INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-8,10.128.0.31' (ECDSA) to the list of known hosts.
2017/09/26 00:30:50 parsed 1 programs
2017/09/26 00:30:50 executed programs: 0
syzkaller login: [   37.697511] dev_remove_pack: ffff8801c8f34980 not found
[   37.929730] dev_remove_pack: ffff8801cb79a900 not found
2017/09/26 00:30:55 executed programs: 790
[   40.187349] ==================================================================
[   40.195820] BUG: KASAN: use-after-free in fanout_demux_rollover+0x49b/0x4d0
[   40.202924] Read of size 8 at addr ffff8801c8f34930 by task ksoftirqd/1/16
[   40.209922] 
[   40.211540] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 4.13.0-mm1+ #7
[   40.218277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.227623] Call Trace:
[   40.230213]  dump_stack+0x194/0x257
[   40.233875]  ? arch_local_irq_restore+0x53/0x53
[   40.238550]  ? show_regs_print_info+0x65/0x65
[   40.243046]  ? fanout_demux_rollover+0x49b/0x4d0
[   40.247797]  print_address_description+0x73/0x250
[   40.252637]  ? fanout_demux_rollover+0x49b/0x4d0
[   40.257390]  kasan_report+0x24e/0x340
[   40.261185]  __asan_report_load8_noabort+0x14/0x20
[   40.266098]  fanout_demux_rollover+0x49b/0x4d0
[   40.270663]  ? skb_split+0x1310/0x1310
[   40.274557]  packet_rcv_fanout+0x52e/0x7d0
[   40.278785]  ? compat_packet_setsockopt+0x140/0x140
[   40.283802]  ? refcount_add+0x60/0x60
[   40.287588]  ? packet_rcv_fanout+0x7d0/0x7d0
[   40.291989]  __netif_receive_skb_core+0xc12/0x33d0
[   40.296901]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   40.301904]  ? nf_ingress+0x9f0/0x9f0
[   40.305678]  ? unwind_dump+0x4c0/0x4c0
[   40.309556]  ? check_noncircular+0x20/0x20
[   40.313770]  ? __save_stack_trace+0x6e/0xd0
[   40.318073]  ? depot_save_stack+0x12c/0x490
[   40.322397]  ? find_held_lock+0x39/0x1d0
[   40.326451]  ? lock_downgrade+0x990/0x990
[   40.330579]  ? lock_acquire+0x1d5/0x580
[   40.334527]  ? netif_receive_skb_internal+0x1d7/0x670
[   40.339695]  ? find_held_lock+0x39/0x1d0
[   40.343741]  ? pvclock_read_flags+0x160/0x160
[   40.348208]  ? lock_downgrade+0x990/0x990
[   40.352337]  ? lock_acquire+0x1d5/0x580
[   40.356283]  ? netif_receive_skb_internal+0xa2/0x670
[   40.361362]  ? ktime_get_with_offset+0x2c1/0x420
[   40.366109]  ? lock_release+0xd70/0xd70
[   40.370067]  ? ktime_get+0x3a0/0x3a0
[   40.373767]  __netif_receive_skb+0x2c/0x1b0
[   40.378062]  ? __netif_receive_skb+0x2c/0x1b0
[   40.382536]  netif_receive_skb_internal+0x10b/0x670
[   40.387541]  ? dev_cpu_dead+0xb00/0xb00
[   40.391490]  ? __alloc_pages_nodemask+0xd80/0xd80
[   40.396310]  ? net_rx_action+0x1910/0x1910
[   40.400523]  ? rcu_pm_notify+0xc0/0xc0
[   40.404394]  ? skb_gro_reset_offset+0x17b/0x300
[   40.409042]  napi_gro_receive+0x3d0/0x500
[   40.413167]  ? dev_gro_receive+0x19b0/0x19b0
[   40.417559]  ? eth_type_trans+0x2a3/0x650
[   40.421688]  ? eth_gro_receive+0x810/0x810
[   40.425908]  receive_buf+0xcc5/0x51f0
[   40.429696]  ? virtnet_set_rx_mode+0x9f0/0x9f0
[   40.434266]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   40.439259]  ? check_noncircular+0x20/0x20
[   40.443479]  ? unwind_dump+0x4c0/0x4c0
[   40.447351]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.452529]  ? __unwind_start+0x169/0x330
[   40.456655]  ? find_held_lock+0x39/0x1d0
[   40.460700]  ? lock_downgrade+0x990/0x990
[   40.464822]  ? save_stack_trace+0x16/0x20
[   40.468952]  ? cpuacct_charge+0xc4/0x5b0
[   40.472995]  ? lock_release+0xd70/0xd70
[   40.476953]  ? rb_erase_cached+0xf50/0x3540
[   40.481255]  ? rb_next+0x140/0x140
[   40.484783]  ? cpuacct_charge+0x2fd/0x5b0
[   40.488912]  ? cpuusage_read+0x10/0x10
[   40.492784]  ? check_noncircular+0x20/0x20
[   40.496993]  ? check_noncircular+0x20/0x20
