INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-kasan-gce-5,10.128.15.216' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 41.130104] dev_remove_pack: ffff8801ccd7b180 not found [ 41.178980] ================================================================== [ 41.186383] BUG: KASAN: use-after-free in __netif_receive_skb_core+0x2be3/0x33d0 [ 41.193890] Read of size 2 at addr ffff8801cc5cb0c0 by task syzkaller282292/3690 [ 41.201391] [ 41.202995] CPU: 0 PID: 3690 Comm: syzkaller282292 Not tainted 4.13.0+ #80 [ 41.209975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.219322] Call Trace: [ 41.221873] [ 41.223998] dump_stack+0x194/0x257 [ 41.227599] ? arch_local_irq_restore+0x53/0x53 [ 41.232240] ? show_regs_print_info+0x65/0x65 [ 41.236715] ? __netif_receive_skb_core+0x2be3/0x33d0 [ 41.241879] print_address_description+0x73/0x250 [ 41.246698] ? __netif_receive_skb_core+0x2be3/0x33d0 [ 41.251862] kasan_report+0x24e/0x340 [ 41.255641] __asan_report_load2_noabort+0x14/0x20 [ 41.260541] __netif_receive_skb_core+0x2be3/0x33d0 [ 41.265530] ? __bpf_address_lookup+0x2b0/0x2b0 [ 41.270184] ? nf_ingress+0x9f0/0x9f0 [ 41.273957] ? unwind_dump+0x4c0/0x4c0 [ 41.277816] ? check_noncircular+0x20/0x20 [ 41.282035] ? check_noncircular+0x20/0x20 [ 41.286240] ? __kernel_text_address+0xae/0xe0 [ 41.290798] ? __save_stack_trace+0x7e/0xd0 [ 41.295102] ? print_usage_bug+0x480/0x480 [ 41.299310] ? perf_trace_lock+0x860/0x860 [ 41.303524] ? find_held_lock+0x39/0x1d0 [ 41.307565] ? perf_trace_lock_acquire+0xfe/0x900 [ 41.312392] ? perf_trace_lock+0x860/0x860 [ 41.316605] ? lock_acquire+0x1d5/0x580 [ 41.320554] ? netif_receive_skb_internal+0x1d7/0x670 [ 41.325732] ? pvclock_read_flags+0x160/0x160 [ 41.330199] ? mark_held_locks+0xb2/0x100 [ 41.334327] ? lock_acquire+0x1d5/0x580 [ 41.338273] ? netif_receive_skb_internal+0xa2/0x670 [ 41.343365] ? ktime_get_with_offset+0x2c1/0x420 [ 41.348101] ? lock_release+0xd70/0xd70 [ 41.352044] ? ktime_get+0x3a0/0x3a0 [ 41.355744] __netif_receive_skb+0x2c/0x1b0 [ 41.360035] ? __netif_receive_skb+0x2c/0x1b0 [ 41.364508] netif_receive_skb_internal+0x10b/0x670 [ 41.369497] ? dev_cpu_dead+0xb00/0xb00 [ 41.373444] ? __alloc_pages_nodemask+0xd80/0xd80 [ 41.378265] ? net_rx_action+0x1910/0x1910 [ 41.382477] ? __lock_is_held+0xbc/0x140 [ 41.386521] ? skb_gro_reset_offset+0x17b/0x300 [ 41.391173] napi_gro_receive+0x3d0/0x500 [ 41.395297] ? dev_gro_receive+0x19b0/0x19b0 [ 41.399681] ? eth_type_trans+0x2a3/0x650 [ 41.403806] ? eth_gro_receive+0x810/0x810 [ 41.408029] receive_buf+0xcc5/0x51f0 [ 41.411820] ? virtnet_set_rx_mode+0x9f0/0x9f0 [ 41.416378] ? print_usage_bug+0x480/0x480 [ 41.420588] ? __unwind_start+0x169/0x330 [ 41.424710] ? unwind_get_return_address+0x61/0xa0 [ 41.429611] ? __save_stack_trace+0x61/0xd0 [ 41.433914] ? rcu_report_qs_rnp+0x613/0x880 [ 41.438301] ? save_stack_trace+0x16/0x20 [ 41.442422] ? __lock_acquire+0x20fd/0x4620 [ 41.446726] ? find_held_lock+0x39/0x1d0 [ 41.450775] ? __lock_acquire+0x732/0x4620 [ 41.454983] ? check_noncircular+0x20/0x20 [ 41.459208] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 41.464384] ? __read_once_size_nocheck.constprop.8+0x10/0x10 [ 41.470237] ? hrtimer_interrupt+0x1d4/0x5f0 [ 41.474613] ? hrtimer_interrupt+0x1d4/0x5f0 [ 41.478994] ? __lock_is_held+0xbc/0x140 [ 41.483030] ? __x2apic_send_IPI_dest.constprop.7+0x5b/0x80 [ 41.488721] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 41.493722] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 41.498810] ? unwind_dump+0x4c0/0x4c0 [ 