INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-4,10.128.0.44' (ECDSA) to the list of known hosts.
2017/09/07 21:06:32 parsed 1 programs
2017/09/07 21:06:32 executed programs: 0
syzkaller login: [   32.150629] dev_remove_pack: ffff8801ce0d7ec0 not found
[   32.170287] ==================================================================
[   32.177698] BUG: KASAN: use-after-free in __dev_remove_pack+0x305/0x3b0
[   32.184429] Read of size 8 at addr ffff8801ce1cd668 by task syz-executor0/3047
[   32.191765] 
[   32.193367] CPU: 0 PID: 3047 Comm: syz-executor0 Not tainted 4.13.0-next-20170907+ #17
[   32.201397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.210722] Call Trace:
[   32.213281]  dump_stack+0x194/0x257
[   32.216896]  ? arch_local_irq_restore+0x53/0x53
[   32.221567]  ? show_regs_print_info+0x65/0x65
[   32.226042]  ? __dev_remove_pack+0x305/0x3b0
[   32.230427]  print_address_description+0x73/0x250
[   32.235245]  ? __dev_remove_pack+0x305/0x3b0
[   32.239628]  kasan_report+0x24e/0x340
[   32.243414]  __asan_report_load8_noabort+0x14/0x20
[   32.248330]  __dev_remove_pack+0x305/0x3b0
[   32.252538]  ? dev_get_by_name_rcu+0x270/0x270
[   32.257105]  ? refcount_sub_and_test+0x115/0x1b0
[   32.261853]  __unregister_prot_hook+0x211/0x280
[   32.266529]  packet_release+0x8bb/0xd70
[   32.270495]  ? packet_set_ring+0x1b70/0x1b70
[   32.274878]  ? dentry_free+0xcd/0x130
[   32.278649]  ? rcu_read_lock_sched_held+0x108/0x120
[   32.283639]  ? kmem_cache_free+0x249/0x280
[   32.287872]  ? dentry_free+0xd2/0x130
[   32.291681]  ? locks_remove_file+0x3fa/0x5a0
[   32.296074]  ? fcntl_setlk+0x10d0/0x10d0
[   32.300117]  ? __fsnotify_parent+0xb4/0x3a0
[   32.304418]  ? fsnotify+0x1af0/0x1af0
[   32.308198]  sock_release+0x8d/0x1e0
[   32.311886]  ? sock_release+0x8d/0x1e0
[   32.315744]  ? sock_release+0x1e0/0x1e0
[   32.319684]  sock_close+0x16/0x20
[   32.323124]  __fput+0x333/0x7f0
[   32.326379]  ? fput+0x140/0x140
[   32.329630]  ? check_same_owner+0x320/0x320
[   32.333922]  ? _raw_spin_unlock_irq+0x27/0x70
[   32.338408]  ____fput+0x15/0x20
[   32.341660]  task_work_run+0x199/0x270
[   32.345519]  ? task_work_cancel+0x210/0x210
[   32.349837]  ? _raw_spin_unlock+0x22/0x30
[   32.353966]  ? switch_task_namespaces+0x87/0xc0
[   32.358609]  do_exit+0xa52/0x1b40
[   32.362030]  ? plist_check_list+0xa0/0xa0
[   32.366157]  ? plist_del+0x47b/0x990
[   32.369841]  ? mm_update_next_owner+0x930/0x930
[   32.374479]  ? plist_add+0x760/0x760
[   32.378183]  ? check_same_owner+0x320/0x320
[   32.382479]  ? find_held_lock+0x39/0x1d0
[   32.386517]  ? check_noncircular+0x20/0x20
[   32.390723]  ? lock_downgrade+0x990/0x990
[   32.394843]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   32.400195]  ? find_held_lock+0x39/0x1d0
[   32.404271]  ? lock_downgrade+0x990/0x990
[   32.408452]  ? recalc_sigpending_tsk+0x117/0x150
[   32.413183]  ? recalc_sigpending+0x103/0x160
[   32.417597]  ? recalc_sigpending_tsk+0x150/0x150
[   32.422337]  ? get_signal+0x397/0x17e0
[   32.426209]  do_group_exit+0x149/0x400
[   32.430064]  ? __lock_is_held+0xbc/0x140
[   32.434146]  ? SyS_exit+0x30/0x30
[   32.437587]  ? _raw_spin_unlock_irq+0x27/0x70
[   32.442053]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   32.447044]  get_signal+0x7e8/0x17e0
[   32.450758]  ? ptrace_notify+0x130/0x130
[   32.454787]  ? __fget+0xbb/0x580
[   32.458133]  ? __lockdep_init_map+0xe4/0x650
[   32.462528]  ? lock_release+0xd70/0xd70
[   32.466482]  ? exit_robust_list+0x240/0x240
[   32.470786]  do_signal+0x94/0x1ee0
[   32.474301]  ? iterate_fd+0x3f0/0x3f0
[   32.478076]  ? setup_sigcontext+0x7d0/0x7d0
[   32.482400]  ? __lock_is_held+0xbc/0x140
[   32.486444]  ? __fget_light+0x29d/0x390
[   32.490386]  ? selinux_tun_dev_create+0xc0/0xc0
[   32.495025]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   32.500717]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   32.505960]  ? alloc_file+0x284/0x3a0
[   32.509750]  ? exit_to_usermode_loop+0x98/0x300
[   32.514396]  exit_to_usermode_loop+0x224/0x300
[   32.519052]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   32.524597]  syscall_return_slowpath+0x42f/0x500
[   32.529343]  ? prepare_exit_to_usermode+0x2c0/0x2c0
[   32.534334]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   32.539235]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   32.544222]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   32.548956]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   32.553679] RIP: 0033:0x451e59
[   32.556839] RSP: 002b:00007f66243bacf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   32.564517] RAX: fffffffffffffe00 RBX: 00000000007180d8 RCX: 0000000000451e59
[   32.571758] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000007180d8
[   32.578997] RBP: 00000000007180b0 R08: 0000000000000000 R09: 0000000000000000
[   32.586238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   32.593475] R13: 00007ffd1cca166f R14: 00007f66243bb9c0 R15: 0000000000000002
[   32.600756] 
[   32.602353] Allocated by task 3046:
[   32.605961]  save_stack_trace+0x16/0x20
[   32.609902]  save_stack+0x43/0xd0
[   32.613323]  kasan_kmalloc+0xad/0xe0
[   32.617005]  kmem_cache_alloc_trace+0x136/0x750
[   32.621648]  fanout_add+0xa50/0x1190
[   32.625332]  packet_setsockopt+0xfdc/0x1e80
[   32.629625]  SyS_setsockopt+0x189/0x360
[   32.633571]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   32.638291] 
[   32.639886] Freed by task 3047:
[   32.643136]  save_stack_trace+0x16/0x20
[   32.647089]  save_stack+0x43/0xd0
[   32.650523]  kasan_slab_free+0x71/0xc0
[   32.654378]  kfree+0xca/0x250
[   32.657453]  packet_release+0xa8f/0xd70
[   32.661407]  sock_release+0x8d/0x1e0
[   32.665091]  sock_close+0x16/0x20
[   32.668513]  __fput+0x333/0x7f0
[   32.671762]  ____fput+0x15/0x20
[   32.675015]  task_work_run+0x199/0x270
[   32.678873]  do_exit+0xa52/0x1b40
[   32.682310]  do_group_exit+0x149/0x400
[   32.686178]  get_signal+0x7e8/0x17e0
[   32.689864]  do_signal+0x94/0x1ee0
[   32.693376]  exit_to_usermode_loop+0x224/0x300
[   32.697928]  syscall_return_slowpath+0x42f/0x500
[   32.702656]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   32.707377] 
[   32.708983] The buggy address belongs to the object at ffff8801ce1ccdc0
[   32.708983]  which belongs to the cache kmalloc-4096 of size 4096
[   32.721779] The buggy address is located 2216 bytes inside of
[   32.721779]  4096-byte region [ffff8801ce1ccdc0, ffff8801ce1cddc0)
[   32.733794] The buggy address belongs to the page:
[   32.738692] page:ffffea0007387300 count:1 mapcount:0 mapping:ffff8801ce1ccdc0 index:0x0 compound_mapcount: 0
[   32.748639] flags: 0x200000000008100(slab|head)
[   32.753278] raw: 0200000000008100 ffff8801ce1ccdc0 0000000000000000 0000000100000001
[   32.761131] raw: ffffea00073878a0 ffffea00073873a0 ffff8801dac00dc0 0000000000000000
[   32.768988] page dumped because: kasan: bad access detected
[   32.774665] 
[   32.776261] Memory state around the buggy address:
[   32.781156]  ffff8801ce1cd500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.788485]  ffff8801ce1cd580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.795815] >ffff8801ce1cd600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.803145]                                                           ^
[   32.809880]  ffff8801ce1cd680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.817222]  ffff8801ce1cd700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.824554] ==================================================================
[   32.831882] Disabling lock debugging due to kernel taint
[   32.837384] Kernel panic - not syncing: panic_on_warn set ...
[   32.837384] 
[   32.844718] CPU: 0 PID: 3047 Comm: syz-executor0 Tainted: G    B           4.13.0-next-20170907+ #17
[   32.853947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.863262] Call Trace:
[   32.865817]  dump_stack+0x194/0x257
[   32.869412]  ? arch_local_irq_restore+0x53/0x53
[   32.874047]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   32.878769]  ? __dev_remove_pack+0x2f0/0x3b0
[   32.883145]  panic+0x1e4/0x417
[   32.886315]  ? __warn+0x1d9/0x1d9
[   32.889754]  ? __dev_remove_pack+0x305/0x3b0
[   32.894145]  kasan_end_report+0x50/0x50
[   32.898084]  kasan_report+0x137/0x340
[   32.901853]  __asan_report_load8_noabort+0x14/0x20
[   32.906753]  __dev_remove_pack+0x305/0x3b0
[   32.910951]  ? dev_get_by_name_rcu+0x270/0x270
[   32.915495]  ? refcount_sub_and_test+0x115/0x1b0
[   32.920221]  __unregister_prot_hook+0x211/0x280
[   32.924864]  packet_release+0x8bb/0xd70
[   32.928804]  ? packet_set_ring+0x1b70/0x1b70
[   32.933180]  ? dentry_free+0xcd/0x130
[   32.936944]  ? rcu_read_lock_sched_held+0x108/0x120
[   32.941924]  ? kmem_cache_free+0x249/0x280
[   32.946124]  ? dentry_free+0xd2/0x130
[   32.949894]  ? locks_remove_file+0x3fa/0x5a0
[   32.954268]  ? fcntl_setlk+0x10d0/0x10d0
[   32.958309]  ? __fsnotify_parent+0xb4/0x3a0
[   32.962602]  ? fsnotify+0x1af0/0x1af0
[   32.966371]  sock_release+0x8d/0x1e0
[   32.970058]  ? sock_release+0x8d/0x1e0
[   32.973919]  ? sock_release+0x1e0/0x1e0
[   32.977869]  sock_close+0x16/0x20
[   32.981291]  __fput+0x333/0x7f0
[   32.984537]  ? fput+0x140/0x140
[   32.987796]  ? check_same_owner+0x320/0x320
[   32.992082]  ? _raw_spin_unlock_irq+0x27/0x70
[   32.996546]  ____fput+0x15/0x20
[   32.999791]  task_work_run+0x199/0x270
[   33.003648]  ? task_work_cancel+0x210/0x210
[   33.007940]  ? _raw_spin_unlock+0x22/0x30
[   33.012069]  ? switch_task_namespaces+0x87/0xc0
[   33.016704]  do_exit+0xa52/0x1b40
[   33.020138]  ? plist_check_list+0xa0/0xa0
[   33.024258]  ? plist_del+0x47b/0x990
[   33.027947]  ? mm_update_next_owner+0x930/0x930
[   33.032592]  ? plist_add+0x760/0x760
[   33.036278]  ? check_same_owner+0x320/0x320
[   33.040566]  ? find_held_lock+0x39/0x1d0
[   33.044593]  ? check_noncircular+0x20/0x20
[   33.048791]  ? lock_downgrade+0x990/0x990
[   33.052913]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   33.058258]  ? find_held_lock+0x39/0x1d0
[   33.062289]  ? lock_downgrade+0x990/0x990
[   33.066410]  ? recalc_sigpending_tsk+0x117/0x150
[   33.071152]  ? recalc_sigpending+0x103/0x160
[   33.075526]  ? recalc_sigpending_tsk+0x150/0x150
[   33.080242]  ? get_signal+0x397/0x17e0
[   33.084100]  do_group_exit+0x149/0x400
[   33.087951]  ? __lock_is_held+0xbc/0x140
[   33.091974]  ? SyS_exit+0x30/0x30
[   33.095406]  ? _raw_spin_unlock_irq+0x27/0x70
[   33.099866]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   33.104848]  get_signal+0x7e8/0x17e0
[   33.108542]  ? ptrace_notify+0x130/0x130
[   33.112590]  ? __fget+0xbb/0x580
[   33.115923]  ? __lockdep_init_map+0xe4/0x650
[   33.120299]  ? lock_release+0xd70/0xd70
[   33.124243]  ? exit_robust_list+0x240/0x240
[   33.128535]  do_signal+0x94/0x1ee0
[   33.132041]  ? iterate_fd+0x3f0/0x3f0
[   33.135809]  ? setup_sigcontext+0x7d0/0x7d0
[   33.140100]  ? __lock_is_held+0xbc/0x140
[   33.144129]  ? __fget_light+0x29d/0x390
[   33.148067]  ? selinux_tun_dev_create+0xc0/0xc0