INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added 'ci-upstream-kasan-gce-0,10.128.0.32' (ECDSA) to the list of known hosts.
2017/09/12 06:52:17 parsed 1 programs
2017/09/12 06:52:17 executed programs: 0
syzkaller login: [ 32.243488] dev_remove_pack: ffff8801ca81ac00 not found
[ 32.272639] ==================================================================
[ 32.280066] BUG: KASAN: use-after-free in __list_add_valid+0xb1/0xd0
[ 32.286535] Read of size 8 at addr ffff8801ca4accf0 by task syz-executor1/3878
[ 32.293865]
[ 32.295469] CPU: 0 PID: 3878 Comm: syz-executor1 Not tainted 4.13.0+ #79
[ 32.302278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 32.311603] Call Trace:
[ 32.314163] dump_stack+0x194/0x257
[ 32.317766] ? arch_local_irq_restore+0x53/0x53
[ 32.322410] ? show_regs_print_info+0x65/0x65
[ 32.326880] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 32.331875] ? __list_add_valid+0xb1/0xd0
[ 32.335998] print_address_description+0x73/0x250
[ 32.340817] ? __list_add_valid+0xb1/0xd0
[ 32.344938] kasan_report+0x24e/0x340
[ 32.348716] __asan_report_load8_noabort+0x14/0x20
[ 32.353617] __list_add_valid+0xb1/0xd0
[ 32.357576] dev_add_pack+0x113/0x2b0
[ 32.361349] ? napi_skb_free_stolen_head+0x170/0x170
[ 32.366422] ? __lockdep_init_map+0xe4/0x650
[ 32.370811] ? lockdep_init_map+0x3d/0x70
[ 32.374940] register_prot_hook.part.49+0x95/0xb0
[ 32.379756] packet_create+0x820/0xb00
[ 32.383617] ? sock_destroy_inode+0x70/0x70
[ 32.387914] ? register_prot_hook.part.49+0xb0/0xb0
[ 32.392904] ? __sock_create+0x211/0x850
[ 32.396943] ? module_unload_free+0x5b0/0x5b0
[ 32.401416] ? lock_release+0xd70/0xd70
[ 32.405372] ? __lock_is_held+0xbc/0x140
[ 32.409428] __sock_create+0x4d4/0x850
[ 32.413288] ? __fget_light+0x29d/0x390
[ 32.417241] ? ___sys_recvmsg+0x630/0x630
[ 32.421366] ? __fdget+0x18/0x20
[ 32.424709] ? SyS_futex+0x260/0x390
[ 32.428392] ? SyS_futex+0x269/0x390
[ 32.432086] ? SyS_setsockopt+0x215/0x360
[ 32.436214] SyS_socket+0xeb/0x200
[ 32.439727] ? entry_SYSCALL_64_fastpath+0x5/0xbe
[ 32.444543] ? move_addr_to_kernel+0x60/0x60
[ 32.448925] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 32.453917] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 32.458665] entry_SYSCALL_64_fastpath+0x1f/0xbe
[ 32.463394] RIP: 0033:0x451e59
[ 32.466556] RSP: 002b:00007f89bbc2bc08 EFLAGS: 00000216 ORIG_RAX: 0000000000000029
[ 32.474240] RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59
[ 32.481486] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000011
[ 32.488728] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
[ 32.495969] R10: 0000000000000000 R11: 0000000000000216 R12: 0000000000000000
[ 32.503212] R13: 00007ffe328c26df R14: 00007f89bbc2c9c0 R15: 0000000000000000
[ 32.510476]
[ 32.512076] Allocated by task 3853:
[ 32.515678] save_stack_trace+0x16/0x20
[ 32.519624] save_stack+0x43/0xd0
[ 32.523049] kasan_kmalloc+0xad/0xe0
[ 32.526740] kmem_cache_alloc_trace+0x136/0x750
[ 32.531383] fanout_add+0xa50/0x1190
[ 32.535068] packet_setsockopt+0xfdc/0x1e80
[ 32.539360] SyS_setsockopt+0x189/0x360
[ 32.543305] entry_SYSCALL_64_fastpath+0x1f/0xbe
[ 32.548030]
[ 32.549632] Freed by task 3874:
[ 32.552884] save_stack_trace+0x16/0x20
[ 32.556830] save_stack+0x43/0xd0
[ 32.560253] kasan_slab_free+0x71/0xc0
[ 32.564112] kfree+0xca/0x250
[ 32.567188] packet_release+0xa8f/0xd70
[ 32.571135] sock_release+0x8d/0x1e0
[ 32.574820] sock_close+0x16/0x20
[ 32.578244] __fput+0x333/0x7f0
[ 32.581493] ____fput+0x15/0x20
[ 32.584747] task_work_run+0x199/0x270
[ 32.588605] do_exit+0xa52/0x1b40
[ 32.592034] do_group_exit+0x149/0x400
[ 32.595895] get_signal+0x7e8/0x17e0
[ 32.599583] do_signal+0x94/0x1ee0
[ 32.603096] exit_to_usermode_loop+0x224/0x300
[ 32.607651] syscall_return_slowpath+0x42f/0x500
[ 32.612379] entry_SYSCALL_64_fastpath+0xbc/0xbe
