INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-386-0,10.128.15.206' (ECDSA) to the list of known hosts.
2017/11/22 09:26:17 parsed 1 programs
2017/11/22 09:26:17 executed programs: 0
syzkaller login: [   36.573815] device syz3 entered promiscuous mode
[   36.595065] device syz1 entered promiscuous mode
[   36.623995] device syz4 entered promiscuous mode
[   36.634475] device syz5 entered promiscuous mode
[   36.653366] device syz6 entered promiscuous mode
[   36.657278] dev_remove_pack: ffff8801cc297e40 not found
[   36.714818] ==================================================================
[   36.722212] BUG: KASAN: use-after-free in dev_queue_xmit_nit+0xb6d/0xc40
[   36.729016] Read of size 8 at addr ffff8801cc297e60 by task kworker/0:3/1368
[   36.736165] 
[   36.737784] CPU: 0 PID: 1368 Comm: kworker/0:3 Not tainted 4.14.0+ #100
[   36.744501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.753827] Workqueue: ipv6_addrconf addrconf_dad_work
[   36.759070] Call Trace:
[   36.761627]  dump_stack+0x194/0x257
[   36.765244]  ? arch_local_irq_restore+0x53/0x53
[   36.770925]  ? show_regs_print_info+0x65/0x65
[   36.775393]  ? lock_release+0xda0/0xda0
[   36.779337]  ? dev_queue_xmit_nit+0xb6d/0xc40
[   36.783804]  print_address_description+0x73/0x250
[   36.788615]  ? dev_queue_xmit_nit+0xb6d/0xc40
[   36.793078]  kasan_report+0x25b/0x340
[   36.796851]  __asan_report_load8_noabort+0x14/0x20
[   36.801749]  dev_queue_xmit_nit+0xb6d/0xc40
[   36.806044]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   36.811204]  ? unwind_dump+0x4d0/0x4d0
[   36.815062]  ? netif_device_attach+0x150/0x150
[   36.819618]  ? __unwind_start+0x169/0x330
[   36.823744]  dev_hard_start_xmit+0x16b/0xac0
[   36.828119]  ? dev_queue_xmit+0x17/0x20
[   36.832071]  ? validate_xmit_skb_list+0x120/0x120
[   36.836886]  ? __skb_gso_segment+0x7f0/0x7f0
[   36.841265]  ? lock_downgrade+0x980/0x980
[   36.845383]  ? validate_xmit_xfrm+0x7e/0x430
[   36.849762]  ? validate_xmit_skb+0x674/0xb20
[   36.854142]  ? netif_skb_features+0x8e0/0x8e0
[   36.858607]  ? do_raw_spin_trylock+0x190/0x190
[   36.863164]  ? validate_xmit_skb_list+0xda/0x120
[   36.867897]  sch_direct_xmit+0x31d/0x6d0
[   36.871930]  ? dev_deactivate_queue.constprop.27+0x260/0x260
[   36.877707]  __dev_queue_xmit+0x16f4/0x2070
[   36.882005]  ? netdev_pick_tx+0x300/0x300
[   36.886128]  ? _raw_write_unlock_bh+0x30/0x40
[   36.890593]  ? __neigh_create+0xc5b/0x1e00
[   36.894800]  ? find_held_lock+0x39/0x1d0
[   36.898840]  ? neightbl_dump_info+0x950/0x950
[   36.903301]  ? ipv6_chk_mcast_addr+0x163/0x810
[   36.907861]  ? mark_held_locks+0xb2/0x100
[   36.911989]  ? __local_bh_enable_ip+0x121/0x230
[   36.916629]  ? lock_release+0xda0/0xda0
[   36.920571]  ? ipv6_chk_mcast_addr+0x2f2/0x810
[   36.925119]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   36.930106]  ? rcu_pm_notify+0xc0/0xc0
[   36.933977]  dev_queue_xmit+0x17/0x20
[   36.937746]  neigh_direct_output+0x15/0x20
[   36.941949]  ip6_finish_output2+0xad1/0x2310
[   36.946337]  ? ip6_copy_metadata+0x890/0x890
[   36.950716]  ? lock_downgrade+0x980/0x980
