INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-2,10.128.0.14' (ECDSA) to the list of known hosts.
2017/09/24 17:18:28 parsed 1 programs
2017/09/24 17:18:28 executed programs: 0
syzkaller login: [   23.493791] dev_remove_pack: ffff8801ce703e80 not found
[   23.511312] ==================================================================
[   23.518730] BUG: KASAN: use-after-free in __dev_remove_pack+0x305/0x3b0
[   23.525456] Read of size 8 at addr ffff8801ce3d96e8 by task syz-executor0/3050
[   23.532783] 
[   23.534400] CPU: 0 PID: 3050 Comm: syz-executor0 Not tainted 4.13.0-mm1+ #7
[   23.541467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.550788] Call Trace:
[   23.553347]  dump_stack+0x194/0x257
[   23.556955]  ? arch_local_irq_restore+0x53/0x53
[   23.561595]  ? show_regs_print_info+0x65/0x65
[   23.566067]  ? __dev_remove_pack+0x305/0x3b0
[   23.570458]  print_address_description+0x73/0x250
[   23.575270]  ? __dev_remove_pack+0x305/0x3b0
[   23.579650]  kasan_report+0x24e/0x340
[   23.583426]  __asan_report_load8_noabort+0x14/0x20
[   23.588332]  __dev_remove_pack+0x305/0x3b0
[   23.592536]  ? dev_get_by_name_rcu+0x270/0x270
[   23.597091]  ? refcount_sub_and_test+0x115/0x1b0
[   23.601829]  __unregister_prot_hook+0x211/0x280
[   23.606473]  packet_release+0x8bb/0xd70
[   23.610423]  ? packet_set_ring+0x1b70/0x1b70
[   23.614802]  ? dentry_free+0xcd/0x130
[   23.618573]  ? rcu_read_lock_sched_held+0x108/0x120
[   23.623558]  ? kmem_cache_free+0x249/0x280
[   23.627764]  ? dentry_free+0xd2/0x130
[   23.631538]  ? locks_remove_file+0x3fa/0x5a0
[   23.635917]  ? fcntl_setlk+0x10d0/0x10d0
[   23.639960]  ? __fsnotify_parent+0xb4/0x3a0
[   23.644255]  ? fsnotify+0x1af0/0x1af0
[   23.648031]  sock_release+0x8d/0x1e0
[   23.651719]  ? sock_release+0x8d/0x1e0
[   23.655594]  ? sock_release+0x1e0/0x1e0
[   23.659549]  sock_close+0x16/0x20
[   23.662977]  __fput+0x333/0x7f0
[   23.666240]  ? fput+0x140/0x140
[   23.669500]  ? check_same_owner+0x320/0x320
[   23.673805]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.678282]  ____fput+0x15/0x20
[   23.681542]  task_work_run+0x199/0x270
[   23.685412]  ? task_work_cancel+0x210/0x210
[   23.689707]  ? _raw_spin_unlock+0x22/0x30
[   23.693827]  ? switch_task_namespaces+0x87/0xc0
[   23.698477]  do_exit+0xa52/0x1b40
[   23.701903]  ? plist_check_list+0xa0/0xa0
[   23.706044]  ? plist_del+0x47b/0x990
[   23.709734]  ? mm_update_next_owner+0x930/0x930
[   23.714378]  ? plist_add+0x760/0x760
[   23.718075]  ? check_same_owner+0x320/0x320
[   23.722375]  ? find_held_lock+0x39/0x1d0
[   23.726417]  ? check_noncircular+0x20/0x20
[   23.730623]  ? lock_downgrade+0x990/0x990
[   23.734748]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   23.740104]  ? find_held_lock+0x39/0x1d0
[   23.744148]  ? lock_downgrade+0x990/0x990
[   23.748269]  ? recalc_sigpending_tsk+0x117/0x150
[   23.752999]  ? recalc_sigpending+0x103/0x160
[   23.757382]  ? recalc_sigpending_tsk+0x150/0x150
[   23.762113]  ? get_signal+0x397/0x17e0
[   23.765992]  do_group_exit+0x149/0x400
[   23.769849]  ? __lock_is_held+0xbc/0x140
[   23.773881]  ? SyS_exit+0x30/0x30
[   23.777305]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.781775]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.786769]  get_signal+0x7e8/0x17e0
[   23.790493]  ? ptrace_notify+0x130/0x130
[   23.794526]  ? __fget+0xbb/0x580
[   23.797863]  ? __lockdep_init_map+0xe4/0x650
[   23.802256]  ? lock_release+0xd70/0xd70
[   23.806208]  ? exit_robust_list+0x240/0x240
[   23.810516]  do_signal+0x94/0x1ee0
[   23.814033]  ? iterate_fd+0x3f0/0x3f0
[   23.817810]  ? setup_sigcontext+0x7d0/0x7d0
[   23.822105]  ? __lock_is_held+0xbc/0x140
[   23.826148]  ? __fget_light+0x29d/0x390
[   23.830095]  ? selinux_tun_dev_create+0xc0/0xc0
[   23.834734]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   23.840417]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   23.845663]  ? alloc_file+0x284/0x3a0
[   23.849437]  ? exit_to_usermode_loop+0x98/0x300
[   23.854090]  exit_to_usermode_loop+0x224/0x300
[   23.858650]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   23.864170]  syscall_return_slowpath+0x42f/0x500
[   23.868897]  ? prepare_exit_to_usermode+0x2c0/0x2c0
[   23.873885]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   23.878787]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.883777]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.888520]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   23.893254] RIP: 0033:0x4520a9
[   23.896415] RSP: 002b:00007f1d9494ecf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   23.904099] RAX: fffffffffffffe00 RBX: 00000000007180d8 RCX: 00000000004520a9
[   23.911346] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000007180d8
[   23.918593] RBP: 00000000007180b0 R08: 0000000000000000 R09: 0000000000000000
[   23.925835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   23.933076] R13: 00007ffe6a40f66f R14: 00007f1d9494f9c0 R15: 0000000000000004
[   23.940338] 
[   23.941938] Allocated by task 3049:
[   23.945536]  save_stack_trace+0x16/0x20
[   23.949485]  save_stack+0x43/0xd0
[   23.952909]  kasan_kmalloc+0xad/0xe0
[   23.956596]  kmem_cache_alloc_trace+0x136/0x750
[   23.961240]  fanout_add+0xa50/0x1190
[   23.964930]  packet_setsockopt+0xfdc/0x1e80
[   23.969224]  SyS_setsockopt+0x189/0x360
[   23.973170]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   23.977906] 
[   23.979501] Freed by task 3050:
[   23.982747]  save_stack_trace+0x16/0x20
[   23.986690]  save_stack+0x43/0xd0
[   23.990119]  kasan_slab_free+0x71/0xc0
[   23.993978]  kfree+0xca/0x250
[   23.997056]  packet_release+0xa8f/0xd70
[   24.000999]  sock_release+0x8d/0x1e0
[   24.004688]  sock_close+0x16/0x20
[   24.008114]  __fput+0x333/0x7f0
[   24.011365]  ____fput+0x15/0x20
[   24.014618]  task_work_run+0x199/0x270
[   24.018476]  do_exit+0xa52/0x1b40
[   24.021897]  do_group_exit+0x149/0x400
[   24.025751]  get_signal+0x7e8/0x17e0
[   24.029438]  do_signal+0x94/0x1ee0
[   24.032949]  exit_to_usermode_loop+0x224/0x300
[   24.037510]  syscall_return_slowpath+0x42f/0x500
[   24.042236]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   24.046957] 
[   24.048556] The buggy address belongs to the object at ffff8801ce3d8e40
[   24.048556]  which belongs to the cache kmalloc-4096 of size 4096
[   24.061360] The buggy address is located 2216 bytes inside of
[   24.061360]  4096-byte region [ffff8801ce3d8e40, ffff8801ce3d9e40)
[   24.073379] The buggy address belongs to the page:
[   24.078277] page:ffffea000738f600 count:1 mapcount:0 mapping:ffff8801ce3d8e40 index:0x0 compound_mapcount: 0
[   24.088224] flags: 0x200000000008100(slab|head)
[   24.092865] raw: 0200000000008100 ffff8801ce3d8e40 0000000000000000 0000000100000001
[   24.100716] raw: ffffea0007370c20 ffffea000738f6a0 ffff8801dac00dc0 0000000000000000
[   24.108565] page dumped because: kasan: bad access detected
[   24.114244] 
[   24.115840] Memory state around the buggy address:
[   24.120740]  ffff8801ce3d9580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.128068]  ffff8801ce3d9600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.135397] >ffff8801ce3d9680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.142725]                                                           ^
[   24.149447]  ffff8801ce3d9700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.156776]  ffff8801ce3d9780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.164111] ==================================================================
[   24.171440] Disabling lock debugging due to kernel taint
[   24.177051] Kernel panic - not syncing: panic_on_warn set ...
[   24.177051] 
[   24.184384] CPU: 0 PID: 3050 Comm: syz-executor0 Tainted: G    B           4.13.0-mm1+ #7
[   24.192667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.201989] Call Trace:
[   24.204546]  dump_stack+0x194/0x257
[   24.208145]  ? arch_local_irq_restore+0x53/0x53
[   24.212780]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   24.217504]  ? __dev_remove_pack+0x2f0/0x3b0
[   24.221875]  panic+0x1e4/0x417
[   24.225032]  ? __warn+0x1d9/0x1d9
[   24.228457]  ? __dev_remove_pack+0x305/0x3b0
[   24.232828]  kasan_end_report+0x50/0x50
[   24.236767]  kasan_report+0x137/0x340
[   24.240533]  __asan_report_load8_noabort+0x14/0x20
[   24.245427]  __dev_remove_pack+0x305/0x3b0
[   24.249627]  ? dev_get_by_name_rcu+0x270/0x270
[   24.254176]  ? refcount_sub_and_test+0x115/0x1b0
[   24.258988]  __unregister_prot_hook+0x211/0x280
[   24.263622]  packet_release+0x8bb/0xd70
[   24.267561]  ? packet_set_ring+0x1b70/0x1b70
[   24.271943]  ? dentry_free+0xcd/0x130
[   24.275706]  ? rcu_read_lock_sched_held+0x108/0x120
[   24.280688]  ? kmem_cache_free+0x249/0x280
[   24.284889]  ? dentry_free+0xd2/0x130
[   24.288655]  ? locks_remove_file+0x3fa/0x5a0
[   24.293027]  ? fcntl_setlk+0x10d0/0x10d0
[   24.297056]  ? __fsnotify_parent+0xb4/0x3a0
[   24.301340]  ? fsnotify+0x1af0/0x1af0
[   24.305117]  sock_release+0x8d/0x1e0
[   24.308794]  ? sock_release+0x8d/0x1e0
[   24.312645]  ? sock_release+0x1e0/0x1e0
[   24.316580]  sock_close+0x16/0x20
[   24.319996]  __fput+0x333/0x7f0
[   24.323240]  ? fput+0x140/0x140
[   24.326484]  ? check_same_owner+0x320/0x320
[   24.330774]  ? _raw_spin_unlock_irq+0x27/0x70
[   24.335240]  ____fput+0x15/0x20
[   24.338485]  task_work_run+0x199/0x270
[   24.342336]  ? task_work_cancel+0x210/0x210
[   24.346624]  ? _raw_spin_unlock+0x22/0x30
[   24.350737]  ? switch_task_namespaces+0x87/0xc0
[   24.355376]  do_exit+0xa52/0x1b40
[   24.358794]  ? plist_check_list+0xa0/0xa0
[   24.362911]  ? plist_del+0x47b/0x990
[   24.366589]  ? mm_update_next_owner+0x930/0x930
[   24.371224]  ? plist_add+0x760/0x760
[   24.374909]  ? check_same_owner+0x320/0x320
[   24.379199]  ? find_held_lock+0x39/0x1d0
[   24.383231]  ? check_noncircular+0x20/0x20
[   24.387431]  ? lock_downgrade+0x990/0x990
[   24.391544]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   24.396882]  ? find_held_lock+0x39/0x1d0
[   24.400913]  ? lock_downgrade+0x990/0x990
[   24.405037]  ? recalc_sigpending_tsk+0x117/0x150
[   24.409757]  ? recalc_sigpending+0x103/0x160
[   24.414128]  ? recalc_sigpending_tsk+0x150/0x150
[   24.418847]  ? get_signal+0x397/0x17e0
[   24.422704]  do_group_exit+0x149/0x400
[   24.426555]  ? __lock_is_held+0xbc/0x140
[   24.430581]  ? SyS_exit+0x30/0x30
[   24.434001]  ? _raw_spin_unlock_irq+0x27/0x70
[   24.438464]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.443448]  get_signal+0x7e8/0x17e0
[   24.447143]  ? ptrace_notify+0x130/0x130
[   24.451169]  ? __fget+0xbb/0x580
[   24.454500]  ? __lockdep_init_map+0xe4/0x650
[   24.458876]  ? lock_release+0xd70/0xd70
[   24.462826]  ? exit_robust_list+0x240/0x240
[   24.467123]  do_signal+0x94/0x1ee0
[   24.470632]  ? iterate_fd+0x3f0/0x3f0
[   24.474397]  ? setup_sigcontext+0x7d0/0x7d0
[   24.478693]  ? __lock_is_held+0xbc/0x140
[   24.482724]  ? __fget_light+0x29d/0x390
[   24.486664]  ? selinux_tun_dev_create+0xc0/0xc0
[   24.491300]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460