INIT: Entering runlevel: 2

[info] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-android-49-kasan-gce-0,10.128.15.207' (ECDSA) to the list of known hosts.
2017/09/04 19:49:08 parsed 1 programs
2017/09/04 19:49:08 executed programs: 0
syzkaller login: [   26.504724] dev_remove_pack: ffff8801c42a0780 not found
2017/09/04 19:49:13 executed programs: 181
[   30.431731] ==================================================================
[   30.439155] BUG: KASAN: use-after-free in fanout_demux_rollover+0x49b/0x4d0 at addr ffff8801c42a0738
[   30.448391] Read of size 8 by task swapper/0/0
[   30.452941] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.47-g6cd2127 #39
[   30.459833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.469153]  ffff8801db2077e0 ffffffff81d93049 ffff8801da002000 ffff8801c42a0000
[   30.477116]  ffff8801c42a0800 ffffed00388540e7 ffff8801c42a0738 ffff8801db207808
[   30.485075]  ffffffff8153cbcc ffffed00388540e7 ffff8801da002000 0000000000000000
[   30.493023] Call Trace:
[   30.495572]  <IRQ> [   30.497607]  [<ffffffff81d93049>] dump_stack+0xc1/0x128
[   30.502953]  [<ffffffff8153cbcc>] kasan_object_err+0x1c/0x70
[   30.508714]  [<ffffffff8153ce8c>] kasan_report.part.1+0x21c/0x500
[   30.514915]  [<ffffffff8354643b>] ? fanout_demux_rollover+0x49b/0x4d0
[   30.521459]  [<ffffffff82ee76f7>] ? kfree_skbmem+0xd7/0xf0
[   30.527051]  [<ffffffff8153d229>] __asan_report_load8_noabort+0x29/0x30
[   30.533771]  [<ffffffff8354643b>] fanout_demux_rollover+0x49b/0x4d0
[   30.540139]  [<ffffffff8354d0a6>] packet_rcv_fanout+0x3e6/0x620
[   30.546162]  [<ffffffff82f34397>] __netif_receive_skb_core+0x887/0x29e0
[   30.552884]  [<ffffffff8123b950>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   30.559865]  [<ffffffff82f33b10>] ? netif_wake_subqueue+0x210/0x210
[   30.566236]  [<ffffffff82f3ac02>] ? netif_receive_skb_internal+0x92/0x390
[   30.573127]  [<ffffffff82f3654b>] __netif_receive_skb+0x5b/0x1c0
[   30.579239]  [<ffffffff82f3ac6f>] netif_receive_skb_internal+0xff/0x390
[   30.585971]  [<ffffffff82f3ac02>] ? netif_receive_skb_internal+0x92/0x390
[   30.592862]  [<ffffffff82f3ab70>] ? dev_cpu_callback+0x680/0x680
[   30.598971]  [<ffffffff82f3d5b6>] ? dev_gro_receive+0x1d6/0x16f0
[   30.605080]  [<ffffffff82f3da5a>] ? dev_gro_receive+0x67a/0x16f0
[   30.611189]  [<ffffffff82fd7bd8>] ? eth_type_trans+0x2a8/0x5d0
[   30.617133]  [<ffffffff82f3eccb>] napi_gro_receive+0x1fb/0x400
[   30.623072]  [<ffffffff8271d59c>] virtnet_receive+0xe1c/0x1cf0
[   30.629007]  [<ffffffff8271c780>] ? virtnet_open+0x250/0x250
[   30.634772]  [<ffffffff81dfa14b>] ? check_preemption_disabled+0x3b/0x200
[   30.641579]  [<ffffffff8123b950>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   30.648565]  [<ffffffff81dfa14b>] ? check_preemption_disabled+0x3b/0x200
[   30.655370]  [<ffffffff81dfa32c>] ? debug_smp_processor_id+0x1c/0x20
[   30.661826]  [<ffffffff8271e496>] virtnet_poll+0x26/0x140
[   30.667330]  [<ffffffff82f3c976>] net_rx_action+0x396/0xe00
[   30.673005]  [<ffffffff82f3c5e0>] ? sk_busy_loop+0xca0/0xca0
[   30.678772]  [<ffffffff812790c7>] ? handle_edge_irq+0x417/0x8e0
[   30.684798]  [<ffffffff838aa18e>] ? _raw_spin_lock+0x3e/0x50
[   30.690563]  [<ffffffff81dfa14b>] ? check_preemption_disabled+0x3b/0x200
[   30.697370]  [<ffffffff838adc1d>] __do_softirq+0x22d/0x964
[   30.702961]  [<ffffffff81147985>] irq_exit+0x165/0x190
[   30.708204]  [<ffffffff838ad397>] do_IRQ+0x107/0x1b0
[   30.713288]  [<ffffffff838ab74c>] common_interrupt+0x8c/0x8c
[   30.719049]  <EOI> [   30.721081]  [<ffffffff838a99f6>] ? native_safe_halt+0x6/0x10
[   30.726946]  [<ffffffff8123b32d>] ? trace_hardirqs_on+0xd/0x10
[   30.732889]  [<ffffffff838a9025>] default_idle+0x55/0x360
[   30.738395]  [<ffffffff8106c35a>] arch_cpu_idle+0xa/0x10
[   30.743812]  [<ffffffff838a9e46>] default_idle_call+0x36/0x60
[   30.749666]  [<ffffffff8122604c>] cpu_startup_entry+0x30c/0x3d0
[   30.755688]  [<ffffffff81225d40>] ? cpu_in_idle+0x20/0x20
[   30.761191]  [<ffffffff838961f4>] rest_init+0x184/0x190
[   30.766522]  [<ffffffff84a658a7>] start_kernel+0x679/0x6ae
[   30.772112]  [<ffffffff84a6522e>] ? thread_stack_cache_init+0xb/0xb
[   30.778486]  [<ffffffff84a64120>] ? early_idt_handler_array+0x120/0x120
[   30.785214]  [<ffffffff84a6429d>] x86_64_start_reservations+0x2a/0x2c
[   30.791762]  [<ffffffff84a643df>] x86_64_start_kernel+0x140/0x163
[   30.797962] Object at ffff8801c42a0000, in cache kmalloc-2048 size: 2048
[   30.804764] Allocated:
[   30.807223] PID = 3417
[   30.809692]  save_stack_trace+0x16/0x20
[   30.813632]  save_stack+0x43/0xd0
[   30.817048]  kasan_kmalloc+0xad/0xe0
[   30.820726]  __kmalloc+0x11d/0x310
[   30.824237]  sk_prot_alloc+0x101/0x2a0
[   30.828088]  sk_alloc+0x3a/0x3a0
[   30.831421]  packet_create+0xf0/0x8e0
[   30.835183]  __sock_create+0x3ab/0x640
[   30.839034]  SyS_socket+0xf0/0x1b0
[   30.842538]  entry_SYSCALL_64_fastpath+0x23/0xc6
[   30.847254] Freed:
[   30.849367] PID = 3419
[   30.851834]  save_stack_trace+0x16/0x20
[   30.855772]  save_stack+0x43/0xd0
[   30.859187]  kasan_slab_free+0x73/0xc0
[   30.863038]  kfree+0xf0/0x2f0
[   30.866107]  __sk_destruct+0x47f/0x570
[   30.869956]  sk_destruct+0x47/0x80
[   30.873459]  __sk_free+0x57/0x230
[   30.876878]  sk_free+0x23/0x30
[   30.880041]  packet_release+0x732/0xa20
[   30.883981]  sock_release+0x8d/0x1e0
[   30.887658]  sock_close+0x16/0x20
[   30.891077]  __fput+0x28c/0x6e0
[   30.894333]  ____fput+0x15/0x20
[   30.897580]  task_work_run+0x115/0x190
[   30.901433]  do_exit+0x82e/0x2a50
[   30.904853]  do_group_exit+0x108/0x320
[   30.908704]  get_signal+0x55c/0x1600
[   30.912383]  do_signal+0x87/0x1960