[   36.954835]  ? ip6_mtu+0x13c/0x3e0
[   36.958355]  ? lock_release+0xda0/0xda0
[   36.962301]  ? __lock_is_held+0xbc/0x140
[   36.966345]  ? ip6_mtu+0x112/0x3e0
[   36.969853]  ? ip6_dst_ifdown+0x3d0/0x3d0
[   36.973968]  ? lock_release+0xda0/0xda0
[   36.977918]  ip6_finish_output+0x2f9/0x920
[   36.982121]  ? ip6_finish_output+0x2f9/0x920
[   36.986503]  ip6_output+0x1eb/0x840
[   36.990100]  ? ip6_finish_output+0x920/0x920
[   36.994475]  ? netlbl_catmap_setrng+0xb0/0xb0
[   36.998949]  ? ip6_fragment+0x3420/0x3420
[   37.003066]  ? nf_hook_slow+0xd3/0x1a0
[   37.006929]  NF_HOOK.constprop.36+0xff/0x630
[   37.011308]  ? igmp6_mcf_seq_start+0x790/0x790
[   37.015863]  ? icmp6_dst_alloc+0x44e/0x630
[   37.020072]  ? ip6_mc_leave_src+0x1d0/0x1d0
[   37.024363]  ? icmpv6_flow_init+0x1f6/0x270
[   37.028658]  mld_sendpack+0x6a8/0xcc0
[   37.032437]  ? igmp6_mcf_seq_next+0x660/0x660
[   37.036906]  ? mark_held_locks+0xb2/0x100
[   37.041028]  ? trace_hardirqs_on+0xd/0x10
[   37.045145]  ? __local_bh_enable_ip+0x121/0x230
[   37.049789]  mld_send_initial_cr.part.25+0x103/0x150
[   37.054866]  ipv6_mc_dad_complete+0x99/0x130
[   37.059244]  addrconf_dad_completed+0x595/0x970
[   37.063887]  ? addrconf_verify_work+0x20/0x20
[   37.068350]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   37.073339]  ? addrconf_dad_work+0x3a2/0x10b0
[   37.077800]  ? trace_hardirqs_on+0xd/0x10
[   37.081922]  addrconf_dad_work+0x3ae/0x10b0
[   37.086212]  ? addrconf_dad_work+0x3ae/0x10b0
[   37.090681]  ? addrconf_ifdown+0x14d0/0x14d0
[   37.095062]  ? __lock_is_held+0xbc/0x140
[   37.099103]  process_one_work+0xbfd/0x1be0
[   37.103303]  ? process_one_work+0xbfd/0x1be0
[   37.107689]  ? pwq_dec_nr_in_flight+0x450/0x450
[   37.112323]  ? finish_task_switch+0x1d3/0x740
[   37.116784]  ? finish_task_switch+0x1aa/0x740
[   37.121278]  ? __sched_text_start+0x8/0x8
[   37.125397]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   37.130558]  ? check_noncircular+0x20/0x20
[   37.134765]  ? find_held_lock+0x39/0x1d0
[   37.138808]  ? lock_acquire+0x1d5/0x580
[   37.142752]  ? worker_thread+0x4a3/0x1990
[   37.146876]  ? lock_release+0xda0/0xda0
[   37.150824]  ? do_raw_spin_trylock+0x190/0x190
[   37.155385]  worker_thread+0x223/0x1990
[   37.159347]  ? process_one_work+0x1be0/0x1be0
[   37.163812]  ? _raw_spin_unlock_irq+0x27/0x70
[   37.168277]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   37.173263]  ? trace_hardirqs_on+0xd/0x10
[   37.177376]  ? _raw_spin_unlock_irq+0x27/0x70
[   37.181838]  ? finish_task_switch+0x1d3/0x740
[   37.186299]  ? finish_task_switch+0x1aa/0x740
[   37.190767]  ? copy_overflow+0x20/0x20
[   37.194634]  ? __schedule+0x8f3/0x2060
[   37.198485]  ? check_noncircular+0x20/0x20
[   37.202701]  ? find_held_lock+0x39/0x1d0
[   37.206736]  ? find_held_lock+0x39/0x1d0
[   37.210949]  ? lock_downgrade+0x980/0x980
[   37.215066]  ? default_wake_function+0x30/0x50
[   37.219623]  ? __schedule+0x2060/0x2060
[   37.223564]  ? do_wait_intr+0x3e0/0x3e0
[   37.227507]  ? do_raw_spin_trylock+0x190/0x190
