INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-7,10.128.0.19' (ECDSA) to the list of known hosts.
2017/08/21 22:27:38 parsed 1 programs
2017/08/21 22:27:38 executed programs: 0
syzkaller login: [   46.261129] ==================================================================
[   46.262226] BUG: KASAN: use-after-free in free_ldt_struct.part.2+0x10a/0x150
[   46.263212] Read of size 4 at addr ffff8801cae7ca08 by task kworker/u4:2/3704
[   46.264185] 
[   46.264417] CPU: 1 PID: 3704 Comm: kworker/u4:2 Not tainted 4.13.0-rc6+ #45
[   46.265369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.266622] Call Trace:
[   46.266979]  dump_stack+0x194/0x257
[   46.267485]  ? arch_local_irq_restore+0x53/0x53
[   46.268108]  ? show_regs_print_info+0x65/0x65
[   46.268741]  ? free_ldt_struct.part.2+0x10a/0x150
[   46.269390]  print_address_description+0x73/0x250
[   46.270053]  ? free_ldt_struct.part.2+0x10a/0x150
[   46.270711]  kasan_report+0x24e/0x340
[   46.271231]  __asan_report_load4_noabort+0x14/0x20
[   46.271886]  free_ldt_struct.part.2+0x10a/0x150
[   46.272511]  destroy_context_ldt+0x60/0x80
[   46.273083]  __mmdrop+0xe9/0x530
[   46.273542]  ? sighand_ctor+0x50/0x50
[   46.274078]  ? flush_old_exec+0xa51/0x1ff0
[   46.274646]  ? lock_downgrade+0x990/0x990
[   46.275208]  ? do_raw_spin_trylock+0x190/0x190
[   46.275821]  ? mark_held_locks+0xaf/0x100
[   46.276375]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   46.277088]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   46.277777]  flush_old_exec+0x1737/0x1ff0
[   46.278356]  ? __vfs_read+0xf7/0xa00
[   46.278859]  ? __register_binfmt+0x330/0x330
[   46.279454]  ? fsnotify+0x1af0/0x1af0
[   46.279971]  ? __fsnotify_parent+0xb4/0x3a0
[   46.280565]  ? avc_policy_seqno+0x9/0x20
[   46.281124]  ? fsnotify+0x1af0/0x1af0
[   46.283595]  ? rw_verify_area+0xe5/0x2b0
[   46.287630]  ? vfs_read+0x165/0x350
[   46.291231]  ? kernel_read+0x11d/0x1e0
[   46.295088]  ? rcu_read_lock_sched_held+0x108/0x120
[   46.300073]  ? open_exec+0x60/0x60
[   46.303580]  ? kernel_read+0x11d/0x1e0
[   46.307446]  ? load_elf_phdrs+0xb7/0x140
[   46.311479]  ? load_elf_phdrs+0x10c/0x140
[   46.315599]  load_elf_binary+0x7fb/0x4950
[   46.319721]  ? search_binary_handler+0xfc/0x6b0
[   46.324359]  ? lock_downgrade+0x990/0x990
[   46.328483]  ? module_unload_free+0x5b0/0x5b0
[   46.332961]  ? notesize.isra.4+0x80/0x80
[   46.337000]  search_binary_handler+0x142/0x6b0
[   46.341561]  do_execveat_common.isra.33+0x17f0/0x2390
[   46.346719]  ? kmem_cache_alloc+0x127/0x750
[   46.351032]  ? prepare_bprm_creds+0x110/0x110
[   46.355497]  ? find_held_lock+0x35/0x1d0
[   46.359537]  ? kmem_cache_alloc+0x4e2/0x750
[   46.363826]  ? lock_downgrade+0x990/0x990
[   46.367950]  ? do_raw_spin_trylock+0x190/0x190
[   46.372504]  ? check_same_owner+0x320/0x320
[   46.376795]  ? rcu_pm_notify+0xc0/0xc0
[   46.380654]  ? getname_kernel+0x54/0x340
[   46.384688]  ? rcu_read_lock_sched_held+0x108/0x120
[   46.389675]  ? kmem_cache_alloc+0x45f/0x750
[   46.393976]  do_execve+0x31/0x40
[   46.397327]  call_usermodehelper_exec_async+0x457/0x8f0
[   46.402661]  ? finish_task_switch+0x1d3/0x740
[   46.407122]  ? finish_task_switch+0x1aa/0x740
[   46.411590]  ? umh_complete+0x90/0x90
[   46.415359]  ? preempt_notifier_dec+0x20/0x20
[   46.419825]  ? umh_complete+0x90/0x90
[   46.423591]  ? umh_complete+0x90/0x90
[   46.427368]  ret_from_fork+0x2a/0x40
[   46.431071] 
[   46.432670] Allocated by task 3700:
[   46.436269]  save_stack_trace+0x16/0x20
[   46.440209]  save_stack+0x43/0xd0
[   46.443630]  kasan_kmalloc+0xad/0xe0
[   46.447311]  kmem_cache_alloc_trace+0x12f/0x740
[   46.451963]  alloc_ldt_struct+0x52/0x140
[   46.455993]  write_ldt+0x3e9/0xac0
[   46.459503]  sys_modify_ldt+0x1ef/0x240
[   46.463446]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   46.468164] 
[   46.469757] Freed by task 3703:
[   46.473005]  save_stack_trace+0x16/0x20
[   46.476952]  save_stack+0x43/0xd0
[   46.480371]  kasan_slab_free+0x71/0xc0
[   46.484225]  kfree+0xca/0x250
[   46.487297]  free_ldt_struct.part.2+0xdd/0x150
[   46.491844]  destroy_context_ldt+0x60/0x80
[   46.496048]  __mmdrop+0xe9/0x530
[   46.499382]  mmput+0x541/0x6e0
[   46.502544]  copy_process.part.34+0x2315/0x4bd0
[   46.507178]  _do_fork+0x1ef/0xfb0
[   46.510597]  SyS_clone+0x37/0x50
[   46.513930]  do_syscall_64+0x26c/0x800
[   46.517783]  return_from_SYSCALL_64+0x0/0x7a
[   46.522155] 
[   46.523752] The buggy address belongs to the object at ffff8801cae7ca00
[   46.523752]  which belongs to the cache kmalloc-32 of size 32
[   46.536201] The buggy address is located 8 bytes inside of
[   46.536201]  32-byte region [ffff8801cae7ca00, ffff8801cae7ca20)
[   46.547779] The buggy address belongs to the page:
[   46.552676] page:ffffea00072b9f00 count:1 mapcount:0 mapping:ffff8801cae7c000 index:0xffff8801cae7cfc1
[   46.562087] flags: 0x200000000000100(slab)
[   46.566289] raw: 0200000000000100 ffff8801cae7c000 ffff8801cae7cfc1 000000010000003f
[   46.574136] raw: ffffea00072b3b20 ffffea00072ae0a0 ffff8801dac001c0 0000000000000000
[   46.581981] page dumped because: kasan: bad access detected
[   46.587654] 
[   46.589248] Memory state around the buggy address:
[   46.594142]  ffff8801cae7c900: 00 fc fc fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   46.601469]  ffff8801cae7c980: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   46.608795] >ffff8801cae7ca00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   46.616118]                       ^
[   46.619709]  ffff8801cae7ca80: 00 01 fc fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   46.627037]  ffff8801cae7cb00: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   46.634359] ==================================================================
[   46.641681] Disabling lock debugging due to kernel taint
[   46.647155] Kernel panic - not syncing: panic_on_warn set ...
