INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-7,10.128.15.214' (ECDSA) to the list of known hosts.
2017/09/19 18:22:38 parsed 1 programs
2017/09/19 18:22:38 executed programs: 0
syzkaller login: [   26.366098] dev_remove_pack: ffff8801ccf4db00 not found
[   26.384350] ==================================================================
[   26.391757] BUG: KASAN: use-after-free in __dev_remove_pack+0x305/0x3b0
[   26.398482] Read of size 8 at addr ffff8801ccf4eaa8 by task syz-executor0/3163
[   26.405810] 
[   26.407422] CPU: 1 PID: 3163 Comm: syz-executor0 Not tainted 4.13.0-mm1+ #7
[   26.414495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.423838] Call Trace:
[   26.426403]  dump_stack+0x194/0x257
[   26.430007]  ? arch_local_irq_restore+0x53/0x53
[   26.434819]  ? show_regs_print_info+0x65/0x65
[   26.439291]  ? __dev_remove_pack+0x305/0x3b0
[   26.443673]  print_address_description+0x73/0x250
[   26.448493]  ? __dev_remove_pack+0x305/0x3b0
[   26.452871]  kasan_report+0x24e/0x340
[   26.456646]  __asan_report_load8_noabort+0x14/0x20
[   26.461547]  __dev_remove_pack+0x305/0x3b0
[   26.465758]  ? dev_get_by_name_rcu+0x270/0x270
[   26.470315]  ? refcount_sub_and_test+0x115/0x1b0
[   26.475050]  __unregister_prot_hook+0x211/0x280
[   26.479696]  packet_release+0x8bb/0xd70
[   26.483649]  ? packet_set_ring+0x1b70/0x1b70
[   26.488032]  ? dentry_free+0xcd/0x130
[   26.491810]  ? rcu_read_lock_sched_held+0x108/0x120
[   26.496802]  ? kmem_cache_free+0x249/0x280
[   26.501015]  ? dentry_free+0xd2/0x130
[   26.504794]  ? locks_remove_file+0x3fa/0x5a0
[   26.509177]  ? fcntl_setlk+0x10d0/0x10d0
[   26.513212]  ? __fsnotify_parent+0xb4/0x3a0
[   26.517505]  ? fsnotify+0x1af0/0x1af0
[   26.521282]  sock_release+0x8d/0x1e0
[   26.524966]  ? sock_release+0x8d/0x1e0
[   26.528828]  ? sock_release+0x1e0/0x1e0
[   26.532770]  sock_close+0x16/0x20
[   26.536192]  __fput+0x333/0x7f0
[   26.539459]  ? fput+0x140/0x140
[   26.542719]  ? check_same_owner+0x320/0x320
[   26.547026]  ? _raw_spin_unlock_irq+0x27/0x70
[   26.551504]  ____fput+0x15/0x20
[   26.554776]  task_work_run+0x199/0x270
[   26.558645]  ? task_work_cancel+0x210/0x210
[   26.562940]  ? _raw_spin_unlock+0x22/0x30
[   26.567065]  ? switch_task_namespaces+0x87/0xc0
[   26.571710]  do_exit+0xa52/0x1b40
[   26.575137]  ? plist_check_list+0xa0/0xa0
[   26.579266]  ? plist_del+0x47b/0x990
[   26.582962]  ? mm_update_next_owner+0x930/0x930
[   26.587603]  ? plist_add+0x760/0x760
[   26.591299]  ? check_same_owner+0x320/0x320
[   26.595596]  ? find_held_lock+0x39/0x1d0
[   26.599634]  ? check_noncircular+0x20/0x20
[   26.603838]  ? lock_downgrade+0x990/0x990
[   26.607973]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   26.613327]  ? find_held_lock+0x39/0x1d0
[   26.617371]  ? lock_downgrade+0x990/0x990
[   26.621498]  ? recalc_sigpending_tsk+0x117/0x150
[   26.626225]  ? recalc_sigpending+0x103/0x160
[   26.630603]  ? recalc_sigpending_tsk+0x150/0x150
[   26.635326]  ? get_signal+0x397/0x17e0
[   26.639202]  do_group_exit+0x149/0x400
[   26.643058]  ? __lock_is_held+0xbc/0x140
[   26.647087]  ? SyS_exit+0x30/0x30
[   26.650512]  ? _raw_spin_unlock_irq+0x27/0x70
[   26.654979]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.659971]  get_signal+0x7e8/0x17e0
[   26.663685]  ? ptrace_notify+0x130/0x130
[   26.667721]  ? trace_hardirqs_on+0xd/0x10
[   26.671841]  ? _raw_spin_unlock_irq+0x27/0x70
[   26.676308]  ? __schedule+0x13cd/0x2070
[   26.680251]  ? lock_release+0xd70/0xd70
[   26.684206]  ? exit_robust_list+0x240/0x240
[   26.688516]  do_signal+0x94/0x1ee0
[   26.692033]  ? iterate_fd+0x3f0/0x3f0
[   26.695819]  ? setup_sigcontext+0x7d0/0x7d0
[   26.700121]  ? schedule+0x108/0x440
[   26.703720]  ? __schedule+0x2070/0x2070
[   26.707667]  ? __fget_light+0x29d/0x390
[   26.711630]  ? selinux_tun_dev_create+0xc0/0xc0