[ 32.617102]
[ 32.618701] The buggy address belongs to the object at ffff8801ca4ac440
[ 32.618701] which belongs to the cache kmalloc-4096 of size 4096
[ 32.631505] The buggy address is located 2224 bytes inside of
[ 32.631505] 4096-byte region [ffff8801ca4ac440, ffff8801ca4ad440)
[ 32.643524] The buggy address belongs to the page:
[ 32.648426] page:ffffea0007292b00 count:1 mapcount:0 mapping:ffff8801ca4ac440 index:0x0 compound_mapcount: 0
[ 32.658373] flags: 0x200000000008100(slab|head)
[ 32.663020] raw: 0200000000008100 ffff8801ca4ac440 0000000000000000 0000000100000001
[ 32.670879] raw: ffffea0007292920 ffffea0007292ba0 ffff8801dac00dc0 0000000000000000
[ 32.678730] page dumped because: kasan: bad access detected
[ 32.684411]
[ 32.686016] Memory state around the buggy address:
[ 32.690921] ffff8801ca4acb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 32.698264] ffff8801ca4acc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 32.705596] >ffff8801ca4acc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 32.712928] ^
[ 32.719912] ffff8801ca4acd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 32.727244] ffff8801ca4acd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 32.734572] ==================================================================
[ 32.741898] Disabling lock debugging due to kernel taint
[ 32.747396] Kernel panic - not syncing: panic_on_warn set ...
[ 32.747396]
[ 32.754728] CPU: 0 PID: 3878 Comm: syz-executor1 Tainted: G B 4.13.0+ #79
[ 32.762745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 32.772063] Call Trace:
[ 32.774619] dump_stack+0x194/0x257
[ 32.778212] ? arch_local_irq_restore+0x53/0x53
[ 32.782850] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 32.787574] ? __list_add_valid+0xa0/0xd0
[ 32.791690] panic+0x1e4/0x417
[ 32.794848] ? __warn+0x1d9/0x1d9
[ 32.798276] ? __list_add_valid+0xb1/0xd0
[ 32.802392] kasan_end_report+0x50/0x50
[ 32.806335] kasan_report+0x137/0x340
[ 32.810103] __asan_report_load8_noabort+0x14/0x20
[ 32.814998] __list_add_valid+0xb1/0xd0
[ 32.818944] dev_add_pack+0x113/0x2b0
[ 32.822710] ? napi_skb_free_stolen_head+0x170/0x170
[ 32.827776] ? __lockdep_init_map+0xe4/0x650
[ 32.832154] ? lockdep_init_map+0x3d/0x70
[ 32.836273] register_prot_hook.part.49+0x95/0xb0
[ 32.841080] packet_create+0x820/0xb00
[ 32.844933] ? sock_destroy_inode+0x70/0x70
[ 32.849221] ? register_prot_hook.part.49+0xb0/0xb0
[ 32.854203] ? __sock_create+0x211/0x850
[ 32.858230] ? module_unload_free+0x5b0/0x5b0
[ 32.862693] ? lock_release+0xd70/0xd70
[ 32.866636] ? __lock_is_held+0xbc/0x140
[ 32.870669] __sock_create+0x4d4/0x850
[ 32.874524] ? __fget_light+0x29d/0x390
[ 32.878468] ? ___sys_recvmsg+0x630/0x630
[ 32.882581] ? __fdget+0x18/0x20
[ 32.885915] ? SyS_futex+0x260/0x390
[ 32.889593] ? SyS_futex+0x269/0x390
[ 32.893270] ? SyS_setsockopt+0x215/0x360
[ 32.897386] SyS_socket+0xeb/0x200
[ 32.900896] ? entry_SYSCALL_64_fastpath+0x5/0xbe
[ 32.905705] ? move_addr_to_kernel+0x60/0x60
[ 32.910077] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 32.915059] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 32.919789] entry_SYSCALL_64_fastpath+0x1f/0xbe
[ 32.924507] RIP: 0033:0x451e59
[ 32.927662] RSP: 002b:00007f89bbc2bc08 EFLAGS: 00000216 ORIG_RAX: 0000000000000029
[ 32.935334] RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451e59
[ 32.942572] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000011
[ 32.949806] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
[ 32.957044] R10: 0000000000000000 R11: 0000000000000216 R12: 0000000000000000
[ 32.964279] R13: 00007ffe328c26df R14: 00007f89bbc2c9c0 R15: 0000000000000000
[ 32.971958] Dumping ftrace buffer:
[ 32.975463] (ftrace buffer empty)
[ 32.979144] Kernel Offset: disabled
[ 32.982736] Rebooting in 86400 seconds..