INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-4,10.128.0.50' (ECDSA) to the list of known hosts.
2017/09/11 23:08:16 parsed 1 programs
2017/09/11 23:08:16 executed programs: 0
2017/09/11 23:08:21 executed programs: 780
syzkaller login: [   36.867416] dev_remove_pack: ffff8801d4210840 not found
[   38.212585] dev_remove_pack: ffff8801d0e295c0 not found
2017/09/11 23:08:26 executed programs: 1436
[   40.417598] ==================================================================
[   40.425070] BUG: KASAN: use-after-free in packet_rcv_fanout+0x78a/0x7d0
[   40.431817] Read of size 8 at addr ffff8801d4210850 by task syz-executor0/7857
[   40.439163] 
[   40.440790] CPU: 1 PID: 7857 Comm: syz-executor0 Not tainted 4.13.0-next-20170911+ #19
[   40.448833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.458182] Call Trace:
[   40.460744]  <IRQ>
[   40.462874]  dump_stack+0x194/0x257
[   40.466480]  ? arch_local_irq_restore+0x53/0x53
[   40.471123]  ? show_regs_print_info+0x65/0x65
[   40.475621]  ? packet_rcv_fanout+0x78a/0x7d0
[   40.480024]  print_address_description+0x73/0x250
[   40.484848]  ? packet_rcv_fanout+0x78a/0x7d0
[   40.489231]  kasan_report+0x24e/0x340
[   40.493021]  __asan_report_load8_noabort+0x14/0x20
[   40.497944]  packet_rcv_fanout+0x78a/0x7d0
[   40.502178]  ? compat_packet_setsockopt+0x140/0x140
[   40.507171]  ? refcount_add+0x60/0x60
[   40.511301]  ? check_noncircular+0x20/0x20
[   40.515530]  dev_queue_xmit_nit+0x2d4/0xae0
[   40.519856]  ? netif_device_attach+0x150/0x150
[   40.524426]  ? find_held_lock+0x39/0x1d0
[   40.528470]  ? reacquire_held_locks+0x205/0x3d0
[   40.533120]  ? dev_queue_xmit+0x17/0x20
[   40.537079]  dev_hard_start_xmit+0x16b/0xac0
[   40.541474]  ? validate_xmit_skb_list+0x120/0x120
[   40.546303]  ? netif_skb_features+0x573/0x8e0
[   40.550793]  ? lock_downgrade+0x6d0/0x990
[   40.554933]  ? __skb_gso_segment+0x7f0/0x7f0
[   40.559339]  ? lock_acquire+0x1d5/0x580
[   40.563302]  ? sch_direct_xmit+0x280/0x6d0
[   40.567536]  ? lock_release+0xd70/0xd70
[   40.571502]  ? netif_skb_features+0x8e0/0x8e0
[   40.576016]  sch_direct_xmit+0x31d/0x6d0
[   40.580067]  ? dev_deactivate_queue.constprop.27+0x260/0x260
[   40.585869]  __dev_queue_xmit+0x15fe/0x1e40
[   40.590195]  ? netdev_pick_tx+0x300/0x300
[   40.594324]  ? print_usage_bug+0x480/0x480
[   40.598530]  ? __lock_acquire+0x732/0x4620
[   40.602740]  ? lock_release+0xd70/0xd70
[   40.606718]  ? selinux_ipv4_forward+0x50/0x50
[   40.611188]  ? core_kernel_data+0x1a/0x20
[   40.615322]  ? lock_acquire+0x1d5/0x580
[   40.619279]  ? ip6_finish_output+0x2f9/0x920
[   40.623663]  ? mark_held_locks+0xb2/0x100
[   40.627792]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   40.632786]  ? mark_held_locks+0xb2/0x100
[   40.636908]  ? ip6_finish_output2+0x119b/0x22a0
[   40.641555]  dev_queue_xmit+0x17/0x20
[   40.645337]  ip6_finish_output2+0x13c4/0x22a0
[   40.649840]  ? ip6_copy_metadata+0x650/0x650
[   40.654246]  ? ip6_mtu+0x13c/0x3e0
[   40.657778]  ? lock_release+0xd70/0xd70
[   40.661742]  ? __lock_is_held+0xbc/0x140
[   40.665806]  ? ip6_mtu+0x112/0x3e0
[   40.669321]  ? ip6_neigh_lookup+0xba0/0xba0
[   40.673616]  ? lock_release+0xd70/0xd70
[   40.677571]  ip6_finish_output+0x2f9/0x920
[   40.681784]  ? ip6_finish_output+0x2f9/0x920
[   40.686181]  ip6_output+0x1f4/0x850
[   40.689785]  ? ip6_finish_output+0x920/0x920
[   40.694180]  ? lock_release+0xd70/0xd70
[   40.698149]  ? ip6_fragment+0x33f0/0x33f0
[   40.702288]  ndisc_send_skb+0x8fd/0x1180
[   40.706331]  ? pndisc_destructor+0x330/0x330
[   40.710718]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   40.715720]  ? __ndisc_fill_addr_option+0xe9/0x110
[   40.720629]  ndisc_send_rs+0x12a/0x550
[   40.724496]  addrconf_rs_timer+0x32e/0x650
