INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added 'ci-upstream-mmots-kasan-gce-4,10.128.0.28' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 46.537642] ==================================================================
[ 46.538743] BUG: KASAN: use-after-free in tipc_group_self+0x1a2/0x1b0
[ 46.539631] Read of size 4 at addr ffff8801d77fd56c by task syzkaller899926/2989
[ 46.540614]
[ 46.540848] CPU: 0 PID: 2989 Comm: syzkaller899926 Not tainted 4.14.0-rc5-mm1+ #20
[ 46.541857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 46.543088] Call Trace:
[ 46.543445] dump_stack+0x194/0x257
[ 46.543952] ? arch_local_irq_restore+0x53/0x53
[ 46.544677] ? show_regs_print_info+0x65/0x65
[ 46.545281] ? tipc_group_self+0x1a2/0x1b0
[ 46.545850] print_address_description+0x73/0x250
[ 46.546493] ? tipc_group_self+0x1a2/0x1b0
[ 46.547061] kasan_report+0x25b/0x340
[ 46.547574] __asan_report_load4_noabort+0x14/0x20
[ 46.548231] tipc_group_self+0x1a2/0x1b0
[ 46.548776] tipc_sk_leave+0xfc/0x200
[ 46.549290] ? tipc_sk_withdraw+0x6b0/0x6b0
[ 46.549868] ? __local_bh_enable_ip+0x9d/0x160
[ 46.550482] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 46.551149] ? lock_sock_nested+0x91/0x110
[ 46.551717] ? trace_hardirqs_on+0xd/0x10
[ 46.552273] ? __local_bh_enable_ip+0x9d/0x160
[ 46.552888] tipc_release+0x154/0xfe0
[ 46.553406] ? mntput_no_expire+0x130/0xa90
[ 46.553985] ? tipc_sk_backlog_rcv+0x370/0x370
[ 46.554599] ? lock_release+0xa40/0xa40
[ 46.555134] ? dentry_free+0xcd/0x130
[ 46.555644] ? rcu_read_lock_sched_held+0x108/0x120
[ 46.556308] ? kmem_cache_free+0x249/0x280
[ 46.556876] ? dentry_free+0xd2/0x130
[ 46.557390] ? locks_remove_file+0x3fa/0x5a0
[ 46.558832] ? fcntl_setlk+0x10c0/0x10c0
[ 46.562864] ? __fsnotify_parent+0xb4/0x3a0
[ 46.567153] ? fsnotify+0x1af0/0x1af0
[ 46.570923] ? rcu_note_context_switch+0x710/0x710
[ 46.575826] sock_release+0x8d/0x1e0
[ 46.579508] ? sock_release+0x1e0/0x1e0
[ 46.583450] sock_close+0x16/0x20
[ 46.586874] __fput+0x327/0x7e0
[ 46.590133] ? fput+0x140/0x140
[ 46.593383] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[ 46.599235] ? _raw_spin_unlock_irq+0x27/0x70
[ 46.603702] ____fput+0x15/0x20
[ 46.606961] task_work_run+0x199/0x270
[ 46.610819] ? task_work_cancel+0x210/0x210
[ 46.615107] ? _raw_spin_unlock+0x22/0x30
[ 46.619220] ? switch_task_namespaces+0x87/0xc0
[ 46.623860] do_exit+0x9b5/0x1ad0
[ 46.627288] ? mm_update_next_owner+0x930/0x930
[ 46.631923] ? reacquire_held_locks+0x1fd/0x3d0
[ 46.636564] ? find_held_lock+0x35/0x1d0
[ 46.640599] ? release_sock+0x1d4/0x2a0
[ 46.644541] ? lock_downgrade+0x990/0x990
[ 46.648654] ? lock_downgrade+0x990/0x990
[ 46.652770] ? do_raw_spin_trylock+0x190/0x190
[ 46.657322] ? tipc_group_delete+0x2c0/0x3c0
[ 46.661695] ? __local_bh_enable_ip+0x9d/0x160
[ 46.666248] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 46.671230] ? trace_hardirqs_on+0xd/0x10
[ 46.675342] ? __local_bh_enable_ip+0x9d/0x160
[ 46.679892] ? release_sock+0x1d4/0x2a0
[ 46.683838] ? tipc_nametbl_build_group+0x27a/0x370
[ 46.688827] ? tipc_setsockopt+0x703/0xc00
[ 46.693032] ? tipc_sk_leave+0x200/0x200
[ 46.697071] ? security_socket_setsockopt+0x89/0xb0
[ 46.702059] ? SyS_setsockopt+0x215/0x360
[ 46.706177] do_group_exit+0x149/0x400
[ 46.710030] ? SyS_recv+0x40/0x40
[ 46.713449] ? SyS_exit+0x30/0x30
[ 46.716870] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 46.721854] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 46.726578] SyS_exit_group+0x1d/0x20
[ 46.730350] entry_SYSCALL_64_fastpath+0x1f/0xbe
[ 46.735072] RIP: 0033:0x43e978
[ 46.738228] RSP: 002b:00007fff8800d528 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 46.745904] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043e978
[ 46.753139] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 46.760380] RBP: 0000000000000082 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 46.767615] R10: 0000000020001fe4 R11: 0000000000000246 R12: 00000000004016a0
[ 46.774849] R13: 0000000000401730 R14: 0000000000000000 R15: 0000000000000000
[ 46.782099]
[ 46.783693] Allocated by task 2989:
[ 46.787289] save_stack+0x43/0xd0
[ 46.790705] kasan_kmalloc+0xad/0xe0
[ 46.794381] kmem_cache_alloc_trace+0x136/0x750
[ 46.799016] tipc_group_create+0x116/0x9c0
[ 46.803216] tipc_setsockopt+0x25e/0xc00
[ 46.807240] SyS_setsockopt+0x189/0x360
[ 46.811179] entry_SYSCALL_64_fastpath+0x1f/0xbe
[ 46.815895]
[ 46.817485] Freed by task 2989:
[ 46.820729] save_stack+0x43/0xd0
[ 46.824146] kasan_slab_free+0x71/0xc0
[ 46.827997] kfree+0xca/0x250
[ 46.831067] tipc_group_delete+0x2c0/0x3c0
[ 46.835264] tipc_setsockopt+0xb33/0xc00
[ 46.839290] SyS_setsockopt+0x189/0x360
[ 46.843227] entry_SYSCALL_64_fastpath+0x1f/0xbe
[ 46.847944]
[ 46.849538] The buggy address belongs to the object at ffff8801d77fd500
[ 46.849538] which belongs to the cache kmalloc-192 of size 192
[ 46.862158] The buggy address is located 108 bytes inside of
[ 46.862158] 192-byte region [ffff8801d77fd500, ffff8801d77fd5c0)
[ 46.873997] The buggy address belongs to the page:
[ 46.878892] page:ffffea00075dff40 count:1 mapcount:0 mapping:ffff8801d77fd000 index:0xffff8801d77fdc00
[ 46.888302] flags: 0x200000000000100(slab)
[ 46.892504] raw: 0200000000000100 ffff8801d77fd000 ffff8801d77fdc00 000000010000000a
[ 46.900349] raw: ffffea00075ab760 ffff8801dac01138 ffff8801dac00040 0000000000000000
[ 46.908193] page dumped because: kasan: bad access detected
[ 46.913867]
[ 46.915459] Memory state around the buggy address:
[ 46.920351] ffff8801d77fd400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.927680] ffff8801d77fd480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 46.935003] >ffff8801d77fd500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.942326] ^
[ 46.949042] ffff8801d77fd580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 46.956365] ffff8801d77fd600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 46.963689] ==================================================================
[ 46.971011] Disabling lock debugging due to kernel taint
[ 46.976465] Kernel panic - not syncing: panic_on_warn set ...
[ 46.976465]
[ 46.983799] CPU: 0 PID: 2989 Comm: syzkaller899926 Tainted: G B 4.14.0-rc5-mm1+ #20
[ 46.992771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 47.002091] Call Trace:
[ 47.004648] dump_stack+0x194/0x257
[ 47.008241] ? arch_local_irq_restore+0x53/0x53
[ 47.012873] ? kasan_end_report+0x32/0x50
[ 47.016986] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 47.021706] ? vsnprintf+0x1ed/0x1900
[ 47.025472] ? tipc_group_self+0xb0/0x1b0
[ 47.029585] panic+0x1e4/0x41c
[ 47.032744] ? refcount_error_report+0x214/0x214
[ 47.037468] ? add_taint+0x1c/0x50
[ 47.040973] ? add_taint+0x1c/0x50
[ 47.044478] ? tipc_group_self+0x1a2/0x1b0
[ 47.048675] kasan_end_report+0x50/0x50
[ 47.052614] kasan_report+0x144/0x340
[ 47.056383] __asan_report_load4_noabort+0x14/0x20
[ 47.061276] tipc_group_self+0x1a2/0x1b0
[ 47.065302] tipc_sk_leave+0xfc/0x200
[ 47.069065] ? tipc_sk_withdraw+0x6b0/0x6b0
[ 47.073350] ? __local_bh_enable_ip+0x9d/0x160
[ 47.077898] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 47.082878] ? lock_sock_nested+0x91/0x110
[ 47.087076] ? trace_hardirqs_on+0xd/0x10
[ 47.091186] ? __local_bh_enable_ip+0x9d/0x160
[ 47.095736] tipc_release+0x154/0xfe0
[ 47.099504] ? mntput_no_expire+0x130/0xa90
[ 47.103792] ? tipc_sk_backlog_rcv+0x370/0x370
[ 47.108336] ? lock_release+0xa40/0xa40
[ 47.112275] ? dentry_free+0xcd/0x130
[ 47.116042] ? rcu_read_lock_sched_held+0x108/0x120
[ 47.121022] ? kmem_cache_free+0x249/0x280
[ 47.125221] ? dentry_free+0xd2/0x130
[ 47.128989] ? locks_remove_file+0x3fa/0x5a0
[ 47.133360] ? fcntl_setlk+0x10c0/0x10c0
[ 47.137385] ? __fsnotify_parent+0xb4/0x3a0
[ 47.141670] ? fsnotify+0x1af0/0x1af0
[ 47.145441] ? rcu_note_context_switch+0x710/0x710
[ 47.150336] sock_release+0x8d/0x1e0
[ 47.154012] ? sock_release+0x1e0/0x1e0
[ 47.157949] sock_close+0x16/0x20
[ 47.161367] __fput+0x327/0x7e0
[ 47.164612] ? fput+0x140/0x140
[ 47.167858] ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[ 47.173707] ? _raw_spin_unlock_irq+0x27/0x70
[ 47.178168] ____fput+0x15/0x20
[ 47.181412] task_work_run+0x199/0x270
[ 47.185265] ? task_work_cancel+0x210/0x210
[ 47.189549] ? _raw_spin_unlock+0x22/0x30
[ 47.193663] ? switch_task_namespaces+0x87/0xc0
[ 47.198298] do_exit+0x9b5/0x1ad0
[ 47.201718] ? mm_update_next_owner+0x930/0x930
[ 47.206353] ? reacquire_held_locks+0x1fd/0x3d0
[ 47.210989] ? find_held_lock+0x35/0x1d0
[ 47.215019] ? release_sock+0x1d4/0x2a0
[ 47.218956] ? lock_downgrade+0x990/0x990
[ 47.223066] ? lock_downgrade+0x990/0x990
[ 47.227179] ? do_raw_spin_trylock+0x190/0x190
[ 47.231726] ? tipc_group_delete+0x2c0/0x3c0
[ 47.236102] ? __local_bh_enable_ip+0x9d/0x160
[ 47.240649] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 47.245628] ? trace_hardirqs_on+0xd/0x10
[ 47.249741] ? __local_bh_enable_ip+0x9d/0x160
[ 47.254287] ? release_sock+0x1d4/0x2a0
[ 47.258227] ? tipc_nametbl_build_group+0x27a/0x370
[ 47.263211] ? tipc_setsockopt+0x703/0xc00
[ 47.267410] ? tipc_sk_leave+0x200/0x200
[ 47.271440] ? security_socket_setsockopt+0x89/0xb0
[ 47.276423] ? SyS_setsockopt+0x215/0x360
[ 47.280536] do_group_exit+0x149/0x400
[ 47.284388] ? SyS_recv+0x40/0x40
[ 47.287806] ? SyS_exit+0x30/0x30
[ 47.291224] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 47.296206] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 47.300926] SyS_exit_group+0x1d/0x20
[ 47.304692] entry_SYSCALL_64_fastpath+0x1f/0xbe
[ 47.309410] RIP: 0033:0x43e978
[ 47.312563] RSP: 002b:00007fff8800d528 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 47.320233] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043e978
[ 47.327466] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 47.334700] RBP: 0000000000000082 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 47.341934] R10: 0000000020001fe4 R11: 0000000000000246 R12: 00000000004016a0
[ 47.349168] R13: 0000000000401730 R14: 0000000000000000 R15: 0000000000000000
[ 47.356443] Dumping ftrace buffer:
[ 47.359947] (ftrace buffer empty)
[ 47.363622] Kernel Offset: disabled
[ 47.367213] Rebooting in 86400 seconds..