INIT: Entering runlevel: 2 [[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-4,10.128.0.42' (ECDSA) to the list of known hosts. 2017/09/03 22:59:50 parsed 1 programs 2017/09/03 22:59:50 executed programs: 0 syzkaller login: [ 39.069608] dev_remove_pack: ffff8801c8b9c300 not found 2017/09/03 22:59:55 executed programs: 202 [ 42.083729] ================================================================== [ 42.091109] BUG: KASAN: use-after-free in do_raw_spin_lock+0x28f/0x2c0 at addr ffff8801c8b9bccc [ 42.099911] Read of size 4 by task swapper/0/0 [ 42.104463] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.46-g9100442 #38 [ 42.111352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.120671] ffff8801db207758 ffffffff81d93129 ffff8801da002000 ffff8801c8b9bb80 [ 42.128618] ffff8801c8b9c380 ffffed0039173799 ffff8801c8b9bccc ffff8801db207780 [ 42.136573] ffffffff8153ccac ffffed0039173799 ffff8801da002000 0000000000000000 [ 42.144513] Call Trace: [ 42.147061] [ 42.149094] [] dump_stack+0xc1/0x128 [ 42.154447] [] kasan_object_err+0x1c/0x70 [ 42.160220] [] kasan_report.part.1+0x21c/0x500 [ 42.166420] [] ? do_raw_spin_lock+0x28f/0x2c0 [ 42.172531] [] __asan_report_load4_noabort+0x29/0x30 [ 42.179251] [] do_raw_spin_lock+0x28f/0x2c0 [ 42.185190] [] _raw_spin_lock_bh+0x42/0x50 [ 42.191041] [] ? packet_rcv_has_room+0x25/0xb0 [ 42.197238] [] packet_rcv_has_room+0x25/0xb0 [ 42.203262] [] fanout_demux_rollover+0x26f/0x4d0 [ 42.209636] [] packet_rcv_fanout+0x4ce/0x620 [ 42.215660] [] __netif_receive_skb_core+0x887/0x29e0 [ 42.222383] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 42.229366] [] ? netif_wake_subqueue+0x210/0x210 [ 42.235737] [] ? netif_receive_skb_internal+0x92/0x390 [ 42.242637] [] __netif_receive_skb+0x5b/0x1c0 [ 42.248745] [] netif_receive_skb_internal+0xff/0x390 [ 42.255470] [] ? netif_receive_skb_internal+0x92/0x390 [ 42.262365] [] ? dev_cpu_callback+0x680/0x680 [ 42.268476] [] ? dev_gro_receive+0x1d6/0x16f0 [ 42.274598] [] ? dev_gro_receive+0x67a/0x16f0 [ 42.280709] [] ? eth_type_trans+0x2a8/0x5d0 [ 42.286646] [] napi_gro_receive+0x1fb/0x400 [ 42.292586] [] virtnet_receive+0xe1c/0x1cf0 [ 42.298537] [] ? virtnet_open+0x250/0x250 [ 42.304307] [] ? check_preemption_disabled+0x3b/0x200 [ 42.311114] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 42.318093] [] ? check_preemption_disabled+0x3b/0x200 [ 42.324986] [] ? debug_smp_processor_id+0x1c/0x20 [ 42.331445] [] virtnet_poll+0x26/0x140 [ 42.336952] [] net_rx_action+0x396/0xe00 [ 42.342630] [] ? sk_busy_loop+0xca0/0xca0 [ 42.348398] [] ? handle_edge_irq+0x417/0x8e0 [ 42.354423] [] ? _raw_spin_lock+0x3e/0x50 [ 42.360187] [] ? check_preemption_disabled+0x3b/0x200 [ 42.366995] [] __do_softirq+0x22d/0x964 [ 42.372590] [] irq_exit+0x165/0x190 [ 42.377833] [] do_IRQ+0x107/0x1b0 [ 42.382906] [] common_interrupt+0x8c/0x8c [ 42.388666] [ 42.390694] [] ? native_safe_halt+0x6/0x10 [ 42.396561] [] ? trace_hardirqs_on+0xd/0x10 [ 42.402501] [] default_idle+0x55/0x360 [ 42.408004] [] arch_cpu_idle+0xa/0x10 [ 42.413417] [] default_idle_call+0x36/0x60 [ 42.419266] [] cpu_startup_entry+0x30c/0x3d0 [ 42.425303] [] ? cpu_in_idle+0x20/0x20 [ 42.430806] [] rest_init+0x184/0x190 [ 42.436134] [] start_kernel+0x679/0x6ae [ 42.441726] [] ? thread_stack_cache_init+0xb/0xb [ 42.448096] [] ? early_idt_handler_array+0x120/0x120 [ 42.454815] [] x86_64_start_reservations+0x2a/0x2c [ 42.461360] [] x86_64_start_kernel+0x140/0x163 [ 42.467554] Object at ffff8801c8b9bb80, in cache kmalloc-2048 size: 2048 [ 42.474360] Allocated: [ 42.476820] PID = 3627 [ 42.479290] save_stack_trace+0x16/0x20 [ 42.483232] save_stack+0x43/0xd0 [ 42.486649] kasan_kmalloc+0xad/0xe0 [ 42.490324] __kmalloc+0x11d/0x310 [ 42.493844] sk_prot_alloc+0x101/0x2a0 [ 42.497695] sk_alloc+0x3a/0x3a0 [ 42.501027] packet_create+0xf0/0x8e0 [ 42.504805] __sock_create+0x3ab/0x640 [ 42.508657] SyS_socket+0xf0/0x1b0 [ 42.512164] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 42.516882] Freed: [ 42.518995] PID = 3627 [ 42.521458] save_stack_trace+0x16/0x20 [ 42.525396] save_stack+0x43/0xd0 [ 42.528811] kasan_slab_free+0x73/0xc0 [ 42.532662] kfree+0xf0/0x2f0 [ 42.535729] __sk_destruct+0x47f/0x570 [ 42.539580] sk_destruct+0x47/0x80 [ 42.543082] __sk_free+0x57/0x230 [ 42.546498] sk_free+0x23/0x30 [ 42.549654] packet_release+0x732/0xa20 [ 42.553590] sock_release+0x8d/0x1e0 [ 42.557269] sock_close+0x16/0x20 [ 42.560687] __fput+0x28c/0x6e0 [ 42.563929] ____fput+0x15/0x20 [ 42.567178] task_work_run+0x115/0x190 [ 42.571029] do_exit+0x82e/0x2a50 [ 42.574453] do_group_exit+0x108/0x320 [ 42.578306] get_signal+0x55c/0x1600 [ 42.581984] do_signal+0x87/0x1960 [ 42.585519] exit_to_usermode_loop+0xe5/0x130 [ 42.589980] syscall_return_slowpath+0x1a0/0x1e0 [ 42.594718] entry_SYSCALL_64_fastpath+0xc4/0xc6 [ 42.599436] Memory state around the buggy address: [ 42.604331] ffff8801c8b9bb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.611664] ffff8801c8b9bc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.618988] >ffff8801c8b9bc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.626330] ^ [ 42.632011] ffff8801c8b9bd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.639338] ffff8801c8b9bd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.646663] ================================================================== [ 42.654022] ================================================================== [ 42.661356] BUG: KASAN: use-after-free in do_raw_spin_lock+0x2b3/0x2c0 at addr ffff8801c8b9bcd8 [ 42.670157] Read of size 8 by task swapper/0/0 [ 42.674709] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.9.46-g9100442 #38 [ 42.682814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.692139] ffff8801db207758 ffffffff81d93129 ffff8801da002000 ffff8801c8b9bb80 [ 42.700121] ffff8801c8b9c380 ffffed003917379b ffff8801c8b9bcd8 ffff8801db207780 [ 42.708089] ffffffff8153ccac ffffed003917379b ffff8801da002000 