INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-5,10.128.0.29' (ECDSA) to the list of known hosts.
2017/09/10 03:34:09 parsed 1 programs
2017/09/10 03:34:09 executed programs: 0
syzkaller login: [   51.929504] dev_remove_pack: ffff8801ce71f440 not found
[   51.947371] ==================================================================
[   51.954761] BUG: KASAN: use-after-free in __dev_remove_pack+0x305/0x3b0
[   51.961482] Read of size 8 at addr ffff8801ce58ea68 by task syz-executor0/3022
[   51.968807] 
[   51.970406] CPU: 0 PID: 3022 Comm: syz-executor0 Not tainted 4.13.0-next-20170908+ #18
[   51.978429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.987753] Call Trace:
[   51.990311]  dump_stack+0x194/0x257
[   51.993910]  ? arch_local_irq_restore+0x53/0x53
[   51.998550]  ? show_regs_print_info+0x65/0x65
[   52.003020]  ? __dev_remove_pack+0x305/0x3b0
[   52.007401]  print_address_description+0x73/0x250
[   52.012214]  ? __dev_remove_pack+0x305/0x3b0
[   52.016593]  kasan_report+0x24e/0x340
[   52.020375]  __asan_report_load8_noabort+0x14/0x20
[   52.025278]  __dev_remove_pack+0x305/0x3b0
[   52.029483]  ? dev_get_by_name_rcu+0x270/0x270
[   52.034034]  ? refcount_sub_and_test+0x115/0x1b0
[   52.038771]  __unregister_prot_hook+0x211/0x280
[   52.043421]  packet_release+0x8bb/0xd70
[   52.047371]  ? packet_set_ring+0x1b70/0x1b70
[   52.051748]  ? dentry_free+0xcd/0x130
[   52.055520]  ? rcu_read_lock_sched_held+0x108/0x120
[   52.060510]  ? kmem_cache_free+0x249/0x280
[   52.064716]  ? dentry_free+0xd2/0x130
[   52.068492]  ? locks_remove_file+0x3fa/0x5a0
[   52.072873]  ? fcntl_setlk+0x10d0/0x10d0
[   52.076908]  ? __fsnotify_parent+0xb4/0x3a0
[   52.081203]  ? fsnotify+0x1af0/0x1af0
[   52.084977]  sock_release+0x8d/0x1e0
[   52.088660]  ? sock_release+0x8d/0x1e0
[   52.092518]  ? sock_release+0x1e0/0x1e0
[   52.096460]  sock_close+0x16/0x20
[   52.099885]  __fput+0x333/0x7f0
[   52.103141]  ? fput+0x140/0x140
[   52.106394]  ? check_same_owner+0x320/0x320
[   52.110685]  ? _raw_spin_unlock_irq+0x27/0x70
[   52.115175]  ____fput+0x15/0x20
[   52.118447]  task_work_run+0x199/0x270
[   52.122324]  ? task_work_cancel+0x210/0x210
[   52.126619]  ? _raw_spin_unlock+0x22/0x30
[   52.130737]  ? switch_task_namespaces+0x87/0xc0
[   52.135382]  do_exit+0xa52/0x1b40
[   52.138807]  ? plist_check_list+0xa0/0xa0
[   52.142938]  ? plist_del+0x47b/0x990
[   52.146623]  ? mm_update_next_owner+0x930/0x930
[   52.151267]  ? plist_add+0x760/0x760
[   52.154966]  ? check_same_owner+0x320/0x320
[   52.159269]  ? find_held_lock+0x39/0x1d0
[   52.163312]  ? check_noncircular+0x20/0x20
[   52.167518]  ? lock_downgrade+0x990/0x990
[   52.171636]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   52.176986]  ? find_held_lock+0x39/0x1d0
[   52.181029]  ? lock_downgrade+0x990/0x990
[   52.185162]  ? recalc_sigpending_tsk+0x117/0x150
[   52.189898]  ? recalc_sigpending+0x103/0x160
[   52.194282]  ? recalc_sigpending_tsk+0x150/0x150
[   52.199017]  ? get_signal+0x397/0x17e0
[   52.202906]  do_group_exit+0x149/0x400
[   52.206770]  ? __lock_is_held+0xbc/0x140
[   52.210804]  ? SyS_exit+0x30/0x30
[   52.214229]  ? _raw_spin_unlock_irq+0x27/0x70
[   52.218703]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   52.223705]  get_signal+0x7e8/0x17e0
[   52.227423]  ? ptrace_notify+0x130/0x130
[   52.231462]  ? __schedule+0x8f0/0x2070
[   52.235323]  ? lock_release+0xd70/0xd70
[   52.239283]  ? exit_robust_list+0x240/0x240
[   52.243610]  do_signal+0x94/0x1ee0
[   52.247143]  ? iterate_fd+0x3f0/0x3f0
[   52.250928]  ? setup_sigcontext+0x7d0/0x7d0
[   52.255221]  ? retint_kernel+0x10/0x10
[   52.259086]  ? schedule+0x108/0x440
[   52.262686]  ? __schedule+0x2070/0x2070
[   52.266632]  ? __fget_light+0x29d/0x390
[   52.270577]  ? selinux_tun_dev_create+0xc0/0xc0
[   52.275216]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   52.280897]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   52.286153]  ? exit_to_usermode_loop+0x98/0x300
[   52.290799]  exit_to_usermode_loop+0x224/0x300
[   52.295354]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   52.300870]  syscall_return_slowpath+0x42f/0x500
[   52.305599]  ? prepare_exit_to_usermode+0x2c0/0x2c0
[   52.310587]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   52.315492]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   52.320478]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   52.325214]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   52.329942] RIP: 0033:0x451e59
[   52.333102] RSP: 002b:00007f76892d0cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   52.340783] RAX: fffffffffffffe00 RBX: 0000000000718028 RCX: 0000000000451e59
[   52.348022] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000718028
[   52.355266] RBP: 0000000000718000 R08: 0000000000000000 R09: 0000000000000000
[   52.362506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   52.369747] R13: 00007ffdde4843cf R14: 00007f76892d19c0 R15: 0000000000000000
[   52.377005] 
[   52.378605] Allocated by task 3022:
[   52.382203]  save_stack_trace+0x16/0x20
[   52.386148]  save_stack+0x43/0xd0
[   52.389571]  kasan_kmalloc+0xad/0xe0
[   52.393252]  kmem_cache_alloc_trace+0x136/0x750
[   52.397897]  fanout_add+0xa50/0x1190
[   52.401580]  packet_setsockopt+0xfdc/0x1e80
[   52.405871]  SyS_setsockopt+0x189/0x360
[   52.409815]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   52.414538] 
[   52.416134] Freed by task 3022:
[   52.419384]  save_stack_trace+0x16/0x20
[   52.423328]  save_stack+0x43/0xd0
[   52.426748]  kasan_slab_free+0x71/0xc0
[   52.430603]  kfree+0xca/0x250
[   52.433679]  packet_release+0xa8f/0xd70
[   52.437625]  sock_release+0x8d/0x1e0
[   52.441308]  sock_close+0x16/0x20
[   52.444728]  __fput+0x333/0x7f0
[   52.447974]  ____fput+0x15/0x20
[   52.451223]  task_work_run+0x199/0x270
[   52.455079]  do_exit+0xa52/0x1b40
[   52.458498]  do_group_exit+0x149/0x400
[   52.462354]  get_signal+0x7e8/0x17e0
[   52.466036]  do_signal+0x94/0x1ee0
[   52.469547]  exit_to_usermode_loop+0x224/0x300
[   52.474096]  syscall_return_slowpath+0x42f/0x500
[   52.478822]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   52.483542] 
[   52.485140] The buggy address belongs to the object at ffff8801ce58e1c0
[   52.485140]  which belongs to the cache kmalloc-4096 of size 4096
[   52.497941] The buggy address is located 2216 bytes inside of
[   52.497941]  4096-byte region [ffff8801ce58e1c0, ffff8801ce58f1c0)
[   52.509955] The buggy address belongs to the page:
[   52.514855] page:ffffea0007396380 count:1 mapcount:0 mapping:ffff8801ce58e1c0 index:0x0 compound_mapcount: 0
[   52.524799] flags: 0x200000000008100(slab|head)
[   52.529440] raw: 0200000000008100 ffff8801ce58e1c0 0000000000000000 0000000100000001
[   52.537291] raw: ffffea0007398e20 ffff8801dac01a50 ffff8801dac00dc0 0000000000000000
[   52.545139] page dumped because: kasan: bad access detected
[   52.550825] 
[   52.552423] Memory state around the buggy address:
[   52.557321]  ffff8801ce58e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.564649]  ffff8801ce58e980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.571976] >ffff8801ce58ea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.579304]                                                           ^
[   52.586023]  ffff8801ce58ea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.593350]  ffff8801ce58eb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.600673] ==================================================================
[   52.607998] Disabling lock debugging due to kernel taint
[   52.613492] Kernel panic - not syncing: panic_on_warn set ...
[   52.613492] 
[   52.620821] CPU: 0 PID: 3022 Comm: syz-executor0 Tainted: G    B           4.13.0-next-20170908+ #18
[   52.630056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.639373] Call Trace:
[   52.641927]  dump_stack+0x194/0x257
[   52.645518]  ? arch_local_irq_restore+0x53/0x53
[   52.650153]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   52.654877]  ? __dev_remove_pack+0x2f0/0x3b0
[   52.659256]  panic+0x1e4/0x417
[   52.662410]  ? __warn+0x1d9/0x1d9
[   52.665835]  ? __dev_remove_pack+0x305/0x3b0
[   52.670207]  kasan_end_report+0x50/0x50
[   52.674144]  kasan_report+0x137/0x340
[   52.677911]  __asan_report_load8_noabort+0x14/0x20
[   52.682803]  __dev_remove_pack+0x305/0x3b0
[   52.687000]  ? dev_get_by_name_rcu+0x270/0x270
[   52.691546]  ? refcount_sub_and_test+0x115/0x1b0
[   52.696271]  __unregister_prot_hook+0x211/0x280
[   52.700906]  packet_release+0x8bb/0xd70
[   52.704847]  ? packet_set_ring+0x1b70/0x1b70
[   52.709220]  ? dentry_free+0xcd/0x130
[   52.712983]  ? rcu_read_lock_sched_held+0x108/0x120
[   52.717962]  ? kmem_cache_free+0x249/0x280
[   52.722160]  ? dentry_free+0xd2/0x130
[   52.725926]  ? locks_remove_file+0x3fa/0x5a0
[   52.730299]  ? fcntl_setlk+0x10d0/0x10d0
[   52.734326]  ? __fsnotify_parent+0xb4/0x3a0
[   52.738611]  ? fsnotify+0x1af0/0x1af0
[   52.742376]  sock_release+0x8d/0x1e0
[   52.746051]  ? sock_release+0x8d/0x1e0
[   52.749901]  ? sock_release+0x1e0/0x1e0
[   52.753836]  sock_close+0x16/0x20
[   52.757254]  __fput+0x333/0x7f0
[   52.760499]  ? fput+0x140/0x140
[   52.763742]  ? check_same_owner+0x320/0x320
[   52.768027]  ? _raw_spin_unlock_irq+0x27/0x70
[   52.772487]  ____fput+0x15/0x20
[   52.775732]  task_work_run+0x199/0x270
[   52.779585]  ? task_work_cancel+0x210/0x210
[   52.783871]  ? _raw_spin_unlock+0x22/0x30
[   52.787982]  ? switch_task_namespaces+0x87/0xc0
[   52.792618]  do_exit+0xa52/0x1b40
[   52.796035]  ? plist_check_list+0xa0/0xa0
[   52.800153]  ? plist_del+0x47b/0x990
[   52.803829]  ? mm_update_next_owner+0x930/0x930
[   52.808460]  ? plist_add+0x760/0x760
[   52.812143]  ? check_same_owner+0x320/0x320
[   52.816430]  ? find_held_lock+0x39/0x1d0
[   52.820459]  ? check_noncircular+0x20/0x20
[   52.824656]  ? lock_downgrade+0x990/0x990
[   52.828769]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   52.834108]  ? find_held_lock+0x39/0x1d0
[   52.838140]  ? lock_downgrade+0x990/0x990
[   52.842255]  ? recalc_sigpending_tsk+0x117/0x150
[   52.846974]  ? recalc_sigpending+0x103/0x160
[   52.851346]  ? recalc_sigpending_tsk+0x150/0x150
[   52.856064]  ? get_signal+0x397/0x17e0
[   52.859920]  do_group_exit+0x149/0x400
[   52.863770]  ? __lock_is_held+0xbc/0x140
[   52.867793]  ? SyS_exit+0x30/0x30
[   52.871209]  ? _raw_spin_unlock_irq+0x27/0x70
[   52.875670]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   52.880652]  get_signal+0x7e8/0x17e0
[   52.884346]  ? ptrace_notify+0x130/0x130
[   52.888375]  ? __schedule+0x8f0/0x2070
[   52.892225]  ? lock_release+0xd70/0xd70
[   52.896171]  ? exit_robust_list+0x240/0x240
[   52.900461]  do_signal+0x94/0x1ee0
[   52.903969]  ? iterate_fd+0x3f0/0x3f0
[   52.907734]  ? setup_sigcontext+0x7d0/0x7d0
[   52.912016]  ? retint_kernel+0x10/0x10
[   52.915871]  ? schedule+0x108/0x440
[   52.919461]  ? __schedule+0x2070/0x2070
[   52.923398]  ? __fget_light+0x29d/0x390
[   52.927339]  ? selinux_tun_dev_create+0xc0/0xc0