INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-7,10.128.0.51' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   40.366778] ==================================================================
[   40.367900] BUG: KASAN: use-after-free in tipc_group_self+0x1a2/0x1b0
[   40.368766] Read of size 4 at addr ffff8801d805726c by task syzkaller195348/2990
[   40.369753] 
[   40.369998] CPU: 0 PID: 2990 Comm: syzkaller195348 Not tainted 4.14.0-rc5-mm1+ #19
[   40.371023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.372262] Call Trace:
[   40.372640]  dump_stack+0x194/0x257
[   40.373131]  ? arch_local_irq_restore+0x53/0x53
[   40.373760]  ? show_regs_print_info+0x65/0x65
[   40.374366]  ? tipc_group_self+0x1a2/0x1b0
[   40.374962]  print_address_description+0x73/0x250
[   40.375607]  ? tipc_group_self+0x1a2/0x1b0
[   40.376174]  kasan_report+0x25b/0x340
[   40.376691]  __asan_report_load4_noabort+0x14/0x20
[   40.377359]  tipc_group_self+0x1a2/0x1b0
[   40.377906]  tipc_sk_leave+0xfc/0x200
[   40.378436]  ? tipc_sk_withdraw+0x6b0/0x6b0
[   40.379016]  ? __local_bh_enable_ip+0x9d/0x160
[   40.379629]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.380317]  ? lock_sock_nested+0x91/0x110
[   40.380882]  ? trace_hardirqs_on+0xd/0x10
[   40.381439]  ? __local_bh_enable_ip+0x9d/0x160
[   40.382055]  tipc_release+0x154/0xfe0
[   40.382599]  ? mntput_no_expire+0x130/0xa90
[   40.383181]  ? tipc_sk_backlog_rcv+0x370/0x370
[   40.383793]  ? lock_release+0xa40/0xa40
[   40.384329]  ? dentry_free+0xcd/0x130
[   40.384842]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.385528]  ? kmem_cache_free+0x249/0x280
[   40.386096]  ? dentry_free+0xd2/0x130
[   40.386621]  ? locks_remove_file+0x3fa/0x5a0
[   40.389137]  ? fcntl_setlk+0x10c0/0x10c0
[   40.393171]  ? __fsnotify_parent+0xb4/0x3a0
[   40.397463]  ? fsnotify+0x1af0/0x1af0
[   40.401233]  ? rcu_note_context_switch+0x710/0x710
[   40.406136]  sock_release+0x8d/0x1e0
[   40.409817]  ? sock_release+0x1e0/0x1e0
[   40.413756]  sock_close+0x16/0x20
[   40.417180]  __fput+0x327/0x7e0
[   40.420433]  ? fput+0x140/0x140
[   40.423685]  ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[   40.429536]  ? _raw_spin_unlock_irq+0x27/0x70
[   40.434007]  ____fput+0x15/0x20
[   40.437258]  task_work_run+0x199/0x270
[   40.441116]  ? task_work_cancel+0x210/0x210
[   40.445405]  ? _raw_spin_unlock+0x22/0x30
[   40.449523]  ? switch_task_namespaces+0x87/0xc0
[   40.454163]  do_exit+0x9b5/0x1ad0
[   40.457591]  ? mm_update_next_owner+0x930/0x930
[   40.462227]  ? reacquire_held_locks+0x1fd/0x3d0
[   40.466869]  ? find_held_lock+0x35/0x1d0
[   40.470907]  ? release_sock+0x1d4/0x2a0
[   40.474849]  ? lock_downgrade+0x990/0x990
[   40.478963]  ? lock_downgrade+0x990/0x990
[   40.483079]  ? do_raw_spin_trylock+0x190/0x190
[   40.487630]  ? tipc_group_delete+0x2c0/0x3c0
[   40.492005]  ? __local_bh_enable_ip+0x9d/0x160
[   40.496555]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.501538]  ? trace_hardirqs_on+0xd/0x10
[   40.505655]  ? __local_bh_enable_ip+0x9d/0x160
[   40.510210]  ? release_sock+0x1d4/0x2a0
[   40.514160]  ? tipc_nametbl_build_group+0x27a/0x370
[   40.519151]  ? tipc_setsockopt+0x703/0xc00
