2017/08/15 19:13:14 parsed 1 programs
2017/08/15 19:13:14 executed programs: 0
syzkaller login: [   32.920590] ==================================================================
[   32.921834] BUG: KASAN: use-after-free in free_ldt_struct.part.2+0x10a/0x150
[   32.922506] Read of size 4 at addr ffff88003d56d488 by task syz-executor7/3261
[   32.923168] 
[   32.923322] CPU: 3 PID: 3261 Comm: syz-executor7 Not tainted 4.13.0-rc5-next-20170815+ #3
[   32.924013] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
[   32.924764] Call Trace:
[   32.925003]  dump_stack+0x194/0x257
[   32.925323]  ? arch_local_irq_restore+0x53/0x53
[   32.925746]  ? show_regs_print_info+0x65/0x65
[   32.926166]  ? save_stack+0x43/0xd0
[   32.926493]  ? __perf_event_task_sched_out+0x268/0x1360
[   32.926981]  ? free_ldt_struct.part.2+0x10a/0x150
[   32.927421]  print_address_description+0x73/0x250
[   32.927850]  ? free_ldt_struct.part.2+0x10a/0x150
[   32.928289]  kasan_report+0x24e/0x340
[   32.928640]  __asan_report_load4_noabort+0x14/0x20
[   32.929083]  free_ldt_struct.part.2+0x10a/0x150
[   32.929427]  destroy_context_ldt+0x60/0x80
[   32.929786]  __mmdrop+0xe9/0x530
[   32.930087]  ? sighand_ctor+0x50/0x50
[   32.930433]  ? finish_task_switch+0x1d3/0x740
[   32.930829]  ? lock_downgrade+0x990/0x990
[   32.931200]  ? rcu_sched_qs+0xe/0x140
[   32.931535]  ? do_raw_spin_trylock+0x190/0x190
[   32.931939]  ? lock_release+0xa40/0xa40
[   32.932293]  ? compat_start_thread+0x80/0x80
[   32.932715]  ? __schedule+0x8b7/0x2070
[   32.933072]  finish_task_switch+0x456/0x740
[   32.933465]  ? preempt_notifier_dec+0x20/0x20
[   32.933868]  ? sched_clock_cpu+0x1b/0x170
[   32.934245]  __schedule+0x8f0/0x2070
[   32.934583]  ? __sched_text_start+0x8/0x8
[   32.934959]  ? perf_sched_cb_inc+0x280/0x280
[   32.935350]  ? get_futex_key+0x34f/0x1d50
[   32.935723]  ? finish_task_switch+0x1d3/0x740
[   32.936123]  ? lock_downgrade+0x990/0x990
[   32.936508]  ? rcu_sched_qs+0xe/0x140
[   32.936863]  schedule+0x108/0x440
[   32.937176]  ? __mutex_lock+0xada/0x1870
[   32.937539]  ? __schedule+0x2070/0x2070
[   32.937896]  ? do_raw_spin_trylock+0x190/0x190
[   32.938307]  ? memset+0x31/0x40
[   32.938605]  ? debug_mutex_free_waiter+0x1b0/0x1b0
[   32.939044]  ? mutex_destroy+0x1d0/0x1d0
[   32.939378]  schedule_preempt_disabled+0x10/0x20
[   32.939805]  __mutex_lock+0xadf/0x1870
[   32.940161]  ? perf_trace_init+0x58/0xab0
[   32.940536]  ? __free_insn_slot+0x530/0x5c0
[   32.940933]  ? mutex_lock_io_nested+0x1740/0x1740
[   32.941375]  ? is_bpf_text_address+0xa4/0x120
[   32.941773]  ? __kernel_text_address+0xae/0xe0
[   32.942462]  ? unwind_get_return_address+0x61/0xa0
[   32.942911]  ? __save_stack_trace+0x7e/0xd0
[   32.943303]  ? depot_save_stack+0x12c/0x490
[   32.943696]  ? save_stack+0xa3/0xd0
[   32.944020]  ? save_stack_trace+0x16/0x20
[   32.944398]  ? save_stack+0x43/0xd0
[   32.944713]  ? kasan_kmalloc+0xad/0xe0
[   32.945055]  ? kmem_cache_alloc_trace+0x136/0x750
[   32.945483]  ? SYSC_perf_event_open+0x7f3/0x2d90
[   32.945907]  ? SyS_perf_event_open+0x39/0x50
[   32.946299]  ? entry_SYSCALL_64_fastpath+0x1f/0xbe
[   32.946733]  ? check_same_owner+0x320/0x320
[   32.947123]  ? rcu_note_context_switch+0x710/0x710
[   32.947564]  ? futex_wait_setup+0x14a/0x3d0
[   32.947947]  ? __radix_tree_lookup+0x435/0x5e0
[   32.948367]  ? __radix_tree_insert+0x7b0/0x7b0
