INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-4,10.128.0.36' (ECDSA) to the list of known hosts.
2017/09/08 03:53:46 parsed 1 programs
2017/09/08 03:53:46 executed programs: 0
syzkaller login: [   44.713493] dev_remove_pack: ffff8801ce9a7140 not found
[   44.727415] ==================================================================
[   44.734809] BUG: KASAN: use-after-free in __dev_remove_pack+0x305/0x3b0
[   44.741552] Read of size 8 at addr ffff8801cf6fd4e8 by task syz-executor0/2992
[   44.748881] 
[   44.750484] CPU: 1 PID: 2992 Comm: syz-executor0 Not tainted 4.13.0+ #73
[   44.757300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.766630] Call Trace:
[   44.769191]  dump_stack+0x194/0x257
[   44.772796]  ? arch_local_irq_restore+0x53/0x53
[   44.777440]  ? show_regs_print_info+0x65/0x65
[   44.781928]  ? __dev_remove_pack+0x305/0x3b0
[   44.786313]  print_address_description+0x73/0x250
[   44.791132]  ? __dev_remove_pack+0x305/0x3b0
[   44.795513]  kasan_report+0x24e/0x340
[   44.799290]  __asan_report_load8_noabort+0x14/0x20
[   44.804191]  __dev_remove_pack+0x305/0x3b0
[   44.808400]  ? dev_get_by_name_rcu+0x270/0x270
[   44.812956]  ? refcount_sub_and_test+0x115/0x1b0
[   44.817705]  __unregister_prot_hook+0x211/0x280
[   44.822351]  packet_release+0x8bb/0xd70
[   44.826304]  ? packet_set_ring+0x1b70/0x1b70
[   44.830687]  ? dentry_free+0xcd/0x130
[   44.834476]  ? rcu_read_lock_sched_held+0x108/0x120
[   44.839467]  ? kmem_cache_free+0x249/0x280
[   44.843678]  ? dentry_free+0xd2/0x130
[   44.847456]  ? locks_remove_file+0x3fa/0x5a0
[   44.851841]  ? fcntl_setlk+0x10d0/0x10d0
[   44.855880]  ? __fsnotify_parent+0xb4/0x3a0
[   44.860184]  ? fsnotify+0x1af0/0x1af0
[   44.863969]  sock_release+0x8d/0x1e0
[   44.867653]  ? sock_release+0x8d/0x1e0
[   44.871515]  ? sock_release+0x1e0/0x1e0
[   44.875462]  sock_close+0x16/0x20
[   44.878901]  __fput+0x333/0x7f0
[   44.882157]  ? fput+0x140/0x140
[   44.885414]  ? check_same_owner+0x320/0x320
[   44.889706]  ? _raw_spin_unlock_irq+0x27/0x70
[   44.894181]  ____fput+0x15/0x20
[   44.897432]  task_work_run+0x199/0x270
[   44.901295]  ? task_work_cancel+0x210/0x210
[   44.905591]  ? _raw_spin_unlock+0x22/0x30
[   44.909714]  ? switch_task_namespaces+0x87/0xc0
[   44.914368]  do_exit+0xa52/0x1b40
[   44.917801]  ? plist_check_list+0xa0/0xa0
[   44.921934]  ? plist_del+0x47b/0x990
[   44.925634]  ? mm_update_next_owner+0x930/0x930
[   44.930284]  ? plist_add+0x760/0x760
[   44.933982]  ? check_same_owner+0x320/0x320
[   44.938279]  ? osq_unlock+0x350/0x350
[   44.942051]  ? find_held_lock+0x39/0x1d0
[   44.946096]  ? check_noncircular+0x20/0x20
[   44.950308]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   44.955666]  ? find_held_lock+0x39/0x1d0
[   44.959711]  ? lock_downgrade+0x990/0x990
[   44.963837]  ? recalc_sigpending_tsk+0x117/0x150
[   44.968568]  ? recalc_sigpending+0x103/0x160
[   44.972949]  ? recalc_sigpending_tsk+0x150/0x150
[   44.977685]  ? get_signal+0x397/0x17e0
[   44.981559]  do_group_exit+0x149/0x400
[   44.985419]  ? __lock_is_held+0xbc/0x140
[   44.989452]  ? SyS_exit+0x30/0x30
[   44.992877]  ? _raw_spin_unlock_irq+0x27/0x70
[   44.997347]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   45.002344]  get_signal+0x7e8/0x17e0
[   45.006063]  ? ptrace_notify+0x130/0x130
[   45.010097]  ? __fget+0xbb/0x580
[   45.013448]  ? __lockdep_init_map+0xe4/0x650
[   45.017836]  ? lock_release+0xd70/0xd70
[   45.021790]  ? exit_robust_list+0x240/0x240
[   45.026111]  do_signal+0x94/0x1ee0
[   45.029632]  ? iterate_fd+0x3f0/0x3f0
[   45.033410]  ? setup_sigcontext+0x7d0/0x7d0
[   45.037708]  ? __lock_is_held+0xbc/0x140
[   45.041757]  ? __fget_light+0x29d/0x390
[   45.045709]  ? selinux_tun_dev_create+0xc0/0xc0
[   45.050354]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   45.056040]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   45.061287]  ? alloc_file+0x284/0x3a0
[   45.065066]  ? exit_to_usermode_loop+0x98/0x300
[   45.069716]  exit_to_usermode_loop+0x224/0x300
[   45.074277]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   45.079797]  syscall_return_slowpath+0x42f/0x500
[   45.084528]  ? prepare_exit_to_usermode+0x2c0/0x2c0
[   45.089538]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   45.094444]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   45.099433]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   45.104167]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   45.108915] RIP: 0033:0x451e59
[   45.112078] RSP: 002b:00007fabbd38bcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   45.119761] RAX: fffffffffffffe00 RBX: 00000000007180d8 RCX: 0000000000451e59
[   45.127017] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000007180d8
[   45.134256] RBP: 00000000007180b0 R08: 0000000000000000 R09: 0000000000000000
[   45.141497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   45.148742] R13: 0000000000a6f7ef R14: 00007fabbd38c9c0 R15: 0000000000000002
[   45.156007] 
[   45.157608] Allocated by task 2991:
[   45.161212]  save_stack_trace+0x16/0x20
[   45.165159]  save_stack+0x43/0xd0
[   45.168589]  kasan_kmalloc+0xad/0xe0
[   45.172274]  kmem_cache_alloc_trace+0x136/0x750
[   45.176923]  fanout_add+0xa50/0x1190
[   45.180608]  packet_setsockopt+0xfdc/0x1e80
[   45.184903]  SyS_setsockopt+0x189/0x360
[   45.188848]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   45.193572] 
[   45.195172] Freed by task 2992:
[   45.198424]  save_stack_trace+0x16/0x20
[   45.202369]  save_stack+0x43/0xd0
[   45.205794]  kasan_slab_free+0x71/0xc0
[   45.209652]  kfree+0xca/0x250
[   45.212730]  packet_release+0xa8f/0xd70
[   45.216675]  sock_release+0x8d/0x1e0
[   45.220374]  sock_close+0x16/0x20
[   45.223797]  __fput+0x333/0x7f0
[   45.227047]  ____fput+0x15/0x20
[   45.230296]  task_work_run+0x199/0x270
[   45.234161]  do_exit+0xa52/0x1b40
[   45.237583]  do_group_exit+0x149/0x400
[   45.241444]  get_signal+0x7e8/0x17e0
[   45.245130]  do_signal+0x94/0x1ee0
[   45.248640]  exit_to_usermode_loop+0x224/0x300
[   45.253209]  syscall_return_slowpath+0x42f/0x500
[   45.257935]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   45.262659] 
[   45.264263] The buggy address belongs to the object at ffff8801cf6fcc40
[   45.264263]  which belongs to the cache kmalloc-4096 of size 4096
[   45.277071] The buggy address is located 2216 bytes inside of
[   45.277071]  4096-byte region [ffff8801cf6fcc40, ffff8801cf6fdc40)
[   45.289090] The buggy address belongs to the page:
[   45.293992] page:ffffea00073dbf00 count:1 mapcount:0 mapping:ffff8801cf6fcc40 index:0x0 compound_mapcount: 0
[   45.303953] flags: 0x200000000008100(slab|head)
[   45.308596] raw: 0200000000008100 ffff8801cf6fcc40 0000000000000000 0000000100000001
[   45.316461] raw: ffffea00073a6aa0 ffff8801dac01a50 ffff8801dac00dc0 0000000000000000
[   45.324312] page dumped because: kasan: bad access detected
[   45.329989] 
[   45.331592] Memory state around the buggy address:
[   45.336492]  ffff8801cf6fd380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   45.343826]  ffff8801cf6fd400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   45.351162] >ffff8801cf6fd480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   45.358492]                                                           ^
[   45.365213]  ffff8801cf6fd500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   45.372547]  ffff8801cf6fd580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   45.379878] ==================================================================
[   45.387207] Disabling lock debugging due to kernel taint
[   45.392706] Kernel panic - not syncing: panic_on_warn set ...
[   45.392706] 
[   45.400040] CPU: 1 PID: 2992 Comm: syz-executor0 Tainted: G    B           4.13.0+ #73
[   45.408079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.417407] Call Trace:
[   45.419970]  dump_stack+0x194/0x257
[   45.423566]  ? arch_local_irq_restore+0x53/0x53
[   45.428304]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   45.433057]  ? __dev_remove_pack+0x230/0x3b0
[   45.437449]  panic+0x1e4/0x417
[   45.440615]  ? __warn+0x1d9/0x1d9
[   45.444039]  ? __dev_remove_pack+0x305/0x3b0
[   45.448438]  kasan_end_report+0x50/0x50
[   45.452393]  kasan_report+0x137/0x340
[   45.456166]  __asan_report_load8_noabort+0x14/0x20
[   45.461065]  __dev_remove_pack+0x305/0x3b0
[   45.465266]  ? dev_get_by_name_rcu+0x270/0x270
[   45.469817]  ? refcount_sub_and_test+0x115/0x1b0
[   45.474547]  __unregister_prot_hook+0x211/0x280
[   45.479183]  packet_release+0x8bb/0xd70
[   45.483127]  ? packet_set_ring+0x1b70/0x1b70
[   45.487502]  ? dentry_free+0xcd/0x130
[   45.491271]  ? rcu_read_lock_sched_held+0x108/0x120
[   45.496252]  ? kmem_cache_free+0x249/0x280
[   45.500451]  ? dentry_free+0xd2/0x130
[   45.504221]  ? locks_remove_file+0x3fa/0x5a0
[   45.508596]  ? fcntl_setlk+0x10d0/0x10d0
[   45.512626]  ? __fsnotify_parent+0xb4/0x3a0
[   45.516914]  ? fsnotify+0x1af0/0x1af0
[   45.520683]  sock_release+0x8d/0x1e0
[   45.524362]  ? sock_release+0x8d/0x1e0
[   45.528215]  ? sock_release+0x1e0/0x1e0
[   45.532241]  sock_close+0x16/0x20
[   45.535662]  __fput+0x333/0x7f0
[   45.538910]  ? fput+0x140/0x140
[   45.542162]  ? check_same_owner+0x320/0x320
[   45.546449]  ? _raw_spin_unlock_irq+0x27/0x70
[   45.550913]  ____fput+0x15/0x20
[   45.554165]  task_work_run+0x199/0x270
[   45.558020]  ? task_work_cancel+0x210/0x210
[   45.562308]  ? _raw_spin_unlock+0x22/0x30
[   45.566421]  ? switch_task_namespaces+0x87/0xc0
[   45.571057]  do_exit+0xa52/0x1b40
[   45.574477]  ? plist_check_list+0xa0/0xa0
[   45.578595]  ? plist_del+0x47b/0x990
[   45.582275]  ? mm_update_next_owner+0x930/0x930
[   45.586910]  ? plist_add+0x760/0x760
[   45.590603]  ? check_same_owner+0x320/0x320
[   45.594891]  ? osq_unlock+0x350/0x350
[   45.598660]  ? find_held_lock+0x39/0x1d0
[   45.602688]  ? check_noncircular+0x20/0x20
[   45.606892]  ? refill_pi_state_cache.part.6+0x2f0/0x2f0
[   45.612233]  ? find_held_lock+0x39/0x1d0
[   45.616264]  ? lock_downgrade+0x990/0x990
[   45.620379]  ? recalc_sigpending_tsk+0x117/0x150
[   45.625100]  ? recalc_sigpending+0x103/0x160
[   45.629473]  ? recalc_sigpending_tsk+0x150/0x150
[   45.634203]  ? get_signal+0x397/0x17e0
[   45.638077]  do_group_exit+0x149/0x400
[   45.641942]  ? __lock_is_held+0xbc/0x140
[   45.645981]  ? SyS_exit+0x30/0x30
[   45.649412]  ? _raw_spin_unlock_irq+0x27/0x70
[   45.653885]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   45.658874]  get_signal+0x7e8/0x17e0
[   45.662570]  ? ptrace_notify+0x130/0x130
[   45.666600]  ? __fget+0xbb/0x580
[   45.669932]  ? __lockdep_init_map+0xe4/0x650
[   45.674307]  ? lock_release+0xd70/0xd70
[   45.678256]  ? exit_robust_list+0x240/0x240
[   45.682550]  do_signal+0x94/0x1ee0
[   45.686058]  ? iterate_fd+0x3f0/0x3f0
[   45.689827]  ? setup_sigcontext+0x7d0/0x7d0
[   45.694114]  ? __lock_is_held+0xbc/0x140
[   45.698147]  ? __fget_light+0x29d/0x390
[   45.702091]  ? selinux_tun_dev_create+0xc0/0xc0
[   45.706726]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   45.712402]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730