0000000000000000 [ 42.716057] Call Trace: [ 42.718607] [ 42.720642] [] dump_stack+0xc1/0x128 [ 42.725998] [] kasan_object_err+0x1c/0x70 [ 42.731768] [] kasan_report.part.1+0x21c/0x500 [ 42.737974] [] ? do_raw_spin_lock+0x2b3/0x2c0 [ 42.744100] [] __asan_report_load8_noabort+0x29/0x30 [ 42.750835] [] do_raw_spin_lock+0x2b3/0x2c0 [ 42.756784] [] _raw_spin_lock_bh+0x42/0x50 [ 42.762952] [] ? packet_rcv_has_room+0x25/0xb0 [ 42.769156] [] packet_rcv_has_room+0x25/0xb0 [ 42.775208] [] fanout_demux_rollover+0x26f/0x4d0 [ 42.781581] [] packet_rcv_fanout+0x4ce/0x620 [ 42.787604] [] __netif_receive_skb_core+0x887/0x29e0 [ 42.794324] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 42.801305] [] ? netif_wake_subqueue+0x210/0x210 [ 42.807678] [] ? netif_receive_skb_internal+0x92/0x390 [ 42.814578] [] __netif_receive_skb+0x5b/0x1c0 [ 42.820690] [] netif_receive_skb_internal+0xff/0x390 [ 42.827407] [] ? netif_receive_skb_internal+0x92/0x390 [ 42.834300] [] ? dev_cpu_callback+0x680/0x680 [ 42.840412] [] ? dev_gro_receive+0x1d6/0x16f0 [ 42.846530] [] ? dev_gro_receive+0x67a/0x16f0 [ 42.852642] [] ? eth_type_trans+0x2a8/0x5d0 [ 42.858580] [] napi_gro_receive+0x1fb/0x400 [ 42.864521] [] virtnet_receive+0xe1c/0x1cf0 [ 42.870459] [] ? virtnet_open+0x250/0x250 [ 42.876227] [] ? check_preemption_disabled+0x3b/0x200 [ 42.883036] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 42.890016] [] ? check_preemption_disabled+0x3b/0x200 [ 42.896823] [] ? debug_smp_processor_id+0x1c/0x20 [ 42.903291] [] virtnet_poll+0x26/0x140 [ 42.908829] [] net_rx_action+0x396/0xe00 [ 42.914514] [] ? sk_busy_loop+0xca0/0xca0 [ 42.920281] [] ? handle_edge_irq+0x417/0x8e0 [ 42.926313] [] ? _raw_spin_lock+0x3e/0x50 [ 42.932105] [] ? check_preemption_disabled+0x3b/0x200 [ 42.938915] [] __do_softirq+0x22d/0x964 [ 42.944509] [] irq_exit+0x165/0x190 [ 42.949759] [] do_IRQ+0x107/0x1b0 [ 42.954834] [] common_interrupt+0x8c/0x8c [ 42.960594] [ 42.962627] [] ? native_safe_halt+0x6/0x10 [ 42.968496] [] ? trace_hardirqs_on+0xd/0x10 [ 42.974435] [] default_idle+0x55/0x360 [ 42.979939] [] arch_cpu_idle+0xa/0x10 [ 42.985360] [] default_idle_call+0x36/0x60 [ 42.991216] [] cpu_startup_entry+0x30c/0x3d0 [ 42.997252] [] ? cpu_in_idle+0x20/0x20 [ 43.002760] [] rest_init+0x184/0x190 [ 43.008094] [] start_kernel+0x679/0x6ae [ 43.013685] [] ? thread_stack_cache_init+0xb/0xb [ 43.020061] [] ? early_idt_handler_array+0x120/0x120 [ 43.026796] [] x86_64_start_reservations+0x2a/0x2c [ 43.033349] [] x86_64_start_kernel+0x140/0x163 [ 43.039561] Object at ffff8801c8b9bb80, in cache kmalloc-2048 size: 2048 [ 43.046388] Allocated: [ 43.048850] PID = 3627 [ 43.051325] save_stack_trace+0x16/0x20 [ 43.055266] save_stack+0x43/0xd0 [ 43.058687] kasan_kmalloc+0xad/0xe0 [ 43.062368] __kmalloc+0x11d/0x310 [ 43.065880] sk_prot_alloc+0x101/0x2a0 [ 43.069732] sk_alloc+0x3a/0x3a0 [ 43.073077] packet_create+0xf0/0x8e0 [ 43.076844] __sock_create+0x3ab/0x640 [ 43.080695] SyS_socket+0xf0/0x1b0