INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-386-2,10.128.0.44' (ECDSA) to the list of known hosts.
2017/09/30 20:18:58 parsed 1 programs
2017/09/30 20:18:58 executed programs: 0
2017/09/30 20:19:03 executed programs: 534
syzkaller login: [   40.730448] ==================================================================
[   40.737896] BUG: KASAN: use-after-free in userfaultfd_release+0x5c1/0x6e0
[   40.744820] Read of size 8 at addr ffff8801c12fa588 by task syz-executor2/8985
[   40.752170] 
[   40.753800] CPU: 0 PID: 8985 Comm: syz-executor2 Not tainted 4.14.0-rc2+ #19
[   40.760978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.770329] Call Trace:
[   40.772919]  dump_stack+0x194/0x257
[   40.776549]  ? arch_local_irq_restore+0x53/0x53
[   40.781215]  ? show_regs_print_info+0x65/0x65
[   40.785718]  ? unwind_get_return_address+0x61/0xa0
[   40.791585]  ? userfaultfd_release+0x5c1/0x6e0
[   40.796172]  print_address_description+0x73/0x250
[   40.801015]  ? userfaultfd_release+0x5c1/0x6e0
[   40.805585]  kasan_report+0x25b/0x340
[   40.809379]  ? userfaultfd_event_wait_completion+0x9c0/0x9c0
[   40.815163]  __asan_report_load8_noabort+0x14/0x20
[   40.820069]  userfaultfd_release+0x5c1/0x6e0
[   40.824469]  ? fcntl_setlk+0x10d0/0x10d0
[   40.828529]  ? userfaultfd_event_wait_completion+0x9c0/0x9c0
[   40.834317]  ? fsnotify+0x1af0/0x1af0
[   40.838120]  ? __might_sleep+0x95/0x190
[   40.842093]  ? userfaultfd_event_wait_completion+0x9c0/0x9c0
[   40.847876]  __fput+0x333/0x7f0
[   40.851154]  ? fput+0x140/0x140
[   40.854425]  ? _raw_spin_unlock_irq+0x27/0x70
[   40.858903]  ____fput+0x15/0x20
[   40.862158]  task_work_run+0x199/0x270
[   40.866033]  ? task_work_cancel+0x210/0x210
[   40.870336]  ? _raw_spin_unlock+0x22/0x30
[   40.874472]  ? switch_task_namespaces+0x87/0xc0
[   40.879140]  do_exit+0x9d2/0x1af0
[   40.882578]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.887748]  ? mm_update_next_owner+0x930/0x930
[   40.892389]  ? userfaultfd_release+0x6e0/0x6e0
[   40.896949]  ? check_noncircular+0x20/0x20
[   40.901160]  ? check_noncircular+0x20/0x20
[   40.905368]  ? check_noncircular+0x20/0x20
[   40.909586]  ? check_noncircular+0x20/0x20
[   40.913789]  ? __lock_is_held+0xbc/0x140
[   40.917824]  ? __lock_is_held+0xbc/0x140
[   40.921872]  ? find_held_lock+0x39/0x1d0
[   40.925914]  ? lock_downgrade+0x990/0x990
[   40.930044]  ? recalc_sigpending_tsk+0x117/0x150
[   40.934776]  ? recalc_sigpending+0x103/0x160
[   40.939155]  ? recalc_sigpending_tsk+0x150/0x150
[   40.943881]  ? get_signal+0x2b2/0x16d0
[   40.947750]  do_group_exit+0x149/0x400
[   40.951611]  ? __lock_is_held+0xbc/0x140
[   40.955643]  ? SyS_exit+0x30/0x30
[   40.959068]  ? _raw_spin_unlock_irq+0x27/0x70
[   40.963537]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.968530]  get_signal+0x73f/0x16d0
[   40.972223]  ? ptrace_notify+0x130/0x130
[   40.976263]  ? __schedule+0x8f0/0x2070
[   40.980128]  ? __sched_text_start+0x8/0x8
[   40.984262]  do_signal+0x94/0x1ee0
[   40.987774]  ? compat_readv+0x125/0x270
[   40.991719]  ? __fget_light+0x29d/0x390
[   40.995667]  ? vfs_iter_read+0xb0/0xb0
[   40.999529]  ? setup_sigcontext+0x7d0/0x7d0
[   41.003829]  ? schedule+0xf5/0x430
[   41.007340]  ? lock_downgrade+0x990/0x990
[   41.011460]  ? __schedule+0x2070/0x2070
[   41.015424]  ? exit_to_usermode_loop+0x8c/0x310
[   41.020071]  exit_to_usermode_loop+0x214/0x310
[   41.024624]  ? compat_readv+0x270/0x270
[   41.028573]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   41.034092]  do_fast_syscall_32+0x83e/0xf05
[   41.038393]  ? do_int80_syscall_32+0x940/0x940
[   41.042951]  ? lockdep_sys_exit+0x47/0xf0
[   41.047073]  ? syscall_return_slowpath+0x2b3/0x510
[   41.051979]  ? finish_task_switch+0x1aa/0x740
[   41.056459]  ? retint_user+0x18/0x20
[   41.060149]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   41.064970]  entry_SYSENTER_compat+0x51/0x60
[   41.069349] RIP: 0023:0xf7f91c79
[   41.072684] RSP: 002b:00000000f7f4b05c EFLAGS: 00000296 ORIG_RAX: 0000000000000091
[   41.080365] RAX: 0000000000000020 RBX: 0000000000000005 RCX: 0000000020053f90
[   41.087606] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000000
[   41.094845] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   41.102083] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   41.109321] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   41.116579] 
[   41.118177] Allocated by task 8965:
[   41.122383]  save_stack_trace+0x16/0x20
[   41.126327]  save_stack+0x43/0xd0
[   41.129751]  kasan_kmalloc+0xad/0xe0
[   41.133434]  kasan_slab_alloc+0x12/0x20
[   41.137378]  kmem_cache_alloc+0x12e/0x760
[   41.141497]  dup_userfaultfd+0x21c/0x890
[   41.145527]  copy_mm+0xa38/0x1310
[   41.148951]  copy_process.part.36+0x1eae/0x4af0
[   41.153589]  _do_fork+0x1ef/0xfe0
[   41.157019]  SyS_clone+0x37/0x50
[   41.160359]  do_fast_syscall_32+0x3f2/0xf05
[   41.164649]  entry_SYSENTER_compat+0x51/0x60
[   41.169027] 
[   41.170625] Freed by task 8965:
[   41.173874]  save_stack_trace+0x16/0x20
[   41.177818]  save_stack+0x43/0xd0
[   41.181247]  kasan_slab_free+0x71/0xc0
[   41.185104]  kmem_cache_free+0x77/0x280
[   41.189047]  userfaultfd_ctx_put+0x50c/0x740
[   41.193423]  userfaultfd_event_wait_completion+0x788/0x9c0
[   41.199023]  dup_userfaultfd_complete+0x2de/0x480
[   41.203838]  copy_mm+0xe9b/0x1310
[   41.207258]  copy_process.part.36+0x1eae/0x4af0
[   41.211894]  _do_fork+0x1ef/0xfe0
[   41.215315]  SyS_clone+0x37/0x50
[   41.218659]  do_fast_syscall_32+0x3f2/0xf05
[   41.222952]  entry_SYSENTER_compat+0x51/0x60
[   41.227328] 
[   41.228937] The buggy address belongs to the object at ffff8801c12fa400
[   41.228937]  which belongs to the cache userfaultfd_ctx_cache of size 400
[   41.242433] The buggy address is located 392 bytes inside of
[   41.242433]  400-byte region [ffff8801c12fa400, ffff8801c12fa590)
[   41.254282] The buggy address belongs to the page:
[   41.259184] page:ffffea000704be80 count:1 mapcount:0 mapping:ffff8801c12fa000 index:0xffff8801cf365780
[   41.268600] flags: 0x200000000000100(slab)
[   41.272805] raw: 0200000000000100 ffff8801c12fa000 ffff8801cf365780 0000000100000008
[   41.280656] raw: ffffea0007543d60 ffffea000734bf60 ffff8801d5699900 0000000000000000
[   41.288502] page dumped because: kasan: bad access detected
[   41.294179] 
[   41.295775] Memory state around the buggy address:
[   41.300681]  ffff8801c12fa480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.308014]  ffff8801c12fa500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.315349] >ffff8801c12fa580: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.322675]                       ^
[   41.326272]  ffff8801c12fa600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.333600]  ffff8801c12fa680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.340926] ==================================================================
[   41.348255] Disabling lock debugging due to kernel taint
[   41.353813] Kernel panic - not syncing: panic_on_warn set ...
[   41.353813] 
[   41.361157] CPU: 0 PID: 8985 Comm: syz-executor2 Tainted: G    B           4.14.0-rc2+ #19
[   41.369530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.378850] Call Trace:
[   41.381404]  dump_stack+0x194/0x257
[   41.385000]  ? arch_local_irq_restore+0x53/0x53
[   41.389645]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   41.394369]  ? userfaultfd_release+0x540/0x6e0
[   41.398917]  panic+0x1e4/0x417
[   41.402077]  ? __warn+0x1d9/0x1d9
[   41.405502]  ? userfaultfd_release+0x5c1/0x6e0
[   41.410048]  kasan_end_report+0x50/0x50
[   41.413987]  kasan_report+0x144/0x340
[   41.417756]  ? userfaultfd_event_wait_completion+0x9c0/0x9c0
[   41.423517]  __asan_report_load8_noabort+0x14/0x20
[   41.428411]  userfaultfd_release+0x5c1/0x6e0
[   41.432786]  ? fcntl_setlk+0x10d0/0x10d0
[   41.436814]  ? userfaultfd_event_wait_completion+0x9c0/0x9c0
[   41.442577]  ? fsnotify+0x1af0/0x1af0
[   41.446345]  ? __might_sleep+0x95/0x190
[   41.450285]  ? userfaultfd_event_wait_completion+0x9c0/0x9c0
[   41.456050]  __fput+0x333/0x7f0
[   41.459299]  ? fput+0x140/0x140
[   41.462546]  ? _raw_spin_unlock_irq+0x27/0x70
[   41.467011]  ____fput+0x15/0x20
[   41.470259]  task_work_run+0x199/0x270
[   41.474111]  ? task_work_cancel+0x210/0x210
[   41.478398]  ? _raw_spin_unlock+0x22/0x30
[   41.482513]  ? switch_task_namespaces+0x87/0xc0
[   41.487150]  do_exit+0x9d2/0x1af0
[   41.490569]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   41.495727]  ? mm_update_next_owner+0x930/0x930
[   41.500361]  ? userfaultfd_release+0x6e0/0x6e0
[   41.504912]  ? check_noncircular+0x20/0x20
[   41.509122]  ? check_noncircular+0x20/0x20
[   41.513321]  ? check_noncircular+0x20/0x20
[   41.517537]  ? check_noncircular+0x20/0x20
[   41.521739]  ? __lock_is_held+0xbc/0x140
[   41.525770]  ? __lock_is_held+0xbc/0x140
[   41.529808]  ? find_held_lock+0x39/0x1d0
[   41.533839]  ? lock_downgrade+0x990/0x990
[   41.537954]  ? recalc_sigpending_tsk+0x117/0x150
[   41.542674]  ? recalc_sigpending+0x103/0x160
[   41.547047]  ? recalc_sigpending_tsk+0x150/0x150
[   41.551767]  ? get_signal+0x2b2/0x16d0
[   41.555624]  do_group_exit+0x149/0x400
[   41.559478]  ? __lock_is_held+0xbc/0x140
[   41.563506]  ? SyS_exit+0x30/0x30
[   41.566925]  ? _raw_spin_unlock_irq+0x27/0x70
[   41.571385]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   41.576369]  get_signal+0x73f/0x16d0
[   41.580052]  ? ptrace_notify+0x130/0x130
[   41.584088]  ? __schedule+0x8f0/0x2070
[   41.587942]  ? __sched_text_start+0x8/0x8
[   41.592062]  do_signal+0x94/0x1ee0
[   41.595571]  ? compat_readv+0x125/0x270
[   41.599509]  ? __fget_light+0x29d/0x390
[   41.603447]  ? vfs_iter_read+0xb0/0xb0
[   41.607300]  ? setup_sigcontext+0x7d0/0x7d0
[   41.611595]  ? schedule+0xf5/0x430
[   41.615104]  ? lock_downgrade+0x990/0x990
[   41.619218]  ? __schedule+0x2070/0x2070
[   41.623163]  ? exit_to_usermode_loop+0x8c/0x310
[   41.627798]  exit_to_usermode_loop+0x214/0x310
[   41.632346]  ? compat_readv+0x270/0x270
[   41.636286]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   41.641793]  do_fast_syscall_32+0x83e/0xf05
[   41.646083]  ? do_int80_syscall_32+0x940/0x940
[   41.650634]  ? lockdep_sys_exit+0x47/0xf0
[   41.654757]  ? syscall_return_slowpath+0x2b3/0x510
[   41.659650]  ? finish_task_switch+0x1aa/0x740
[   41.664115]  ? retint_user+0x18/0x20
[   41.667796]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   41.672609]  entry_SYSENTER_compat+0x51/0x60
[   41.676982] RIP: 0023:0xf7f91c79
[   41.680311] RSP: 002b:00000000f7f4b05c EFLAGS: 00000296 ORIG_RAX: 0000000000000091
[   41.687984] RAX: 0000000000000020 RBX: 0000000000000005 RCX: 0000000020053f90
[   41.695222] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000000
[   41.702457] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   41.709693] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   41.716928] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   41.724217] Dumping ftrace buffer:
[   41.727731]    (ftrace buffer empty)
[   41.731406] Kernel Offset: disabled
[   41.735000] Rebooting in 86400 seconds..