? ftrace_profile_free_filter+0x70/0x70 [ 32.215728] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 32.221245] ? memdup_user+0x6b/0xa0 [ 32.224938] perf_event_set_filter+0x248/0x1230 [ 32.229588] ? kasan_check_write+0x14/0x20 [ 32.233806] ? mutex_trylock+0x2a0/0x2a0 [ 32.237843] ? put_ctx+0x140/0x140 [ 32.241360] ? lockdep_init_map+0x9/0x10 [ 32.245400] ? debug_mutex_init+0x2d/0x60 [ 32.249527] ? mutex_trylock+0x2a0/0x2a0 [ 32.253565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.259081] ? graph_lock+0x170/0x170 [ 32.262856] ? lock_downgrade+0x8e0/0x8e0 [ 32.266980] ? kasan_check_read+0x11/0x20 [ 32.271109] ? rcu_is_watching+0x85/0x140 [ 32.275230] ? __lock_is_held+0xb5/0x140 [ 32.279267] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 32.284433] _perf_ioctl+0x84c/0x1650 [ 32.288217] ? SYSC_perf_event_open+0x2fa0/0x2fa0 [ 32.293039] ? lock_downgrade+0x8e0/0x8e0 [ 32.297167] ? get_unused_fd_flags+0x190/0x190 [ 32.301725] ? kasan_check_read+0x11/0x20 [ 32.305854] ? rcu_is_watching+0x85/0x140 [ 32.309983] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 32.315148] ? mark_held_locks+0xc9/0x160 [ 32.319274] ? mutex_lock_nested+0x16/0x20 [ 32.323490] ? mutex_lock_nested+0x16/0x20 [ 32.327702] ? perf_event_ctx_lock_nested+0x40d/0x4e0 [ 32.332870] ? perf_event_read_event+0x430/0x430 [ 32.337600] ? SYSC_perf_event_open+0x7b4/0x2fa0 [ 32.342332] ? find_held_lock+0x36/0x1c0 [ 32.346388] perf_ioctl+0x59/0x80 [ 32.349821] ? _perf_ioctl+0x1650/0x1650 [ 32.353858] do_vfs_ioctl+0x1cf/0x1650 [ 32.357722] ? ioctl_preallocate+0x2e0/0x2e0 [ 32.362105] ? fget_raw+0x20/0x20 [ 32.365735] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 32.371256] ? security_file_ioctl+0x94/0xc0 [ 32.375643] ksys_ioctl+0xa9/0xd0 [ 32.379075] SyS_ioctl+0x24/0x30 [ 32.382419] ? ksys_ioctl+0xd0/0xd0 [ 32.386030] do_syscall_64+0x29e/0x9d0 [ 32.389900] ? vmalloc_sync_all+0x30/0x30 [ 32.394030] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 32.398852] ? syscall_return_slowpath+0x5c0/0x5c0 [ 32.403769] ? syscall_return_slowpath+0x30f/0x5c0 [ 32.408677] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 32.414022] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.418842] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 32.424009] RIP: 0033:0x43fdb9 [ 32.427180] RSP: 002b:00007ffc7afb3e88 EFLAGS: 00000213 ORIG_RAX: 0000000000000010 [ 32.434872] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9 [ 32.442120] RDX: 0000000020000040 RSI: 0000000040082406 RDI: 0000000000000003 [ 32.449364] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 32.456611] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004016e0 [ 32.463856] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000 [ 32.471537] Dumping ftrace buffer: [ 32.475055] (ftrace buffer empty) [ 32.478747] Kernel Offset: disabled [ 32.482364] Rebooting in 86400 seconds..