INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-1,10.128.15.215' (ECDSA) to the list of known hosts. net.ipv6.conf.syz3.accept_dad = 0 net.ipv6.conf.syz6.accept_dad = 0 net.ipv6.conf.syz5.accept_dad = 0 net.ipv6.conf.syz4.accept_dad = 0 net.ipv6.conf.syz7.accept_dad = 0 net.ipv6.conf.syz2.accept_dad = 0 net.ipv6.conf.syz1.accept_dad = 0 net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz6.router_solicitations = 0 net.ipv6.conf.syz7.router_solicitations = 0 net.ipv6.conf.syz3.router_solicitations = 0 net.ipv6.conf.syz5.router_solicitations = 0 net.ipv6.conf.syz4.router_solicitations = 0 net.ipv6.conf.syz1.router_solicitations = 0 net.ipv6.conf.syz0.router_solicitations = 0 net.ipv6.conf.syz2.router_solicitations = 0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program syzkaller login: INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 121.989319] dev_remove_pack: ffff8801d8d1b200 not found executing program executing program executing program [ 122.114290] ================================================================== [ 122.121677] BUG: KASAN: use-after-free in fanout_demux_rollover+0x49b/0x4d0 at addr ffff8801d8d1b1b8 [ 122.130916] Read of size 8 by task syzkaller664810/16135 [ 122.136332] CPU: 0 PID: 16135 Comm: syzkaller664810 Not tainted 4.9.51-g9452b2c #49 [ 122.144088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 122.153408] ffff8801db2077e0 ffffffff81d92f89 ffff8801da002000 ffff8801d8d1aa80 [ 122.161354] ffff8801d8d1b280 ffffed003b1a3637 ffff8801d8d1b1b8 ffff8801db207808 [ 122.169301] ffffffff8153cb8c ffffed003b1a3637 ffff8801da002000 0000000000000000 [ 122.177243] Call Trace: [ 122.179792] [ 122.181823] [] dump_stack+0xc1/0x128 [ 122.187166] [] kasan_object_err+0x1c/0x70 [ 122.192928] [] kasan_report.part.1+0x21c/0x500 [ 122.199136] [] ? fanout_demux_rollover+0x49b/0x4d0 [ 122.205681] [] ? kfree_skbmem+0xd7/0xf0 [ 122.211270] [] __asan_report_load8_noabort+0x29/0x30 [ 122.217985] [] fanout_demux_rollover+0x49b/0x4d0 [ 122.224352] [] packet_rcv_fanout+0x3e6/0x620 [ 122.230462] [] __netif_receive_skb_core+0x887/0x29e0 [ 122.237181] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 122.244156] [] ? netif_wake_subqueue+0x210/0x210 [ 122.250524] [] ? netif_receive_skb_internal+0x92/0x390 [ 122.257411] [] __netif_receive_skb+0x5b/0x1c0 [ 122.263517] [] netif_receive_skb_internal+0xff/0x390 [ 122.270233] [] ? netif_receive_skb_internal+0x92/0x390 [ 122.277119] [] ? dev_cpu_callback+0x680/0x680 [ 122.283227] [] ? dev_gro_receive+0x1d6/0x16f0 [ 122.289334] [] ? dev_gro_receive+0x67a/0x16f0 [ 122.295443] [] ? eth_type_trans+0x2a8/0x5d0 [ 122.301383] [] napi_gro_receive+0x1fb/0x400 [ 122.307318] [] virtnet_receive+0xe1c/0x1cf0 [ 122.313252] [] ? virtnet_open+0x250/0x250 [ 122.319024] [] ? check_preemption_disabled+0x3b/0x200 [ 122.325831] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 122.332808] [] ? check_preemption_disabled+0x3b/0x200 [ 122.339611] [] ? debug_smp_processor_id+0x1c/0x20 [ 122.346066] [] virtnet_poll+0x26/0x140 [ 122.351565] [] net_rx_action+0x396/0xe00 [ 122.357237] [] ? sk_busy_loop+0xca0/0xca0 [ 122.362998] [] ? handle_edge_irq+0x417/0x8e0 [ 122.369021] [] ? _raw_spin_lock+0x3e/0x50 [ 122.374782] [] ? check_preemption_disabled+0x3b/0x200 [ 122.381583] [] __do_softirq+0x22d/0x964 [ 122.387168] [] irq_exit+0x165/0x190 [ 122.392407] [] do_IRQ+0x107/0x1b0 [ 122.397474] [] common_interrupt+0x8c/0x8c [ 122.403239] [ 122.405268] [] ? filemap_map_pages+0x265/0xd70 [ 122.411476] [] ? filemap_map_pages+0x247/0xd70 [ 122.417672] [] ? filemap_map_pages+0xfa/0xd70 [ 122.423781] [] ? find_lock_entry+0x3e0/0x3e0 [ 122.429808] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 122.436786] [] handle_mm_fault+0x1a6d/0x2530 [ 122.442805] [] ? __pmd_alloc+0x410/0x410 [ 122.448481] [] ? __do_page_fault+0x2a7/0xbd0 [ 122.454502] [] __do_page_fault+0x4eb/0xbd0 [ 122.460361] [] do_page_fault+0x27/0x30 [ 122.465859] [] page_fault+0x28/0x30 [ 122.471101] Object at ffff8801d8d1aa80, in cache kmalloc-2048 size: 2048 [ 122.477899] Allocated: [ 122.480356] PID = 16082 [ 122.482907] save_stack_trace+0x16/0x20 [ 122.486844] save_stack+0x43/0xd0 [ 122.490259] kasan_kmalloc+0xad/0xe0 [ 122.493936] __kmalloc+0x11d/0x310 [ 122.497440] sk_prot_alloc+0x101/0x2a0 [ 122.501291] sk_alloc+0x3a/0x3a0 [ 122.504623] packet_create+0xf0/0x8e0 [ 122.508387] __sock_create+0x3ab/0x640 [ 122.512237] SyS_socket+0xf0/0x1b0 [ 122.515740] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 122.520455] Freed: [ 122.522566] PID = 16054 [ 122.525115] save_stack_trace+0x16/0x20 [ 122.529050] save_stack+0x43/0xd0 [ 122.532464] kasan_slab_free+0x73/0xc0 [ 122.536312] kfree+0xf0/0x2f0 [ 122.539381] __sk_destruct+0x47f/0x570 [ 122.543232] sk_destruct+0x47/0x80 [ 122.546819] __sk_free+0x57/0x230 [ 122.550235] sk_free+0x23/0x30 [ 122.553391] packet_release+0x732/0xa20 [ 122.557328] sock_release+0x8d/0x1e0 [ 122.561004] sock_close+0x16/0x20 [ 122.564421] __fput+0x28c/0x6e0 [ 122.567661] ____fput+0x15/0x20 [ 122.570904] task_work_run+0x115/0x190 [ 122.574755] do_exit+0x82e/0x2a50 [ 122.578172] do_group_exit+0x108/0x320 [ 122.582023] SyS_exit_group+0x1d/0x20 [ 122.585786] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 122.590502] Memory state around the buggy address: [ 122.595395] ffff8801d8d1b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 122.602722] ffff8801d8d1b100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb executing program [ 122.610042] >ffff8801d8d1b180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 122.617359] ^ [ 122.622511] ffff8801d8d1b200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 122.629831] ffff8801d8d1b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 122.637150] ================================================================== [ 122.644555] ================================================================== [ 122.651890] BUG: KASAN: use-after-free in fanout_demux_rollover+0x4bc/0x4d0 at addr ffff8801d53ca000 [ 122.661120] Read of size 4 by task syzkaller664810/16135 [ 122.666534] CPU: 0 PID: 16135 Comm: syzkaller664810 Tainted: G B 4.9.51-g9452b2c #49 [ 122.675506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 122.684825] ffff8801db2077e0 ffffffff81d92f89 ffff8801da001640 ffff8801d53ca000 [ 122.692780] ffff8801d53ca080 ffffed003aa79400 ffff8801d53ca000 ffff8801db207808 [ 122.700729] ffffffff8153cb8c ffffed003aa79400 ffff8801da001640 0000000000000000 [ 122.708671] Call Trace: [ 122.711218] [ 122.713249] [] dump_stack+0xc1/0x128 [ 122.718593] [] kasan_object_err+0x1c/0x70 [ 122.724352] [] kasan_report.part.1+0x21c/0x500 [ 122.730549] [] ? fanout_demux_rollover+0x4bc/0x4d0 [ 122.737090] [] __asan_report_load4_noabort+0x29/0x30 [ 122.743806] [] fanout_demux_rollover+0x4bc/0x4d0 [ 122.750183] [] packet_rcv_fanout+0x3e6/0x620 [ 122.756206] [] __netif_receive_skb_core+0x887/0x29e0 [ 122.762927] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 122.769904] [] ? netif_wake_subqueue+0x210/0x210 [ 122.776273] [] ? netif_receive_skb_internal+0x92/0x390 [ 122.783161] [] __netif_receive_skb+0x5b/0x1c0 [ 122.789268] [] netif_receive_skb_internal+0xff/0x390 [ 122.795983] [] ? netif_receive_skb_internal+0x92/0x390 [ 122.802871] [] ? dev_cpu_callback+0x680/0x680 [ 122.808978] [] ? dev_gro_receive+0x1d6/0x16f0 [ 122.815084] [] ? dev_gro_receive+0x67a/0x16f0 [ 122.821192] [] ? eth_type_trans+0x2a8/0x5d0 [ 122.827125] [] napi_gro_receive+0x1fb/0x400 [ 122.833062] [] virtnet_receive+0xe1c/0x1cf0 [ 122.838996] [] ? virtnet_open+0x250/0x250 [ 122.844757] [] ? check_preemption_disabled+0x3b/0x200 [ 122.851562] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 122.858538] [] ? check_preemption_disabled+0x3b/0x200 [ 122.865340] [] ? debug_smp_processor_id+0x1c/0x20 [ 122.871795] [] virtnet_poll+0x26/0x140 [ 122.877298] [] net_rx_action+0x396/0xe00 [ 122.883066] [] ? sk_busy_loop+0xca0/0xca0 [ 122.888826] [] ? handle_edge_irq+0x417/0x8e0 [ 122.894847] [] ? _raw_spin_lock+0x3e/0x50 [ 122.900609] [] ? check_preemption_disabled+0x3b/0x200 [ 122.907411] [] __do_softirq+0x22d/0x964 [ 122.913000] [] irq_exit+0x165/0x190 [ 122.918237] [] do_IRQ+0x107/0x1b0 [ 122.923303] [] common_interrupt+0x8c/0x8c [ 122.929059] [ 122.931088] [] ? filemap_map_pages+0x265/0xd70 [ 122.937297] [] ? filemap_map_pages+0x247/0xd70 [ 122.943490] [] ? filemap_map_pages+0xfa/0xd70 [ 122.949595] [] ? find_lock_entry+0x3e0/0x3e0 [ 122.955618] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 122.962598] [] handle_mm_fault+0x1a6d/0x2530 [ 122.968621] [] ? __pmd_alloc+0x410/0x410 [ 122.974300] [] ? __do_page_fault+0x2a7/0xbd0 [ 122.980320] [] __do_page_fault+0x4eb/0xbd0 [ 122.986166] [] do_page_fault+0x27/0x30 [ 122.991670] [] page_fault+0x28/0x30 [ 122.996909] Object at ffff8801d53ca000, in cache kmalloc-128 size: 128 [ 123.003535] Allocated: [ 123.005994] PID = 16086 [ 123.008545] save_stack_trace+0x16/0x20 [ 123.012483] save_stack+0x43/0xd0 [ 123.015896] kasan_kmalloc+0xad/0xe0 [ 123.019573] kmem_cache_alloc_trace+0xfb/0x2a0 [ 123.024120] packet_setsockopt+0x181c/0x2240 [ 123.028493] SyS_setsockopt+0x160/0x250 [ 123.032428] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 123.037145] Freed: [ 123.039254] PID = 0 [ 123.041456] save_stack_trace+0x16/0x20 [ 123.045392] save_stack+0x43/0xd0 [ 123.048806] kasan_slab_free+0x73/0xc0 [ 123.052654] kfree+0xf0/0x2f0 [ 123.055725] rcu_process_callbacks+0x981/0x12d0 [ 123.060441] __do_softirq+0x22d/0x964 [ 123.064210] Memory state around the buggy address: [ 123.069104] ffff8801d53c9f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 123.076425] ffff8801d53c9f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 123.083748] >ffff8801d53ca000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 123.091070] ^ [ 123.094398] ffff8801d53ca080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 123.101718] ffff8801d53ca100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 123.109036] ==================================================================