[   40.523356]  ? tipc_sk_leave+0x200/0x200
[   40.527397]  ? security_socket_setsockopt+0x89/0xb0
[   40.532384]  ? SyS_setsockopt+0x215/0x360
[   40.536501]  do_group_exit+0x149/0x400
[   40.540352]  ? SyS_recv+0x40/0x40
[   40.543775]  ? SyS_exit+0x30/0x30
[   40.547194]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.552178]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.556903]  SyS_exit_group+0x1d/0x20
[   40.560674]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   40.565397] RIP: 0033:0x43e978
[   40.568554] RSP: 002b:00007ffcae951f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   40.576229] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043e978
[   40.583552] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   40.590789] RBP: 0000000000000082 R08: 00000000000000e7 R09: ffffffffffffffd0
[   40.598027] R10: 000000002010e000 R11: 0000000000000246 R12: 00000000006ca858
[   40.605265] R13: 00000000006ca858 R14: 0000000000000000 R15: 0000000000002710
[   40.612519] 
[   40.614111] Allocated by task 2990:
[   40.617702]  save_stack+0x43/0xd0
[   40.621122]  kasan_kmalloc+0xad/0xe0
[   40.624800]  kmem_cache_alloc_trace+0x136/0x750
[   40.629436]  tipc_group_create+0x116/0x9c0
[   40.633635]  tipc_setsockopt+0x25e/0xc00
[   40.637665]  SyS_setsockopt+0x189/0x360
[   40.641604]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   40.646323] 
[   40.647915] Freed by task 2990:
[   40.651160]  save_stack+0x43/0xd0
[   40.654578]  kasan_slab_free+0x71/0xc0
[   40.658431]  kfree+0xca/0x250
[   40.661501]  tipc_group_delete+0x2c0/0x3c0
[   40.665702]  tipc_setsockopt+0xb33/0xc00
[   40.669727]  SyS_setsockopt+0x189/0x360
[   40.673665]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   40.678383] 
[   40.679978] The buggy address belongs to the object at ffff8801d8057200
[   40.679978]  which belongs to the cache kmalloc-192 of size 192
[   40.692597] The buggy address is located 108 bytes inside of
[   40.692597]  192-byte region [ffff8801d8057200, ffff8801d80572c0)
[   40.704434] The buggy address belongs to the page:
[   40.709330] page:ffffea00076015c0 count:1 mapcount:0 mapping:ffff8801d8057000 index:0xffff8801d8057400
[   40.718740] flags: 0x200000000000100(slab)
[   40.722943] raw: 0200000000000100 ffff8801d8057000 ffff8801d8057400 000000010000000f
[   40.730792] raw: ffffea00075912e0 ffff8801dac01138 ffff8801dac00040 0000000000000000
[   40.738636] page dumped because: kasan: bad access detected
[   40.744308] 
[   40.745899] Memory state around the buggy address:
[   40.750793]  ffff8801d8057100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.758118]  ffff8801d8057180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   40.765443] >ffff8801d8057200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.772767]                                                           ^
[   40.779486]  ffff8801d8057280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   40.786808]  ffff8801d8057300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.794129] ==================================================================
[   40.801451] Disabling lock debugging due to kernel taint
[   40.806954] Kernel panic - not syncing: panic_on_warn set ...
