INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-net-kasan-gce-7,10.128.15.194' (ECDSA) to the list of known hosts.
2017/09/13 06:28:06 parsed 1 programs
2017/09/13 06:28:06 executed programs: 0
syzkaller login: [   45.593096] dev_remove_pack: ffff8801c2765a40 not found
2017/09/13 06:28:11 executed programs: 935
[   46.086814] dev_remove_pack: ffff8801d9b15c40 not found
[   46.139595] ==================================================================
[   46.146995] BUG: KASAN: use-after-free in packet_rcv_fanout+0x78a/0x7d0
[   46.153724] Read of size 8 at addr ffff8801d9b15c50 by task syz-executor0/5965
[   46.161058] 
[   46.162668] CPU: 1 PID: 5965 Comm: syz-executor0 Not tainted 4.13.0+ #43
[   46.169476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.178799] Call Trace:
[   46.181353]  <IRQ>
[   46.183492]  dump_stack+0x194/0x257
[   46.187123]  ? arch_local_irq_restore+0x53/0x53
[   46.191789]  ? show_regs_print_info+0x65/0x65
[   46.196284]  ? packet_rcv_fanout+0x78a/0x7d0
[   46.201136]  print_address_description+0x73/0x250
[   46.205964]  ? packet_rcv_fanout+0x78a/0x7d0
[   46.210365]  kasan_report+0x24e/0x340
[   46.214153]  __asan_report_load8_noabort+0x14/0x20
[   46.219059]  packet_rcv_fanout+0x78a/0x7d0
[   46.223269]  ? __lock_acquire+0x732/0x4620
[   46.227479]  ? compat_packet_setsockopt+0x140/0x140
[   46.232501]  ? refcount_add+0x60/0x60
[   46.236298]  __netif_receive_skb_core+0x1d87/0x33d0
[   46.241294]  ? __bpf_address_lookup+0x2b0/0x2b0
[   46.245955]  ? nf_ingress+0x9f0/0x9f0
[   46.249731]  ? unwind_dump+0x4c0/0x4c0
[   46.253632]  ? check_noncircular+0x20/0x20
[   46.257846]  ? __kernel_text_address+0xae/0xe0
[   46.262416]  ? __save_stack_trace+0x7e/0xd0
[   46.266723]  ? depot_save_stack+0x12c/0x490
[   46.271048]  ? find_held_lock+0x39/0x1d0
[   46.275105]  ? lock_downgrade+0x990/0x990
[   46.279230]  ? __bad_area_nosemaphore+0x1d2/0x3e0
[   46.284062]  ? lock_acquire+0x1d5/0x580
[   46.288015]  ? netif_receive_skb_internal+0x1d7/0x670
[   46.293188]  ? find_held_lock+0x39/0x1d0
[   46.297233]  ? pvclock_read_flags+0x160/0x160
[   46.301704]  ? lock_downgrade+0x990/0x990
[   46.305846]  ? lock_acquire+0x1d5/0x580
[   46.309808]  ? netif_receive_skb_internal+0xa2/0x670
[   46.314894]  ? ktime_get_with_offset+0x2c1/0x420
[   46.319627]  ? lock_release+0xd70/0xd70
[   46.323572]  ? ktime_get+0x3a0/0x3a0
[   46.327269]  __netif_receive_skb+0x2c/0x1b0
[   46.331566]  ? __netif_receive_skb+0x2c/0x1b0
[   46.336045]  netif_receive_skb_internal+0x10b/0x670
[   46.341045]  ? dev_cpu_dead+0xb00/0xb00
[   46.344994]  ? __alloc_pages_nodemask+0xd80/0xd80
[   46.349832]  ? net_rx_action+0x1910/0x1910
[   46.354049]  ? rcu_pm_notify+0xc0/0xc0
[   46.357927]  ? skb_gro_reset_offset+0x17b/0x300
[   46.362580]  napi_gro_receive+0x3d0/0x500
[   46.366701]  ? dev_gro_receive+0x19b0/0x19b0
[   46.371092]  ? eth_type_trans+0x2a3/0x650
[   46.375220]  ? eth_gro_receive+0x810/0x810
[   46.379461]  receive_buf+0xcc5/0x51f0
[   46.383254]  ? virtnet_set_rx_mode+0x9f0/0x9f0
[   46.387810]  ? register_lock_class+0xf40/0x2c70
[   46.392463]  ? print_usage_bug+0x480/0x480
[   46.396677]  ? save_stack_trace+0x16/0x20
[   46.400800]  ? __lock_acquire+0x20fd/0x4620
[   46.405097]  ? __lock_acquire+0x732/0x4620
[   46.409309]  ? print_usage_bug+0x480/0x480
[   46.413537]  ? print_usage_bug+0x480/0x480
[   46.417776]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   46.422971]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   46.428836]  ? tick_do_update_jiffies64.part.16+0x17e/0x270
[   46.434532]  ? __lock_acquire+0x732/0x4620
[   46.438748]  ? unwind_dump+0x4c0/0x4c0
[   46.442624]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   46.447628]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   46.452619]  ? unwind_dump+0x4c0/0x4c0
