INIT: Entering runlevel: 2

[info] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-8,10.128.15.210' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   47.912774] ==================================================================
[   47.913919] BUG: KASAN: use-after-free in tipc_group_self+0x1a2/0x1b0
[   47.914786] Read of size 4 at addr ffff8801d650dd6c by task syzkaller520625/2992
[   47.915773] 
[   47.916006] CPU: 1 PID: 2992 Comm: syzkaller520625 Not tainted 4.14.0-rc5-next-20171018+ #36
[   47.917135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.918366] Call Trace:
[   47.918725]  dump_stack+0x194/0x257
[   47.919217]  ? arch_local_irq_restore+0x53/0x53
[   47.919842]  ? show_regs_print_info+0x65/0x65
[   47.920452]  ? tipc_group_self+0x1a2/0x1b0
[   47.921022]  print_address_description+0x73/0x250
[   47.921679]  ? tipc_group_self+0x1a2/0x1b0
[   47.922246]  kasan_report+0x25b/0x340
[   47.922762]  __asan_report_load4_noabort+0x14/0x20
[   47.923419]  tipc_group_self+0x1a2/0x1b0
[   47.923967]  tipc_sk_leave+0xfc/0x200
[   47.924480]  ? tipc_sk_withdraw+0x6b0/0x6b0
[   47.925060]  ? __local_bh_enable_ip+0x9d/0x160
[   47.925692]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   47.926362]  ? lock_sock_nested+0x91/0x110
[   47.926928]  ? trace_hardirqs_on+0xd/0x10
[   47.927483]  ? __local_bh_enable_ip+0x9d/0x160
[   47.928100]  tipc_release+0x154/0xfe0
[   47.928618]  ? mntput_no_expire+0x130/0xa90
[   47.929198]  ? tipc_sk_backlog_rcv+0x370/0x370
[   47.929810]  ? lock_release+0xa40/0xa40
[   47.930347]  ? dentry_free+0xcd/0x130
[   47.930860]  ? rcu_read_lock_sched_held+0x108/0x120
[   47.931529]  ? kmem_cache_free+0x249/0x280
[   47.932099]  ? dentry_free+0xd2/0x130
[   47.932618]  ? locks_remove_file+0x3fa/0x5a0
[   47.933209]  ? fcntl_setlk+0x10c0/0x10c0
[   47.937262]  ? __fsnotify_parent+0xb4/0x3a0
[   47.941554]  ? fsnotify+0x1af0/0x1af0
[   47.945475]  ? rcu_note_context_switch+0x710/0x710
[   47.950385]  sock_release+0x8d/0x1e0
[   47.954073]  ? sock_release+0x1e0/0x1e0
[   47.958017]  sock_close+0x16/0x20
[   47.961442]  __fput+0x327/0x7e0
[   47.964701]  ? fput+0x140/0x140
[   47.967956]  ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[   47.973812]  ? _raw_spin_unlock_irq+0x27/0x70
[   47.978285]  ____fput+0x15/0x20
[   47.981534]  task_work_run+0x199/0x270
[   47.985397]  ? task_work_cancel+0x210/0x210
[   47.989688]  ? _raw_spin_unlock+0x22/0x30
[   47.993804]  ? switch_task_namespaces+0x87/0xc0
[   47.998443]  do_exit+0x9b5/0x1ad0
[   48.001869]  ? mm_update_next_owner+0x930/0x930
[   48.006508]  ? reacquire_held_locks+0x1fd/0x3d0
[   48.011148]  ? find_held_lock+0x35/0x1d0
[   48.015184]  ? release_sock+0x1d4/0x2a0
[   48.019125]  ? lock_downgrade+0x990/0x990
[   48.023239]  ? lock_downgrade+0x990/0x990
[   48.027358]  ? do_raw_spin_trylock+0x190/0x190
[   48.031909]  ? tipc_group_delete+0x2c0/0x3c0
[   48.036284]  ? __local_bh_enable_ip+0x9d/0x160
[   48.040835]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   48.045817]  ? trace_hardirqs_on+0xd/0x10
[   48.049932]  ? __local_bh_enable_ip+0x9d/0x160
[   48.054490]  ? release_sock+0x1d4/0x2a0
[   48.058439]  ? tipc_nametbl_build_group+0x27a/0x370
[   48.063429]  ? tipc_setsockopt+0x703/0xc00
[   48.067633]  ? tipc_sk_leave+0x200/0x200
[   48.071673]  ? security_socket_setsockopt+0x89/0xb0
[   48.076661]  ? SyS_setsockopt+0x215/0x360
[   48.080778]  do_group_exit+0x149/0x400
[   48.084631]  ? SyS_recv+0x40/0x40
[   48.088052]  ? SyS_exit+0x30/0x30
[   48.091474]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   48.096461]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   48.101189]  SyS_exit_group+0x1d/0x20
[   48.104960]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   48.109683] RIP: 0033:0x43e978
[   48.112842] RSP: 002b:00007ffd4bef95b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   48.120516] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043e978
[   48.127753] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   48.134991] RBP: 0000000000000082 R08: 00000000000000e7 R09: ffffffffffffffd0
[   48.142227] R10: 0000000020004fe4 R11: 0000000000000246 R12: 00000000004016a0
[   48.149461] R13: 0000000000401730 R14: 0000000000000000 R15: 0000000000000000
[   48.156717] 
[   48.158314] Allocated by task 2992:
[   48.161908]  save_stack+0x43/0xd0
[   48.165328]  kasan_kmalloc+0xad/0xe0
[   48.169006]  kmem_cache_alloc_trace+0x136/0x750
[   48.173639]  tipc_group_create+0x116/0x9c0
[   48.177841]  tipc_setsockopt+0x25e/0xc00
[   48.181866]  SyS_setsockopt+0x189/0x360
[   48.185804]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   48.190523] 
[   48.192118] Freed by task 2992:
[   48.195364]  save_stack+0x43/0xd0
[   48.198781]  kasan_slab_free+0x71/0xc0
[   48.202634]  kfree+0xca/0x250
[   48.205705]  tipc_group_delete+0x2c0/0x3c0
[   48.209907]  tipc_setsockopt+0xb33/0xc00
[   48.213934]  SyS_setsockopt+0x189/0x360
[   48.217872]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   48.222590] 
[   48.224185] The buggy address belongs to the object at ffff8801d650dd00
[   48.224185]  which belongs to the cache kmalloc-192 of size 192
[   48.236808] The buggy address is located 108 bytes inside of
[   48.236808]  192-byte region [ffff8801d650dd00, ffff8801d650ddc0)
[   48.248647] The buggy address belongs to the page:
[   48.253542] page:ffffea0007594340 count:1 mapcount:0 mapping:ffff8801d650d000 index:0xffff8801d650df00
[   48.262953] flags: 0x200000000000100(slab)
[   48.267157] raw: 0200000000000100 ffff8801d650d000 ffff8801d650df00 000000010000000e
[   48.275009] raw: ffffea0007599060 ffff8801dac01138 ffff8801dac00040 0000000000000000
[   48.282854] page dumped because: kasan: bad access detected
[   48.288530] 
[   48.290125] Memory state around the buggy address:
[   48.295019]  ffff8801d650dc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.302346]  ffff8801d650dc80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   48.309668] >ffff8801d650dd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.316992]                                                           ^
[   48.323712]  ffff8801d650dd80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   48.331039]  ffff8801d650de00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.338361] ==================================================================
[   48.345684] Disabling lock debugging due to kernel taint
[   48.351161] Kernel panic - not syncing: panic_on_warn set ...
[   48.351161] 
[   48.358497] CPU: 1 PID: 2992 Comm: syzkaller520625 Tainted: G    B            4.14.0-rc5-next-20171018+ #36
[   48.368339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.377658] Call Trace:
[   48.380217]  dump_stack+0x194/0x257
[   48.383812]  ? arch_local_irq_restore+0x53/0x53
[   48.388447]  ? kasan_end_report+0x32/0x50
[   48.392564]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   48.397288]  ? vsnprintf+0x1ed/0x1900
[   48.401054]  ? tipc_group_self+0xb0/0x1b0
[   48.405170]  panic+0x1e4/0x41c
[   48.408331]  ? refcount_error_report+0x214/0x214
[   48.413053]  ? add_taint+0x1c/0x50
[   48.416558]  ? add_taint+0x1c/0x50
[   48.420063]  ? tipc_group_self+0x1a2/0x1b0
[   48.424265]  kasan_end_report+0x50/0x50
[   48.428203]  kasan_report+0x144/0x340
[   48.431973]  __asan_report_load4_noabort+0x14/0x20
[   48.436866]  tipc_group_self+0x1a2/0x1b0
[   48.440894]  tipc_sk_leave+0xfc/0x200
[   48.444660]  ? tipc_sk_withdraw+0x6b0/0x6b0
[   48.448949]  ? __local_bh_enable_ip+0x9d/0x160
[   48.453498]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   48.458480]  ? lock_sock_nested+0x91/0x110
[   48.462680]  ? trace_hardirqs_on+0xd/0x10
[   48.466792]  ? __local_bh_enable_ip+0x9d/0x160
[   48.471341]  tipc_release+0x154/0xfe0
[   48.475112]  ? mntput_no_expire+0x130/0xa90
[   48.479401]  ? tipc_sk_backlog_rcv+0x370/0x370
[   48.483950]  ? lock_release+0xa40/0xa40
[   48.487892]  ? dentry_free+0xcd/0x130
[   48.491661]  ? rcu_read_lock_sched_held+0x108/0x120
[   48.496643]  ? kmem_cache_free+0x249/0x280
[   48.500844]  ? dentry_free+0xd2/0x130
[   48.504613]  ? locks_remove_file+0x3fa/0x5a0
[   48.508985]  ? fcntl_setlk+0x10c0/0x10c0
[   48.513013]  ? __fsnotify_parent+0xb4/0x3a0
[   48.517304]  ? fsnotify+0x1af0/0x1af0
[   48.521071]  ? rcu_note_context_switch+0x710/0x710
[   48.525967]  sock_release+0x8d/0x1e0
[   48.529649]  ? sock_release+0x1e0/0x1e0
[   48.533590]  sock_close+0x16/0x20
[   48.537009]  __fput+0x327/0x7e0
[   48.540255]  ? fput+0x140/0x140
[   48.543503]  ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[   48.549354]  ? _raw_spin_unlock_irq+0x27/0x70
[   48.553822]  ____fput+0x15/0x20
[   48.557070]  task_work_run+0x199/0x270
[   48.560924]  ? task_work_cancel+0x210/0x210
[   48.565213]  ? _raw_spin_unlock+0x22/0x30
[   48.569328]  ? switch_task_namespaces+0x87/0xc0
[   48.573962]  do_exit+0x9b5/0x1ad0
[   48.577385]  ? mm_update_next_owner+0x930/0x930
[   48.582018]  ? reacquire_held_locks+0x1fd/0x3d0
[   48.586653]  ? find_held_lock+0x35/0x1d0
[   48.590685]  ? release_sock+0x1d4/0x2a0
[   48.594622]  ? lock_downgrade+0x990/0x990
[   48.598734]  ? lock_downgrade+0x990/0x990
[   48.602847]  ? do_raw_spin_trylock+0x190/0x190
[   48.607397]  ? tipc_group_delete+0x2c0/0x3c0
[   48.611771]  ? __local_bh_enable_ip+0x9d/0x160
[   48.616318]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   48.621299]  ? trace_hardirqs_on+0xd/0x10
[   48.625413]  ? __local_bh_enable_ip+0x9d/0x160
[   48.629961]  ? release_sock+0x1d4/0x2a0
[   48.633906]  ? tipc_nametbl_build_group+0x27a/0x370
[   48.638889]  ? tipc_setsockopt+0x703/0xc00
[   48.643090]  ? tipc_sk_leave+0x200/0x200
[   48.647121]  ? security_socket_setsockopt+0x89/0xb0
[   48.652105]  ? SyS_setsockopt+0x215/0x360
[   48.656217]  do_group_exit+0x149/0x400
[   48.660069]  ? SyS_recv+0x40/0x40
[   48.663487]  ? SyS_exit+0x30/0x30
[   48.666905]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   48.671886]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   48.676607]  SyS_exit_group+0x1d/0x20
[   48.680377]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   48.685096] RIP: 0033:0x43e978
[   48.688255] RSP: 002b:00007ffd4bef95b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   48.695924] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043e978
[   48.703161] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   48.710408] RBP: 0000000000000082 R08: 00000000000000e7 R09: ffffffffffffffd0
[   48.717644] R10: 0000000020004fe4 R11: 0000000000000246 R12: 00000000004016a0
[   48.724880] R13: 0000000000401730 R14: 0000000000000000 R15: 0000000000000000
[   48.732157] Dumping ftrace buffer:
[   48.735661]    (ftrace buffer empty)
[   48.739338] Kernel Offset: disabled
[   48.742932] Rebooting in 86400 seconds..