INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-4,10.128.15.218' (ECDSA) to the list of known hosts.
2017/10/20 13:03:17 parsed 1 programs
2017/10/20 13:03:17 executed programs: 0
syzkaller login: [   35.227729] ==================================================================
[   35.228897] BUG: KASAN: use-after-free in packet_getsockopt+0xc72/0xe00
[   35.229788] Read of size 8 at addr ffff8801d9b6be58 by task syz-executor0/3052
[   35.230761] 
[   35.230995] CPU: 0 PID: 3052 Comm: syz-executor0 Not tainted 4.14.0-rc5-mm1+ #19
[   35.231992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.233212] Call Trace:
[   35.233573]  dump_stack+0x194/0x257
[   35.234065]  ? arch_local_irq_restore+0x53/0x53
[   35.234701]  ? show_regs_print_info+0x65/0x65
[   35.235300]  ? lock_release+0xa40/0xa40
[   35.235872]  ? packet_getsockopt+0xc72/0xe00
[   35.236467]  print_address_description+0x73/0x250
[   35.237135]  ? packet_getsockopt+0xc72/0xe00
[   35.237724]  kasan_report+0x25b/0x340
[   35.238239]  __asan_report_load8_noabort+0x14/0x20
[   35.238894]  packet_getsockopt+0xc72/0xe00
[   35.239476]  ? packet_notifier+0x950/0x950
[   35.240043]  ? SYSC_perf_event_open+0x4c3/0x2e00
[   35.241638]  ? __fget_light+0x297/0x380
[   35.242175]  ? sock_has_perm+0x29c/0x400
[   35.242724]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   35.243476]  ? perf_event_set_output+0x5a0/0x5a0
[   35.244129]  ? putname+0xee/0x130
[   35.244612]  ? selinux_socket_getsockopt+0x36/0x40
[   35.245268]  ? security_socket_getsockopt+0x89/0xb0
[   35.245942]  SyS_getsockopt+0x178/0x340
[   35.246527]  ? SyS_setsockopt+0x360/0x360
[   35.247103]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   35.247749]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   35.251792]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   35.256521]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   35.261247] RIP: 0033:0x452719
[   35.264406] RSP: 002b:00007ff2d6ab3be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000037
[   35.272081] RAX: ffffffffffffffda RBX: 00000000007580d8 RCX: 0000000000452719
[   35.279317] RDX: 0000000000000015 RSI: 0000000000000107 RDI: 0000000000000010
[   35.286553] RBP: 0000000000000082 R08: 00000000208a5000 R09: 0000000000000000
[   35.293788] R10: 0000000020ec8000 R11: 0000000000000212 R12: 0000000000000000
[   35.301024] R13: 00007ffc5fac8abf R14: 00007ff2d6ab49c0 R15: 0000000000000004
[   35.308277] 
[   35.309872] Allocated by task 3051:
[   35.313465]  save_stack+0x43/0xd0
[   35.316882]  kasan_kmalloc+0xad/0xe0
[   35.320561]  kmem_cache_alloc_trace+0x136/0x750
[   35.325204]  fanout_add+0x27e/0x1480
[   35.328882]  packet_setsockopt+0xfdc/0x1e80
[   35.333170]  SyS_setsockopt+0x189/0x360
[   35.337117]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   35.341836] 
[   35.343428] Freed by task 3051:
[   35.346671]  save_stack+0x43/0xd0
[   35.350086]  kasan_slab_free+0x71/0xc0
[   35.353938]  kfree+0xca/0x250
[   35.357009]  fanout_add+0x432/0x1480
[   35.360688]  packet_setsockopt+0xfdc/0x1e80
[   35.364975]  SyS_setsockopt+0x189/0x360
[   35.368913]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   35.373630] 
[   35.375226] The buggy address belongs to the object at ffff8801d9b6be40
[   35.375226]  which belongs to the cache kmalloc-128 of size 128
[   35.387848] The buggy address is located 24 bytes inside of
[   35.387848]  128-byte region [ffff8801d9b6be40, ffff8801d9b6bec0)
[   35.399599] The buggy address belongs to the page:
[   35.404492] page:ffffea000766dac0 count:1 mapcount:0 mapping:ffff8801d9b6b000 index:0x0
[   35.412600] flags: 0x200000000000100(slab)
[   35.416802] raw: 0200000000000100 ffff8801d9b6b000 0000000000000000 0000000100000015
[   35.424646] raw: ffffea0007667960 ffffea0007667ae0 ffff8801dac00640 0000000000000000
[   35.432490] page dumped because: kasan: bad access detected
[   35.438170] 
[   35.439763] Memory state around the buggy address:
[   35.444657]  ffff8801d9b6bd00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   35.451981]  ffff8801d9b6bd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.459306] >ffff8801d9b6be00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   35.466628]                                                     ^
[   35.472822]  ffff8801d9b6be80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   35.480145]  ffff8801d9b6bf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.487465] ==================================================================
[   35.494786] Disabling lock debugging due to kernel taint
[   35.500319] Kernel panic - not syncing: panic_on_warn set ...
[   35.500319] 
[   35.507651] CPU: 0 PID: 3052 Comm: syz-executor0 Tainted: G    B            4.14.0-rc5-mm1+ #19
[   35.516458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.525791] Call Trace:
[   35.528353]  dump_stack+0x194/0x257
[   35.531952]  ? arch_local_irq_restore+0x53/0x53
[   35.536591]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   35.541317]  ? vsnprintf+0x1ed/0x1900
[   35.545087]  ? packet_getsockopt+0xbf0/0xe00
[   35.549465]  panic+0x1e4/0x41c
[   35.552626]  ? refcount_error_report+0x214/0x214
[   35.557352]  ? add_taint+0x1c/0x50
[   35.560861]  ? add_taint+0x1c/0x50
[   35.564369]  ? packet_getsockopt+0xc72/0xe00
[   35.568745]  kasan_end_report+0x50/0x50
[   35.572687]  kasan_report+0x144/0x340
[   35.576456]  __asan_report_load8_noabort+0x14/0x20
[   35.581352]  packet_getsockopt+0xc72/0xe00
[   35.585554]  ? packet_notifier+0x950/0x950
[   35.589756]  ? SYSC_perf_event_open+0x4c3/0x2e00
[   35.594482]  ? __fget_light+0x297/0x380
[   35.598424]  ? sock_has_perm+0x29c/0x400
[   35.602450]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   35.607789]  ? perf_event_set_output+0x5a0/0x5a0
[   35.612514]  ? putname+0xee/0x130
[   35.615935]  ? selinux_socket_getsockopt+0x36/0x40
[   35.620830]  ? security_socket_getsockopt+0x89/0xb0
[   35.625817]  SyS_getsockopt+0x178/0x340
[   35.629757]  ? SyS_setsockopt+0x360/0x360
[   35.633876]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   35.638687]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   35.643677]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   35.648405]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   35.653125] RIP: 0033:0x452719
[   35.656281] RSP: 002b:00007ff2d6ab3be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000037
[   35.663953] RAX: ffffffffffffffda RBX: 00000000007580d8 RCX: 0000000000452719
[   35.671190] RDX: 0000000000000015 RSI: 0000000000000107 RDI: 0000000000000010
[   35.678424] RBP: 0000000000000082 R08: 00000000208a5000 R09: 0000000000000000
[   35.685671] R10: 0000000020ec8000 R11: 0000000000000212 R12: 0000000000000000
[   35.692909] R13: 00007ffc5fac8abf R14: 00007ff2d6ab49c0 R15: 0000000000000004
[   35.700536] Dumping ftrace buffer:
[   35.704041]    (ftrace buffer empty)
[   35.707718] Kernel Offset: disabled
[   35.711315] Rebooting in 86400 seconds..