executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   19.617991] dev_remove_pack: ffff88006a821440 not found
executing program
executing program
executing program
[   19.658659] ==================================================================
[   19.659206] BUG: KASAN: use-after-free in __netif_receive_skb_core+0x2be3/0x33d0
[   19.659745] Read of size 2 at addr ffff8800696d94c0 by task swapper/0/0
[   19.660226] 
executing program
[   19.660346] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.13.0-next-20170904+ #14
[   19.661620] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
[   19.662472] Call Trace:
[   19.662749]  <IRQ>
[   19.662989]  dump_stack+0x194/0x257
[   19.663389]  ? arch_local_irq_restore+0x53/0x53
[   19.664008]  ? show_regs_print_info+0x65/0x65
[   19.664526]  ? __netif_receive_skb_core+0x2be3/0x33d0
[   19.665124]  print_address_description+0x73/0x250
[   19.665559]  ? __netif_receive_skb_core+0x2be3/0x33d0
[   19.666032]  kasan_report+0x24e/0x340
[   19.666383]  __asan_report_load2_noabort+0x14/0x20
[   19.666833]  __netif_receive_skb_core+0x2be3/0x33d0
[   19.667305]  ? nf_ingress+0x9f0/0x9f0
[   19.667652]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   19.668179]  ? secondary_startup_64+0xa5/0xa5
[   19.668590]  ? x86_64_start_kernel+0x87/0x8a
[   19.668989]  ? bpf_prog_alloc+0x310/0x310
[   19.669367]  ? check_noncircular+0x20/0x20
[   19.669754]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   19.670207]  ? lock_release+0xd70/0xd70
[   19.670574]  ? unwind_dump+0x4c0/0x4c0
[   19.670934]  ? find_held_lock+0x39/0x1d0
[   19.671312]  ? lock_downgrade+0x990/0x990
[   19.671700]  ? lock_acquire+0x1d5/0x580
[   19.672308]  ? netif_receive_skb_internal+0x1d7/0x5e0
[   19.672770]  ? find_held_lock+0x39/0x1d0
[   19.673143]  ? pvclock_read_flags+0x160/0x160
[   19.673544]  ? lock_downgrade+0x990/0x990
[   19.673921]  ? lock_acquire+0x1d5/0x580
[   19.674278]  ? netif_receive_skb_internal+0x93/0x5e0
[   19.674733]  ? ktime_get_with_offset+0x2c1/0x420
[   19.675185]  ? lock_release+0xd70/0xd70
[   19.675539]  ? ktime_get+0x3a0/0x3a0
[   19.675881]  __netif_receive_skb+0x2c/0x1b0
[   19.676266]  ? __netif_receive_skb+0x2c/0x1b0
[   19.676671]  netif_receive_skb_internal+0x10b/0x5e0
[   19.677120]  ? __build_skb+0x9d/0x450
[   19.677464]  ? dev_cpu_dead+0xb00/0xb00
[   19.677790]  ? net_rx_action+0x1910/0x1910
[   19.678172]  ? kmem_cache_alloc+0x469/0x760
[   19.678561]  ? rcu_pm_notify+0xc0/0xc0
[   19.678912]  ? refcount_sub_and_test+0x115/0x1b0
[   19.679348]  ? skb_gro_reset_offset+0x17b/0x300
[   19.679771]  napi_gro_receive+0x3d0/0x500
[   19.680146]  ? dev_gro_receive+0x19b0/0x19b0
[   19.680542]  ? __alloc_pages_nodemask+0xd80/0xd80
[   19.680980]  ? eth_type_trans+0x2a3/0x650
[   19.681353]  ? rcu_pm_notify+0xc0/0xc0
[   19.681708]  ? eth_gro_receive+0x810/0x810
[   19.682101]  e1000_clean_rx_irq+0x58d/0x1330
[   19.682511]  ? e1000_clean_jumbo_rx_irq+0x27d0/0x27d0
[   19.682980]  ? dql_init+0x2e0/0x2e0
[   19.683309]  ? __dev_kfree_skb_any+0x8a/0xa0
[   19.683709]  ? e1000_unmap_and_free_tx_resource.isra.46+0x1eb/0x390
[   19.684278]  ? secondary_startup_64+0xa5/0xa5
[   19.684629]  ? e1000_clean_jumbo_rx_irq+0x27d0/0x27d0
[   19.685097]  e1000_clean+0xb39/0x2610
[   19.685458]  ? e1000_unmap_and_free_tx_resource.isra.46+0x390/0x390
[   19.686032]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   19.686494]  ? unwind_dump+0x4c0/0x4c0
[   19.686850]  ? unwind_dump+0x4c0/0x4c0
[   19.687209]  ? unwind_dump+0x4c0/0x4c0
[   19.687567]  ? net_rx_action+0x49b/0x1910
[   19.687947]  net_rx_action+0x792/0x1910
[   19.688318]  ? napi_complete_done+0x6c0/0x6c0
[   19.688726]  ? save_stack_trace+0x16/0x20
[   19.689102]  ? __lock_acquire+0x20fd/0x4620
[   19.689498]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   19.689967]  ? rcu_segcblist_extract_pend_cbs+0x1d0/0x1d0
[   19.690479]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   19.690958]  ? lock_downgrade+0x990/0x990
[   19.691342]  ? timerqueue_add+0x1e9/0x280
[   19.691722]  ? rcu_pm_notify+0xc0/0xc0
[   19.692084]  ? rcu_read_lock_sched_held+0x108/0x120
[   19.692537]  ? __raise_softirq_irqoff+0x21c/0x2c0
[   19.692976]  ? raise_softirq+0x490/0x490
[   19.693575]  ? check_noncircular+0x20/0x20
[   19.693965]  ? pvclock_read_flags+0x160/0x160
[   19.694376]  ? ktime_get+0x26f/0x3a0
[   19.694716]  ? trace_hardirqs_off+0xd/0x10
[   19.695122]  ? __napi_schedule+0x25e/0x370
[   19.695510]  ? check_noncircular+0x20/0x20
[   19.695892]  ? rcu_pm_notify+0xc0/0xc0
[   19.696254]  ? rcu_read_lock_sched_held+0x108/0x120
[   19.696708]  ? __handle_irq_event_percpu+0x308/0x9d0
[   19.697171]  ? rcu_pm_notify+0xc0/0xc0
[   19.697534]  __do_softirq+0x2bb/0xbd0
[   19.697886]  ? __softirqentry_text_start+0x8/0x8
[   19.698316]  ? do_raw_spin_trylock+0x190/0x190
[   19.698727]  ? handle_irq_event_percpu+0x141/0x1b0
[   19.699180]  ? __handle_irq_event_percpu+0x9d0/0x9d0
[   19.699644]  ? kvm_guest_apic_eoi_write+0x6a/0x80
[   19.700082]  ? ioapic_ack_level+0x165/0x450
[   19.700469]  ? _raw_spin_lock+0x32/0x40
[   19.700831]  ? ioapic_ir_ack_level+0xd0/0xd0
[   19.701228]  ? _raw_spin_unlock+0x22/0x30
[   19.701604]  ? handle_fasteoi_irq+0x2db/0x510
[   19.702018]  irq_exit+0x1d3/0x210
[   19.702333]  do_IRQ+0xf6/0x190
[   19.702629]  common_interrupt+0x9d/0x9d
[   19.702986]  </IRQ>
[   19.703197] RIP: 0010:native_safe_halt+0x6/0x10
[   19.703613] RSP: 0018:ffffffff85a07d10 EFLAGS: 00000286 ORIG_RAX: ffffffffffffffc5
[   19.704295] RAX: dffffc0000000000 RBX: 1ffffffff0b40fa5 RCX: 0000000000000000
[   19.704933] RDX: 1ffffffff0b59308 RSI: 0000000000000001 RDI: ffffffff85ac9840
[   19.705572] RBP: ffffffff85a07d10 R08: ffffffff8161c679 R09: 0000000000000000
[   19.706217] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff85ac9830
[   19.706916] R13: ffffffff85a07dc8 R14: 0000000000000000 R15: ffffffff85a2f380
[   19.707620]  ? tick_nohz_idle_enter+0xd9/0x160
[   19.708091]  default_idle+0xbf/0x460
[   19.708504]  ? __sched_text_end+0x4/0x4