[   40.501211]  ? update_curr+0x30c/0x800
[   40.505074]  ? find_next_bit+0x27/0x30
[   40.508936]  ? account_entity_dequeue+0x234/0x590
[   40.513755]  ? hrtick_update+0x250/0x250
[   40.517792]  ? __lock_is_held+0xbc/0x140
[   40.521836]  ? task_fork_fair+0x7b0/0x7b0
[   40.525973]  ? dequeue_task_fair+0x16d8/0x68b0
[   40.530588]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   40.536466]  ? ret_from_fork+0x2a/0x40
[   40.540363]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   40.545371]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   40.550372]  ? unwind_dump+0x4c0/0x4c0
[   40.554246]  ? unwind_dump+0x4c0/0x4c0
[   40.558118]  ? __unwind_start+0x169/0x330
[   40.562241]  ? unwind_get_return_address+0x61/0xa0
[   40.567148]  ? __save_stack_trace+0x61/0xd0
[   40.571445]  ? vring_use_dma_api+0x7f/0xa0
[   40.575653]  ? vring_unmap_one+0x49/0x3d0
[   40.579781]  ? detach_buf+0x463/0x6a0
[   40.583553]  ? save_stack_trace+0x16/0x20
[   40.587673]  ? __lock_acquire+0x20fd/0x4620
[   40.591976]  ? virtqueue_get_buf_ctx+0x3b1/0x8b0
[   40.596711]  ? detach_buf+0x6a0/0x6a0
[   40.600502]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.605689]  virtnet_poll+0x304/0xad0
[   40.609474]  ? receive_buf+0x51f0/0x51f0
[   40.613515]  ? unwind_next_frame+0x3e/0x50
[   40.617727]  ? __save_stack_trace+0x6e/0xd0
[   40.622035]  ? net_rx_action+0x49b/0x1910
[   40.626162]  net_rx_action+0x792/0x1910
[   40.630118]  ? kmem_cache_free+0x77/0x280
[   40.634243]  ? napi_complete_done+0x6c0/0x6c0
[   40.638715]  ? check_noncircular+0x20/0x20
[   40.642934]  ? synchronize_rcu_bh+0xf0/0xf0
[   40.647243]  ? find_held_lock+0x39/0x1d0
[   40.651290]  ? lock_downgrade+0x990/0x990
[   40.655423]  ? lock_acquire+0x1d5/0x580
[   40.659373]  ? finish_task_switch+0x1aa/0x740
[   40.663847]  ? do_raw_spin_trylock+0x190/0x190
[   40.668403]  ? lock_release+0xd70/0xd70
[   40.672352]  ? compat_start_thread+0x80/0x80
[   40.676746]  ? check_noncircular+0x20/0x20
[   40.680957]  ? _raw_spin_unlock_irq+0x27/0x70
[   40.685427]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.690417]  ? _raw_spin_unlock_irq+0x27/0x70
[   40.694885]  ? finish_task_switch+0x1d3/0x740
[   40.699352]  ? finish_task_switch+0x1aa/0x740
[   40.703827]  ? preempt_notifier_dec+0x20/0x20
[   40.708305]  ? __schedule+0x8f0/0x2070
[   40.712178]  ? rcu_pm_notify+0xc0/0xc0
[   40.716039]  ? __schedule+0x8f0/0x2070
[   40.719909]  __do_softirq+0x2bb/0xbd0
[   40.723694]  ? __softirqentry_text_start+0x8/0x8
[   40.728428]  ? schedule+0x108/0x440
[   40.732033]  ? __schedule+0x2070/0x2070
[   40.735992]  ? rcu_note_context_switch+0x710/0x710
[   40.740900]  ? run_ksoftirqd+0x55/0x100
[   40.744850]  ? takeover_tasklets+0xa40/0xa40
[   40.749233]  run_ksoftirqd+0x50/0x100
[   40.753007]  smpboot_thread_fn+0x489/0x850
[   40.757228]  ? sort_range+0x30/0x30
[   40.760831]  ? __kthread_parkme+0xdf/0x240
[   40.765123]  ? __kthread_parkme+0x173/0x240
[   40.769423]  kthread+0x39c/0x470
[   40.772760]  ? sort_range+0x30/0x30
[   40.776359]  ? kthread_create_on_node+0x100/0x100
[   40.781178]  ret_from_fork+0x2a/0x40
[   40.784888] 
[   40.786490] Allocated by task 4338:
[   40.790092]  save_stack_trace+0x16/0x20
[   40.794041]  save_stack+0x43/0xd0
[   40.797464]  kasan_kmalloc+0xad/0xe0
[   40.801149]  __kmalloc+0x162/0x760
[   40.804660]  sk_prot_alloc+0x101/0x2a0
[   40.808516]  sk_alloc+0x89/0x700
[   40.811856]  packet_create+0x169/0xb00
[   40.815720]  __sock_create+0x4d4/0x850
[   40.819579]  SyS_socket+0xeb/0x200
[   40.823091]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   40.827816] 
[   40.829415] Freed by task 4329:
[   40.832665]  save_stack_trace+0x16/0x20
[   40.836613]  save_stack+0x43/0xd0
[   40.840036]  kasan_slab_free+0x71/0xc0
[   40.843894]  kfree+0xca/0x250
