INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-3,10.128.15.204' (ECDSA) to the list of known hosts.
2017/09/30 06:47:01 parsed 1 programs
2017/09/30 06:47:01 executed programs: 0
2017/09/30 06:47:06 executed programs: 687
2017/09/30 06:47:11 executed programs: 1382
2017/09/30 06:47:16 executed programs: 2080
2017/09/30 06:47:21 executed programs: 2777
2017/09/30 06:47:26 executed programs: 3480
2017/09/30 06:47:31 executed programs: 4175
2017/09/30 06:47:36 executed programs: 4866
2017/09/30 06:47:41 executed programs: 5551
2017/09/30 06:47:46 executed programs: 6245
2017/09/30 06:47:51 executed programs: 6938
syzkaller login: [ 1408.694909] kasan: CONFIG_KASAN_INLINE enabled
[ 1408.694974] ------------[ cut here ]------------
[ 1408.694997] WARNING: CPU: 1 PID: 32335 at kernel/futex.c:818 get_pi_state+0x15b/0x190
[ 1408.695007] Kernel panic - not syncing: panic_on_warn set ...
[ 1408.695007] 
[ 1408.695016] CPU: 1 PID: 32335 Comm: syz-executor6 Not tainted 4.14.0-rc2+ #108
[ 1408.695022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1408.695027] Call Trace:
[ 1408.695040]  dump_stack+0x194/0x257
[ 1408.695056]  ? arch_local_irq_restore+0x53/0x53
[ 1408.695086]  panic+0x1e4/0x417
[ 1408.695096]  ? __warn+0x1d9/0x1d9
[ 1408.695105]  ? show_regs_print_info+0x65/0x65
[ 1408.695137]  ? get_pi_state+0x15b/0x190
[ 1408.695146]  __warn+0x1c4/0x1d9
[ 1408.695155]  ? get_pi_state+0x15b/0x190
[ 1408.695170]  report_bug+0x211/0x2d0
[ 1408.695191]  fixup_bug+0x40/0x90
[ 1408.695203]  do_trap+0x260/0x390
[ 1408.695225]  do_error_trap+0x120/0x390
[ 1408.695242]  ? do_trap+0x390/0x390
[ 1408.695253]  ? get_pi_state+0x15b/0x190
[ 1408.695263]  ? find_held_lock+0x39/0x1d0
[ 1408.695292]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1408.695312]  do_invalid_op+0x1b/0x20
[ 1408.695323]  invalid_op+0x18/0x20
[ 1408.695330] RIP: 0010:get_pi_state+0x15b/0x190
[ 1408.695336] RSP: 0018:ffff8801c3f5f1a8 EFLAGS: 00010297
[ 1408.695347] RAX: ffff8801b544a140 RBX: 0000000000000000 RCX: 1ffff100387ebe3a
[ 1408.695353] RDX: 0000000000000000 RSI: 1ffff10036a8953f RDI: ffff8801c5c41500
[ 1408.695359] RBP: ffff8801c3f5f238 R08: ffff8801b544b3f0 R09: 0000000000000000
[ 1408.695364] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff100387ebe36
[ 1408.695370] R13: ffff8801c5c41500 R14: 1ffff100387ebe3a R15: ffff8801c5c415c0
[ 1408.695405]  ? get_pi_state+0x15b/0x190
[ 1408.695417]  ? futex_wait_queue_me+0x7e0/0x7e0
[ 1408.695433]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1408.695451]  exit_pi_state_list+0x543/0x780
[ 1408.695478]  ? futex_wait_requeue_pi.constprop.19+0x1300/0x1300
[ 1408.695493]  ? lock_release+0xd70/0xd70
[ 1408.695504]  ? check_same_owner+0x320/0x320
[ 1408.695515]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 1408.695537]  ? __might_sleep+0x95/0x190
[ 1408.695557]  ? __might_fault+0x188/0x1d0
[ 1408.695577]  ? do_raw_spin_trylock+0x190/0x190
[ 1408.695592]  mm_release+0x46d/0x590
[ 1408.695600]  ? do_raw_spin_trylock+0x190/0x190
[ 1408.695610]  ? mm_access+0x140/0x140
[ 1408.695619]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1408.695633]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1408.695645]  ? trace_hardirqs_on+0xd/0x10
[ 1408.695655]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1408.695665]  ? acct_collect+0x637/0x800
[ 1408.695681]  do_exit+0x481/0x1af0
[ 1408.695692]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 1408.695706]  ? trace_hardirqs_on_caller+0x360/0x5c0
[ 1408.695716]  ? mm_update_next_owner+0x930/0x930
[ 1408.695724]  ? trace_hardirqs_on+0xd/0x10
[ 1408.695739]  ? hrtimer_try_to_cancel+0x9a/0x5c0
[ 1408.695747]  ? lock_acquire+0x1d5/0x580
[ 1408.695760]  ? __hrtimer_get_remaining+0x1c0/0x1c0
[ 1408.695772]  ? do_raw_spin_trylock+0x190/0x190
[ 1408.695782]  ? fault_in_user_writeable+0x90/0x90
[ 1408.695806]  ? fixup_pi_state_owner.isra.16+0x980/0x980
[ 1408.695826]  ? check_noncircular+0x20/0x20