[   40.728709]  ? ipv6_get_lladdr+0x500/0x500
[   40.732934]  call_timer_fn+0x246/0x850
[   40.736799]  ? call_timer_fn+0x246/0x850
[   40.740839]  ? ipv6_get_lladdr+0x500/0x500
[   40.745052]  ? __next_timer_interrupt+0x150/0x150
[   40.749875]  ? lock_downgrade+0x990/0x990
[   40.754006]  ? __run_timers+0x1ce/0xb90
[   40.757976]  ? do_raw_spin_trylock+0x190/0x190
[   40.762567]  ? ipv6_get_lladdr+0x500/0x500
[   40.766782]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   40.771775]  ? ipv6_get_lladdr+0x500/0x500
[   40.775983]  __run_timers+0x7fd/0xb90
[   40.779786]  ? del_timer_sync+0x240/0x240
[   40.783912]  ? print_usage_bug+0x480/0x480
[   40.788133]  ? timerqueue_add+0x1e9/0x280
[   40.792280]  ? find_held_lock+0x39/0x1d0
[   40.796344]  ? check_noncircular+0x20/0x20
[   40.800556]  ? lock_downgrade+0x990/0x990
[   40.804683]  ? lock_acquire+0x1d5/0x580
[   40.808631]  ? clockevents_program_event+0x163/0x2e0
[   40.813718]  ? __lock_is_held+0xbc/0x140
[   40.817773]  run_timer_softirq+0x4c/0xb0
[   40.821809]  __do_softirq+0x2bb/0xbd0
[   40.825583]  ? ktime_get+0x26f/0x3a0
[   40.829276]  ? do_gettimeofday+0x190/0x190
[   40.833490]  ? __softirqentry_text_start+0x8/0x8
[   40.838217]  ? do_raw_spin_trylock+0x190/0x190
[   40.842783]  ? do_timer+0x50/0x50
[   40.846220]  ? native_apic_msr_write+0x5c/0x80
[   40.850782]  ? kvm_clock_get_cycles+0x25/0x30
[   40.855256]  ? lapic_next_event+0x5a/0x90
[   40.859388]  ? clockevents_program_event+0x108/0x2e0
[   40.864476]  ? tick_program_event+0x7f/0xd0
[   40.868777]  ? __lock_is_held+0xbc/0x140
[   40.872842]  irq_exit+0x1d3/0x210
[   40.876274]  smp_apic_timer_interrupt+0x177/0x710
[   40.881092]  ? smp_reschedule_interrupt+0xf2/0x670
[   40.886014]  ? smp_call_function_single_interrupt+0x650/0x650
[   40.891894]  ? _raw_spin_lock+0x32/0x40
[   40.895851]  ? handle_edge_irq+0x2b4/0x7c0
[   40.900089]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.904931]  apic_timer_interrupt+0x9d/0xb0
[   40.909232]  </IRQ>
[   40.911442] RIP: 0010:clear_page_erms+0x7/0x10
[   40.916002] RSP: 0000:ffff8801d7577708 EFLAGS: 00010246 ORIG_RAX: ffffffffffffff10
[   40.923706] RAX: 0000000000000000 RBX: 000000000000016a RCX: 0000000000000840
[   40.930973] RDX: 0000000000000000 RSI: ffff8801caafc080 RDI: ffff8801bbf6a7c0
[   40.938218] RBP: ffff8801d7577770 R08: 0000160000000000 R09: 0000000000000000
[   40.945462] R10: ffffffffffffffe8 R11: 0000000000000000 R12: dffffc0000000000
[   40.952717] R13: ffff8801caafc080 R14: ffff8801caafc080 R15: ffff8801caafc080
[   40.960000]  ? clear_huge_page+0x24f/0x750
[   40.964230]  do_huge_pmd_anonymous_page+0x59c/0x1ba0
[   40.969315]  ? __thp_get_unmapped_area+0x130/0x130
[   40.974228]  ? futex_wait_setup+0x3d0/0x3d0
[   40.978529]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.983698]  ? hash_futex+0x15/0x210
[   40.987385]  ? drop_futex_key_refs.isra.13+0x63/0xb0
[   40.992465]  ? futex_wake+0x2ca/0x680
[   40.996242]  ? __hrtimer_init+0x140/0x140
[   41.000366]  ? get_futex_key+0x1d50/0x1d50
[   41.004576]  ? lru_cache_add_active_or_unevictable+0x20e/0x540
[   41.010534]  ? check_noncircular+0x20/0x20
[   41.014743]  ? lockdep_init_map+0x3d/0x70
[   41.018867]  ? do_futex+0x783/0x2130
[   41.022561]  ? check_noncircular+0x20/0x20
[   41.026768]  ? check_noncircular+0x20/0x20
[   41.030982]  __handle_mm_fault+0x1827/0x39c0
[   41.035370]  ? __pmd_alloc+0x4e0/0x4e0
[   41.039240]  ? lock_downgrade+0x990/0x990
[   41.043369]  ? __lock_is_held+0xbc/0x140
[   41.047435]  handle_mm_fault+0x334/0x8d0
[   41.051469]  ? down_read_trylock+0xdb/0x170
[   41.055765]  ? __do_page_fault+0x2b8/0xb60
[   41.059974]  ? __handle_mm_fault+0x39c0/0x39c0
[   41.064528]  ? vmacache_find+0x61/0x270
[   41.068480]  ? find_vma+0x30/0x150
[   41.071997]  __do_page_fault+0x4f6/0xb60
[   41.076053]  do_page_fault+0xee/0x720
[   41.079838]  ? __do_page_fault+0xb60/0xb60
[   41.084062]  ? SyS_futex+0x260/0x390
[   41.087753]  ? SyS_futex+0x269/0x390
[   41.091445]  ? do_futex+0x2130/0x2130
[   41.095225]  ? entry_SYSCALL_64_fastpath+0x4b/0xbe
[   41.100146]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   41.104970]  page_fault+0x22/0x30
[   41.108410] RIP: 0033:0x405424
[   41.111579] RSP: 002b:00007ffc05fd2a90 EFLAGS: 00010246
[   41.116918] RAX: 0000000020d87000 RBX: 0000000000000004 RCX: 0000000000000004
[   41.124162] RDX: 0b560e42c11b4dad RSI: 0000000000000000 RDI: 00000000016c7848
[   41.131404] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   41.138645] R10: 00007ffc05fd2b30 R11: 0000000000000206 R12: fffffffffffffffe
[   41.145887] R13: 0000000000718000 R14: 0000000020d87000 R15: 0000000000000016
[   41.153167] 
[   41.154771] Allocated by task 6371:
[   41.158372]  save_stack_trace+0x16/0x20
[   41.162325]  save_stack+0x43/0xd0
[   41.165750]  kasan_kmalloc+0xad/0xe0
[   41.169437]  __kmalloc+0x162/0x760
[   41.172949]  sk_prot_alloc+0x101/0x2a0
[   41.176807]  sk_alloc+0x89/0x700
[   41.180147]  packet_create+0x169/0xb00
[   41.184010]  __sock_create+0x4d4/0x850
[   41.187894]  SyS_socket+0xeb/0x200
[   41.191408]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   41.196133] 
[   41.197731] Freed by task 6371:
[   41.200983]  save_stack_trace+0x16/0x20
[   41.204932]  save_stack+0x43/0xd0
[   41.208355]  kasan_slab_free+0x71/0xc0
[   41.212215]  kfree+0xca/0x250
[   41.215298]  __sk_destruct+0x74a/0x910
[   41.219169]  sk_destruct+0x47/0x80
[   41.222681]  __sk_free+0x57/0x230
[   41.226108]  sk_free+0x2a/0x40
[   41.229275]  packet_release+0x859/0xd70
[   41.233224]  sock_release+0x8d/0x1e0
[   41.236909]  sock_close+0x16/0x20
[   41.240334]  __fput+0x333/0x7f0
[   41.243582]  ____fput+0x15/0x20
[   41.246833]  task_work_run+0x199/0x270
[   41.250700]  do_exit+0xa52/0x1b40
[   41.254123]  do_group_exit+0x149/0x400
[   41.257984]  get_signal+0x7e8/0x17e0
[   41.261671]  do_signal+0x94/0x1ee0
[   41.265185]  exit_to_usermode_loop+0x224/0x300
[   41.269738]  syscall_return_slowpath+0x42f/0x500
[   41.274467]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   41.279193] 
[   41.280793] The buggy address belongs to the object at ffff8801d4210080
[   41.280793]  which belongs to the cache kmalloc-2048 of size 2048
[   41.293592] The buggy address is located 2000 bytes inside of
[   41.293592]  2048-byte region [ffff8801d4210080, ffff8801d4210880)
[   41.305607] The buggy address belongs to the page:
[   41.310508] page:ffffea0007508400 count:1 mapcount:0 mapping:ffff8801d4210080 index:0x0 compound_mapcount: 0
[   41.320453] flags: 0x200000000008100(slab|head)
[   41.325097] raw: 0200000000008100 ffff8801d4210080 0000000000000000 0000000100000003
[   41.332947] raw: ffffea00075375a0 ffffea00075014a0 ffff8801dac00c40 0000000000000000
[   41.340805] page dumped because: kasan: bad access detected
[   41.346492] 
[   41.348093] Memory state around the buggy address:
[   41.352993]  ffff8801d4210700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.360326]  ffff8801d4210780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.367663] >ffff8801d4210800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.375001]                                                  ^
[   41.380949]  ffff8801d4210880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.388277]  ffff8801d4210900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.395603] ==================================================================
[   41.402928] Disabling lock debugging due to kernel taint
[   41.408371] Kernel panic - not syncing: panic_on_warn set ...
[   41.408371]