INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-7,10.128.15.224' (ECDSA) to the list of known hosts.
2017/09/27 08:04:41 parsed 1 programs
2017/09/27 08:04:41 executed programs: 0
syzkaller login: [   36.743558] ==================================================================
[   36.744751] BUG: KASAN: use-after-free in irq_bypass_register_consumer+0x4b4/0x500
[   36.745938] Write of size 8 at addr ffff8801d69f9c40 by task syz-executor0/3598
[   36.746934] 
[   36.747192] CPU: 1 PID: 3598 Comm: syz-executor0 Not tainted 4.14.0-rc2-next-20170927+ #30
[   36.748346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.749572] Call Trace:
[   36.749937]  dump_stack+0x194/0x257
[   36.750436]  ? arch_local_irq_restore+0x53/0x53
[   36.751067]  ? show_regs_print_info+0x65/0x65
[   36.751693]  ? irq_bypass_register_consumer+0x4b4/0x500
[   36.752417]  print_address_description+0x73/0x250
[   36.753071]  ? irq_bypass_register_consumer+0x4b4/0x500
[   36.753809]  kasan_report+0x25b/0x340
[   36.754334]  __asan_report_store8_noabort+0x17/0x20
[   36.755061]  irq_bypass_register_consumer+0x4b4/0x500
[   36.755759]  ? __disconnect+0x1a0/0x1a0
[   36.756315]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   36.756990]  ? trace_hardirqs_on+0xd/0x10
[   36.757573]  ? queue_work_on+0x106/0x1c0
[   36.758158]  kvm_irqfd+0x137a/0x1d50
[   36.758686]  ? kvm_eventfd_init+0x2a0/0x2a0
[   36.759272]  ? find_held_lock+0x39/0x1d0
[   36.759856]  ? lock_downgrade+0x990/0x990
[   36.760420]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   36.761124]  ? __might_fault+0xe0/0x1d0
[   36.761673]  ? lock_release+0xd70/0xd70
[   36.762225]  ? trace_event_raw_event_sched_switch+0x770/0x770
[   36.763036]  ? __might_sleep+0x95/0x190
[   36.763605]  ? kasan_check_write+0x14/0x20
[   36.766394]  ? _copy_from_user+0x99/0x110
[   36.770522]  kvm_vm_ioctl+0x1079/0x1c40
[   36.774472]  ? futex_wake+0x2ca/0x680
[   36.778250]  ? kvm_set_memory_region+0x50/0x50
[   36.782808]  ? get_futex_key+0x1d50/0x1d50
[   36.787023]  ? check_noncircular+0x20/0x20
[   36.791268]  ? find_held_lock+0x39/0x1d0
[   36.795320]  ? lock_downgrade+0x990/0x990
[   36.799443]  ? exit_robust_list+0x240/0x240
[   36.803749]  ? __fget+0xbb/0x580
[   36.807109]  ? lock_release+0xd70/0xd70
[   36.811063]  ? __lock_is_held+0xbc/0x140
[   36.815118]  ? __fget+0x362/0x580
[   36.818558]  ? iterate_fd+0x3f0/0x3f0
[   36.822334]  ? __lock_is_held+0xbc/0x140
[   36.826387]  ? kvm_set_memory_region+0x50/0x50
[   36.830944]  do_vfs_ioctl+0x1b1/0x1530
[   36.834803]  ? __fd_install+0x2f7/0x6a0
[   36.838749]  ? anon_inode_getfile+0x349/0x490
[   36.843224]  ? ioctl_preallocate+0x2b0/0x2b0
[   36.847613]  ? selinux_capable+0x40/0x40
[   36.851654]  ? SyS_futex+0x269/0x390
[   36.855358]  ? security_file_ioctl+0x89/0xb0
[   36.859745]  SyS_ioctl+0x8f/0xc0
[   36.863095]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   36.867823] RIP: 0033:0x4520a9
[   36.870995] RSP: 002b:00007f66360c4c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000010
[   36.878688] RAX: ffffffffffffffda RBX: 00000000007180b0 RCX: 00000000004520a9
[   36.885934] RDX: 0000000020025fe0 RSI: 000000004020ae76 RDI: 000000000000000f
[   36.893178] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
[   36.900422] R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004bbcbf
[   36.907668] R13: 00000000ffffffff R14: 0000000020571ff7 R15: 0000000000000000
[   36.914933] 
[   36.916534] Allocated by task 3598:
[   36.920136]  save_stack_trace+0x16/0x20
[   36.924082]  save_stack+0x43/0xd0
[   36.927508]  kasan_kmalloc+0xad/0xe0
[   36.931200]  kmem_cache_alloc_trace+0x136/0x750
[   36.935846]  kvm_irqfd+0x16c/0x1d50
[   36.939444]  kvm_vm_ioctl+0x1079/0x1c40
[   36.943393]  do_vfs_ioctl+0x1b1/0x1530
[   36.947252]  SyS_ioctl+0x8f/0xc0
[   36.950593]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   36.955317] 
[   36.956918] Freed by task 2997:
[   36.960174]  save_stack_trace+0x16/0x20
[   36.964122]  save_stack+0x43/0xd0
[   36.967547]  kasan_slab_free+0x71/0xc0
[   36.971408]  kfree+0xca/0x250
[   36.974486]  irqfd_shutdown+0x13c/0x1a0
[   36.978435]  process_one_work+0xbfa/0x1bd0
[   36.982641]  worker_thread+0x223/0x1860
[   36.986586]  kthread+0x3c9/0x4b0
[   36.989926]  ret_from_fork+0x2a/0x40
[   36.993608] 
[   36.995208] The buggy address belongs to the object at ffff8801d69f9ac0
[   36.995208]  which belongs to the cache kmalloc-512 of size 512
[   37.007839] The buggy address is located 384 bytes inside of
[   37.007839]  512-byte region [ffff8801d69f9ac0, ffff8801d69f9cc0)
[   37.019686] The buggy address belongs to the page:
[   37.024591] page:ffffea00075a7e40 count:1 mapcount:0 mapping:ffff8801d69f90c0 index:0x0
[   37.032710] flags: 0x200000000000100(slab)
[   37.036919] raw: 0200000000000100 ffff8801d69f90c0 0000000000000000 0000000100000006
[   37.044774] raw: ffffea00075ea560 ffffea00076b59a0 ffff8801dac00940 0000000000000000
[   37.052623] page dumped because: kasan: bad access detected
[   37.058310] 
[   37.059910] Memory state around the buggy address:
[   37.064809]  ffff8801d69f9b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.072144]  ffff8801d69f9b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.079473] >ffff8801d69f9c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.086804]                                            ^
[   37.092225]  ffff8801d69f9c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   37.099557]  ffff8801d69f9d00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   37.106886] ==================================================================
[   37.114214] Disabling lock debugging due to kernel taint
[   37.119717] Kernel panic - not syncing: panic_on_warn set ...