[ 1408.695835]  ? hrtimer_cancel+0x2e/0x40
[ 1408.695847]  ? futex_wait_requeue_pi.constprop.19+0x8a8/0x1300
[ 1408.695868]  ? futex_requeue+0x2370/0x2370
[ 1408.695895]  ? find_held_lock+0x39/0x1d0
[ 1408.695923]  ? lock_downgrade+0x990/0x990
[ 1408.695934]  ? recalc_sigpending_tsk+0x117/0x150
[ 1408.695947]  ? recalc_sigpending+0x103/0x160
[ 1408.695958]  ? recalc_sigpending_tsk+0x150/0x150
[ 1408.695965]  ? get_signal+0x2b2/0x16d0
[ 1408.695994]  do_group_exit+0x149/0x400
[ 1408.696004]  ? __lock_is_held+0xbc/0x140
[ 1408.696014]  ? SyS_exit+0x30/0x30
[ 1408.696023]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1408.696037]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1408.696055]  get_signal+0x73f/0x16d0
[ 1408.696079]  ? ptrace_notify+0x130/0x130
[ 1408.696115]  ? exit_robust_list+0x240/0x240
[ 1408.696135]  ? check_noncircular+0x20/0x20
[ 1408.696152]  do_signal+0x94/0x1ee0
[ 1408.696173]  ? find_held_lock+0x39/0x1d0
[ 1408.696188]  ? setup_sigcontext+0x7d0/0x7d0
[ 1408.696208]  ? lock_downgrade+0x990/0x990
[ 1408.696246]  ? lock_release+0xd70/0xd70
[ 1408.696255]  ? check_same_owner+0x320/0x320
[ 1408.696264]  ? lock_acquire+0x1d5/0x580
[ 1408.696277]  ? finish_task_switch+0x1aa/0x740
[ 1408.696286]  ? exit_to_usermode_loop+0x8c/0x310
[ 1408.696308]  exit_to_usermode_loop+0x214/0x310
[ 1408.696323]  ? trace_event_raw_event_sys_exit+0x260/0x260
[ 1408.696334]  ? kasan_check_write+0x14/0x20
[ 1408.696358]  syscall_return_slowpath+0x42f/0x510
[ 1408.696372]  ? prepare_exit_to_usermode+0x2d0/0x2d0
[ 1408.696384]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[ 1408.696398]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1408.696409]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1408.696431]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[ 1408.696438] RIP: 0033:0x4520a9
[ 1408.696444] RSP: 002b:00007fe1e55e4c08 EFLAGS: 00000216 ORIG_RAX: 00000000000000ca
[ 1408.696454] RAX: 0000000000000000 RBX: 00000000007180b0 RCX: 00000000004520a9
[ 1408.696460] RDX: 0000000000000004 RSI: 000080000000000b RDI: 000000002000cffc
[ 1408.696465] RBP: 00000000000008f0 R08: 0000000020048000 R09: 0000000000000000
[ 1408.696471] R10: 0000000020edfff0 R11: 0000000000000216 R12: 00000000004b77c8
[ 1408.696477] R13: 00000000ffffffff R14: 000000002000cffc R15: 000080000000000b
[ 1409.195315] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 1409.202649] general protection fault: 0000 [#1] SMP KASAN
[ 1409.208153] Dumping ftrace buffer:
[ 1409.211657]    (ftrace buffer empty)
[ 1409.215335] Modules linked in:
[ 1409.218498] CPU: 0 PID: 32323 Comm: syz-executor6 Not tainted 4.14.0-rc2+ #108
[ 1409.225822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1409.235143] task: ffff8801d9a50240 task.stack: ffff8801c3b40000
[ 1409.241182] RIP: 0010:lock_release+0x233/0xd70
[ 1409.245727] RSP: 0018:ffff8801c3b46f40 EFLAGS: 00010002
[ 1409.251057] RAX: dffffc0000000000 RBX: 1ffff10038768ded RCX: 1ffff10038b882a1
[ 1409.258295] RDX: 0000000000000101 RSI: 0000000000000001 RDI: 0000000000000808
[ 1409.265531] RBP: ffff8801c3b470f0 R08: 1ffff10038b882a1 R09: ffff8801c3b46a60
[ 1409.272767] R10: ffff8801d9a50240 R11: 1ffff1003b34a2db R12: ffff8801c3b46fc8
[ 1409.280002] R13: ffff8801c3b470c8 R14: 00000000000007e8 R15: ffffffff85cc2b60
[ 1409.287241] FS:  00007fe1e5606700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
[ 1409.295433] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1409.301281] CR2: 0000000000f63cd8 CR3: 00000001c8465000 CR4: 00000000001406f0
[ 1409.308539] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1409.315775] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1409.323010] Call Trace:
[ 1409.325562]  ? lock_downgrade+0x990/0x990
[ 1409.329678]  ? put_pi_state+0x252/0x520
[ 1409.333618]  ? lock_downgrade+0x990/0x990
[ 1409.337735]  ? lock_acquire+0x1d5/0x580
[ 1409.341671]  ? put_pi_state+0xe4/0x520
[ 1409.345528]  ? lock_release+0xd70/0xd70
