INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-7,10.128.0.53' (ECDSA) to the list of known hosts.
2017/09/19 15:37:37 parsed 1 programs
2017/09/19 15:37:37 executed programs: 0
syzkaller login: [   42.111356] dev_remove_pack: ffff8801cc968840 not found
[   43.187314] dev_remove_pack: ffff8801cab7e800 not found
[   44.815183] dev_remove_pack: ffff8801c769d080 not found
[   45.089789] dev_remove_pack: ffff8801c6d0ca00 not found
[   46.498204] dev_remove_pack: ffff8801c7f28800 not found
[   46.547675] dev_remove_pack: ffff8801c48df240 not found
2017/09/19 15:37:42 executed programs: 969
[   46.671463] ==================================================================
[   46.678888] BUG: KASAN: use-after-free in fanout_demux_rollover+0x49b/0x4d0
[   46.685975] Read of size 8 at addr ffff8801cc9687f0 by task syz-executor5/5970
[   46.693318] 
[   46.694927] CPU: 0 PID: 5970 Comm: syz-executor5 Not tainted 4.13.0-mm1+ #7
[   46.701996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.711329] Call Trace:
[   46.713882]  <IRQ>
[   46.716010]  dump_stack+0x194/0x257
[   46.719628]  ? arch_local_irq_restore+0x53/0x53
[   46.724273]  ? show_regs_print_info+0x65/0x65
[   46.728750]  ? skb_split+0x1310/0x1310
[   46.732630]  ? run_filter+0x21c/0x360
[   46.736427]  ? fanout_demux_rollover+0x49b/0x4d0
[   46.741165]  print_address_description+0x73/0x250
[   46.745988]  ? fanout_demux_rollover+0x49b/0x4d0
[   46.750721]  kasan_report+0x24e/0x340
[   46.754501]  __asan_report_load8_noabort+0x14/0x20
[   46.759410]  fanout_demux_rollover+0x49b/0x4d0
[   46.763978]  ? run_filter+0x360/0x360
[   46.767755]  packet_rcv_fanout+0x52e/0x7d0
[   46.771965]  ? compat_packet_setsockopt+0x140/0x140
[   46.776960]  ? refcount_add+0x60/0x60
[   46.780732]  ? packet_rcv_fanout+0x7d0/0x7d0
[   46.785124]  __netif_receive_skb_core+0xc12/0x33d0
[   46.790039]  ? __bpf_address_lookup+0x2b0/0x2b0
[   46.794700]  ? nf_ingress+0x9f0/0x9f0
[   46.798484]  ? unwind_dump+0x4c0/0x4c0
[   46.802354]  ? check_noncircular+0x20/0x20
[   46.806570]  ? check_noncircular+0x20/0x20
[   46.810782]  ? __kernel_text_address+0xae/0xe0
[   46.815337]  ? unwind_get_return_address+0x61/0xa0
[   46.820240]  ? __save_stack_trace+0x7e/0xd0
[   46.824544]  ? print_usage_bug+0x480/0x480
[   46.828762]  ? find_held_lock+0x39/0x1d0
[   46.832808]  ? lock_downgrade+0x990/0x990
[   46.836948]  ? lock_acquire+0x1d5/0x580
[   46.840899]  ? netif_receive_skb_internal+0x1d7/0x670
[   46.846061]  ? find_held_lock+0x39/0x1d0
[   46.850106]  ? pvclock_read_flags+0x160/0x160
[   46.854575]  ? mark_held_locks+0xb2/0x100
[   46.858710]  ? lock_acquire+0x1d5/0x580
[   46.862656]  ? netif_receive_skb_internal+0xa2/0x670
[   46.867732]  ? ktime_get_with_offset+0x2c1/0x420
[   46.872465]  ? lock_release+0xd70/0xd70
[   46.876411]  ? ktime_get+0x3a0/0x3a0
[   46.880109]  __netif_receive_skb+0x2c/0x1b0
[   46.884400]  ? __netif_receive_skb+0x2c/0x1b0
[   46.888869]  netif_receive_skb_internal+0x10b/0x670
[   46.893858]  ? dev_cpu_dead+0xb00/0xb00
[   46.897804]  ? __put_compound_page+0x87/0xb0
[   46.902194]  ? net_rx_action+0x1910/0x1910
[   46.906404]  ? __lock_is_held+0xbc/0x140
[   46.910444]  ? skb_gro_reset_offset+0x17b/0x300
[   46.915091]  napi_gro_receive+0x3d0/0x500
[   46.919210]  ? dev_gro_receive+0x19b0/0x19b0
[   46.923593]  ? eth_type_trans+0x2a3/0x650
[   46.927725]  ? eth_gro_receive+0x810/0x810
[   46.931950]  receive_buf+0xcc5/0x51f0
[   46.935736]  ? virtnet_set_rx_mode+0x9f0/0x9f0
[   46.940287]  ? irq_exit+0x1d3/0x210
[   46.943891]  ? __lock_acquire+0x732/0x4620
[   46.948106]  ? print_usage_bug+0x480/0x480
[   46.952327]  ? __lock_acquire+0x732/0x4620
[   46.956533]  ? save_stack_trace+0x16/0x20
[   46.960652]  ? __lock_acquire+0x20fd/0x4620
[   46.964953]  ? print_usage_bug+0x480/0x480
[   46.969173]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   46.974353]  ? __lock_acquire+0x732/0x4620
[   46.978567]  ? print_usage_bug+0x480/0x480
[   46.982785]  ? __lock_acquire+0x732/0x4620
[   46.986991]  ? check_noncircular+0x20/0x20
[   46.991201]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   46.996367]  ? cpumask_next_and+0x8e/0xb0
[   47.000509]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   47.005671]  ? check_noncircular+0x20/0x20
[   47.009879]  ? find_held_lock+0x39/0x1d0
[   47.013923]  ? print_usage_bug+0x480/0x480
[   47.018130]  ? lock_downgrade+0x990/0x990
[   47.022250]  ? find_held_lock+0x39/0x1d0
[   47.026287]  ? find_held_lock+0x39/0x1d0
[   47.030342]  ? check_noncircular+0x20/0x20
[   47.034568]  ? lock_downgrade+0x990/0x990
[   47.038697]  ? x86_64_start_kernel+0x77/0x7a
[   47.043077]  ? bpf_prog_alloc+0x310/0x310
[   47.047200]  ? __bpf_address_lookup+0x2b0/0x2b0
[   47.051846]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   47.056837]  ? check_noncircular+0x20/0x20
[   47.061052]  ? find_held_lock+0x39/0x1d0
[   47.065120]  ? lock_downgrade+0x990/0x990
[   47.069248]  ? is_bpf_text_address+0xa4/0x120
[   47.073720]  ? find_held_lock+0x39/0x1d0
[   47.077761]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   47.083617]  ? secondary_startup_64+0xa5/0xa5
[   47.088091]  ? lock_downgrade+0x990/0x990
[   47.092218]  ? x86_64_start_kernel+0x77/0x7a
[   47.096599]  ? bpf_prog_alloc+0x310/0x310
[   47.100721]  ? __bpf_address_lookup+0x2b0/0x2b0
[   47.105369]  ? vring_use_dma_api+0x7f/0xa0
[   47.109577]  ? vring_unmap_one+0x49/0x3d0
[   47.113701]  ? detach_buf+0x463/0x6a0
[   47.117480]  ? print_usage_bug+0x480/0x480
[   47.121705]  ? virtqueue_get_buf_ctx+0x3b1/0x8b0
[   47.126436]  ? common_interrupt+0x9d/0x9d
[   47.130573]  ? detach_buf+0x6a0/0x6a0
[   47.134357]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   47.139353]  virtnet_poll+0x304/0xad0
[   47.143144]  ? receive_buf+0x51f0/0x51f0
[   47.147175]  ? unwind_dump+0x4c0/0x4c0
[   47.151044]  ? mark_held_locks+0xb2/0x100
[   47.155165]  ? net_rx_action+0x49b/0x1910
[   47.159304]  net_rx_action+0x792/0x1910
[   47.163274]  ? napi_complete_done+0x6c0/0x6c0
[   47.167748]  ? save_stack_trace+0x16/0x20
[   47.171869]  ? __lock_acquire+0x20fd/0x4620
[   47.176168]  ? rcu_pm_notify+0xc0/0xc0
[   47.180044]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   47.185211]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   47.190383]  ? __lock_is_held+0xbc/0x140
[   47.194426]  ? rcu_read_lock_sched_held+0x108/0x120
[   47.199414]  ? __raise_softirq_irqoff+0x21c/0x2c0
[   47.204226]  ? raise_softirq+0x490/0x490
[   47.208261]  ? run_rebalance_domains+0x383/0x780
[   47.212990]  ? print_usage_bug+0x480/0x480
[   47.217207]  ? trace_hardirqs_off+0xd/0x10
[   47.221412]  ? __napi_schedule+0x25e/0x370
[   47.225620]  ? netdev_info+0x170/0x170
[   47.229477]  ? check_noncircular+0x20/0x20
[   47.233683]  ? rcu_pm_notify+0xc0/0xc0
[   47.237543]  ? check_noncircular+0x20/0x20
[   47.241748]  ? __lock_is_held+0xbc/0x140
[   47.245790]  ? rcu_read_lock_sched_held+0x108/0x120
[   47.250777]  ? __handle_irq_event_percpu+0x308/0x9d0
[   47.255856]  ? __lock_is_held+0xbc/0x140
[   47.259905]  __do_softirq+0x2bb/0xbd0
[   47.263686]  ? __softirqentry_text_start+0x8/0x8
[   47.268415]  ? do_raw_spin_trylock+0x190/0x190
[   47.272966]  ? handle_irq_event_percpu+0x141/0x1b0
[   47.277869]  ? __handle_irq_event_percpu+0x9d0/0x9d0
[   47.282951]  ? _raw_spin_lock+0x32/0x40
[   47.286901]  ? _raw_spin_unlock+0x22/0x30
[   47.291028]  ? handle_edge_irq+0x2b4/0x7c0
[   47.295502]  irq_exit+0x1d3/0x210
[   47.298927]  do_IRQ+0xf6/0x190
[   47.302093]  ? fanout_add+0x345/0x1190
[   47.305957]  common_interrupt+0x9d/0x9d
[   47.309900]  </IRQ>
[   47.312115] RIP: 0010:kmem_cache_alloc_trace+0x459/0x750
[   47.317533] RSP: 0018:ffff8801c8b175a0 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff6e
[   47.325213] RAX: 0000000000000001 RBX: 00000000000000c0 RCX: 0000000000000000
[   47.332460] RDX: 1ffffffff0b592fd RSI: ffffffff85b38120 RDI: 0000000000000282
[   47.339701] RBP: ffff8801c8b17618 R08: 0000000000000000 R09: 1ffff10039162e22
[   47.346941] R10: 00000000a13caab6 R11: 00000000af0f781c R12: ffff8801c63390c0
[   47.354182] R13: ffffffff84413b45 R14: ffff8801dac00640 R15: 00000000014080c0
[   47.361428]  ? fanout_add+0x345/0x1190
[   47.365312]  fanout_add+0x345/0x1190
[   47.368999]  ? check_noncircular+0x20/0x20
[   47.373213]  ? lock_downgrade+0x990/0x990
[   47.377334]  ? packet_release+0xd70/0xd70
[   47.381457]  ? futex_wait_setup+0x22e/0x3d0
[   47.385759]  ? find_held_lock+0x39/0x1d0
[   47.389801]  ? lock_downgrade+0x990/0x990
[   47.393928]  ? __might_fault+0xe0/0x1d0
[   47.397882]  ? lock_release+0xd70/0xd70
[   47.401831]  ? check_same_owner+0x320/0x320
[   47.406128]  ? drop_futex_key_refs.isra.13+0x63/0xb0
[   47.411212]  ? futex_wake+0x2ca/0x680
[   47.414990]  ? __might_sleep+0x95/0x190
[   47.418945]  ? kasan_check_write+0x14/0x20
[   47.423152]  ? _copy_from_user+0x99/0x110
[   47.427273]  packet_setsockopt+0xfdc/0x1e80
[   47.431570]  ? fanout_add+0x1190/0x1190
[   47.435514]  ? lock_downgrade+0x990/0x990
[   47.439641]  ? __fget+0xbb/0x580
[   47.442978]  ? __lockdep_init_map+0xe4/0x650
[   47.447360]  ? lock_release+0xd70/0xd70
[   47.451308]  ? __lock_is_held+0xbc/0x140
[   47.455352]  ? __fget+0x362/0x580
[   47.458784]  ? iterate_fd+0x3f0/0x3f0
[   47.462565]  ? __lock_is_held+0xbc/0x140
[   47.466608]  ? sock_has_perm+0x29c/0x400
[   47.470638]  ? __fget_light+0x29d/0x390
[   47.474586]  ? selinux_tun_dev_create+0xc0/0xc0
[   47.479226]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   47.484911]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   47.490158]  ? alloc_file+0x284/0x3a0
[   47.493938]  ? sock_alloc_file+0x2b6/0x550
[   47.498150]  ? selinux_socket_setsockopt+0x64/0x80
[   47.503058]  SyS_setsockopt+0x189/0x360
[   47.507001]  ? SyS_setsockopt+0x189/0x360
[   47.511130]  ? SyS_recv+0x40/0x40
[   47.514556]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   47.519374]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   47.524363]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   47.529099]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   47.533822] RIP: 0033:0x4520a9
[   47.536984] RSP: 002b:00007fc494dc9c08 EFLAGS: 00000216 ORIG_RAX: 0000000000000036
[   47.544664] RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 00000000004520a9
[   47.551904] RDX: 0000000000000012 RSI: 0000000000000107 RDI: 0000000000000004
[   47.559144] RBP: 0000000000000082 R08: 0000000000000004 R09: 0000000000000000
[   47.566383] R10: 0000000020cdeffc R11: 0000000000000216 R12: 00000000004bb52e
[   47.573621] R13: 00000000ffffffff R14: 0000000000000003 R15: 0000000000000107
[   47.580878] 
[   47.582476] Allocated by task 3293:
[   47.586079]  save_stack_trace+0x16/0x20
[   47.590029]  save_stack+0x43/0xd0
[   47.593452]  kasan_kmalloc+0xad/0xe0
[   47.597135]  __kmalloc+0x162/0x760
[   47.600660]  sk_prot_alloc+0x101/0x2a0
[   47.604515]  sk_alloc+0x89/0x700
[   47.607854]  packet_create+0x169/0xb00
[   47.611712]  __sock_create+0x4d4/0x850
[   47.615567]  SyS_socket+0xeb/0x200
[   47.619080]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   47.623802] 
[   47.625398] Freed by task 3299:
[   47.628645]  save_stack_trace+0x16/0x20
[   47.632587]  save_stack+0x43/0xd0
[   47.636012]  kasan_slab_free+0x71/0xc0
[   47.639875]  kfree+0xca/0x250
[   47.642950]  __sk_destruct+0x74a/0x910
[   47.646806]  sk_destruct+0x47/0x80
[   47.650313]  __sk_free+0x57/0x230
[   47.653733]  sk_free+0x2a/0x40
[   47.656895]  packet_release+0x859/0xd70
[   47.660841]  sock_release+0x8d/0x1e0
[   47.664523]  sock_close+0x16/0x20
[   47.667946]  __fput+0x333/0x7f0
[   47.671193]  ____fput+0x15/0x20