[   46.456495]  ? print_usage_bug+0x480/0x480
[   46.460718]  ? __unwind_start+0x169/0x330
[   46.464849]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   46.470704]  ? print_usage_bug+0x480/0x480
[   46.474916]  ? smp_apic_timer_interrupt+0x177/0x710
[   46.479913]  ? tick_do_update_jiffies64.part.16+0x17e/0x270
[   46.485612]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   46.490603]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   46.495591]  ? unwind_dump+0x4c0/0x4c0
[   46.499462]  ? unwind_dump+0x4c0/0x4c0
[   46.503332]  ? __unwind_start+0x169/0x330
[   46.507463]  ? unwind_get_return_address+0x61/0xa0
[   46.512385]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   46.518254]  ? handle_irq_event+0xa7/0x140
[   46.522469]  ? __lock_acquire+0x20fd/0x4620
[   46.526787]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   46.531791]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   46.536781]  ? unwind_dump+0x4c0/0x4c0
[   46.540643]  ? unwind_dump+0x4c0/0x4c0
[   46.544507]  ? __unwind_start+0x169/0x330
[   46.548634]  ? print_usage_bug+0x480/0x480
[   46.552854]  ? __unwind_start+0x169/0x330
[   46.556990]  ? unwind_get_return_address+0x61/0xa0
[   46.561906]  ? __save_stack_trace+0x61/0xd0
[   46.566228]  ? vring_use_dma_api+0x7f/0xa0
[   46.570441]  ? vring_unmap_one+0x49/0x3d0
[   46.574564]  ? detach_buf+0x463/0x6a0
[   46.578368]  ? virtqueue_get_buf_ctx+0x3b1/0x8b0
[   46.583108]  ? common_interrupt+0x9d/0x9d
[   46.587231]  ? detach_buf+0x6a0/0x6a0
[   46.591010]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   46.596015]  virtnet_poll+0x304/0xad0
[   46.599803]  ? receive_buf+0x51f0/0x51f0
[   46.603845]  ? net_rx_action+0x49b/0x1910
[   46.607972]  net_rx_action+0x792/0x1910
[   46.611933]  ? napi_complete_done+0x6c0/0x6c0
[   46.616401]  ? check_noncircular+0x20/0x20
[   46.620607]  ? __lock_acquire+0x20fd/0x4620
[   46.624903]  ? _raw_spin_unlock_irq+0x27/0x70
[   46.629380]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   46.634569]  ? lock_downgrade+0x990/0x990
[   46.638700]  ? __wake_up+0x1e/0x50
[   46.642222]  ? rcu_read_lock_sched_held+0x108/0x120
[   46.647226]  ? do_raw_spin_trylock+0x190/0x190
[   46.651782]  ? match_held_lock+0x940/0x9f0
[   46.655989]  ? kill_fasync+0x3ba/0x540
[   46.659855]  ? send_sigio+0x320/0x320
[   46.663638]  ? trace_hardirqs_off+0xd/0x10
[   46.667856]  ? __wake_up+0x3f/0x50
[   46.671373]  ? check_noncircular+0x20/0x20
[   46.675580]  ? credit_entropy_bits+0x4bc/0x880
[   46.680139]  ? add_interrupt_randomness+0x422/0x7f0
[   46.685126]  ? crng_reseed+0x5f0/0x5f0
[   46.688991]  ? rcu_read_lock_sched_held+0x108/0x120
[   46.693983]  ? __handle_irq_event_percpu+0x308/0x9d0
[   46.699066]  ? rcu_pm_notify+0xc0/0xc0
[   46.702957]  __do_softirq+0x2bb/0xbd0
[   46.706745]  ? __softirqentry_text_start+0x8/0x8
[   46.711472]  ? do_raw_spin_trylock+0x190/0x190
[   46.716031]  ? handle_irq_event_percpu+0x141/0x1b0
[   46.720940]  ? __handle_irq_event_percpu+0x9d0/0x9d0
[   46.726036]  ? _raw_spin_lock+0x32/0x40
[   46.729988]  ? _raw_spin_unlock+0x22/0x30
[   46.734108]  ? handle_edge_irq+0x2b4/0x7c0
[   46.738326]  irq_exit+0x1d3/0x210
[   46.741756]  do_IRQ+0xf6/0x190
[   46.744924]  common_interrupt+0x9d/0x9d
[   46.748869]  </IRQ>
[   46.751078] RIP: 0010:_raw_spin_unlock_irqrestore+0x5e/0xba
[   46.756756] RSP: 0000:ffff8801c2427b38 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff1e
[   46.764437] RAX: dffffc0000000000 RBX: 0000000000000282 RCX: 0000000000000000
[   46.771680] RDX: 1ffffffff0b592fd RSI: 0000000000000001 RDI: 0000000000000282
[   46.778928] RBP: ffff8801c2427b48 R08: ffff8801c2426e08 R09: 0000000000000000
[   46.786169] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801c40b94c8