41.502676] ? unwind_dump+0x4c0/0x4c0 [ 41.506540] ? perf_trace_lock_acquire+0xfe/0x900 [ 41.511367] ? __unwind_start+0x169/0x330 [ 41.515493] ? unwind_get_return_address+0x61/0xa0 [ 41.520394] ? __save_stack_trace+0x61/0xd0 [ 41.524700] ? get_stack_info+0x37/0x150 [ 41.528737] ? update_stack_state+0x225/0x700 [ 41.533215] ? __read_once_size_nocheck.constprop.8+0x10/0x10 [ 41.539071] ? lock_is_held_type+0x18b/0x210 [ 41.543465] ? find_held_lock+0x39/0x1d0 [ 41.547507] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 41.552504] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 41.557495] ? unwind_dump+0x4c0/0x4c0 [ 41.561363] ? unwind_dump+0x4c0/0x4c0 [ 41.565241] ? check_noncircular+0x20/0x20 [ 41.569446] ? pvclock_read_flags+0x160/0x160 [ 41.573921] ? __unwind_start+0x169/0x330 [ 41.578043] ? print_usage_bug+0x480/0x480 [ 41.582247] ? unwind_get_return_address+0x61/0xa0 [ 41.587153] ? __save_stack_trace+0x61/0xd0 [ 41.591456] ? lock_is_held_type+0x18b/0x210 [ 41.595842] ? save_stack_trace+0x16/0x20 [ 41.599963] ? __lock_acquire+0x20fd/0x4620 [ 41.604260] ? vring_use_dma_api+0x7f/0xa0 [ 41.608467] ? vring_unmap_one+0x49/0x3d0 [ 41.612594] ? detach_buf+0x463/0x6a0 [ 41.616375] ? print_usage_bug+0x480/0x480 [ 41.620595] ? virtqueue_get_buf_ctx+0x3b1/0x8b0 [ 41.625332] ? common_interrupt+0x9d/0x9d [ 41.629458] ? detach_buf+0x6a0/0x6a0 [ 41.633245] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 41.638239] virtnet_poll+0x304/0xad0 [ 41.642032] ? receive_buf+0x51f0/0x51f0 [ 41.646063] ? unwind_dump+0x4c0/0x4c0 [ 41.649931] ? mark_held_locks+0xb2/0x100 [ 41.654055] ? net_rx_action+0x49b/0x1910 [ 41.658184] net_rx_action+0x792/0x1910 [ 41.662157] ? napi_complete_done+0x6c0/0x6c0 [ 41.666624] ? save_stack_trace+0x16/0x20 [ 41.670742] ? __lock_acquire+0x20fd/0x4620 [ 41.675037] ? perf_trace_lock+0x860/0x860 [ 41.679262] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 41.684433] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 41.689597] ? check_noncircular+0x20/0x20 [ 41.693804] ? check_noncircular+0x20/0x20 [ 41.698018] ? __lock_is_held+0xbc/0x140 [ 41.702065] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.707063] ? __raise_softirq_irqoff+0x21c/0x2c0 [ 41.711879] ? raise_softirq+0x490/0x490 [ 41.715911] ? lock_downgrade+0x990/0x990 [ 41.720032] ? print_usage_bug+0x480/0x480 [ 41.724239] ? lock_acquire+0x1d5/0x580 [ 41.728194] ? clockevents_program_event+0x163/0x2e0 [ 41.733270] ? trace_hardirqs_off+0xd/0x10 [ 41.737479] ? __napi_schedule+0x25e/0x370 [ 41.741689] ? netdev_info+0x170/0x170 [ 41.745546] ? check_noncircular+0x20/0x20 [ 41.749758] ? check_noncircular+0x20/0x20 [ 41.753966] ? __lock_is_held+0xbc/0x140 [ 41.758006] ? perf_trace_lock+0x860/0x860 [ 41.762216] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.767205] ? __handle_irq_event_percpu+0x308/0x9d0 [ 41.772290] ? __lock_is_held+0xbc/0x140 [ 41.776340] __do_softirq+0x2bb/0xbd0 [ 41.780125] ? __softirqentry_text_start+0x8/0x8 [ 41.784855] ? do_raw_spin_trylock+0x190/0x190 [ 41.789405] ? handle_irq_event_percpu+0x141/0x1b0 [ 41.794306] ? __handle_irq_event_percpu+0x9d0/0x9d0 [ 41.799389] ? _raw_spin_lock+0x32/0x40 [ 41.803337] ? _raw_spin_unlock+0x22/0x30 [ 41.807456] ? handle_edge_irq+0x2b4/0x7c0 [ 41.811676] irq_exit+0x1d3/0x210 [ 41.815102] do_IRQ+0xf6/0x190 [ 41.818270] common_interrupt+0x9d/0x9d [ 41.822215] [ 41.824421] RIP: 0010:debug_lockdep_rcu_enabled+0x42/0x90 [ 41.829927] RSP: 0000:ffff8801cca8f110 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff6e [ 41.837608] RAX: 0000000000000007 