[   37.232057]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   37.237126]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   37.242112]  ? trace_hardirqs_on+0xd/0x10
[   37.246226]  ? __kthread_parkme+0x175/0x240
[   37.250518]  kthread+0x37a/0x440
[   37.253850]  ? process_one_work+0x1be0/0x1be0
[   37.258311]  ? kthread_stop+0x7b0/0x7b0
[   37.262255]  ret_from_fork+0x24/0x30
[   37.265948] 
[   37.267544] Allocated by task 3081:
[   37.271139]  save_stack+0x43/0xd0
[   37.274561]  kasan_kmalloc+0xad/0xe0
[   37.278240]  __kmalloc+0x162/0x760
[   37.281748]  sk_prot_alloc+0x101/0x2a0
[   37.285600]  sk_alloc+0x89/0x700
[   37.288932]  packet_create+0x169/0xb00
[   37.292783]  __sock_create+0x4d4/0x850
[   37.296637]  SyS_socket+0xeb/0x200
[   37.300143]  do_fast_syscall_32+0x3ee/0xf9d
[   37.304432]  entry_SYSENTER_compat+0x51/0x60
[   37.308805] 
[   37.310398] Freed by task 3102:
[   37.313644]  save_stack+0x43/0xd0
[   37.317061]  kasan_slab_free+0x71/0xc0
[   37.320912]  kfree+0xca/0x250
[   37.323984]  __sk_destruct+0x74a/0x910
[   37.327836]  sk_destruct+0x47/0x80
[   37.331342]  __sk_free+0x57/0x230
[   37.334762]  sk_free+0x2a/0x40
[   37.337919]  packet_release+0x883/0xde0
[   37.341857]  sock_release+0x8d/0x1e0
[   37.345538]  sock_close+0x16/0x20
[   37.348957]  __fput+0x333/0x7f0
[   37.352201]  ____fput+0x15/0x20
[   37.355447]  task_work_run+0x199/0x270
[   37.359302]  do_exit+0x9bb/0x1ae0
[   37.362719]  do_group_exit+0x149/0x400
[   37.366571]  get_signal+0x73f/0x16c0
[   37.370252]  do_signal+0x94/0x1ee0
[   37.373756]  exit_to_usermode_loop+0x214/0x310
[   37.378304]  do_fast_syscall_32+0xbfd/0xf9d
[   37.382592]  entry_SYSENTER_compat+0x51/0x60
[   37.386964] 
[   37.388559] The buggy address belongs to the object at ffff8801cc297680
[   37.388559]  which belongs to the cache kmalloc-2048 of size 2048
[   37.401352] The buggy address is located 2016 bytes inside of
[   37.401352]  2048-byte region [ffff8801cc297680, ffff8801cc297e80)
[   37.413365] The buggy address belongs to the page:
[   37.418261] page:ffffea000730a580 count:1 mapcount:0 mapping:ffff8801cc296580 index:0x0 compound_mapcount: 0
[   37.428284] flags: 0x2fffc0000008100(slab|head)
[   37.432922] raw: 02fffc0000008100 ffff8801cc296580 0000000000000000 0000000100000003
[   37.440770] raw: ffffea0006fe6620 ffffea0007309620 ffff8801db000c40 0000000000000000
[   37.448613] page dumped because: kasan: bad access detected
[   37.454287] 
[   37.455882] Memory state around the buggy address:
[   37.460776]  ffff8801cc297d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.468101]  ffff8801cc297d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.475425] >ffff8801cc297e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.482750]                                                        ^
[   37.489210]  ffff8801cc297e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.496534]  ffff8801cc297f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.503857] ==================================================================
[   37.511182] Disabling lock debugging due to kernel taint
[   37.516650] Kernel panic - not syncing: panic_on_warn set ...
[   37.516650] 
[   37.523985] CPU: 0 PID: 1368 Comm: kworker/0:3 Tainted: G    B            4.14.0+ #100
[   37.532000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.541326] Workqueue: ipv6_addrconf addrconf_dad_work
[   37.546566] Call Trace:
[   37.549124]  dump_stack+0x194/0x257
[   37.552720]  ? arch_local_irq_restore+0x53/0x53
[   37.557356]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   37.562076]  ? vsnprintf+0x1ed/0x1900
[   37.565843]  ? dev_queue_xmit_nit+0xa80/0xc40
[   37.570302]  panic+0x1e4/0x41c
[   37.573459]  ? refcount_error_report+0x214/0x214
[   37.578181]  ? add_taint+0x1c/0x50
[   37.581687]  ? add_taint+0x1c/0x50
[   37.585195]  ? dev_queue_xmit_nit+0xb6d/0xc40
[   37.589654]  kasan_end_report+0x50/0x50
[   37.593594]  kasan_report+0x144/0x340
[   37.597371]  __asan_report_load8_noabort+0x14/0x20
[   37.602266]  dev_queue_xmit_nit+0xb6d/0xc40
[   37.606554]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   37.611708]  ? unwind_dump+0x4d0/0x4d0
[   37.615561]  ? netif_device_attach+0x150/0x150
[   37.620109]  ? __unwind_start+0x169/0x330
[   37.624228]  dev_hard_start_xmit+0x16b/0xac0
[   37.628601]  ? dev_queue_xmit+0x17/0x20
[   37.632544]  ? validate_xmit_skb_list+0x120/0x120
[   37.637353]  ? __skb_gso_segment+0x7f0/0x7f0
[   37.641726]  ? lock_downgrade+0x980/0x980
[   37.645838]  ? validate_xmit_xfrm+0x7e/0x430
[   37.650215]  ? validate_xmit_skb+0x674/0xb20
[   37.654590]  ? netif_skb_features+0x8e0/0x8e0
[   37.659049]  ? do_raw_spin_trylock+0x190/0x190
[   37.663597]  ? validate_xmit_skb_list+0xda/0x120
[   37.668320]  sch_direct_xmit+0x31d/0x6d0
[   37.672348]  ? dev_deactivate_queue.constprop.27+0x260/0x260
[   37.678119]  __dev_queue_xmit+0x16f4/0x2070
[   37.682412]  ? netdev_pick_tx+0x300/0x300
[   37.686525]  ? _raw_write_unlock_bh+0x30/0x40
[   37.690984]  ? __neigh_create+0xc5b/0x1e00
[   37.695188]  ? find_held_lock+0x39/0x1d0
[   37.699218]  ? neightbl_dump_info+0x950/0x950
[   37.703679]  ? ipv6_chk_mcast_addr+0x163/0x810
[   37.708231]  ? mark_held_locks+0xb2/0x100
[   37.712353]  ? __local_bh_enable_ip+0x121/0x230
[   37.716989]  ? lock_release+0xda0/0xda0
[   37.720928]  ? ipv6_chk_mcast_addr+0x2f2/0x810
[   37.725473]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   37.730456]  ? rcu_pm_notify+0xc0/0xc0
[   37.734309]  dev_queue_xmit+0x17/0x20
[   37.738078]  neigh_direct_output+0x15/0x20
[   37.742541]  ip6_finish_output2+0xad1/0x2310
[   37.746922]  ? ip6_copy_metadata+0x890/0x890
[   37.751297]  ? lock_downgrade+0x980/0x980
[   37.755412]  ? ip6_mtu+0x13c/0x3e0
[   37.758920]  ? lock_release+0xda0/0xda0
[   37.762861]  ? __lock_is_held+0xbc/0x140
[   37.766891]  ? ip6_mtu+0x112/0x3e0
[   37.770396]  ? ip6_dst_ifdown+0x3d0/0x3d0
[   37.774509]  ? lock_release+0xda0/0xda0
[   37.778450]  ip6_finish_output+0x2f9/0x920
[   37.782647]  ? ip6_finish_output+0x2f9/0x920
[   37.787022]  ip6_output+0x1eb/0x840
[   37.790614]  ? ip6_finish_output+0x920/0x920
[   37.794985]  ? netlbl_catmap_setrng+0xb0/0xb0
[   37.799446]  ? ip6_fragment+0x3420/0x3420
[   37.803558]  ? nf_hook_slow+0xd3/0x1a0
[   37.807412]  NF_HOOK.constprop.36+0xff/0x630
[   37.811786]  ? igmp6_mcf_seq_start+0x790/0x790
[   37.816333]  ? icmp6_dst_alloc+0x44e/0x630
[   37.820544]  ? ip6_mc_leave_src+0x1d0/0x1d0
[   37.824831]  ? icmpv6_flow_init+0x1f6/0x270
[   37.829123]  mld_sendpack+0x6a8/0xcc0
[   37.832894]  ? igmp6_mcf_seq_next+0x660/0x660
[   37.837366]  ? mark_held_locks+0xb2/0x100
[   37.841485]  ? trace_hardirqs_on+0xd/0x10
[   37.845598]  ? __local_bh_enable_ip+0x121/0x230
[   37.850236]  mld_send_initial_cr.part.25+0x103/0x150
[   37.855310]  ipv6_mc_dad_complete+0x99/0x130
[   37.859684]  addrconf_dad_completed+0x595/0x970
[   37.864320]  ? addrconf_verify_work+0x20/0x20
[   37.868779]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   37.873759]  ? addrconf_dad_work+0x3a2/0x10b0
[   37.878216]  ? trace_hardirqs_on+0xd/0x10
[   37.882332]  addrconf_dad_work+0x3ae/0x10b0
[   37.886617]  ? addrconf_dad_work+0x3ae/0x10b0
[   37.891079]  ? addrconf_ifdown+0x14d0/0x14d0
[   37.895454]  ? __lock_is_held+0xbc/0x140
[   37.899486]  process_one_work+0xbfd/0x1be0
[   37.903684]  ? process_one_work+0xbfd/0x1be0
[   37.908071]  ? pwq_dec_nr_in_flight+0x450/0x450
[   37.912710]  ? finish_task_switch+0x1d3/0x740
[   37.917171]  ? finish_task_switch+0x1aa/0x740
[   37.921645]  ? __sched_text_start+0x8/0x8
[   37.925760]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   37.930915]  ? check_noncircular+0x20/0x20
[   37.935116]  ? find_held_lock+0x39/0x1d0
[   37.939147]  ? lock_acquire+0x1d5/0x580
[   37.943089]  ? worker_thread+0x4a3/0x1990
[   37.947206]  ? lock_release+0xda0/0xda0
[   37.951147]  ? do_raw_spin_trylock+0x190/0x190
[   37.955701]  worker_thread+0x223/0x1990
[   37.959650]  ? process_one_work+0x1be0/0x1be0
[   37.964114]  ? _raw_spin_unlock_irq+0x27/0x70
[   37.968575]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   37.973556]  ? trace_hardirqs_on+0xd/0x10
[   37.977666]  ? _raw_spin_unlock_irq+0x27/0x70
[   37.982127]  ? finish_task_switch+0x1d3/0x740
[   37.986585]  ? finish_task_switch+0x1aa/0x740
[   37.991046]  ? copy_overflow+0x20/0x20
[   37.994902]  ? __schedule+0x8f3/0x2060
[   37.998751]  ? check_noncircular+0x20/0x20
[   38.002957]  ? find_held_lock+0x39/0x1d0
[   38.006986]  ? find_held_lock+0x39/0x1d0
[   38.011016]  ? lock_downgrade+0x980/0x980
[   38.015129]  ? default_wake_function+0x30/0x50
[   38.019678]  ? __schedule+0x2060/0x2060
[   38.023617]  ? do_wait_intr+0x3e0/0x3e0
[   38.027556]  ? do_raw_spin_trylock+0x190/0x190
[   38.032103]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   38.037172]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   38.042156]  ? trace_hardirqs_on+0xd/0x10
[   38.046272]  ? __kthread_parkme+0x175/0x240
[   38.050560]  kthread+0x37a/0x440
[   38.053891]  ? process_one_work+0x1be0/0x1be0
[   38.058351]  ? kthread_stop+0x7b0/0x7b0
[   38.062293]  ret_from_fork+0x24/0x30
[   38.066361] Dumping ftrace buffer:
[   38.069866]    (ftrace buffer empty)
[   38.073541] Kernel Offset: disabled
[   38.077134] Rebooting in 86400 seconds..