[   37.119717] 
[   37.127085] CPU: 1 PID: 3598 Comm: syz-executor0 Tainted: G    B           4.14.0-rc2-next-20170927+ #30
[   37.136690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.146019] Call Trace:
[   37.148579]  dump_stack+0x194/0x257
[   37.152175]  ? arch_local_irq_restore+0x53/0x53
[   37.156813]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   37.161539]  ? irq_bypass_register_consumer+0x480/0x500
[   37.166870]  panic+0x1e4/0x417
[   37.170033]  ? __warn+0x1d9/0x1d9
[   37.173459]  ? irq_bypass_register_consumer+0x4b4/0x500
[   37.178790]  kasan_end_report+0x50/0x50
[   37.182731]  kasan_report+0x144/0x340
[   37.186502]  __asan_report_store8_noabort+0x17/0x20
[   37.191488]  irq_bypass_register_consumer+0x4b4/0x500
[   37.196647]  ? __disconnect+0x1a0/0x1a0
[   37.200591]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   37.205574]  ? trace_hardirqs_on+0xd/0x10
[   37.209688]  ? queue_work_on+0x106/0x1c0
[   37.213719]  kvm_irqfd+0x137a/0x1d50
[   37.217408]  ? kvm_eventfd_init+0x2a0/0x2a0
[   37.221695]  ? find_held_lock+0x39/0x1d0
[   37.225729]  ? lock_downgrade+0x990/0x990
[   37.229844]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   37.235003]  ? __might_fault+0xe0/0x1d0
[   37.238952]  ? lock_release+0xd70/0xd70
[   37.242900]  ? trace_event_raw_event_sched_switch+0x770/0x770
[   37.248755]  ? __might_sleep+0x95/0x190
[   37.252697]  ? kasan_check_write+0x14/0x20
[   37.256897]  ? _copy_from_user+0x99/0x110
[   37.261016]  kvm_vm_ioctl+0x1079/0x1c40
[   37.264964]  ? futex_wake+0x2ca/0x680
[   37.268730]  ? kvm_set_memory_region+0x50/0x50
[   37.273279]  ? get_futex_key+0x1d50/0x1d50
[   37.277481]  ? check_noncircular+0x20/0x20
[   37.281691]  ? find_held_lock+0x39/0x1d0
[   37.285722]  ? lock_downgrade+0x990/0x990
[   37.289842]  ? exit_robust_list+0x240/0x240
[   37.294131]  ? __fget+0xbb/0x580
[   37.297467]  ? lock_release+0xd70/0xd70
[   37.301409]  ? __lock_is_held+0xbc/0x140
[   37.305442]  ? __fget+0x362/0x580
[   37.308865]  ? iterate_fd+0x3f0/0x3f0
[   37.312630]  ? __lock_is_held+0xbc/0x140
[   37.316663]  ? kvm_set_memory_region+0x50/0x50
[   37.321210]  do_vfs_ioctl+0x1b1/0x1530
[   37.325063]  ? __fd_install+0x2f7/0x6a0
[   37.329003]  ? anon_inode_getfile+0x349/0x490
[   37.333473]  ? ioctl_preallocate+0x2b0/0x2b0
[   37.337848]  ? selinux_capable+0x40/0x40
[   37.341876]  ? SyS_futex+0x269/0x390
[   37.345566]  ? security_file_ioctl+0x89/0xb0
[   37.349944]  SyS_ioctl+0x8f/0xc0
[   37.353279]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   37.357997] RIP: 0033:0x4520a9
[   37.361156] RSP: 002b:00007f66360c4c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000010
[   37.368830] RAX: ffffffffffffffda RBX: 00000000007180b0 RCX: 00000000004520a9
[   37.376066] RDX: 0000000020025fe0 RSI: 000000004020ae76 RDI: 000000000000000f
[   37.383303] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
[   37.390540] R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004bbcbf
[   37.397775] R13: 00000000ffffffff R14: 0000000020571ff7 R15: 0000000000000000
[   37.405492] Dumping ftrace buffer:
[   37.409002]    (ftrace buffer empty)
[   37.412684] Kernel Offset: disabled
[   37.416281] Rebooting in 86400 seconds..