[   40.846971]  __sk_destruct+0x74a/0x910
[   40.850827]  sk_destruct+0x47/0x80
[   40.854336]  __sk_free+0x57/0x230
[   40.857758]  sk_free+0x2a/0x40
[   40.860922]  packet_release+0x859/0xd70
[   40.864866]  sock_release+0x8d/0x1e0
[   40.868549]  sock_close+0x16/0x20
[   40.871974]  __fput+0x333/0x7f0
[   40.875228]  ____fput+0x15/0x20
[   40.878480]  task_work_run+0x199/0x270
[   40.882348]  do_exit+0xa52/0x1b40
[   40.885773]  do_group_exit+0x149/0x400
[   40.889633]  get_signal+0x7e8/0x17e0
[   40.893326]  do_signal+0x94/0x1ee0
[   40.896847]  exit_to_usermode_loop+0x224/0x300
[   40.901400]  syscall_return_slowpath+0x42f/0x500
[   40.906129]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   40.910857] 
[   40.912458] The buggy address belongs to the object at ffff8801c8f341c0
[   40.912458]  which belongs to the cache kmalloc-2048 of size 2048
[   40.925261] The buggy address is located 1904 bytes inside of
[   40.925261]  2048-byte region [ffff8801c8f341c0, ffff8801c8f349c0)
[   40.937301] The buggy address belongs to the page:
[   40.942221] page:ffffea000723cd00 count:1 mapcount:0 mapping:ffff8801c8f341c0 index:0x0 compound_mapcount: 0
[   40.952178] flags: 0x200000000008100(slab|head)
[   40.956830] raw: 0200000000008100 ffff8801c8f341c0 0000000000000000 0000000100000003
[   40.964702] raw: ffffea000723e220 ffffea00072344a0 ffff8801dac00c40 0000000000000000
[   40.972575] page dumped because: kasan: bad access detected
[   40.978270] 
[   40.979877] Memory state around the buggy address:
[   40.984795]  ffff8801c8f34800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.992141]  ffff8801c8f34880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.999474] >ffff8801c8f34900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.006805]                                      ^
[   41.011704]  ffff8801c8f34980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   41.019034]  ffff8801c8f34a00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   41.026363] ==================================================================
[   41.033690] Disabling lock debugging due to kernel taint
[   41.039265] Kernel panic - not syncing: panic_on_warn set ...
[   41.039265] 
[   41.046607] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G    B           4.13.0-mm1+ #7
[   41.054553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.063882] Call Trace:
[   41.066438]  dump_stack+0x194/0x257
[   41.070033]  ? arch_local_irq_restore+0x53/0x53
[   41.074681]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   41.079407]  ? fanout_demux_rollover+0x470/0x4d0
[   41.084130]  panic+0x1e4/0x417
[   41.087290]  ? __warn+0x1d9/0x1d9
[   41.090717]  ? fanout_demux_rollover+0x49b/0x4d0
[   41.095444]  kasan_end_report+0x50/0x50
[   41.099385]  kasan_report+0x137/0x340
[   41.103153]  __asan_report_load8_noabort+0x14/0x20
[   41.108052]  fanout_demux_rollover+0x49b/0x4d0
[   41.112602]  ? skb_split+0x1310/0x1310
[   41.116471]  packet_rcv_fanout+0x52e/0x7d0
[   41.120675]  ? compat_packet_setsockopt+0x140/0x140
[   41.125661]  ? refcount_add+0x60/0x60
[   41.129438]  ? packet_rcv_fanout+0x7d0/0x7d0
[   41.133821]  __netif_receive_skb_core+0xc12/0x33d0
[   41.138715]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   41.143702]  ? nf_ingress+0x9f0/0x9f0
[   41.147467]  ? unwind_dump+0x4c0/0x4c0
[   41.151328]  ? check_noncircular+0x20/0x20
[   41.155532]  ? __save_stack_trace+0x6e/0xd0
[   41.159825]  ? depot_save_stack+0x12c/0x490
[   41.164117]  ? find_held_lock+0x39/0x1d0
[   41.168151]  ? lock_downgrade+0x990/0x990
[   41.172270]  ? lock_acquire+0x1d5/0x580
[   41.176211]  ? netif_receive_skb_internal+0x1d7/0x670
[   41.181367]  ? find_held_lock+0x39/0x1d0
[   41.185400]  ? pvclock_read_flags+0x160/0x160