[   46.647155] 
[   46.654488] CPU: 1 PID: 3704 Comm: kworker/u4:2 Tainted: G    B           4.13.0-rc6+ #45
[   46.662764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.672083] Call Trace:
[   46.674637]  dump_stack+0x194/0x257
[   46.678237]  ? arch_local_irq_restore+0x53/0x53
[   46.682873]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   46.687593]  ? note_gp_changes+0x23a/0x650
[   46.691796]  ? free_ldt_struct.part.2+0x30/0x150
[   46.696519]  panic+0x1e4/0x417
[   46.699677]  ? __warn+0x1d9/0x1d9
[   46.703102]  ? free_ldt_struct.part.2+0x10a/0x150
[   46.707911]  kasan_end_report+0x50/0x50
[   46.711850]  kasan_report+0x137/0x340
[   46.715618]  __asan_report_load4_noabort+0x14/0x20
[   46.720513]  free_ldt_struct.part.2+0x10a/0x150
[   46.725149]  destroy_context_ldt+0x60/0x80
[   46.729349]  __mmdrop+0xe9/0x530
[   46.732684]  ? sighand_ctor+0x50/0x50
[   46.736458]  ? flush_old_exec+0xa51/0x1ff0
[   46.740659]  ? lock_downgrade+0x990/0x990
[   46.744775]  ? do_raw_spin_trylock+0x190/0x190
[   46.749323]  ? mark_held_locks+0xaf/0x100
[   46.753445]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   46.758517]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   46.763504]  flush_old_exec+0x1737/0x1ff0
[   46.767622]  ? __vfs_read+0xf7/0xa00
[   46.771303]  ? __register_binfmt+0x330/0x330
[   46.775681]  ? fsnotify+0x1af0/0x1af0
[   46.779450]  ? __fsnotify_parent+0xb4/0x3a0
[   46.783735]  ? avc_policy_seqno+0x9/0x20
[   46.787765]  ? fsnotify+0x1af0/0x1af0
[   46.791539]  ? rw_verify_area+0xe5/0x2b0
[   46.795572]  ? vfs_read+0x165/0x350
[   46.799168]  ? kernel_read+0x11d/0x1e0
[   46.803024]  ? rcu_read_lock_sched_held+0x108/0x120
[   46.808008]  ? open_exec+0x60/0x60
[   46.811514]  ? kernel_read+0x11d/0x1e0
[   46.815367]  ? load_elf_phdrs+0xb7/0x140
[   46.819396]  ? load_elf_phdrs+0x10c/0x140
[   46.823512]  load_elf_binary+0x7fb/0x4950
[   46.827627]  ? search_binary_handler+0xfc/0x6b0
[   46.832261]  ? lock_downgrade+0x990/0x990
[   46.836376]  ? module_unload_free+0x5b0/0x5b0
[   46.840842]  ? notesize.isra.4+0x80/0x80
[   46.844875]  search_binary_handler+0x142/0x6b0
[   46.849430]  do_execveat_common.isra.33+0x17f0/0x2390
[   46.854585]  ? kmem_cache_alloc+0x127/0x750
[   46.858882]  ? prepare_bprm_creds+0x110/0x110
[   46.863342]  ? find_held_lock+0x35/0x1d0
[   46.867375]  ? kmem_cache_alloc+0x4e2/0x750
[   46.871664]  ? lock_downgrade+0x990/0x990
[   46.875779]  ? do_raw_spin_trylock+0x190/0x190
[   46.880331]  ? check_same_owner+0x320/0x320
[   46.884620]  ? rcu_pm_notify+0xc0/0xc0
[   46.888478]  ? getname_kernel+0x54/0x340
[   46.892509]  ? rcu_read_lock_sched_held+0x108/0x120
[   46.897496]  ? kmem_cache_alloc+0x45f/0x750
[   46.901798]  do_execve+0x31/0x40
[   46.905135]  call_usermodehelper_exec_async+0x457/0x8f0
[   46.910475]  ? finish_task_switch+0x1d3/0x740
[   46.914960]  ? finish_task_switch+0x1aa/0x740
[   46.919423]  ? umh_complete+0x90/0x90
[   46.923192]  ? preempt_notifier_dec+0x20/0x20
[   46.927655]  ? umh_complete+0x90/0x90
[   46.931421]  ? umh_complete+0x90/0x90
[   46.935192]  ret_from_fork+0x2a/0x40
[   46.939325] Dumping ftrace buffer:
[   46.942832]    (ftrace buffer empty)
[   46.946508] Kernel Offset: disabled
[   46.950100] Rebooting in 86400 seconds..