INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-0,10.128.15.197' (ECDSA) to the list of known hosts.
2017/09/08 22:24:57 parsed 1 programs
2017/09/08 22:24:57 executed programs: 0
syzkaller login: [   33.993372] dev_remove_pack: ffff8801cd2c8c80 not found
[   34.008307] ==================================================================
[   34.015697] BUG: KASAN: use-after-free in __dev_remove_pack+0x305/0x3b0
[   34.022421] Read of size 8 at addr ffff8801cd702ae8 by task syz-executor0/3144
[   34.029760] 
[   34.031360] CPU: 1 PID: 3144 Comm: syz-executor0 Not tainted 4.13.0-next-20170908+ #18
[   34.039383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.048744] Call Trace:
[   34.051312]  dump_stack+0x194/0x257
[   34.054917]  ? arch_local_irq_restore+0x53/0x53
[   34.059565]  ? show_regs_print_info+0x65/0x65
[   34.064042]  ? __dev_remove_pack+0x305/0x3b0
[   34.068455]  print_address_description+0x73/0x250
[   34.073291]  ? __dev_remove_pack+0x305/0x3b0
[   34.077681]  kasan_report+0x24e/0x340
[   34.081471]  __asan_report_load8_noabort+0x14/0x20
[   34.086379]  __dev_remove_pack+0x305/0x3b0
[   34.090601]  ? dev_get_by_name_rcu+0x270/0x270
[   34.095190]  ? refcount_sub_and_test+0x115/0x1b0
[   34.099942]  __unregister_prot_hook+0x211/0x280
[   34.104591]  packet_release+0x8bb/0xd70
[   34.108546]  ? packet_set_ring+0x1b70/0x1b70
[   34.112928]  ? dentry_free+0xcd/0x130
[   34.116703]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.121692]  ? kmem_cache_free+0x249/0x280
[   34.125918]  ? dentry_free+0xd2/0x130
[   34.129705]  ? locks_remove_file+0x3fa/0x5a0
[   34.134174]  ? fcntl_setlk+0x10d0/0x10d0
[   34.138212]  ? __fsnotify_parent+0xb4/0x3a0
[   34.142527]  ? fsnotify+0x1af0/0x1af0
[   34.146306]  sock_release+0x8d/0x1e0
[   34.149998]  ? sock_release+0x8d/0x1e0
[   34.153860]  ? sock_release+0x1e0/0x1e0
[   34.157808]  sock_close+0x16/0x20
[   34.161238]  __fput+0x333/0x7f0
[   34.164498]  ? fput+0x140/0x140
[   34.167753]  ? check_same_owner+0x320/0x320
[   34.172049]  ? _raw_spin_unlock_irq+0x27/0x70
[   34.176557]  ____fput+0x15/0x20
[   34.179822]  task_work_run+0x199/0x270
[   34.183695]  ? task_work_cancel+0x210/0x210
[   34.187999]  ? _raw_spin_unlock+0x22/0x30
[   34.192128]  ? switch_task_namespaces+0x87/0xc0
[   34.196773]  do_exit+0xa52/0x1b40
[   34.200198]  ? plist_check_list+0xa0/0xa0
[   34.204329]  ? plist_del+0x47b/0x990
[   34.208016]  ? mm_update_next_owner+0x930/0x930
[   34.212670]  ? plist_add+0x760/0x760
[   34.216370]  ? check_same_owner+0x320/0x320
[   34.220676]  ? find_held_lock+0x39/0x1d0
[   34.224733]  ? check_noncircular+0x20/0x20
[   34.228957]  ? lock_downgrade+0x990/0x990
[   34.233083]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   34.238455]  ? find_held_lock+0x39/0x1d0
[   34.242515]  ? lock_downgrade+0x990/0x990
[   34.246637]  ? recalc_sigpending_tsk+0x117/0x150
[   34.251366]  ? recalc_sigpending+0x103/0x160
[   34.255756]  ? recalc_sigpending_tsk+0x150/0x150
[   34.260482]  ? get_signal+0x397/0x17e0
[   34.264352]  do_group_exit+0x149/0x400
[   34.268219]  ? __lock_is_held+0xbc/0x140
[   34.272258]  ? SyS_exit+0x30/0x30
[   34.275881]  ? _raw_spin_unlock_irq+0x27/0x70
[   34.280364]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.285371]  get_signal+0x7e8/0x17e0
[   34.289081]  ? ptrace_notify+0x130/0x130
[   34.293122]  ? __fget+0xbb/0x580
[   34.296464]  ? lock_downgrade+0x990/0x990
[   34.300596]  ? lock_release+0xd70/0xd70
[   34.304550]  ? exit_robust_list+0x240/0x240
[   34.308867]  do_signal+0x94/0x1ee0
[   34.312386]  ? iterate_fd+0x3f0/0x3f0
[   34.316176]  ? setup_sigcontext+0x7d0/0x7d0
[   34.320509]  ? do_page_fault+0xee/0x720
[   34.324456]  ? __do_page_fault+0xb60/0xb60
[   34.328665]  ? __fget_light+0x29d/0x390
[   34.332614]  ? selinux_tun_dev_create+0xc0/0xc0