[   32.948782]  ? module_unload_free+0x5b0/0x5b0
[   32.949184]  mutex_lock_nested+0x16/0x20
[   32.949542]  ? mutex_lock_nested+0x16/0x20
[   32.949894]  perf_trace_init+0x58/0xab0
[   32.950181]  ? __init_waitqueue_head+0x97/0x140
[   32.950522]  perf_tp_event_init+0x7d/0xf0
[   32.950869]  perf_try_init_event+0xc9/0x1f0
[   32.951225]  perf_event_alloc+0x1c5b/0x2a00
[   32.951618]  ? perf_trace_run_bpf_submit+0x290/0x290
[   32.952066]  ? SYSC_perf_event_open+0x1252/0x2d90
[   32.952498]  ? __mutex_lock+0x16f/0x1870
[   32.952862]  ? SYSC_perf_event_open+0x1252/0x2d90
[   32.953291]  ? expand_files+0x4fd/0x910
[   32.953569]  ? wake_up_q+0x8a/0xe0
[   32.953866]  ? SYSC_perf_event_open+0x1252/0x2d90
[   32.954300]  ? mutex_lock_io_nested+0x1740/0x1740
[   32.954730]  ? lock_acquire+0x1d5/0x580
[   32.955082]  ? lock_downgrade+0x990/0x990
[   32.955447]  ? do_raw_spin_trylock+0x190/0x190
[   32.955858]  ? _find_next_bit+0xee/0x120
[   32.956227]  ? _raw_spin_unlock+0x22/0x30
[   32.956599]  ? __alloc_fd+0x29b/0x750
[   32.956953]  ? lock_acquire+0x1d5/0x580
[   32.957305]  ? ptrace_may_access+0x3a/0x50
[   32.957688]  ? __ptrace_may_access+0x426/0x800
[   32.958094]  ? ptrace_get_task_struct+0x150/0x150
[   32.958521]  ? get_unused_fd_flags+0x121/0x190
[   32.958939]  SYSC_perf_event_open+0x7f3/0x2d90
[   32.959346]  ? iterate_fd+0x3f0/0x3f0
[   32.959692]  ? perf_event_set_output+0x5a0/0x5a0
[   32.960032]  ? _cond_resched+0x14/0x30
[   32.960377]  ? __fsnotify_parent+0xb4/0x3a0
[   32.960760]  ? avc_policy_seqno+0x9/0x20
[   32.961125]  ? __fget_light+0x297/0x380
[   32.961478]  ? fget_raw+0x20/0x20
[   32.961784]  ? SyS_futex+0x260/0x390
[   32.962137]  SyS_perf_event_open+0x39/0x50
[   32.962518]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   32.962931] RIP: 0033:0x446739
[   32.963200] RSP: 002b:00007efecf972c08 EFLAGS: 00000286 ORIG_RAX: 000000000000012a
[   32.964102] RAX: ffffffffffffffda RBX: 000000002047f000 RCX: 0000000000446739
[   32.964739] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 000000002047f000
[   32.965360] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   32.965990] R10: ffffffffffffffff R11: 0000000000000286 R12: 0000000000000000
[   32.966602] R13: 0000000000000000 R14: 00007efecf9739c0 R15: 00007efecf973700
[   32.967242] 
[   32.967383] Allocated by task 3206:
[   32.967697]  save_stack_trace+0x16/0x20
[   32.968039]  save_stack+0x43/0xd0
[   32.968332]  kasan_kmalloc+0xad/0xe0
[   32.968659]  kmem_cache_alloc_trace+0x136/0x750
[   32.969068]  alloc_ldt_struct+0x52/0x140
[   32.969419]  write_ldt+0x7b7/0xab0
[   32.969727]  sys_modify_ldt+0x1ef/0x240
[   32.970077]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   32.970492] 
[   32.970637] Freed by task 3206:
[   32.970923]  save_stack_trace+0x16/0x20
[   32.971271]  save_stack+0x43/0xd0
[   32.971570]  kasan_slab_free+0x71/0xc0
[   32.971907]  kfree+0xca/0x250
[   32.972174]  free_ldt_struct.part.2+0xdd/0x150
[   32.972572]  destroy_context_ldt+0x60/0x80
[   32.972936]  __mmdrop+0xe9/0x530
[   32.973232]  mmput+0x541/0x6e0
[   32.973510]  copy_process.part.36+0x22e1/0x4af0
[   32.973858]  _do_fork+0x1ef/0xfb0
[   32.974110]  SyS_clone+0x37/0x50
[   32.974345]  do_syscall_64+0x26c/0x8c0
[   32.974612]  return_from_SYSCALL_64+0x0/0x7a
[   32.974911] 
[   32.975044] The buggy address belongs to the object at ffff88003d56d480