[ 1409.349465]  ? rt_mutex_adjust_prio+0x146/0x1d0
[ 1409.354097]  ? retint_kernel+0x10/0x10
[ 1409.357950]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1409.362932]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1409.367656]  _raw_spin_unlock_irq+0x1a/0x70
[ 1409.371942]  put_pi_state+0x252/0x520
[ 1409.375712]  ? attach_to_pi_state+0x3a0/0x3a0
[ 1409.380176]  ? wake_up_q+0x8a/0xe0
[ 1409.383682]  ? rt_mutex_futex_unlock+0xc0/0x110
[ 1409.388318]  ? __rt_mutex_futex_unlock+0x1b0/0x1b0
[ 1409.393216]  exit_pi_state_list+0x55c/0x780
[ 1409.397506]  ? futex_wait_requeue_pi.constprop.19+0x1300/0x1300
[ 1409.403530]  ? lock_release+0xd70/0xd70
[ 1409.407468]  ? check_same_owner+0x320/0x320
[ 1409.411755]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 1409.416827]  ? __might_sleep+0x95/0x190
[ 1409.420771]  ? __might_fault+0x188/0x1d0
[ 1409.424800]  ? do_raw_spin_trylock+0x190/0x190
[ 1409.429351]  mm_release+0x46d/0x590
[ 1409.432944]  ? do_raw_spin_trylock+0x190/0x190
[ 1409.437489]  ? mm_access+0x140/0x140
[ 1409.441167]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1409.445629]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1409.450612]  ? trace_hardirqs_on+0xd/0x10
[ 1409.454728]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1409.459188]  ? acct_collect+0x637/0x800
[ 1409.463129]  do_exit+0x481/0x1af0
[ 1409.466548]  ? mm_update_next_owner+0x930/0x930
[ 1409.471182]  ? check_same_owner+0x320/0x320
[ 1409.475470]  ? find_held_lock+0x39/0x1d0
[ 1409.479501]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[ 1409.484831]  ? check_noncircular+0x20/0x20
[ 1409.489034]  ? do_raw_spin_trylock+0x190/0x190
[ 1409.493583]  ? fault_in_user_writeable+0x90/0x90
[ 1409.498306]  ? futex_wake+0x680/0x680
[ 1409.502075]  ? find_held_lock+0x39/0x1d0
[ 1409.506106]  ? lock_downgrade+0x990/0x990
[ 1409.510219]  ? recalc_sigpending_tsk+0x117/0x150
[ 1409.514943]  ? recalc_sigpending+0x103/0x160
[ 1409.519317]  ? recalc_sigpending_tsk+0x150/0x150
[ 1409.524037]  ? get_signal+0x2b2/0x16d0
[ 1409.527893]  do_group_exit+0x149/0x400
[ 1409.531745]  ? __lock_is_held+0xbc/0x140
[ 1409.535772]  ? SyS_exit+0x30/0x30
[ 1409.539190]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1409.543651]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1409.548632]  get_signal+0x73f/0x16d0
[ 1409.552315]  ? ptrace_notify+0x130/0x130
[ 1409.556344]  ? lock_release+0xd70/0xd70
[ 1409.560286]  ? __lock_is_held+0xbc/0x140
[ 1409.564313]  ? exit_robust_list+0x240/0x240
[ 1409.568600]  ? __fget+0x362/0x580
[ 1409.572039]  do_signal+0x94/0x1ee0
[ 1409.575549]  ? iterate_fd+0x3f0/0x3f0
[ 1409.579315]  ? __lock_is_held+0xbc/0x140
[ 1409.583345]  ? setup_sigcontext+0x7d0/0x7d0
[ 1409.587633]  ? __fget+0x362/0x580
[ 1409.591051]  ? __fget_light+0x29d/0x390
[ 1409.594994]  ? check_same_owner+0x320/0x320
[ 1409.599282]  ? exit_to_usermode_loop+0x8c/0x310
[ 1409.603920]  exit_to_usermode_loop+0x214/0x310
[ 1409.608468]  ? trace_event_raw_event_sys_exit+0x260/0x260
[ 1409.613970]  ? fget_raw+0x20/0x20
[ 1409.617388]  ? kasan_check_write+0x14/0x20
[ 1409.621590]  syscall_return_slowpath+0x42f/0x510
[ 1409.626311]  ? prepare_exit_to_usermode+0x2d0/0x2d0
[ 1409.631294]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[ 1409.636190]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1409.641173]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1409.645895]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[ 1409.650617] RIP: 0033:0x4520a9
[ 1409.653775] RSP: 002b:00007fe1e5605cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1409.661449] RAX: fffffffffffffe00 RBX: 0000000000718028 RCX: 00000000004520a9
[ 1409.668695] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000718028
[ 1409.675933] RBP: 0000000000718000 R08: 0000000000000000 R09: 0000000000000000
[ 1409.683171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1409.690409] R13: 0000000000a6f7ef R14: 00007fe1e56069c0 R15: 0000000000000000