INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-3,10.128.0.10' (ECDSA) to the list of known hosts.
2017/09/16 15:53:16 parsed 1 programs
2017/09/16 15:53:16 executed programs: 0
syzkaller login: [   47.865823] dev_remove_pack: ffff8801cc2cb640 not found
[   47.883289] ==================================================================
[   47.890686] BUG: KASAN: use-after-free in __dev_remove_pack+0x305/0x3b0
[   47.897407] Read of size 8 at addr ffff8801cc34f3a8 by task syz-executor0/3237
[   47.904732] 
[   47.906332] CPU: 1 PID: 3237 Comm: syz-executor0 Not tainted 4.13.0-next-20170915+ #23
[   47.914352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.923674] Call Trace:
[   47.926232]  dump_stack+0x194/0x257
[   47.929833]  ? arch_local_irq_restore+0x53/0x53
[   47.934473]  ? show_regs_print_info+0x65/0x65
[   47.938947]  ? __dev_remove_pack+0x305/0x3b0
[   47.943327]  print_address_description+0x73/0x250
[   47.948138]  ? __dev_remove_pack+0x305/0x3b0
[   47.952516]  kasan_report+0x24e/0x340
[   47.956290]  __asan_report_load8_noabort+0x14/0x20
[   47.961189]  __dev_remove_pack+0x305/0x3b0
[   47.965395]  ? dev_get_by_name_rcu+0x270/0x270
[   47.969948]  ? refcount_sub_and_test+0x115/0x1b0
[   47.974685]  __unregister_prot_hook+0x211/0x280
[   47.979338]  packet_release+0x8bb/0xd70
[   47.983294]  ? packet_set_ring+0x1b70/0x1b70
[   47.987676]  ? lock_downgrade+0x990/0x990
[   47.991815]  ? locks_remove_file+0x3fa/0x5a0
[   47.996194]  ? fcntl_setlk+0x10d0/0x10d0
[   48.000230]  ? __fsnotify_parent+0xb4/0x3a0
[   48.004527]  ? fsnotify+0x1af0/0x1af0
[   48.008305]  sock_release+0x8d/0x1e0
[   48.011987]  ? sock_release+0x8d/0x1e0
[   48.015846]  ? sock_release+0x1e0/0x1e0
[   48.019792]  sock_close+0x16/0x20
[   48.023215]  __fput+0x333/0x7f0
[   48.026471]  ? fput+0x140/0x140
[   48.029722]  ? check_same_owner+0x320/0x320
[   48.034014]  ? _raw_spin_unlock_irq+0x27/0x70
[   48.038486]  ____fput+0x15/0x20
[   48.041738]  task_work_run+0x199/0x270
[   48.045600]  ? task_work_cancel+0x210/0x210
[   48.049894]  ? _raw_spin_unlock+0x22/0x30
[   48.054024]  ? switch_task_namespaces+0x87/0xc0
[   48.058673]  do_exit+0xa52/0x1b40
[   48.062096]  ? plist_check_list+0xa0/0xa0
[   48.066225]  ? plist_del+0x47b/0x990
[   48.069911]  ? mm_update_next_owner+0x930/0x930
[   48.074553]  ? plist_add+0x760/0x760
[   48.078259]  ? check_same_owner+0x320/0x320
[   48.082555]  ? osq_unlock+0x350/0x350
[   48.086324]  ? find_held_lock+0x39/0x1d0
[   48.090365]  ? check_noncircular+0x20/0x20
[   48.094574]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   48.099927]  ? find_held_lock+0x39/0x1d0
[   48.103969]  ? lock_downgrade+0x990/0x990
[   48.108088]  ? recalc_sigpending_tsk+0x117/0x150
[   48.112815]  ? recalc_sigpending+0x103/0x160
[   48.117192]  ? recalc_sigpending_tsk+0x150/0x150
[   48.121914]  ? get_signal+0x397/0x17e0
[   48.125787]  do_group_exit+0x149/0x400
[   48.129645]  ? __lock_is_held+0xbc/0x140
[   48.133675]  ? SyS_exit+0x30/0x30
[   48.137097]  ? _raw_spin_unlock_irq+0x27/0x70
[   48.141565]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   48.146557]  get_signal+0x7e8/0x17e0
[   48.150268]  ? ptrace_notify+0x130/0x130
[   48.154297]  ? __fget+0xbb/0x580
[   48.157633]  ? __lockdep_init_map+0xe4/0x650
[   48.162018]  ? lock_release+0xd70/0xd70
[   48.165969]  ? exit_robust_list+0x240/0x240
[   48.170273]  do_signal+0x94/0x1ee0
[   48.173793]  ? iterate_fd+0x3f0/0x3f0
[   48.177567]  ? setup_sigcontext+0x7d0/0x7d0
[   48.181863]  ? __lock_is_held+0xbc/0x140
[   48.185908]  ? __fget_light+0x29d/0x390
[   48.189857]  ? selinux_tun_dev_create+0xc0/0xc0
[   48.194496]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   48.200179]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   48.205423]  ? alloc_file+0x284/0x3a0
[   48.209195]  ? exit_to_usermode_loop+0x98/0x300
[   48.213842]  exit_to_usermode_loop+0x224/0x300
[   48.218398]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   48.223914]  syscall_return_slowpath+0x42f/0x500
[   48.228651]  ? prepare_exit_to_usermode+0x2c0/0x2c0
[   48.233638]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   48.238539]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   48.243525]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   48.248258]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   48.252982] RIP: 0033:0x451e59
[   48.256141] RSP: 002b:00007f9737f8fcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   48.263822] RAX: fffffffffffffe00 RBX: 00000000007180d8 RCX: 0000000000451e59
[   48.271061] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000007180d8
[   48.278301] RBP: 00000000007180b0 R08: 0000000000000000 R09: 0000000000000000
[   48.285538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   48.292780] R13: 00007ffddf6d295f R14: 00007f9737f909c0 R15: 0000000000000004
[   48.300035] 
[   48.301632] Allocated by task 3236:
[   48.305229]  save_stack_trace+0x16/0x20
[   48.309173]  save_stack+0x43/0xd0
[   48.312595]  kasan_kmalloc+0xad/0xe0
[   48.316287]  kmem_cache_alloc_trace+0x136/0x750
[   48.320923]  fanout_add+0xa50/0x1190
[   48.324606]  packet_setsockopt+0xfdc/0x1e80
[   48.328894]  SyS_setsockopt+0x189/0x360
[   48.332838]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   48.337559] 
[   48.339154] Freed by task 3237:
[   48.342402]  save_stack_trace+0x16/0x20
[   48.346343]  save_stack+0x43/0xd0
[   48.349780]  kasan_slab_free+0x71/0xc0
[   48.353636]  kfree+0xca/0x250
[   48.356711]  packet_release+0xa8f/0xd70
[   48.360654]  sock_release+0x8d/0x1e0
[   48.364335]  sock_close+0x16/0x20
[   48.367757]  __fput+0x333/0x7f0
[   48.371006]  ____fput+0x15/0x20
[   48.374254]  task_work_run+0x199/0x270
[   48.378111]  do_exit+0xa52/0x1b40
[   48.381534]  do_group_exit+0x149/0x400
[   48.385388]  get_signal+0x7e8/0x17e0
[   48.389069]  do_signal+0x94/0x1ee0
[   48.392578]  exit_to_usermode_loop+0x224/0x300
[   48.397129]  syscall_return_slowpath+0x42f/0x500
[   48.401853]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   48.406574] 
[   48.408172] The buggy address belongs to the object at ffff8801cc34eb00
[   48.408172]  which belongs to the cache kmalloc-4096 of size 4096
[   48.420967] The buggy address is located 2216 bytes inside of
[   48.420967]  4096-byte region [ffff8801cc34eb00, ffff8801cc34fb00)
[   48.432981] The buggy address belongs to the page:
[   48.437878] page:ffffea000730d380 count:1 mapcount:0 mapping:ffff8801cc34eb00 index:0x0 compound_mapcount: 0
[   48.447822] flags: 0x200000000008100(slab|head)
[   48.452460] raw: 0200000000008100 ffff8801cc34eb00 0000000000000000 0000000100000001
[   48.460309] raw: ffffea0007307ba0 ffff8801dac01a50 ffff8801dac00dc0 0000000000000000
[   48.468156] page dumped because: kasan: bad access detected
[   48.473830] 
[   48.475425] Memory state around the buggy address:
[   48.480321]  ffff8801cc34f280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.487649]  ffff8801cc34f300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.494975] >ffff8801cc34f380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.502300]                                   ^
[   48.506936]  ffff8801cc34f400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.514262]  ffff8801cc34f480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.521588] ==================================================================
[   48.528912] Disabling lock debugging due to kernel taint
[   48.534407] Kernel panic - not syncing: panic_on_warn set ...
[   48.534407] 
[   48.541734] CPU: 1 PID: 3237 Comm: syz-executor0 Tainted: G    B           4.13.0-next-20170915+ #23
[   48.550967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.560284] Call Trace:
[   48.562836]  dump_stack+0x194/0x257
[   48.566430]  ? arch_local_irq_restore+0x53/0x53
[   48.571068]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   48.575793]  ? __dev_remove_pack+0x2e0/0x3b0
[   48.580168]  panic+0x1e4/0x417
[   48.583323]  ? __warn+0x1d9/0x1d9
[   48.586751]  ? __dev_remove_pack+0x305/0x3b0
[   48.591124]  kasan_end_report+0x50/0x50
[   48.595062]  kasan_report+0x137/0x340
[   48.598828]  __asan_report_load8_noabort+0x14/0x20
[   48.603720]  __dev_remove_pack+0x305/0x3b0
[   48.607919]  ? dev_get_by_name_rcu+0x270/0x270
[   48.612468]  ? refcount_sub_and_test+0x115/0x1b0
[   48.617194]  __unregister_prot_hook+0x211/0x280
[   48.621832]  packet_release+0x8bb/0xd70
[   48.625773]  ? packet_set_ring+0x1b70/0x1b70
[   48.630145]  ? lock_downgrade+0x990/0x990
[   48.634265]  ? locks_remove_file+0x3fa/0x5a0
[   48.638640]  ? fcntl_setlk+0x10d0/0x10d0
[   48.642675]  ? __fsnotify_parent+0xb4/0x3a0
[   48.646961]  ? fsnotify+0x1af0/0x1af0
[   48.650729]  sock_release+0x8d/0x1e0
[   48.654407]  ? sock_release+0x8d/0x1e0
[   48.658258]  ? sock_release+0x1e0/0x1e0
[   48.662197]  sock_close+0x16/0x20
[   48.665615]  __fput+0x333/0x7f0
[   48.668860]  ? fput+0x140/0x140
[   48.672106]  ? check_same_owner+0x320/0x320
[   48.676390]  ? _raw_spin_unlock_irq+0x27/0x70
[   48.680853]  ____fput+0x15/0x20
[   48.684097]  task_work_run+0x199/0x270
[   48.687948]  ? task_work_cancel+0x210/0x210
[   48.692233]  ? _raw_spin_unlock+0x22/0x30
[   48.696343]  ? switch_task_namespaces+0x87/0xc0
[   48.700979]  do_exit+0xa52/0x1b40
[   48.704397]  ? plist_check_list+0xa0/0xa0
[   48.708514]  ? plist_del+0x47b/0x990
[   48.712191]  ? mm_update_next_owner+0x930/0x930
[   48.716825]  ? plist_add+0x760/0x760
[   48.720509]  ? check_same_owner+0x320/0x320
[   48.724797]  ? osq_unlock+0x350/0x350
[   48.728560]  ? find_held_lock+0x39/0x1d0
[   48.732590]  ? check_noncircular+0x20/0x20
[   48.736793]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   48.742129]  ? find_held_lock+0x39/0x1d0
[   48.746158]  ? lock_downgrade+0x990/0x990
[   48.750269]  ? recalc_sigpending_tsk+0x117/0x150
[   48.754988]  ? recalc_sigpending+0x103/0x160
[   48.759360]  ? recalc_sigpending_tsk+0x150/0x150
[   48.764079]  ? get_signal+0x397/0x17e0
[   48.767936]  do_group_exit+0x149/0x400
[   48.771789]  ? __lock_is_held+0xbc/0x140
[   48.775815]  ? SyS_exit+0x30/0x30
[   48.779231]  ? _raw_spin_unlock_irq+0x27/0x70
[   48.783690]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   48.788673]  get_signal+0x7e8/0x17e0
[   48.792364]  ? ptrace_notify+0x130/0x130
[   48.796387]  ? __fget+0xbb/0x580
[   48.799716]  ? __lockdep_init_map+0xe4/0x650
[   48.804092]  ? lock_release+0xd70/0xd70
[   48.808033]  ? exit_robust_list+0x240/0x240
[   48.812326]  do_signal+0x94/0x1ee0
[   48.815832]  ? iterate_fd+0x3f0/0x3f0
[   48.819599]  ? setup_sigcontext+0x7d0/0x7d0
[   48.823886]  ? __lock_is_held+0xbc/0x140
[   48.827917]  ? __fget_light+0x29d/0x390
[   48.831858]  ? selinux_tun_dev_create+0xc0/0xc0
[   48.836492]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   48.842165]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   48.847403]  ? alloc_file+0x284/0x3a0
[   48.851170]  ? exit_to_usermode_loop+0x98/0x300
[   48.855807]  exit_to_usermode_loop+0x224/0x300
[   48.860353]  ? trace_event_raw_event_sys_exit+0x260/0x260