[   34.337265]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   34.342953]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   34.348211]  ? exit_to_usermode_loop+0x98/0x300
[   34.352867]  exit_to_usermode_loop+0x224/0x300
[   34.357423]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   34.362965]  syscall_return_slowpath+0x42f/0x500
[   34.367695]  ? prepare_exit_to_usermode+0x2c0/0x2c0
[   34.372684]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   34.377587]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.382577]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   34.387312]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   34.392036] RIP: 0033:0x451e59
[   34.395197] RSP: 002b:00007fc782ffacf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   34.402885] RAX: fffffffffffffe00 RBX: 0000000000718028 RCX: 0000000000451e59
[   34.410126] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000718028
[   34.417375] RBP: 0000000000718000 R08: 0000000000000000 R09: 0000000000000000
[   34.424615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   34.431865] R13: 00007ffe2860970f R14: 00007fc782ffb9c0 R15: 0000000000000000
[   34.439144] 
[   34.440743] Allocated by task 3144:
[   34.444339]  save_stack_trace+0x16/0x20
[   34.448285]  save_stack+0x43/0xd0
[   34.451708]  kasan_kmalloc+0xad/0xe0
[   34.455392]  kmem_cache_alloc_trace+0x136/0x750
[   34.460033]  fanout_add+0xa50/0x1190
[   34.463717]  packet_setsockopt+0xfdc/0x1e80
[   34.468011]  SyS_setsockopt+0x189/0x360
[   34.471974]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   34.476697] 
[   34.478291] Freed by task 3144:
[   34.481547]  save_stack_trace+0x16/0x20
[   34.485490]  save_stack+0x43/0xd0
[   34.488914]  kasan_slab_free+0x71/0xc0
[   34.492794]  kfree+0xca/0x250
[   34.495874]  packet_release+0xa8f/0xd70
[   34.499832]  sock_release+0x8d/0x1e0
[   34.503515]  sock_close+0x16/0x20
[   34.506938]  __fput+0x333/0x7f0
[   34.510191]  ____fput+0x15/0x20
[   34.513442]  task_work_run+0x199/0x270
[   34.517297]  do_exit+0xa52/0x1b40
[   34.520717]  do_group_exit+0x149/0x400
[   34.524572]  get_signal+0x7e8/0x17e0
[   34.528255]  do_signal+0x94/0x1ee0
[   34.531764]  exit_to_usermode_loop+0x224/0x300
[   34.536315]  syscall_return_slowpath+0x42f/0x500
[   34.541044]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   34.545775] 
[   34.547387] The buggy address belongs to the object at ffff8801cd702240
[   34.547387]  which belongs to the cache kmalloc-4096 of size 4096
[   34.560272] The buggy address is located 2216 bytes inside of
[   34.560272]  4096-byte region [ffff8801cd702240, ffff8801cd703240)
[   34.572293] The buggy address belongs to the page:
[   34.577204] page:ffffea000735c080 count:1 mapcount:0 mapping:ffff8801cd702240 index:0x0 compound_mapcount: 0
[   34.587154] flags: 0x200000000008100(slab|head)
[   34.591798] raw: 0200000000008100 ffff8801cd702240 0000000000000000 0000000100000001
[   34.599654] raw: ffffea000735c020 ffff8801dac01a50 ffff8801dac00dc0 0000000000000000
[   34.607508] page dumped because: kasan: bad access detected
[   34.613186] 
[   34.614784] Memory state around the buggy address:
[   34.619681]  ffff8801cd702980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.627011]  ffff8801cd702a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.634347] >ffff8801cd702a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.641680]                                                           ^
[   34.648403]  ffff8801cd702b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.655731]  ffff8801cd702b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.663073] ==================================================================
[   34.670414] Disabling lock debugging due to kernel taint
[   34.675896] Kernel panic - not syncing: panic_on_warn set ...
[   34.675896] 
[   34.683231] CPU: 1 PID: 3144 Comm: syz-executor0 Tainted: G    B           4.13.0-next-20170908+ #18
[   34.692471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.701804] Call Trace:
[   34.704373]  dump_stack+0x194/0x257
[   34.707967]  ? arch_local_irq_restore+0x53/0x53
[   34.712602]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   34.717333]  ? __dev_remove_pack+0x2f0/0x3b0
[   34.721706]  panic+0x1e4/0x417
[   34.724862]  ? __warn+0x1d9/0x1d9
[   34.728307]  ? __dev_remove_pack+0x305/0x3b0
[   34.732679]  kasan_end_report+0x50/0x50
[   34.736620]  kasan_report+0x137/0x340
[   34.740385]  __asan_report_load8_noabort+0x14/0x20
[   34.745285]  __dev_remove_pack+0x305/0x3b0
[   34.749493]  ? dev_get_by_name_rcu+0x270/0x270
[   34.754042]  ? refcount_sub_and_test+0x115/0x1b0
[   34.758767]  __unregister_prot_hook+0x211/0x280
[   34.763414]  packet_release+0x8bb/0xd70
[   34.767370]  ? packet_set_ring+0x1b70/0x1b70
[   34.771754]  ? dentry_free+0xcd/0x130
[   34.775519]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.780500]  ? kmem_cache_free+0x249/0x280
[   34.784701]  ? dentry_free+0xd2/0x130
[   34.788473]  ? locks_remove_file+0x3fa/0x5a0
[   34.792851]  ? fcntl_setlk+0x10d0/0x10d0
[   34.796881]  ? __fsnotify_parent+0xb4/0x3a0
[   34.801167]  ? fsnotify+0x1af0/0x1af0
[   34.804960]  sock_release+0x8d/0x1e0
[   34.808638]  ? sock_release+0x8d/0x1e0
[   34.812489]  ? sock_release+0x1e0/0x1e0
[   34.816427]  sock_close+0x16/0x20
[   34.819854]  __fput+0x333/0x7f0
[   34.823104]  ? fput+0x140/0x140
[   34.826350]  ? check_same_owner+0x320/0x320
[   34.830651]  ? _raw_spin_unlock_irq+0x27/0x70
[   34.835113]  ____fput+0x15/0x20
[   34.838365]  task_work_run+0x199/0x270
[   34.842217]  ? task_work_cancel+0x210/0x210
[   34.846505]  ? _raw_spin_unlock+0x22/0x30
[   34.850618]  ? switch_task_namespaces+0x87/0xc0
[   34.855260]  do_exit+0xa52/0x1b40
[   34.858676]  ? plist_check_list+0xa0/0xa0
[   34.862808]  ? plist_del+0x47b/0x990
[   34.866487]  ? mm_update_next_owner+0x930/0x930
[   34.871119]  ? plist_add+0x760/0x760
[   34.874820]  ? check_same_owner+0x320/0x320
[   34.879111]  ? find_held_lock+0x39/0x1d0
[   34.883147]  ? check_noncircular+0x20/0x20
[   34.887355]  ? lock_downgrade+0x990/0x990
[   34.891468]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   34.896806]  ? find_held_lock+0x39/0x1d0
[   34.900837]  ? lock_downgrade+0x990/0x990
[   34.905044]  ? recalc_sigpending_tsk+0x117/0x150
[   34.909765]  ? recalc_sigpending+0x103/0x160
[   34.914153]  ? recalc_sigpending_tsk+0x150/0x150
[   34.918894]  ? get_signal+0x397/0x17e0
[   34.922761]  do_group_exit+0x149/0x400
[   34.926612]  ? __lock_is_held+0xbc/0x140
[   34.930636]  ? SyS_exit+0x30/0x30
[   34.934058]  ? _raw_spin_unlock_irq+0x27/0x70
[   34.938535]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.943523]  get_signal+0x7e8/0x17e0
[   34.947217]  ? ptrace_notify+0x130/0x130
[   34.951243]  ? __fget+0xbb/0x580
[   34.954574]  ? lock_downgrade+0x990/0x990
[   34.958689]  ? lock_release+0xd70/0xd70
[   34.962643]  ? exit_robust_list+0x240/0x240
[   34.966952]  do_signal+0x94/0x1ee0
[   34.970460]  ? iterate_fd+0x3f0/0x3f0
[   34.974226]  ? setup_sigcontext+0x7d0/0x7d0
[   34.978523]  ? do_page_fault+0xee/0x720
[   34.982461]  ? __do_page_fault+0xb60/0xb60
[   34.986662]  ? __fget_light+0x29d/0x390
[   34.990601]  ? selinux_tun_dev_create+0xc0/0xc0