[   40.806954] 
[   40.814289] CPU: 0 PID: 2990 Comm: syzkaller195348 Tainted: G    B            4.14.0-rc5-mm1+ #19
[   40.823267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.832587] Call Trace:
[   40.835146]  dump_stack+0x194/0x257
[   40.838742]  ? arch_local_irq_restore+0x53/0x53
[   40.843379]  ? kasan_end_report+0x32/0x50
[   40.847496]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.852218]  ? vsnprintf+0x1ed/0x1900
[   40.855983]  ? tipc_group_self+0xb0/0x1b0
[   40.860097]  panic+0x1e4/0x41c
[   40.863259]  ? refcount_error_report+0x214/0x214
[   40.867982]  ? add_taint+0x1c/0x50
[   40.871487]  ? add_taint+0x1c/0x50
[   40.874992]  ? tipc_group_self+0x1a2/0x1b0
[   40.879189]  kasan_end_report+0x50/0x50
[   40.883129]  kasan_report+0x144/0x340
[   40.886897]  __asan_report_load4_noabort+0x14/0x20
[   40.891789]  tipc_group_self+0x1a2/0x1b0
[   40.895815]  tipc_sk_leave+0xfc/0x200
[   40.899580]  ? tipc_sk_withdraw+0x6b0/0x6b0
[   40.903867]  ? __local_bh_enable_ip+0x9d/0x160
[   40.908414]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.913394]  ? lock_sock_nested+0x91/0x110
[   40.917593]  ? trace_hardirqs_on+0xd/0x10
[   40.921705]  ? __local_bh_enable_ip+0x9d/0x160
[   40.926255]  tipc_release+0x154/0xfe0
[   40.930022]  ? mntput_no_expire+0x130/0xa90
[   40.934308]  ? tipc_sk_backlog_rcv+0x370/0x370
[   40.938854]  ? lock_release+0xa40/0xa40
[   40.942795]  ? dentry_free+0xcd/0x130
[   40.946560]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.951543]  ? kmem_cache_free+0x249/0x280
[   40.955741]  ? dentry_free+0xd2/0x130
[   40.959508]  ? locks_remove_file+0x3fa/0x5a0
[   40.963883]  ? fcntl_setlk+0x10c0/0x10c0
[   40.967911]  ? __fsnotify_parent+0xb4/0x3a0
[   40.972196]  ? fsnotify+0x1af0/0x1af0
[   40.975962]  ? rcu_note_context_switch+0x710/0x710
[   40.980860]  sock_release+0x8d/0x1e0
[   40.984537]  ? sock_release+0x1e0/0x1e0
[   40.988474]  sock_close+0x16/0x20
[   40.991892]  __fput+0x327/0x7e0
[   40.995141]  ? fput+0x140/0x140
[   40.998389]  ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[   41.004237]  ? _raw_spin_unlock_irq+0x27/0x70
[   41.008706]  ____fput+0x15/0x20
[   41.011950]  task_work_run+0x199/0x270
[   41.015802]  ? task_work_cancel+0x210/0x210
[   41.020089]  ? _raw_spin_unlock+0x22/0x30
[   41.024202]  ? switch_task_namespaces+0x87/0xc0
[   41.028837]  do_exit+0x9b5/0x1ad0
[   41.032257]  ? mm_update_next_owner+0x930/0x930
[   41.036891]  ? reacquire_held_locks+0x1fd/0x3d0
[   41.041528]  ? find_held_lock+0x35/0x1d0
[   41.045556]  ? release_sock+0x1d4/0x2a0
[   41.049495]  ? lock_downgrade+0x990/0x990
[   41.053607]  ? lock_downgrade+0x990/0x990
[   41.057722]  ? do_raw_spin_trylock+0x190/0x190
[   41.062270]  ? tipc_group_delete+0x2c0/0x3c0
[   41.066643]  ? __local_bh_enable_ip+0x9d/0x160
[   41.071191]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   41.076170]  ? trace_hardirqs_on+0xd/0x10
[   41.080280]  ? __local_bh_enable_ip+0x9d/0x160
[   41.084827]  ? release_sock+0x1d4/0x2a0
[   41.088767]  ? tipc_nametbl_build_group+0x27a/0x370
[   41.093750]  ? tipc_setsockopt+0x703/0xc00
[   41.097961]  ? tipc_sk_leave+0x200/0x200
[   41.101996]  ? security_socket_setsockopt+0x89/0xb0
[   41.106980]  ? SyS_setsockopt+0x215/0x360
[   41.111093]  do_group_exit+0x149/0x400
[   41.114943]  ? SyS_recv+0x40/0x40
[   41.118361]  ? SyS_exit+0x30/0x30
[   41.121778]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   41.126758]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   41.131479]  SyS_exit_group+0x1d/0x20
[   41.135247]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   41.139964] RIP: 0033:0x43e978
[   41.143121] RSP: 002b:00007ffcae951f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   41.150794] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043e978
[   41.158026] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   41.165261] RBP: 0000000000000082 R08: 00000000000000e7 R09: ffffffffffffffd0
[   41.172495] R10: 000000002010e000 R11: 0000000000000246 R12: 00000000006ca858
[   41.179727] R13: 00000000006ca858 R14: 0000000000000000 R15: 0000000000002710
[   41.187005] Dumping ftrace buffer:
[   41.190510]    (ftrace buffer empty)
[   41.194187] Kernel Offset: disabled
[   41.197780] Rebooting in 86400 seconds..