RBX: dffffc0000000000 RCX: 0000000000000000 [ 41.844846] RDX: 0000000000000002 RSI: 0000000009fb5b8d RDI: ffffffff85cc09a0 [ 41.852087] RBP: ffff8801cca8f110 R08: 0000000000000000 R09: 0000000000000001 [ 41.859328] R10: 0000000000000000 R11: ffffffff87060ca0 R12: ffffea00073b3dc0 [ 41.866572] R13: 0000000000000000 R14: ffffea00073b3dc0 R15: ffff8801cca8f418 [ 41.873839] lock_page_memcg+0x94/0x3b0 [ 41.877784] ? __mem_cgroup_largest_soft_limit_node+0x780/0x780 [ 41.883822] ? __mem_cgroup_largest_soft_limit_node+0x780/0x780 [ 41.889848] ? perf_trace_lock_acquire+0xfe/0x900 [ 41.894673] page_add_file_rmap+0xef/0xa90 [ 41.898882] ? page_add_new_anon_rmap+0x750/0x750 [ 41.903705] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 41.908696] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 41.913683] ? unwind_dump+0x4c0/0x4c0 [ 41.917550] ? lock_acquire+0x1d5/0x580 [ 41.921493] ? alloc_set_pte+0x1162/0x18f0 [ 41.925709] ? lock_release+0xd70/0xd70 [ 41.929660] ? idr_preload+0x30/0x30 [ 41.933364] alloc_set_pte+0x89a/0x18f0 [ 41.937321] ? do_swap_page+0x29e0/0x29e0 [ 41.941442] ? unlock_page+0x19f/0x270 [ 41.945309] ? __lock_is_held+0xbc/0x140 [ 41.949357] filemap_map_pages+0x1080/0x15d0 [ 41.953751] ? find_get_entries_tag+0xeb0/0xeb0 [ 41.958397] ? __lock_acquire+0x732/0x4620 [ 41.962600] ? __lock_acquire+0x732/0x4620 [ 41.966801] ? print_usage_bug+0x480/0x480 [ 41.971006] ? mem_cgroup_css_offline+0x510/0x510 [ 41.975819] ? __lock_is_held+0xbc/0x140 [ 41.979957] ? __lru_cache_add+0x2a4/0x410 [ 41.984176] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 41.989338] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 41.994497] ? check_noncircular+0x20/0x20 [ 41.998703] ? lock_page_memcg+0x3b0/0x3b0 [ 42.002911] ? perf_trace_lock_acquire+0xfe/0x900 [ 42.007722] ? __lock_is_held+0xbc/0x140 [ 42.011764] ? lru_cache_add+0x1c7/0x3a0 [ 42.015795] ? get_mem_cgroup_from_mm+0x710/0x710 [ 42.020618] ? lru_cache_add_file+0x20/0x20 [ 42.024919] ? find_held_lock+0x39/0x1d0 [ 42.028967] ? lock_downgrade+0x990/0x990 [ 42.033092] ? lru_cache_add_active_or_unevictable+0x20e/0x540 [ 42.039038] ? add_page_to_unevictable_list+0x730/0x730 [ 42.044373] ? __handle_mm_fault+0x2780/0x39c0 [ 42.048945] ? check_noncircular+0x20/0x20 [ 42.053151] ? lockdep_init_map+0x3d/0x70 [ 42.057272] ? perf_trace_lock_acquire+0xfe/0x900 [ 42.062100] __handle_mm_fault+0x1f57/0x39c0 [ 42.066485] ? __pmd_alloc+0x4e0/0x4e0 [ 42.070353] ? lock_downgrade+0x990/0x990 [ 42.074473] ? find_held_lock+0x39/0x1d0 [ 42.078510] ? __lock_is_held+0xbc/0x140 [ 42.082574] handle_mm_fault+0x334/0x8d0 [ 42.086605] ? down_read_trylock+0xdb/0x170 [ 42.090898] ? __do_page_fault+0x2b8/0xb60 [ 42.095106] ? __handle_mm_fault+0x39c0/0x39c0 [ 42.099658] ? vmacache_find+0x61/0x270 [ 42.103606] ? find_vma+0x30/0x150 [ 42.107120] __do_page_fault+0x4f6/0xb60 [ 42.111164] do_page_fault+0xee/0x720 [ 42.114935] ? __do_page_fault+0xb60/0xb60 [ 42.119151] ? SyS_mmap_pgoff+0x243/0x5f0 [ 42.123275] ? lockdep_sys_exit+0x47/0xf0 [ 42.127395] ? retint_user+0x18/0x20 [ 42.131086] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.135911] page_fault+0x22/0x30 [ 42.139336] RIP: 0033:0x424360 [ 42.142496] RSP: 002b:00007ffe6c7717a8 EFLAGS: 00010206 [ 42.147850] RAX: 0000000000000e6a RBX: 00007fa95d6fe700 RCX: 0000000000445eda [ 42.155092] RDX: 0000000000801000 RSI: 0000000000000010 RDI: 0000000000000011 [ 42.162333] RBP: 000000000000000f R08: ffffffffffffffff R09: 0000000000000000 [ 42.169571] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe6c771840