INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-9,10.128.15.194' (ECDSA) to the list of known hosts.
2017/09/21 23:10:45 parsed 1 programs
2017/09/21 23:10:45 executed programs: 0
2017/09/21 23:10:50 executed programs: 100
2017/09/21 23:10:55 executed programs: 198
syzkaller login: [   48.647740] ==================================================================
[   48.655139] BUG: KASAN: use-after-free in packet_getsockopt+0xc72/0xe00
[   48.661860] Read of size 8 at addr ffff8801cbbbc9d8 by task syz-executor0/3639
[   48.669188] 
[   48.670787] CPU: 1 PID: 3639 Comm: syz-executor0 Not tainted 4.13.0-mm1+ #7
[   48.677852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.687173] Call Trace:
[   48.689732]  dump_stack+0x194/0x257
[   48.693333]  ? arch_local_irq_restore+0x53/0x53
[   48.698015]  ? show_regs_print_info+0x65/0x65
[   48.702511]  ? lock_release+0xd70/0xd70
[   48.706463]  ? packet_getsockopt+0xc72/0xe00
[   48.710842]  print_address_description+0x73/0x250
[   48.715655]  ? packet_getsockopt+0xc72/0xe00
[   48.720035]  kasan_report+0x24e/0x340
[   48.723808]  __asan_report_load8_noabort+0x14/0x20
[   48.729210]  packet_getsockopt+0xc72/0xe00
[   48.733421]  ? packet_notifier+0x950/0x950
[   48.737625]  ? SYSC_perf_event_open+0x4c3/0x2e00
[   48.742356]  ? __fget_light+0x29d/0x390
[   48.746303]  ? sock_has_perm+0x29c/0x400
[   48.750340]  ? selinux_tun_dev_create+0xc0/0xc0
[   48.754980]  ? perf_event_set_output+0x5a0/0x5a0
[   48.759707]  ? exit_to_usermode_loop+0x98/0x300
[   48.764352]  ? trace_hardirqs_off+0xd/0x10
[   48.768562]  ? exit_to_usermode_loop+0x1a8/0x300
[   48.773295]  ? selinux_socket_getsockopt+0x36/0x40
[   48.778198]  ? security_socket_getsockopt+0x89/0xb0
[   48.783188]  SyS_getsockopt+0x178/0x340
[   48.787137]  ? SyS_setsockopt+0x360/0x360
[   48.791257]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   48.796072]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   48.801059]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   48.805794]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   48.810520] RIP: 0033:0x4520a9
[   48.813679] RSP: 002b:00007fd8ef11ec08 EFLAGS: 00000216 ORIG_RAX: 0000000000000037
[   48.821364] RAX: ffffffffffffffda RBX: 00000000007180b0 RCX: 00000000004520a9
[   48.828605] RDX: 0000000000000015 RSI: 0000000000000107 RDI: 000000000000000c
[   48.835844] RBP: 0000000000000082 R08: 00000000208a5000 R09: 0000000000000000
[   48.843084] R10: 0000000020ec8000 R11: 0000000000000216 R12: 00000000004ba8d7
[   48.850324] R13: 00000000ffffffff R14: 0000000020940000 R15: 0000000000000000
[   48.857580] 
[   48.859177] Allocated by task 3638:
[   48.862775]  save_stack_trace+0x16/0x20
[   48.866719]  save_stack+0x43/0xd0
[   48.870140]  kasan_kmalloc+0xad/0xe0
[   48.873829]  kmem_cache_alloc_trace+0x136/0x750
[   48.878469]  fanout_add+0x345/0x1190
[   48.882151]  packet_setsockopt+0xfdc/0x1e80
[   48.886443]  SyS_setsockopt+0x189/0x360
[   48.890390]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   48.895114] 
[   48.896712] Freed by task 3638:
[   48.899959]  save_stack_trace+0x16/0x20
[   48.903903]  save_stack+0x43/0xd0
[   48.907324]  kasan_slab_free+0x71/0xc0
[   48.911191]  kfree+0xca/0x250
[   48.914266]  fanout_add+0x2d0/0x1190
[   48.917948]  packet_setsockopt+0xfdc/0x1e80
[   48.922239]  SyS_setsockopt+0x189/0x360
[   48.926183]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   48.930902] 
[   48.932499] The buggy address belongs to the object at ffff8801cbbbc9c0
[   48.932499]  which belongs to the cache kmalloc-128 of size 128