[   26.716279]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   26.721977]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   26.727240]  ? exit_to_usermode_loop+0x98/0x300
[   26.731887]  exit_to_usermode_loop+0x224/0x300
[   26.736445]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   26.741963]  syscall_return_slowpath+0x42f/0x500
[   26.746690]  ? prepare_exit_to_usermode+0x2c0/0x2c0
[   26.751687]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   26.756592]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.761586]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.766318]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   26.771046] RIP: 0033:0x4520a9
[   26.774213] RSP: 002b:00007f46a2559cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   26.781900] RAX: fffffffffffffe00 RBX: 0000000000718028 RCX: 00000000004520a9
[   26.789139] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000718028
[   26.796377] RBP: 0000000000718000 R08: 0000000000000000 R09: 0000000000000000
[   26.803617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   26.810857] R13: 00007ffface76fdf R14: 00007f46a255a9c0 R15: 0000000000000000
[   26.818115] 
[   26.819727] Allocated by task 3163:
[   26.823328]  save_stack_trace+0x16/0x20
[   26.828157]  save_stack+0x43/0xd0
[   26.831593]  kasan_kmalloc+0xad/0xe0
[   26.835273]  kmem_cache_alloc_trace+0x136/0x750
[   26.839910]  fanout_add+0xa50/0x1190
[   26.843593]  packet_setsockopt+0xfdc/0x1e80
[   26.847889]  SyS_setsockopt+0x189/0x360
[   26.851835]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   26.856558] 
[   26.858156] Freed by task 3163:
[   26.861408]  save_stack_trace+0x16/0x20
[   26.865352]  save_stack+0x43/0xd0
[   26.868773]  kasan_slab_free+0x71/0xc0
[   26.872629]  kfree+0xca/0x250
[   26.875703]  packet_release+0xa8f/0xd70
[   26.879646]  sock_release+0x8d/0x1e0
[   26.883415]  sock_close+0x16/0x20
[   26.886835]  __fput+0x333/0x7f0
[   26.890081]  ____fput+0x15/0x20
[   26.893327]  task_work_run+0x199/0x270
[   26.897182]  do_exit+0xa52/0x1b40
[   26.900602]  do_group_exit+0x149/0x400
[   26.904459]  get_signal+0x7e8/0x17e0
[   26.908143]  do_signal+0x94/0x1ee0
[   26.911656]  exit_to_usermode_loop+0x224/0x300
[   26.916207]  syscall_return_slowpath+0x42f/0x500
[   26.920932]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   26.925661] 
[   26.927258] The buggy address belongs to the object at ffff8801ccf4e200
[   26.927258]  which belongs to the cache kmalloc-4096 of size 4096
[   26.940058] The buggy address is located 2216 bytes inside of
[   26.940058]  4096-byte region [ffff8801ccf4e200, ffff8801ccf4f200)
[   26.952073] The buggy address belongs to the page:
[   26.956972] page:ffffea000733d380 count:1 mapcount:0 mapping:ffff8801ccf4e200 index:0x0 compound_mapcount: 0
[   26.966914] flags: 0x200000000008100(slab|head)
[   26.971556] raw: 0200000000008100 ffff8801ccf4e200 0000000000000000 0000000100000001
[   26.979405] raw: ffffea000733faa0 ffff8801dac01a50 ffff8801dac00dc0 0000000000000000
[   26.987250] page dumped because: kasan: bad access detected
[   26.992927] 
[   26.994525] Memory state around the buggy address:
[   26.999421]  ffff8801ccf4e980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.006748]  ffff8801ccf4ea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.014074] >ffff8801ccf4ea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.021400]                                   ^
[   27.026036]  ffff8801ccf4eb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.033364]  ffff8801ccf4eb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.040695] ==================================================================
[   27.048019] Disabling lock debugging due to kernel taint
[   27.053520] Kernel panic - not syncing: panic_on_warn set ...
[   27.053520] 
[   27.060850] CPU: 1 PID: 3163 Comm: syz-executor0 Tainted: G    B           4.13.0-mm1+ #7
[   27.069129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.078449] Call Trace:
[   27.081008]  dump_stack+0x194/0x257
[   27.084602]  ? arch_local_irq_restore+0x53/0x53
[   27.089237]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.093960]  ? __dev_remove_pack+0x2f0/0x3b0
[   27.098337]  panic+0x1e4/0x417
[   27.101493]  ? __warn+0x1d9/0x1d9
[   27.104916]  ? __dev_remove_pack+0x305/0x3b0
[   27.109290]  kasan_end_report+0x50/0x50
[   27.113227]  kasan_report+0x137/0x340
[   27.116995]  __asan_report_load8_noabort+0x14/0x20
[   27.121973]  __dev_remove_pack+0x305/0x3b0
[   27.126174]  ? dev_get_by_name_rcu+0x270/0x270
[   27.130720]  ? refcount_sub_and_test+0x115/0x1b0
[   27.135451]  __unregister_prot_hook+0x211/0x280
[   27.140086]  packet_release+0x8bb/0xd70
[   27.144040]  ? packet_set_ring+0x1b70/0x1b70
[   27.148416]  ? dentry_free+0xcd/0x130
[   27.152183]  ? rcu_read_lock_sched_held+0x108/0x120
[   27.157164]  ? kmem_cache_free+0x249/0x280
[   27.161365]  ? dentry_free+0xd2/0x130
[   27.165133]  ? locks_remove_file+0x3fa/0x5a0
[   27.169507]  ? fcntl_setlk+0x10d0/0x10d0
[   27.173532]  ? __fsnotify_parent+0xb4/0x3a0
[   27.177817]  ? fsnotify+0x1af0/0x1af0
[   27.181584]  sock_release+0x8d/0x1e0
[   27.185262]  ? sock_release+0x8d/0x1e0
[   27.189113]  ? sock_release+0x1e0/0x1e0
[   27.193051]  sock_close+0x16/0x20
[   27.196470]  __fput+0x333/0x7f0
[   27.199718]  ? fput+0x140/0x140
[   27.202976]  ? check_same_owner+0x320/0x320
[   27.207260]  ? _raw_spin_unlock_irq+0x27/0x70
[   27.211724]  ____fput+0x15/0x20
[   27.214970]  task_work_run+0x199/0x270
[   27.218821]  ? task_work_cancel+0x210/0x210
[   27.223107]  ? _raw_spin_unlock+0x22/0x30
[   27.227221]  ? switch_task_namespaces+0x87/0xc0
[   27.231858]  do_exit+0xa52/0x1b40
[   27.235275]  ? plist_check_list+0xa0/0xa0
[   27.239396]  ? plist_del+0x47b/0x990
[   27.243076]  ? mm_update_next_owner+0x930/0x930
[   27.247710]  ? plist_add+0x760/0x760
[   27.251406]  ? check_same_owner+0x320/0x320
[   27.255703]  ? find_held_lock+0x39/0x1d0
[   27.259739]  ? check_noncircular+0x20/0x20
[   27.263938]  ? lock_downgrade+0x990/0x990
[   27.268053]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   27.273393]  ? find_held_lock+0x39/0x1d0
[   27.277427]  ? lock_downgrade+0x990/0x990
[   27.281543]  ? recalc_sigpending_tsk+0x117/0x150
[   27.286263]  ? recalc_sigpending+0x103/0x160
[   27.290636]  ? recalc_sigpending_tsk+0x150/0x150
[   27.295366]  ? get_signal+0x397/0x17e0
[   27.299226]  do_group_exit+0x149/0x400
[   27.303079]  ? __lock_is_held+0xbc/0x140
[   27.307101]  ? SyS_exit+0x30/0x30
[   27.310525]  ? _raw_spin_unlock_irq+0x27/0x70
[   27.314984]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.319965]  get_signal+0x7e8/0x17e0
[   27.323658]  ? ptrace_notify+0x130/0x130
[   27.327684]  ? trace_hardirqs_on+0xd/0x10
[   27.331796]  ? _raw_spin_unlock_irq+0x27/0x70
[   27.336255]  ? __schedule+0x13cd/0x2070
[   27.340195]  ? lock_release+0xd70/0xd70
[   27.344137]  ? exit_robust_list+0x240/0x240
[   27.348430]  do_signal+0x94/0x1ee0
[   27.351937]  ? iterate_fd+0x3f0/0x3f0
[   27.355702]  ? setup_sigcontext+0x7d0/0x7d0
[   27.359993]  ? schedule+0x108/0x440
[   27.363584]  ? __schedule+0x2070/0x2070