[   19.708896]  ? tick_nohz_idle_enter+0xde/0x160
[   19.709308]  arch_cpu_idle+0xa/0x10
[   19.709727]  default_idle_call+0x36/0x90
[   19.710144]  do_idle+0x256/0x3b0
[   19.710478]  cpu_startup_entry+0x18/0x20
[   19.710862]  rest_init+0xed/0xf0
[   19.711178]  start_kernel+0x72e/0x754
[   19.711520]  ? mem_encrypt_init+0xb/0xb
[   19.711878]  ? memcpy_orig+0x54/0x110
[   19.712221]  x86_64_start_reservations+0x2a/0x2c
[   19.712735]  x86_64_start_kernel+0x87/0x8a
[   19.713153]  secondary_startup_64+0xa5/0xa5
[   19.713546] 
[   19.713693] Allocated by task 3205:
[   19.714016]  save_stack_trace+0x16/0x20
[   19.714380]  save_stack+0x43/0xd0
[   19.714929]  kasan_kmalloc+0xad/0xe0
[   19.715272]  kmem_cache_alloc_trace+0x136/0x750
[   19.715690]  fanout_add+0xa50/0x1190
[   19.716038]  packet_setsockopt+0xfdc/0x1e80
[   19.716465]  SyS_setsockopt+0x189/0x360
[   19.716824]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   19.717245] 
[   19.717393] Freed by task 3113:
[   19.717688]  save_stack_trace+0x16/0x20
[   19.718054]  save_stack+0x43/0xd0
[   19.718367]  kasan_slab_free+0x71/0xc0
[   19.718719]  kfree+0xca/0x250
[   19.719064]  packet_release+0xa8f/0xd70
[   19.719423]  sock_release+0x8d/0x1e0
[   19.719770]  sock_close+0x16/0x20
[   19.720149]  __fput+0x333/0x7f0
[   19.720449]  ____fput+0x15/0x20
[   19.720800]  task_work_run+0x199/0x270
[   19.721151]  do_exit+0xa52/0x1b40
[   19.721463]  do_group_exit+0x149/0x400
[   19.721855]  SyS_exit_group+0x1d/0x20
[   19.722267]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   19.722694] 
[   19.722845] The buggy address belongs to the object at ffff8800696d8c40
[   19.722845]  which belongs to the cache kmalloc-4096 of size 4096
[   19.723973] The buggy address is located 2176 bytes inside of
[   19.723973]  4096-byte region [ffff8800696d8c40, ffff8800696d9c40)
[   19.725027] The buggy address belongs to the page:
[   19.725520] page:ffffea0001a5b600 count:1 mapcount:0 mapping:ffff8800696d8c40 index:0x0 compound_mapcount: 0
[   19.726535] flags: 0x500000000008100(slab|head)
[   19.726955] raw: 0500000000008100 ffff8800696d8c40 0000000000000000 0000000100000001
[   19.727653] raw: ffffea0001a81420 ffffea0001a96f20 ffff88003e800dc0 0000000000000000
[   19.728342] page dumped because: kasan: bad access detected
[   19.728882] 
[   19.729040] Memory state around the buggy address:
[   19.729556]  ffff8800696d9380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.730296]  ffff8800696d9400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.730979] >ffff8800696d9480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.731660]                                            ^
[   19.732228]  ffff8800696d9500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.732882]  ffff8800696d9580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.733538] ==================================================================
[   19.734300] Disabling lock debugging due to kernel taint
[   19.734915] Kernel panic - not syncing: panic_on_warn set ...
[   19.734915] 
[   19.735701] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B           4.13.0-next-20170904+ #14
[   19.736744] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
[   19.737538] Call Trace:
[   19.737801]  <IRQ>
[   19.738025]  dump_stack+0x194/0x257
[   19.738398]  ? arch_local_irq_restore+0x53/0x53
[   19.738886]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   19.739366]  ? __netif_receive_skb_core+0x2b80/0x33d0
[   19.739834]  panic+0x1e4/0x417
[   19.740182]  ? __warn+0x1d9/0x1d9
[   19.740492]  ? __netif_receive_skb_core+0x2be3/0x33d0
[   19.741016]  kasan_end_report+0x50/0x50
[   19.741361]  kasan_report+0x137/0x340
[   19.741750]  __asan_report_load2_noabort+0x14/0x20
[   19.742164]  __netif_receive_skb_core+0x2be3/0x33d0
[   19.742613]  ? nf_ingress+0x9f0/0x9f0
[   19.742847]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   19.743380]  ? secondary_startup_64+0xa5/0xa5
[   19.743734]  ? x86_64_start_kernel+0x87/0x8a
[   19.743999]  ? bpf_prog_alloc+0x310/0x310
[   19.744248]  ? check_noncircular+0x20/0x20
executing program
executing program
[   19.744490]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   19.744941]  ? lock_release+0xd70/0xd70
[   19.745274]  ? unwind_dump+0x4c0/0x4c0
[   19.745602]  ? find_held_lock+0x39/0x1d0
[   19.745943]  ? lock_downgrade+0x990/0x990
[   19.746287]  ? lock_acquire+0x1d5/0x580
[   19.746618]  ? netif_receive_skb_internal+0x1d7/0x5e0
[   19.747047]  ? find_held_lock+0x39/0x1d0
[   19.747403]  ? pvclock_read_flags+0x160/0x160
[   19.747820]  ? lock_downgrade+0x990/0x990
[   19.748211]  ? lock_acquire+0x1d5/0x580
[   19.748562]  ? netif_receive_skb_internal+0x93/0x5e0
[   19.748984]  ? ktime_get_with_offset+0x2c1/0x420
[   19.749412]  ? lock_release+0xd70/0xd70
[   19.749738]  ? ktime_get+0x3a0/0x3a0
[   19.750041]  __netif_receive_skb+0x2c/0x1b0
[   19.750403]  ? __netif_receive_skb+0x2c/0x1b0
[   19.750791]  netif_receive_skb_internal+0x10b/0x5e0
[   19.751220]  ? __build_skb+0x9d/0x450
[   19.751543]  ? dev_cpu_dead+0xb00/0xb00
[   19.751891]  ? net_rx_action+0x1910/0x1910
[   19.752400]  ? kmem_cache_alloc+0x469/0x760
[   19.752795]  ? rcu_pm_notify+0xc0/0xc0
[   19.753109]  ? refcount_sub_and_test+0x115/0x1b0
[   19.753524]  ? skb_gro_reset_offset+0x17b/0x300
[   19.753935]  napi_gro_receive+0x3d0/0x500
[   19.754284]  ? dev_gro_receive+0x19b0/0x19b0
[   19.754607]  ? __alloc_pages_nodemask+0xd80/0xd80
[   19.754933]  ? eth_type_trans+0x2a3/0x650
[   19.755239]  ? rcu_pm_notify+0xc0/0xc0
[   19.755528]  ? eth_gro_receive+0x810/0x810
[   19.755817]  e1000_clean_rx_irq+0x58d/0x1330
[   19.756214]  ? e1000_clean_jumbo_rx_irq+0x27d0/0x27d0
[   19.756681]  ? dql_init+0x2e0/0x2e0
[   19.757088]  ? __dev_kfree_skb_any+0x8a/0xa0
[   19.757512]  ? e1000_unmap_and_free_tx_resource.isra.46+0x1eb/0x390
[   19.758387]  ? secondary_startup_64+0xa5/0xa5
[   19.758818]  ? e1000_clean_jumbo_rx_irq+0x27d0/0x27d0
[   19.759321]  e1000_clean+0xb39/0x2610
[   19.759677]  ? e1000_unmap_and_free_tx_resource.isra.46+0x390/0x390
[   19.760323]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   19.760799]  ? unwind_dump+0x4c0/0x4c0
[   19.761229]  ? unwind_dump+0x4c0/0x4c0
[   19.761577]  ? unwind_dump+0x4c0/0x4c0
[   19.761927]  ? net_rx_action+0x49b/0x1910
[   19.762307]  net_rx_action+0x792/0x1910
[   19.762667]  ? napi_complete_done+0x6c0/0x6c0
[   19.763078]  ? save_stack_trace+0x16/0x20
[   19.763449]  ? __lock_acquire+0x20fd/0x4620
[   19.763837]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   19.764300]  ? rcu_segcblist_extract_pend_cbs+0x1d0/0x1d0
[   19.764798]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   19.765263]  ? lock_downgrade+0x990/0x990
[   19.765634]  ? timerqueue_add+0x1e9/0x280
[   19.766007]  ? rcu_pm_notify+0xc0/0xc0
[   19.766359]  ? rcu_read_lock_sched_held+0x108/0x120
[   19.766806]  ? __raise_softirq_irqoff+0x21c/0x2c0
[   19.767254]  ? raise_softirq+0x490/0x490
[   19.767626]  ? check_noncircular+0x20/0x20
[   19.768008]  ? pvclock_read_flags+0x160/0x160
[   19.768410]  ? ktime_get+0x26f/0x3a0
[   19.768660]  ? trace_hardirqs_off+0xd/0x10
[   19.768940]  ? __napi_schedule+0x25e/0x370
[   19.769224]  ? check_noncircular+0x20/0x20
[   19.769505]  ? rcu_pm_notify+0xc0/0xc0
[   19.769768]  ? rcu_read_lock_sched_held+0x108/0x120
[   19.770099]  ? __handle_irq_event_percpu+0x308/0x9d0
[   19.770437]  ? rcu_pm_notify+0xc0/0xc0
[   19.770701]  __do_softirq+0x2bb/0xbd0
[   19.770959]  ? __softirqentry_text_start+0x8/0x8
[   19.771279]  ? do_raw_spin_trylock+0x190/0x190
[   19.771583]  ? handle_irq_event_percpu+0x141/0x1b0
[   19.771907]  ? __handle_irq_event_percpu+0x9d0/0x9d0
[   19.772247]  ? kvm_guest_apic_eoi_write+0x6a/0x80
[   19.772567]  ? ioapic_ack_level+0x165/0x450
[   19.772854]  ? _raw_spin_lock+0x32/0x40
[   19.773151]  ? ioapic_ir_ack_level+0xd0/0xd0
[   19.773451]  ? _raw_spin_unlock+0x22/0x30
[   19.773735]  ? handle_fasteoi_irq+0x2db/0x510
[   19.774046]  irq_exit+0x1d3/0x210
[   19.774311]  do_IRQ+0xf6/0x190
[   19.774534]  common_interrupt+0x9d/0x9d
[   19.774797]  </IRQ>
[   19.774953] RIP: 0010:native_safe_halt+0x6/0x10
[   19.775270] RSP: 0018:ffffffff85a07d10 EFLAGS: 00000286 ORIG_RAX: ffffffffffffffc5
[   19.775783] RAX: dffffc0000000000 RBX: 1ffffffff0b40fa5 RCX: 0000000000000000
[   19.776230] RDX: 1ffffffff0b59308 RSI: 0000000000000001 RDI: ffffffff85ac9840
[   19.776716] RBP: ffffffff85a07d10 R08: ffffffff8161c679 R09: 0000000000000000
[   19.777210] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff85ac9830
[   19.777808] R13: ffffffff85a07dc8 R14: 0000000000000000 R15: ffffffff85a2f380
[   19.778345]  ? tick_nohz_idle_enter+0xd9/0x160
[   19.778676]  default_idle+0xbf/0x460
[   19.779210]  ? __sched_text_end+0x4/0x4
[   19.779476]  ? tick_nohz_idle_enter+0xde/0x160
[   19.779842]  arch_cpu_idle+0xa/0x10
[   19.780117]  default_idle_call+0x36/0x90
[   19.780397]  do_idle+0x256/0x3b0
[   19.780685]  cpu_startup_entry+0x18/0x20
[   19.780963]  rest_init+0xed/0xf0
[   19.781197]  start_kernel+0x72e/0x754
[   19.781458]  ? mem_encrypt_init+0xb/0xb
[   19.781732]  ? memcpy_orig+0x54/0x110
[   19.782016]  x86_64_start_reservations+0x2a/0x2c
[   19.782335]  x86_64_start_kernel+0x87/0x8a
[   19.782624]  secondary_startup_64+0xa5/0xa5
[   19.782961] Dumping ftrace buffer:
[   19.783220]    (ftrace buffer empty)
[   19.783469] Kernel Offset: disabled
[   19.783776] Rebooting in 86400 seconds..