[   48.945123] The buggy address is located 24 bytes inside of
[   48.945123]  128-byte region [ffff8801cbbbc9c0, ffff8801cbbbca40)
[   48.956875] The buggy address belongs to the page:
[   48.961772] page:ffffea00072eef00 count:1 mapcount:0 mapping:ffff8801cbbbc000 index:0x0
[   48.969885] flags: 0x200000000000100(slab)
[   48.974089] raw: 0200000000000100 ffff8801cbbbc000 0000000000000000 0000000100000015
[   48.981939] raw: ffffea00072cbc60 ffff8801dac01550 ffff8801dac00640 0000000000000000
[   48.989785] page dumped because: kasan: bad access detected
[   48.995460] 
[   48.997053] Memory state around the buggy address:
[   49.001949]  ffff8801cbbbc880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   49.009276]  ffff8801cbbbc900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   49.016604] >ffff8801cbbbc980: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   49.023929]                                                     ^
[   49.030219]  ffff8801cbbbca00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   49.037544]  ffff8801cbbbca80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   49.044868] ==================================================================
[   49.052192] Disabling lock debugging due to kernel taint
[   49.057662] Kernel panic - not syncing: panic_on_warn set ...
[   49.057662] 
[   49.064991] CPU: 1 PID: 3639 Comm: syz-executor0 Tainted: G    B           4.13.0-mm1+ #7
[   49.073268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.082586] Call Trace:
[   49.085141]  dump_stack+0x194/0x257
[   49.088736]  ? arch_local_irq_restore+0x53/0x53
[   49.093373]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   49.098096]  ? packet_getsockopt+0xc40/0xe00
[   49.102480]  panic+0x1e4/0x417
[   49.105640]  ? __warn+0x1d9/0x1d9
[   49.109062]  ? packet_getsockopt+0xc72/0xe00
[   49.113436]  kasan_end_report+0x50/0x50
[   49.117374]  kasan_report+0x137/0x340
[   49.121138]  __asan_report_load8_noabort+0x14/0x20
[   49.126030]  packet_getsockopt+0xc72/0xe00
[   49.130229]  ? packet_notifier+0x950/0x950
[   49.134428]  ? SYSC_perf_event_open+0x4c3/0x2e00
[   49.139150]  ? __fget_light+0x29d/0x390
[   49.143089]  ? sock_has_perm+0x29c/0x400
[   49.147118]  ? selinux_tun_dev_create+0xc0/0xc0
[   49.151753]  ? perf_event_set_output+0x5a0/0x5a0
[   49.156475]  ? exit_to_usermode_loop+0x98/0x300
[   49.161113]  ? trace_hardirqs_off+0xd/0x10
[   49.165311]  ? exit_to_usermode_loop+0x1a8/0x300
[   49.170034]  ? selinux_socket_getsockopt+0x36/0x40
[   49.174927]  ? security_socket_getsockopt+0x89/0xb0
[   49.179909]  SyS_getsockopt+0x178/0x340
[   49.183848]  ? SyS_setsockopt+0x360/0x360
[   49.187964]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   49.192771]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   49.197749]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   49.202474]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   49.207193] RIP: 0033:0x4520a9
[   49.210350] RSP: 002b:00007fd8ef11ec08 EFLAGS: 00000216 ORIG_RAX: 0000000000000037
[   49.218019] RAX: ffffffffffffffda RBX: 00000000007180b0 RCX: 00000000004520a9
[   49.225251] RDX: 0000000000000015 RSI: 0000000000000107 RDI: 000000000000000c
[   49.232484] RBP: 0000000000000082 R08: 00000000208a5000 R09: 0000000000000000
[   49.239720] R10: 0000000020ec8000 R11: 0000000000000216 R12: 00000000004ba8d7
[   49.246956] R13: 00000000ffffffff R14: 0000000020940000 R15: 0000000000000000
[   49.254233] Dumping ftrace buffer:
[   49.257748]    (ftrace buffer empty)
[   49.261429] Kernel Offset: disabled
[   49.265023] Rebooting in 86400 seconds..