INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-3,10.128.0.62' (ECDSA) to the list of known hosts.
2017/09/19 20:39:45 parsed 1 programs
2017/09/19 20:39:45 executed programs: 0
syzkaller login: [   44.054894] dev_remove_pack: ffff8801ce61f5c0 not found
[   44.069298] ==================================================================
[   44.076687] BUG: KASAN: use-after-free in __dev_remove_pack+0x305/0x3b0
[   44.083410] Read of size 8 at addr ffff8801ce19ce68 by task syz-executor0/3002
[   44.090738] 
[   44.092341] CPU: 1 PID: 3002 Comm: syz-executor0 Not tainted 4.13.0-mm1+ #7
[   44.099410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.108736] Call Trace:
[   44.111298]  dump_stack+0x194/0x257
[   44.114901]  ? arch_local_irq_restore+0x53/0x53
[   44.119554]  ? show_regs_print_info+0x65/0x65
[   44.124031]  ? __dev_remove_pack+0x305/0x3b0
[   44.128413]  print_address_description+0x73/0x250
[   44.133233]  ? __dev_remove_pack+0x305/0x3b0
[   44.137626]  kasan_report+0x24e/0x340
[   44.141403]  __asan_report_load8_noabort+0x14/0x20
[   44.146306]  __dev_remove_pack+0x305/0x3b0
[   44.150517]  ? dev_get_by_name_rcu+0x270/0x270
[   44.155074]  ? refcount_sub_and_test+0x115/0x1b0
[   44.159809]  __unregister_prot_hook+0x211/0x280
[   44.164452]  packet_release+0x8bb/0xd70
[   44.168402]  ? packet_set_ring+0x1b70/0x1b70
[   44.172784]  ? dentry_free+0xcd/0x130
[   44.176558]  ? rcu_read_lock_sched_held+0x108/0x120
[   44.181551]  ? kmem_cache_free+0x249/0x280
[   44.185763]  ? dentry_free+0xd2/0x130
[   44.189539]  ? locks_remove_file+0x3fa/0x5a0
[   44.193921]  ? fcntl_setlk+0x10d0/0x10d0
[   44.197954]  ? __fsnotify_parent+0xb4/0x3a0
[   44.202248]  ? fsnotify+0x1af0/0x1af0
[   44.206028]  sock_release+0x8d/0x1e0
[   44.209709]  ? sock_release+0x8d/0x1e0
[   44.213568]  ? sock_release+0x1e0/0x1e0
[   44.217522]  sock_close+0x16/0x20
[   44.220945]  __fput+0x333/0x7f0
[   44.224199]  ? fput+0x140/0x140
[   44.227450]  ? check_same_owner+0x320/0x320
[   44.231742]  ? _raw_spin_unlock_irq+0x27/0x70
[   44.236212]  ____fput+0x15/0x20
[   44.239466]  task_work_run+0x199/0x270
[   44.243327]  ? task_work_cancel+0x210/0x210
[   44.247620]  ? _raw_spin_unlock+0x22/0x30
[   44.251740]  ? switch_task_namespaces+0x87/0xc0
[   44.256386]  do_exit+0xa52/0x1b40
[   44.259809]  ? plist_check_list+0xa0/0xa0
[   44.263939]  ? plist_del+0x47b/0x990
[   44.267626]  ? mm_update_next_owner+0x930/0x930
[   44.272267]  ? plist_add+0x760/0x760
[   44.275970]  ? check_same_owner+0x320/0x320
[   44.280356]  ? find_held_lock+0x39/0x1d0
[   44.284395]  ? check_noncircular+0x20/0x20
[   44.288606]  ? lock_downgrade+0x990/0x990
[   44.292724]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   44.298075]  ? find_held_lock+0x39/0x1d0
[   44.302114]  ? lock_downgrade+0x990/0x990
[   44.306231]  ? recalc_sigpending_tsk+0x117/0x150
[   44.310960]  ? recalc_sigpending+0x103/0x160
[   44.315338]  ? recalc_sigpending_tsk+0x150/0x150
[   44.320073]  ? get_signal+0x397/0x17e0
[   44.323941]  do_group_exit+0x149/0x400
[   44.327801]  ? __lock_is_held+0xbc/0x140
[   44.331829]  ? SyS_exit+0x30/0x30
[   44.335251]  ? _raw_spin_unlock_irq+0x27/0x70
[   44.339718]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   44.344707]  get_signal+0x7e8/0x17e0
[   44.348418]  ? ptrace_notify+0x130/0x130
[   44.352449]  ? __fget+0xbb/0x580
[   44.355784]  ? __lockdep_init_map+0xe4/0x650
[   44.360165]  ? lock_release+0xd70/0xd70
[   44.364114]  ? exit_robust_list+0x240/0x240
[   44.368417]  do_signal+0x94/0x1ee0
[   44.371932]  ? iterate_fd+0x3f0/0x3f0
[   44.375708]  ? setup_sigcontext+0x7d0/0x7d0
[   44.380001]  ? __lock_is_held+0xbc/0x140
[   44.384045]  ? __fget_light+0x29d/0x390
[   44.387992]  ? selinux_tun_dev_create+0xc0/0xc0
[   44.392633]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   44.398314]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   44.403565]  ? alloc_file+0x284/0x3a0
[   44.407335]  ? exit_to_usermode_loop+0x98/0x300
[   44.411981]  exit_to_usermode_loop+0x224/0x300
[   44.416535]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   44.422053]  syscall_return_slowpath+0x42f/0x500
[   44.426778]  ? prepare_exit_to_usermode+0x2c0/0x2c0
[   44.431765]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   44.436670]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   44.441659]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   44.446391]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   44.451117] RIP: 0033:0x4520a9
[   44.454275] RSP: 002b:00007f680498ecf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   44.461953] RAX: fffffffffffffe00 RBX: 00000000007180d8 RCX: 00000000004520a9
[   44.469192] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000007180d8
[   44.476428] RBP: 00000000007180b0 R08: 0000000000000000 R09: 0000000000000000
[   44.483667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   44.490908] R13: 00007ffcab7f89cf R14: 00007f680498f9c0 R15: 0000000000000002
[   44.498164] 
[   44.499761] Allocated by task 3001:
[   44.503355]  save_stack_trace+0x16/0x20
[   44.507296]  save_stack+0x43/0xd0
[   44.510719]  kasan_kmalloc+0xad/0xe0
[   44.514400]  kmem_cache_alloc_trace+0x136/0x750
[   44.519036]  fanout_add+0xa50/0x1190
[   44.522717]  packet_setsockopt+0xfdc/0x1e80
[   44.527007]  SyS_setsockopt+0x189/0x360
[   44.530950]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   44.535672] 
[   44.537269] Freed by task 3002:
[   44.540519]  save_stack_trace+0x16/0x20
[   44.544459]  save_stack+0x43/0xd0
[   44.547881]  kasan_slab_free+0x71/0xc0
[   44.551736]  kfree+0xca/0x250
[   44.554811]  packet_release+0xa8f/0xd70
[   44.558750]  sock_release+0x8d/0x1e0
[   44.562431]  sock_close+0x16/0x20
[   44.565852]  __fput+0x333/0x7f0
[   44.569097]  ____fput+0x15/0x20
[   44.572343]  task_work_run+0x199/0x270
[   44.576198]  do_exit+0xa52/0x1b40
[   44.579618]  do_group_exit+0x149/0x400
[   44.583471]  get_signal+0x7e8/0x17e0
[   44.587152]  do_signal+0x94/0x1ee0
[   44.590661]  exit_to_usermode_loop+0x224/0x300
[   44.595210]  syscall_return_slowpath+0x42f/0x500
[   44.599933]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   44.604655] 
[   44.606251] The buggy address belongs to the object at ffff8801ce19c5c0
[   44.606251]  which belongs to the cache kmalloc-4096 of size 4096
[   44.619047] The buggy address is located 2216 bytes inside of
[   44.619047]  4096-byte region [ffff8801ce19c5c0, ffff8801ce19d5c0)
[   44.631058] The buggy address belongs to the page:
[   44.635952] page:ffffea0007386700 count:1 mapcount:0 mapping:ffff8801ce19c5c0 index:0x0 compound_mapcount: 0
[   44.645891] flags: 0x200000000008100(slab|head)
[   44.650532] raw: 0200000000008100 ffff8801ce19c5c0 0000000000000000 0000000100000001
[   44.658386] raw: ffffea00073866a0 ffff8801dac01a50 ffff8801dac00dc0 0000000000000000
[   44.666232] page dumped because: kasan: bad access detected
[   44.671914] 
[   44.673511] Memory state around the buggy address:
[   44.678409]  ffff8801ce19cd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.685734]  ffff8801ce19cd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.693060] >ffff8801ce19ce00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.700384]                                                           ^
[   44.707103]  ffff8801ce19ce80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.714427]  ffff8801ce19cf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   44.721751] ==================================================================
[   44.729075] Disabling lock debugging due to kernel taint
[   44.734547] Kernel panic - not syncing: panic_on_warn set ...
[   44.734547] 
[   44.741874] CPU: 1 PID: 3002 Comm: syz-executor0 Tainted: G    B           4.13.0-mm1+ #7
[   44.750148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.759468] Call Trace:
[   44.762034]  dump_stack+0x194/0x257
[   44.765630]  ? arch_local_irq_restore+0x53/0x53
[   44.770263]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   44.774986]  ? __dev_remove_pack+0x2f0/0x3b0
[   44.779358]  panic+0x1e4/0x417
[   44.782513]  ? __warn+0x1d9/0x1d9
[   44.785941]  ? __dev_remove_pack+0x305/0x3b0
[   44.790319]  kasan_end_report+0x50/0x50
[   44.794257]  kasan_report+0x137/0x340
[   44.798022]  __asan_report_load8_noabort+0x14/0x20
[   44.802920]  __dev_remove_pack+0x305/0x3b0
[   44.807124]  ? dev_get_by_name_rcu+0x270/0x270
[   44.811670]  ? refcount_sub_and_test+0x115/0x1b0
[   44.816394]  __unregister_prot_hook+0x211/0x280
[   44.821030]  packet_release+0x8bb/0xd70
[   44.824972]  ? packet_set_ring+0x1b70/0x1b70
[   44.829347]  ? dentry_free+0xcd/0x130
[   44.833113]  ? rcu_read_lock_sched_held+0x108/0x120
[   44.838092]  ? kmem_cache_free+0x249/0x280
[   44.842289]  ? dentry_free+0xd2/0x130
[   44.846057]  ? locks_remove_file+0x3fa/0x5a0
[   44.850431]  ? fcntl_setlk+0x10d0/0x10d0
[   44.854455]  ? __fsnotify_parent+0xb4/0x3a0
[   44.858740]  ? fsnotify+0x1af0/0x1af0
[   44.862504]  sock_release+0x8d/0x1e0
[   44.866184]  ? sock_release+0x8d/0x1e0
[   44.870033]  ? sock_release+0x1e0/0x1e0
[   44.873968]  sock_close+0x16/0x20
[   44.877384]  __fput+0x333/0x7f0
[   44.880628]  ? fput+0x140/0x140
[   44.883871]  ? check_same_owner+0x320/0x320
[   44.888161]  ? _raw_spin_unlock_irq+0x27/0x70
[   44.892623]  ____fput+0x15/0x20
[   44.895864]  task_work_run+0x199/0x270
[   44.899714]  ? task_work_cancel+0x210/0x210
[   44.903998]  ? _raw_spin_unlock+0x22/0x30
[   44.908109]  ? switch_task_namespaces+0x87/0xc0
[   44.912743]  do_exit+0xa52/0x1b40
[   44.916159]  ? plist_check_list+0xa0/0xa0
[   44.920275]  ? plist_del+0x47b/0x990
[   44.923951]  ? mm_update_next_owner+0x930/0x930
[   44.928583]  ? plist_add+0x760/0x760
[   44.932265]  ? check_same_owner+0x320/0x320
[   44.936555]  ? find_held_lock+0x39/0x1d0
[   44.940584]  ? check_noncircular+0x20/0x20
[   44.944782]  ? lock_downgrade+0x990/0x990
[   44.948894]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   44.954228]  ? find_held_lock+0x39/0x1d0
[   44.958256]  ? lock_downgrade+0x990/0x990
[   44.962367]  ? recalc_sigpending_tsk+0x117/0x150
[   44.967086]  ? recalc_sigpending+0x103/0x160
[   44.971455]  ? recalc_sigpending_tsk+0x150/0x150
[   44.976173]  ? get_signal+0x397/0x17e0
[   44.980028]  do_group_exit+0x149/0x400
[   44.983877]  ? __lock_is_held+0xbc/0x140
[   44.987900]  ? SyS_exit+0x30/0x30
[   44.991316]  ? _raw_spin_unlock_irq+0x27/0x70
[   44.995774]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   45.000753]  get_signal+0x7e8/0x17e0
[   45.004444]  ? ptrace_notify+0x130/0x130
[   45.008469]  ? __fget+0xbb/0x580
[   45.011797]  ? __lockdep_init_map+0xe4/0x650
[   45.016168]  ? lock_release+0xd70/0xd70
[   45.020108]  ? exit_robust_list+0x240/0x240
[   45.024401]  do_signal+0x94/0x1ee0
[   45.027906]  ? iterate_fd+0x3f0/0x3f0
[   45.031672]  ? setup_sigcontext+0x7d0/0x7d0
[   45.035958]  ? __lock_is_held+0xbc/0x140
[   45.039989]  ? __fget_light+0x29d/0x390
[   45.043930]  ? selinux_tun_dev_create+0xc0/0xc0
[   45.048578]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460