[   46.793413] R13: 0000000000000000 R14: 0000000000000282 R15: ffff8801c2427bf8
[   46.800679]  force_sig_info+0x276/0x340
[   46.804636]  force_sig_info_fault.constprop.35+0x28c/0x450
[   46.810237]  ? is_prefetch.isra.32+0x420/0x420
[   46.814797]  ? __lock_is_held+0xbc/0x140
[   46.818847]  __bad_area_nosemaphore+0x1d2/0x3e0
[   46.823484]  ? down_read_trylock+0xdb/0x170
[   46.827776]  ? __do_page_fault+0x2b8/0xb60
[   46.831989]  bad_area_access_error+0x1e2/0x2d0
[   46.836546]  ? find_vma+0x30/0x150
[   46.840063]  __do_page_fault+0x356/0xb60
[   46.844104]  do_page_fault+0xee/0x720
[   46.847877]  ? trace_hardirqs_off+0xd/0x10
[   46.852083]  ? __do_page_fault+0xb60/0xb60
[   46.856296]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   46.861817]  ? retint_user+0x18/0x20
[   46.865507]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   46.870330]  page_fault+0x22/0x30
[   46.873754] RIP: 0033:0x40536e
[   46.876914] RSP: 002b:00007ffe42d3c3f0 EFLAGS: 00010246
[   46.882254] RAX: 0000000020fd200c RBX: 0000000000000000 RCX: 0000000000000000
[   46.889498] RDX: e6c5fd5dc074b7d6 RSI: 0000000000000000 RDI: 00000000024b0848
[   46.896740] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   46.903982] R10: 00007ffe42d3c490 R11: 0000000000000000 R12: fffffffffffffffe
[   46.911222] R13: 00000000007180b0 R14: 0000000020fd200c R15: 0000000000000016
[   46.918481] 
[   46.920080] Allocated by task 5944:
[   46.923680]  save_stack_trace+0x16/0x20
[   46.927631]  save_stack+0x43/0xd0
[   46.931056]  kasan_kmalloc+0xad/0xe0
[   46.934742]  __kmalloc+0x162/0x760
[   46.938253]  sk_prot_alloc+0x101/0x2a0
[   46.942111]  sk_alloc+0x89/0x700
[   46.945450]  packet_create+0x169/0xb00
[   46.949308]  __sock_create+0x4d4/0x850
[   46.953165]  SyS_socket+0xeb/0x200
[   46.956676]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   46.961398] 
[   46.962995] Freed by task 5938:
[   46.966252]  save_stack_trace+0x16/0x20
[   46.970198]  save_stack+0x43/0xd0
[   46.973620]  kasan_slab_free+0x71/0xc0
[   46.977479]  kfree+0xca/0x250
[   46.980555]  __sk_destruct+0x74a/0x910
[   46.984411]  sk_destruct+0x47/0x80
[   46.987918]  __sk_free+0x57/0x230
[   46.991343]  sk_free+0x2a/0x40
[   46.994507]  packet_release+0x859/0xd70
[   46.998453]  sock_release+0x8d/0x1e0
[   47.002138]  sock_close+0x16/0x20
[   47.005562]  __fput+0x333/0x7f0
[   47.008813]  ____fput+0x15/0x20
[   47.012063]  task_work_run+0x199/0x270
[   47.015921]  do_exit+0xa52/0x1b40
[   47.019343]  do_group_exit+0x149/0x400
[   47.023207]  get_signal+0x7e8/0x17e0
[   47.026898]  do_signal+0x94/0x1ee0
[   47.030408]  exit_to_usermode_loop+0x224/0x300
[   47.034958]  syscall_return_slowpath+0x42f/0x500
[   47.039684]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   47.044408] 
[   47.046013] The buggy address belongs to the object at ffff8801d9b15480
[   47.046013]  which belongs to the cache kmalloc-2048 of size 2048
[   47.058822] The buggy address is located 2000 bytes inside of
[   47.058822]  2048-byte region [ffff8801d9b15480, ffff8801d9b15c80)
[   47.070838] The buggy address belongs to the page:
[   47.075745] page:ffffea000766c500 count:1 mapcount:0 mapping:ffff8801d9b14380 index:0x0 compound_mapcount: 0
[   47.085692] flags: 0x200000000008100(slab|head)
[   47.090334] raw: 0200000000008100 ffff8801d9b14380 0000000000000000 0000000100000003
[   47.098184] raw: ffffea0007660120 ffffea00076665a0 ffff8801dac00c40 0000000000000000
[   47.106036] page dumped because: kasan: bad access detected
[   47.111719] 
[   47.113319] Memory state around the buggy address:
[   47.118218]  ffff8801d9b15b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.125546]  ffff8801d9b15b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.132873] >ffff8801d9b15c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb