INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-net-kasan-gce-2,10.128.15.217' (ECDSA) to the list of known hosts.
2017/09/03 03:54:41 parsed 1 programs
2017/09/03 03:54:41 executed programs: 0
syzkaller login: [   66.288884] dev_remove_pack: ffff8801d18c5340 not found
[   66.307195] ==================================================================
[   66.308369] BUG: KASAN: use-after-free in __dev_remove_pack+0x305/0x3b0
[   66.309607] Read of size 8 at addr ffff8801d190e8e8 by task syz-executor0/3190
[   66.316933] 
[   66.318537] CPU: 1 PID: 3190 Comm: syz-executor0 Not tainted 4.13.0-rc7+ #35
[   66.325691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.335022] Call Trace:
[   66.337593]  dump_stack+0x194/0x257
[   66.341195]  ? arch_local_irq_restore+0x53/0x53
[   66.345838]  ? show_regs_print_info+0x65/0x65
[   66.350312]  ? __dev_remove_pack+0x305/0x3b0
[   66.354696]  print_address_description+0x73/0x250
[   66.359520]  ? __dev_remove_pack+0x305/0x3b0
[   66.363902]  kasan_report+0x24e/0x340
[   66.367675]  __asan_report_load8_noabort+0x14/0x20
[   66.372580]  __dev_remove_pack+0x305/0x3b0
[   66.376793]  ? dev_get_by_name_rcu+0x270/0x270
[   66.381350]  ? refcount_sub_and_test+0x115/0x1b0
[   66.386093]  __unregister_prot_hook+0x211/0x280
[   66.390750]  packet_release+0x8bb/0xd70
[   66.394708]  ? packet_set_ring+0x1b70/0x1b70
[   66.399090]  ? dentry_free+0xcd/0x130
[   66.402864]  ? rcu_read_lock_sched_held+0x108/0x120
[   66.407857]  ? kmem_cache_free+0x249/0x280
[   66.412064]  ? dentry_free+0xd2/0x130
[   66.415841]  ? locks_remove_file+0x414/0x560
[   66.420220]  ? fcntl_setlk+0x10c0/0x10c0
[   66.424256]  ? __fsnotify_parent+0xb4/0x3a0
[   66.428549]  ? fsnotify+0x1af0/0x1af0
[   66.432325]  sock_release+0x8d/0x1e0
[   66.436010]  ? sock_release+0x8d/0x1e0
[   66.439868]  ? sock_release+0x1e0/0x1e0
[   66.443808]  sock_close+0x16/0x20
[   66.447230]  __fput+0x327/0x7e0
[   66.450482]  ? fput+0x140/0x140
[   66.453740]  ? check_same_owner+0x320/0x320
[   66.458037]  ? do_raw_spin_trylock+0x190/0x190
[   66.462595]  ? check_same_owner+0x320/0x320
[   66.466900]  ____fput+0x15/0x20
[   66.470149]  task_work_run+0x18a/0x260
[   66.474045]  ? task_work_cancel+0x210/0x210
[   66.478351]  ? _raw_spin_unlock+0x22/0x30
[   66.482473]  ? switch_task_namespaces+0x87/0xc0
[   66.487120]  do_exit+0xa3a/0x1b10
[   66.490545]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   66.495715]  ? plist_check_list+0xa0/0xa0
[   66.499839]  ? plist_add+0x5cb/0x760
[   66.503532]  ? mm_update_next_owner+0x930/0x930
[   66.508184]  ? plist_add+0x760/0x760
[   66.511879]  ? check_noncircular+0x20/0x20
[   66.516089]  ? check_same_owner+0x320/0x320
[   66.520382]  ? lock_acquire+0x1d5/0x580
[   66.524363]  ? futex_wait_setup+0x14a/0x3d0
[   66.528659]  ? __might_sleep+0x95/0x190
[   66.532614]  ? check_noncircular+0x20/0x20
[   66.536817]  ? futex_wait+0x43e/0xa00
[   66.540599]  ? do_raw_spin_trylock+0x190/0x190
[   66.545152]  ? fault_in_user_writeable+0x90/0x90
[   66.549884]  ? find_held_lock+0x35/0x1d0
[   66.553921]  ? get_signal+0x855/0x17e0
[   66.557781]  ? lock_downgrade+0x990/0x990
[   66.561907]  do_group_exit+0x149/0x400
[   66.565763]  ? __lock_is_held+0xb6/0x140
[   66.569792]  ? SyS_exit+0x30/0x30
[   66.573221]  ? _raw_spin_unlock_irq+0x27/0x70
[   66.577691]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   66.582682]  get_signal+0x7e8/0x17e0
[   66.586392]  ? ptrace_notify+0x130/0x130
[   66.590420]  ? lock_downgrade+0x990/0x990
[   66.594546]  ? lock_release+0xa40/0xa40
[   66.598497]  ? exit_robust_list+0x240/0x240
[   66.602797]  do_signal+0x94/0x1ee0
[   66.606310]  ? iterate_fd+0x3f0/0x3f0
[   66.610083]  ? setup_sigcontext+0x7d0/0x7d0
[   66.614406]  ? selinux_tun_dev_create+0xc0/0xc0
[   66.619061]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   66.624740]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   66.629986]  ? exit_to_usermode_loop+0x98/0x300
[   66.634635]  exit_to_usermode_loop+0x224/0x300
[   66.639192]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   66.644709]  syscall_return_slowpath+0x3a7/0x450
[   66.649440]  ? prepare_exit_to_usermode+0x220/0x220
[   66.654431]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   66.659332]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   66.664318]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   66.669057]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   66.673781] RIP: 0033:0x451e59
[   66.676937] RSP: 002b:00007f8c62858cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   66.684612] RAX: fffffffffffffe00 RBX: 00000000007180d8 RCX: 0000000000451e59
[   66.691858] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000007180d8
[   66.699097] RBP: 00000000007180b0 R08: 0000000000000000 R09: 0000000000000000
[   66.706335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   66.713575] R13: 0000000000a6f7ef R14: 00007f8c628599c0 R15: 0000000000000006
[   66.720834] 
[   66.722432] Allocated by task 3189:
[   66.726029]  save_stack_trace+0x16/0x20
[   66.729979]  save_stack+0x43/0xd0
[   66.733400]  kasan_kmalloc+0xad/0xe0
[   66.737082]  kmem_cache_alloc_trace+0x12f/0x740
[   66.741731]  fanout_add+0xa50/0x1190
[   66.745410]  packet_setsockopt+0xfdc/0x1e80
[   66.749698]  SyS_setsockopt+0x189/0x360
[   66.753640]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   66.758371] 
[   66.759965] Freed by task 3190:
[   66.763211]  save_stack_trace+0x16/0x20
[   66.767149]  save_stack+0x43/0xd0
[   66.770572]  kasan_slab_free+0x71/0xc0
[   66.774430]  kfree+0xca/0x250
[   66.777514]  packet_release+0xa8f/0xd70
[   66.781463]  sock_release+0x8d/0x1e0
[   66.785143]  sock_close+0x16/0x20
[   66.788565]  __fput+0x327/0x7e0
[   66.791814]  ____fput+0x15/0x20
[   66.795633]  task_work_run+0x18a/0x260
[   66.799487]  do_exit+0xa3a/0x1b10
[   66.802918]  do_group_exit+0x149/0x400
[   66.806786]  get_signal+0x7e8/0x17e0
[   66.810480]  do_signal+0x94/0x1ee0
[   66.813989]  exit_to_usermode_loop+0x224/0x300
[   66.818539]  syscall_return_slowpath+0x3a7/0x450
[   66.823264]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   66.827989] 
[   66.829589] The buggy address belongs to the object at ffff8801d190e040
[   66.829589]  which belongs to the cache kmalloc-4096 of size 4096
[   66.842391] The buggy address is located 2216 bytes inside of
[   66.842391]  4096-byte region [ffff8801d190e040, ffff8801d190f040)
[   66.854412] The buggy address belongs to the page:
[   66.859322] page:ffffea0007464380 count:1 mapcount:0 mapping:ffff8801d190e040 index:0x0 compound_mapcount: 0
[   66.869260] flags: 0x200000000008100(slab|head)
[   66.873907] raw: 0200000000008100 ffff8801d190e040 0000000000000000 0000000100000001
[   66.881754] raw: ffffea0007464220 ffffea0007464520 ffff8801dac00dc0 0000000000000000
[   66.889600] page dumped because: kasan: bad access detected
[   66.895275] 
[   66.896871] Memory state around the buggy address:
[   66.901771]  ffff8801d190e780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   66.909103]  ffff8801d190e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   66.916430] >ffff8801d190e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   66.923757]                                                           ^
[   66.930484]  ffff8801d190e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   66.937815]  ffff8801d190e980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   66.945151] ==================================================================
[   66.952493] Disabling lock debugging due to kernel taint
[   66.957990] Kernel panic - not syncing: panic_on_warn set ...
[   66.957990] 
[   66.965331] CPU: 1 PID: 3190 Comm: syz-executor0 Tainted: G    B           4.13.0-rc7+ #35
[   66.973703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.983034] Call Trace:
[   66.985598]  dump_stack+0x194/0x257
[   66.989193]  ? arch_local_irq_restore+0x53/0x53
[   66.993829]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   66.998561]  ? __dev_remove_pack+0x2a0/0x3b0
[   67.003055]  panic+0x1e4/0x417
[   67.006217]  ? __warn+0x1d9/0x1d9
[   67.009643]  ? __dev_remove_pack+0x305/0x3b0
[   67.014019]  kasan_end_report+0x50/0x50
[   67.017983]  kasan_report+0x137/0x340
[   67.021755]  __asan_report_load8_noabort+0x14/0x20
[   67.026652]  __dev_remove_pack+0x305/0x3b0
[   67.030856]  ? dev_get_by_name_rcu+0x270/0x270
[   67.035409]  ? refcount_sub_and_test+0x115/0x1b0
[   67.040137]  __unregister_prot_hook+0x211/0x280
[   67.044779]  packet_release+0x8bb/0xd70
[   67.048723]  ? packet_set_ring+0x1b70/0x1b70
[   67.053106]  ? dentry_free+0xcd/0x130
[   67.056876]  ? rcu_read_lock_sched_held+0x108/0x120
[   67.061862]  ? kmem_cache_free+0x249/0x280
[   67.066065]  ? dentry_free+0xd2/0x130
[   67.069842]  ? locks_remove_file+0x414/0x560
[   67.074223]  ? fcntl_setlk+0x10c0/0x10c0
[   67.078259]  ? __fsnotify_parent+0xb4/0x3a0
[   67.082547]  ? fsnotify+0x1af0/0x1af0
[   67.086327]  sock_release+0x8d/0x1e0
[   67.090009]  ? sock_release+0x8d/0x1e0
[   67.093864]  ? sock_release+0x1e0/0x1e0
[   67.097807]  sock_close+0x16/0x20
[   67.101228]  __fput+0x327/0x7e0
[   67.104475]  ? fput+0x140/0x140
[   67.107721]  ? check_same_owner+0x320/0x320
[   67.112010]  ? do_raw_spin_trylock+0x190/0x190
[   67.116558]  ? check_same_owner+0x320/0x320
[   67.120849]  ____fput+0x15/0x20
[   67.124103]  task_work_run+0x18a/0x260
[   67.127958]  ? task_work_cancel+0x210/0x210
[   67.132248]  ? _raw_spin_unlock+0x22/0x30
[   67.136361]  ? switch_task_namespaces+0x87/0xc0
[   67.141011]  do_exit+0xa3a/0x1b10
[   67.144431]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   67.149594]  ? plist_check_list+0xa0/0xa0
[   67.153711]  ? plist_add+0x5cb/0x760
[   67.157395]  ? mm_update_next_owner+0x930/0x930
[   67.162032]  ? plist_add+0x760/0x760
[   67.165720]  ? check_noncircular+0x20/0x20
[   67.169933]  ? check_same_owner+0x320/0x320
[   67.174224]  ? lock_acquire+0x1d5/0x580
[   67.178170]  ? futex_wait_setup+0x14a/0x3d0
[   67.182465]  ? __might_sleep+0x95/0x190
[   67.186423]  ? check_noncircular+0x20/0x20
[   67.190626]  ? futex_wait+0x43e/0xa00
[   67.194397]  ? do_raw_spin_trylock+0x190/0x190
[   67.198949]  ? fault_in_user_writeable+0x90/0x90
[   67.203685]  ? find_held_lock+0x35/0x1d0
[   67.207714]  ? get_signal+0x855/0x17e0
[   67.211568]  ? lock_downgrade+0x990/0x990
[   67.215684]  do_group_exit+0x149/0x400
[   67.219542]  ? __lock_is_held+0xb6/0x140
[   67.223577]  ? SyS_exit+0x30/0x30
[   67.227004]  ? _raw_spin_unlock_irq+0x27/0x70
[   67.231465]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   67.236449]  get_signal+0x7e8/0x17e0
[   67.240144]  ? ptrace_notify+0x130/0x130
[   67.244172]  ? lock_downgrade+0x990/0x990
[   67.248290]  ? lock_release+0xa40/0xa40
[   67.252236]  ? exit_robust_list+0x240/0x240
[   67.256532]  do_signal+0x94/0x1ee0
[   67.260044]  ? iterate_fd+0x3f0/0x3f0
[   67.263820]  ? setup_sigcontext+0x7d0/0x7d0
[   67.268121]  ? selinux_tun_dev_create+0xc0/0xc0
[   67.272757]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   67.278445]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   67.283691]  ? exit_to_usermode_loop+0x98/0x300
[   67.288352]  exit_to_usermode_loop+0x224/0x300