[   32.975044]  which belongs to the cache kmalloc-32 of size 32
[   32.975975] The buggy address is located 8 bytes inside of
[   32.975975]  32-byte region [ffff88003d56d480, ffff88003d56d4a0)
[   32.976974] The buggy address belongs to the page:
[   32.977404] page:ffffea0000f55b40 count:1 mapcount:0 mapping:ffff88003d56d000 index:0xffff88003d56dfc1
[   32.978225] flags: 0x100000000000100(slab)
[   32.978589] raw: 0100000000000100 ffff88003d56d000 ffff88003d56dfc1 0000000100000039
[   32.979264] raw: ffffea0000ef9ee0 ffffea0000f55860 ffff88003e8001c0 0000000000000000
[   32.979950] page dumped because: kasan: bad access detected
[   32.980450] 
[   32.980596] Memory state around the buggy address:
[   32.981023]  ffff88003d56d380: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   32.981651]  ffff88003d56d400: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   32.982293] >ffff88003d56d480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   32.982933]                       ^
[   32.983250]  ffff88003d56d500: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc
[   32.983896]  ffff88003d56d580: 00 02 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   32.984766] ==================================================================
[   32.985440] Kernel panic - not syncing: panic_on_warn set ...
[   32.985440] 
[   32.986097] CPU: 3 PID: 3261 Comm: syz-executor7 Tainted: G    B           4.13.0-rc5-next-20170815+ #3
[   32.986928] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
[   32.987642] Call Trace:
[   32.987877]  dump_stack+0x194/0x257
[   32.988199]  ? arch_local_irq_restore+0x53/0x53
[   32.988628]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   32.989053]  ? free_ldt_struct.part.2+0xf0/0x150
[   32.989475]  panic+0x1e4/0x417
[   32.989760]  ? __warn+0x1d9/0x1d9
[   32.990082]  ? free_ldt_struct.part.2+0x10a/0x150
[   32.990511]  kasan_end_report+0x50/0x50
[   32.990859]  kasan_report+0x137/0x340
[   32.991197]  __asan_report_load4_noabort+0x14/0x20
[   32.991629]  free_ldt_struct.part.2+0x10a/0x150
[   32.992040]  destroy_context_ldt+0x60/0x80
[   32.992417]  __mmdrop+0xe9/0x530
[   32.992720]  ? sighand_ctor+0x50/0x50
[   32.993062]  ? finish_task_switch+0x1d3/0x740
[   32.993460]  ? lock_downgrade+0x990/0x990
[   32.993823]  ? rcu_sched_qs+0xe/0x140
[   32.994161]  ? do_raw_spin_trylock+0x190/0x190
[   32.994562]  ? lock_release+0xa40/0xa40
[   32.994915]  ? compat_start_thread+0x80/0x80
[   32.995308]  ? __schedule+0x8b7/0x2070
[   32.995661]  finish_task_switch+0x456/0x740
[   32.996044]  ? preempt_notifier_dec+0x20/0x20
[   32.996447]  ? sched_clock_cpu+0x1b/0x170
[   32.996817]  __schedule+0x8f0/0x2070
[   32.997146]  ? __sched_text_start+0x8/0x8
[   32.997508]  ? perf_sched_cb_inc+0x280/0x280
[   32.997895]  ? get_futex_key+0x34f/0x1d50
[   32.998254]  ? finish_task_switch+0x1d3/0x740
[   32.998640]  ? lock_downgrade+0x990/0x990
[   32.998997]  ? rcu_sched_qs+0xe/0x140
[   32.999332]  schedule+0x108/0x440
[   32.999630]  ? __mutex_lock+0xada/0x1870
[   32.999983]  ? __schedule+0x2070/0x2070
[   33.000329]  ? do_raw_spin_trylock+0x190/0x190
[   33.000715]  ? memset+0x31/0x40
[   33.001011]  ? debug_mutex_free_waiter+0x1b0/0x1b0
[   33.001444]  ? mutex_destroy+0x1d0/0x1d0
[   33.001809]  schedule_preempt_disabled+0x10/0x20
[   33.002223]  __mutex_lock+0xadf/0x1870
[   33.002577]  ? perf_trace_init+0x58/0xab0
[   33.002939]  ? __free_insn_slot+0x530/0x5c0
[   33.003330]  ? mutex_lock_io_nested+0x1740/0x1740
[   33.003764]  ? is_bpf_text_address+0xa4/0x120
[   33.004159]  ? __kernel_text_address+0xae/0xe0
[   33.004562]  ? unwind_get_return_address+0x61/0xa0
[   33.004994]  ? __save_stack_trace+0x7e/0xd0
[   33.005381]  ? depot_save_stack+0x12c/0x490
[   33.005771]  ? save_stack+0xa3/0xd0
[   33.006066]  ? save_stack_trace+0x16/0x20
[   33.006623]  ? save_stack+0x43/0xd0
[   33.006904]  ? kasan_kmalloc+0xad/0xe0
[   33.007209]  ? kmem_cache_alloc_trace+0x136/0x750
[   33.007636]  ? SYSC_perf_event_open+0x7f3/0x2d90
[   33.008055]  ? SyS_perf_event_open+0x39/0x50
[   33.008449]  ? entry_SYSCALL_64_fastpath+0x1f/0xbe
[   33.008805]  ? check_same_owner+0x320/0x320
[   33.009118]  ? rcu_note_context_switch+0x710/0x710
[   33.009461]  ? futex_wait_setup+0x14a/0x3d0
[   33.009763]  ? __radix_tree_lookup+0x435/0x5e0
[   33.010085]  ? __radix_tree_insert+0x7b0/0x7b0
[   33.010412]  ? module_unload_free+0x5b0/0x5b0
[   33.010734]  mutex_lock_nested+0x16/0x20
[   33.011021]  ? mutex_lock_nested+0x16/0x20
[   33.011322]  perf_trace_init+0x58/0xab0
[   33.011605]  ? __init_waitqueue_head+0x97/0x140
[   33.011954]  perf_tp_event_init+0x7d/0xf0
[   33.012247]  perf_try_init_event+0xc9/0x1f0
[   33.012609]  perf_event_alloc+0x1c5b/0x2a00
[   33.013005]  ? perf_trace_run_bpf_submit+0x290/0x290
[   33.013465]  ? SYSC_perf_event_open+0x1252/0x2d90
[   33.013829]  ? __mutex_lock+0x16f/0x1870
[   33.014137]  ? SYSC_perf_event_open+0x1252/0x2d90
[   33.014512]  ? expand_files+0x4fd/0x910
[   33.014815]  ? wake_up_q+0x8a/0xe0
[   33.015094]  ? SYSC_perf_event_open+0x1252/0x2d90
[   33.015467]  ? mutex_lock_io_nested+0x1740/0x1740
[   33.015835]  ? lock_acquire+0x1d5/0x580
[   33.016146]  ? lock_downgrade+0x990/0x990
[   33.016556]  ? do_raw_spin_trylock+0x190/0x190
[   33.017012]  ? _find_next_bit+0xee/0x120
[   33.017408]  ? _raw_spin_unlock+0x22/0x30
[   33.017806]  ? __alloc_fd+0x29b/0x750
[   33.018183]  ? lock_acquire+0x1d5/0x580
[   33.018563]  ? ptrace_may_access+0x3a/0x50
[   33.018984]  ? __ptrace_may_access+0x426/0x800
[   33.019428]  ? ptrace_get_task_struct+0x150/0x150
[   33.019886]  ? get_unused_fd_flags+0x121/0x190
[   33.020328]  SYSC_perf_event_open+0x7f3/0x2d90
[   33.020782]  ? iterate_fd+0x3f0/0x3f0
[   33.021159]  ? perf_event_set_output+0x5a0/0x5a0
[   33.021614]  ? _cond_resched+0x14/0x30
[   33.021995]  ? __fsnotify_parent+0xb4/0x3a0
[   33.022405]  ? avc_policy_seqno+0x9/0x20
[   33.022800]  ? __fget_light+0x297/0x380
[   33.023179]  ? fget_raw+0x20/0x20
[   33.023517]  ? SyS_futex+0x260/0x390
[   33.023898]  SyS_perf_event_open+0x39/0x50
[   33.024303]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   33.024760] RIP: 0033:0x446739
[   33.025056] RSP: 002b:00007efecf972c08 EFLAGS: 00000286 ORIG_RAX: 000000000000012a
[   33.025777] RAX: ffffffffffffffda RBX: 000000002047f000 RCX: 0000000000446739
[   33.026459] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 000000002047f000
[   33.027164] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   33.028160] R10: ffffffffffffffff R11: 0000000000000286 R12: 0000000000000000
[   33.028982] R13: 0000000000000000 R14: 00007efecf9739c0 R15: 00007efecf973700
[   33.029857] Dumping ftrace buffer:
[   33.030131]    (ftrace buffer empty)
[   33.030412] Kernel Offset: disabled
[   33.030708] Rebooting in 86400 seconds..