[   30.915889]  exit_to_usermode_loop+0xe5/0x130
[   30.920350]  syscall_return_slowpath+0x1a0/0x1e0
[   30.925072]  entry_SYSCALL_64_fastpath+0xc4/0xc6
[   30.929793] Memory state around the buggy address:
[   30.934688]  ffff8801c42a0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.942013]  ffff8801c42a0680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.949339] >ffff8801c42a0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.956661]                                         ^
[   30.961815]  ffff8801c42a0780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.969139]  ffff8801c42a0800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.976465] ==================================================================
[   30.983839] ==================================================================
[   30.991189] BUG: KASAN: use-after-free in fanout_demux_rollover+0x4bc/0x4d0 at addr ffff8801d13b1a80
[   31.000444] Read of size 4 by task swapper/0/0
[   31.004998] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B           4.9.47-g6cd2127 #39
[   31.013105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.022428]  ffff8801db2077e0 ffffffff81d93049 ffff8801da001640 ffff8801d13b1a80
[   31.030385]  ffff8801d13b1b00 ffffed003a276350 ffff8801d13b1a80 ffff8801db207808
[   31.038334]  ffffffff8153cbcc ffffed003a276350 ffff8801da001640 0000000000000000
[   31.046282] Call Trace:
[   31.048828]  <IRQ> [   31.050863]  [<ffffffff81d93049>] dump_stack+0xc1/0x128
[   31.056317]  [<ffffffff8153cbcc>] kasan_object_err+0x1c/0x70
[   31.062093]  [<ffffffff8153ce8c>] kasan_report.part.1+0x21c/0x500
[   31.068299]  [<ffffffff8354645c>] ? fanout_demux_rollover+0x4bc/0x4d0
[   31.074847]  [<ffffffff8153d1f9>] __asan_report_load4_noabort+0x29/0x30
[   31.081568]  [<ffffffff8354645c>] fanout_demux_rollover+0x4bc/0x4d0
[   31.087942]  [<ffffffff8354d0a6>] packet_rcv_fanout+0x3e6/0x620
[   31.093976]  [<ffffffff82f34397>] __netif_receive_skb_core+0x887/0x29e0
[   31.100702]  [<ffffffff8123b950>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   31.107691]  [<ffffffff82f33b10>] ? netif_wake_subqueue+0x210/0x210
[   31.114065]  [<ffffffff82f3ac02>] ? netif_receive_skb_internal+0x92/0x390
[   31.120957]  [<ffffffff82f3654b>] __netif_receive_skb+0x5b/0x1c0
[   31.127066]  [<ffffffff82f3ac6f>] netif_receive_skb_internal+0xff/0x390
[   31.133814]  [<ffffffff82f3ac02>] ? netif_receive_skb_internal+0x92/0x390
[   31.140713]  [<ffffffff82f3ab70>] ? dev_cpu_callback+0x680/0x680
[   31.146832]  [<ffffffff82f3d5b6>] ? dev_gro_receive+0x1d6/0x16f0
[   31.152943]  [<ffffffff82f3da5a>] ? dev_gro_receive+0x67a/0x16f0
[   31.159060]  [<ffffffff82fd7bd8>] ? eth_type_trans+0x2a8/0x5d0
[   31.164998]  [<ffffffff82f3eccb>] napi_gro_receive+0x1fb/0x400
[   31.171110]  [<ffffffff8271d59c>] virtnet_receive+0xe1c/0x1cf0
[   31.177045]  [<ffffffff8271c780>] ? virtnet_open+0x250/0x250
[   31.182813]  [<ffffffff81dfa14b>] ? check_preemption_disabled+0x3b/0x200
[   31.189630]  [<ffffffff8123b950>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   31.196609]  [<ffffffff81dfa14b>] ? check_preemption_disabled+0x3b/0x200
[   31.203414]  [<ffffffff81dfa32c>] ? debug_smp_processor_id+0x1c/0x20
[   31.209871]  [<ffffffff8271e496>] virtnet_poll+0x26/0x140
[   31.215376]  [<ffffffff82f3c976>] net_rx_action+0x396/0xe00
[   31.221053]  [<ffffffff82f3c5e0>] ? sk_busy_loop+0xca0/0xca0
[   31.226835]  [<ffffffff812790c7>] ? handle_edge_irq+0x417/0x8e0
[   31.232860]  [<ffffffff838aa18e>] ? _raw_spin_lock+0x3e/0x50
[   31.238624]  [<ffffffff81dfa14b>] ? check_preemption_disabled+0x3b/0x200
[   31.245431]  [<ffffffff838adc1d>] __do_softirq+0x22d/0x964
[   31.251022]  [<ffffffff81147985>] irq_exit+0x165/0x190
[   31.256265]  [<ffffffff838ad397>] do_IRQ+0x107/0x1b0
[   31.261334]  [<ffffffff838ab74c>] common_interrupt+0x8c/0x8c
[   31.267097]  <EOI> [   31.269126]  [<ffffffff838a99f6>] ? native_safe_halt+0x6/0x10
[   31.274991]  [<ffffffff8123b32d>] ? trace_hardirqs_on+0xd/0x10
[   31.280927]  [<ffffffff838a9025>] default_idle+0x55/0x360
[   31.287518]  [<ffffffff8106c35a>] arch_cpu_idle+0xa/0x10
[   31.292945]  [<ffffffff838a9e46>] default_idle_call+0x36/0x60
[   31.298810]  [<ffffffff8122604c>] cpu_startup_entry+0x30c/0x3d0
[   31.304841]  [<ffffffff81225d40>] ? cpu_in_idle+0x20/0x20
[   31.310348]  [<ffffffff838961f4>] rest_init+0x184/0x190
[   31.315683]  [<ffffffff84a658a7>] start_kernel+0x679/0x6ae
[   31.321284]  [<ffffffff84a6522e>] ? thread_stack_cache_init+0xb/0xb
[   31.327655]  [<ffffffff84a64120>] ? early_idt_handler_array+0x120/0x120
[   31.334374]  [<ffffffff84a6429d>] x86_64_start_reservations+0x2a/0x2c
[   31.340917]  [<ffffffff84a643df>] x86_64_start_kernel+0x140/0x163
[   31.347116] Object at ffff8801d13b1a80, in cache kmalloc-128 size: 128
[   31.353755] Allocated:
[   31.356217] PID = 3417
[   31.358685]  save_stack_trace+0x16/0x20
[   31.362626]  save_stack+0x43/0xd0
[   31.366045]  kasan_kmalloc+0xad/0xe0
[   31.369723]  kmem_cache_alloc_trace+0xfb/0x2a0
[   31.374272]  packet_setsockopt+0x181c/0x2240
[   31.378647]  SyS_setsockopt+0x160/0x250
[   31.382589]  entry_SYSCALL_64_fastpath+0x23/0xc6
[   31.387304] Freed:
[   31.389431] PID = 0
[   31.391634]  save_stack_trace+0x16/0x20
[   31.395573]  save_stack+0x43/0xd0
[   31.398988]  kasan_slab_free+0x73/0xc0
[   31.402841]  kfree+0xf0/0x2f0
[   31.405912]  rcu_process_callbacks+0x981/0x12d0
[   31.410546]  __do_softirq+0x22d/0x964
[   31.414322] Memory state around the buggy address:
[   31.419219]  ffff8801d13b1980: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   31.426545]  ffff8801d13b1a00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc