INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-386-1,10.128.0.39' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   38.949953] ==================================================================
[   38.957352] BUG: KASAN: slab-out-of-bounds in tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   38.965462] Read of size 4 at addr ffff8801d2d93210 by task syzkaller656849/2988
[   38.972960] 
[   38.974559] CPU: 0 PID: 2988 Comm: syzkaller656849 Not tainted 4.14.0-rc1+ #4
[   38.981796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   38.991120] Call Trace:
[   38.993678]  dump_stack+0x194/0x257
[   38.997276]  ? arch_local_irq_restore+0x53/0x53
[   39.001915]  ? show_regs_print_info+0x65/0x65
[   39.006384]  ? lock_release+0xd70/0xd70
[   39.010346]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   39.015772]  print_address_description+0x73/0x250
[   39.020584]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   39.026005]  kasan_report+0x24e/0x340
[   39.029780]  __asan_report_load4_noabort+0x14/0x20
[   39.034679]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   39.039936]  tipc_sendmcast+0x704/0xe30
[   39.043893]  ? tipc_release+0xfd0/0xfd0
[   39.047839]  ? unwind_get_return_address+0x61/0xa0
[   39.052739]  ? __is_insn_slot_addr+0x1fc/0x330
[   39.057292]  ? lock_downgrade+0x990/0x990
[   39.061416]  ? compat_SyS_sendmsg+0x2a/0x40
[   39.065719]  ? lock_release+0xd70/0xd70
[   39.069661]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   39.075514]  ? is_bpf_text_address+0x7b/0x120
[   39.079983]  ? lock_downgrade+0x990/0x990
[   39.084103]  ? show_initstate+0xb0/0xb0
[   39.088048]  ? __bfs+0xaa/0x750
[   39.091297]  ? bpf_prog_alloc+0x310/0x310
[   39.095421]  ? noop_count+0x40/0x40
[   39.099025]  __tipc_sendmsg+0xf49/0x1590
[   39.103053]  ? __tipc_sendmsg+0xf49/0x1590
[   39.107254]  ? unwind_dump+0x4c0/0x4c0
[   39.111114]  ? check_noncircular+0x20/0x20
[   39.115327]  ? tipc_sendmcast+0xe30/0xe30
[   39.119448]  ? check_usage_backwards+0x20a/0x420
[   39.124176]  ? print_shortest_lock_dependencies+0x350/0x350
[   39.129871]  ? save_stack_trace+0x16/0x20
[   39.133988]  ? save_trace+0x11f/0x350
[   39.137764]  ? mark_held_locks+0xb2/0x100
[   39.141884]  ? __raw_spin_lock_init+0x1c/0x100
[   39.146438]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   39.151423]  ? __lockdep_init_map+0xe4/0x650
[   39.155807]  ? lockdep_init_map+0x3d/0x70
[   39.159933]  __tipc_sendstream+0x8eb/0xc00
[   39.164141]  ? find_held_lock+0x39/0x1d0
[   39.168181]  ? tipc_connect+0x6d0/0x6d0
[   39.172126]  ? lock_downgrade+0x990/0x990
[   39.176245]  ? __check_object_size+0x25d/0x4f0
[   39.180810]  ? lock_acquire+0x1d5/0x580
[   39.184767]  ? tipc_sendstream+0x42/0x70
[   39.188810]  ? mark_held_locks+0xb2/0x100
[   39.192939]  ? __local_bh_enable_ip+0x9d/0x160
[   39.197495]  tipc_sendstream+0x50/0x70
[   39.201351]  ? __tipc_sendstream+0xc00/0xc00
[   39.205730]  sock_sendmsg+0xca/0x110
[   39.209414]  ___sys_sendmsg+0x75b/0x8a0
[   39.213365]  ? copy_msghdr_from_user+0x590/0x590
[   39.218092]  ? get_unused_fd_flags+0x190/0x190
[   39.222647]  ? check_noncircular+0x20/0x20
[   39.226853]  ? __handle_mm_fault+0x587/0x39c0
[   39.231321]  ? __fget_light+0x29d/0x390
[   39.235267]  ? fget_raw+0x20/0x20
[   39.238714]  ? __fdget+0x18/0x20
[   39.242053]  __sys_sendmsg+0xe5/0x210
[   39.245823]  ? __sys_sendmsg+0xe5/0x210
[   39.249767]  ? SyS_shutdown+0x290/0x290
[   39.253720]  ? handle_mm_fault+0x410/0x8d0
[   39.257921]  ? down_read_trylock+0xdb/0x170
[   39.262212]  ? __do_page_fault+0x2b8/0xb60
[   39.266436]  compat_SyS_sendmsg+0x2a/0x40
[   39.270553]  ? compat_SyS_getsockopt+0x420/0x420
[   39.275282]  do_fast_syscall_32+0x3f2/0xeed
[   39.279582]  ? do_int80_syscall_32+0x930/0x930
[   39.284133]  ? kasan_check_read+0x11/0x20
[   39.288255]  ? syscall_return_slowpath+0x500/0x500
[   39.293157]  ? SyS_rt_sigaction+0x94/0x1b0
[   39.297364]  ? lockdep_sys_exit+0x47/0xf0
[   39.301483]  ? retint_user+0x18/0x20
[   39.305170]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.309989]  entry_SYSENTER_compat+0x51/0x60
[   39.314368] RIP: 0023:0xf7fa1c79
[   39.317700] RSP: 002b:00000000ffd37d4c EFLAGS: 00000203 ORIG_RAX: 0000000000000172
[   39.325395] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000201ff000
[   39.332634] RDX: 0000000000004000 RSI: 0000000000000167 RDI: 000000000000001e
[   39.339873] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   39.347123] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   39.354364] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   39.361622] 
[   39.363218] Allocated by task 1:
[   39.366553]  save_stack_trace+0x16/0x20
[   39.370497]  save_stack+0x43/0xd0
[   39.373918]  kasan_kmalloc+0xad/0xe0
[   39.377598]  kmem_cache_alloc_trace+0x136/0x750
[   39.382238]  tipc_nameseq_create+0xe8/0x540
[   39.386528]  tipc_nametbl_insert_publ+0xf77/0x17c0
[   39.391427]  tipc_nametbl_publish+0x2aa/0x4f0
[   39.395889]  tipc_bind+0x33a/0x700
[   39.399397]  kernel_bind+0x62/0x80
[   39.402903]  tipc_server_start+0x3a1/0xb60
[   39.407104]  tipc_topsrv_start+0x64f/0x890
[   39.411305]  tipc_init_net+0x3cc/0x570
[   39.415161]  ops_init+0x10a/0x570
[   39.418582]  register_pernet_operations+0x45e/0x980
[   39.423567]  register_pernet_subsys+0x2a/0x40
[   39.428038]  tipc_init+0x83/0x104
[   39.431461]  do_one_initcall+0x9e/0x330
[   39.435407]  kernel_init_freeable+0x469/0x521
[   39.439870]  kernel_init+0x13/0x172
[   39.443466]  ret_from_fork+0x2a/0x40
[   39.447145] 
[   39.448743] Freed by task 0:
[   39.451728] (stack is not available)
[   39.455408] 
[   39.457007] The buggy address belongs to the object at ffff8801d2d93200
[   39.457007]  which belongs to the cache kmalloc-32 of size 32
[   39.469458] The buggy address is located 16 bytes inside of
[   39.469458]  32-byte region [ffff8801d2d93200, ffff8801d2d93220)
[   39.481123] The buggy address belongs to the page:
[   39.486024] page:ffffea00074b64c0 count:1 mapcount:0 mapping:ffff8801d2d93000 index:0xffff8801d2d93fc1
[   39.495438] flags: 0x200000000000100(slab)
[   39.499642] raw: 0200000000000100 ffff8801d2d93000 ffff8801d2d93fc1 0000000100000020
[   39.507490] raw: ffffea00074b8520 ffffea00074b0060 ffff8801dac001c0 0000000000000000
[   39.515337] page dumped because: kasan: bad access detected
[   39.521012] 
[   39.522607] Memory state around the buggy address:
[   39.527501]  ffff8801d2d93100: 04 fc fc fc fc fc fc fc 00 06 fc fc fc fc fc fc
[   39.534830]  ffff8801d2d93180: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   39.542155] >ffff8801d2d93200: 00 00 fc fc fc fc fc fc 00 00 00 00 fc fc fc fc
[   39.549481]                          ^
[   39.553335]  ffff8801d2d93280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   39.560665]  ffff8801d2d93300: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   39.567990] ==================================================================
[   39.575318] Disabling lock debugging due to kernel taint
[   39.580764] Kernel panic - not syncing: panic_on_warn set ...
[   39.580764] 
[   39.588097] CPU: 0 PID: 2988 Comm: syzkaller656849 Tainted: G    B           4.14.0-rc1+ #4
[   39.596547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.605863] Call Trace:
[   39.608417]  dump_stack+0x194/0x257
[   39.612011]  ? arch_local_irq_restore+0x53/0x53
[   39.616643]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   39.621369]  ? tipc_nametbl_lookup_dst_nodes+0x420/0x4b0
[   39.626783]  panic+0x1e4/0x417
[   39.629939]  ? __warn+0x1d9/0x1d9
[   39.633366]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   39.638780]  kasan_end_report+0x50/0x50
[   39.642718]  kasan_report+0x137/0x340
[   39.646487]  __asan_report_load4_noabort+0x14/0x20
[   39.651380]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   39.656625]  tipc_sendmcast+0x704/0xe30
[   39.660570]  ? tipc_release+0xfd0/0xfd0
[   39.664509]  ? unwind_get_return_address+0x61/0xa0
[   39.669405]  ? __is_insn_slot_addr+0x1fc/0x330
[   39.673949]  ? lock_downgrade+0x990/0x990
[   39.678066]  ? compat_SyS_sendmsg+0x2a/0x40
[   39.682366]  ? lock_release+0xd70/0xd70
[   39.686302]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   39.692153]  ? is_bpf_text_address+0x7b/0x120
[   39.696610]  ? lock_downgrade+0x990/0x990
[   39.700720]  ? show_initstate+0xb0/0xb0
[   39.704656]  ? __bfs+0xaa/0x750
[   39.707898]  ? bpf_prog_alloc+0x310/0x310
[   39.712013]  ? noop_count+0x40/0x40
[   39.715605]  __tipc_sendmsg+0xf49/0x1590
[   39.719628]  ? __tipc_sendmsg+0xf49/0x1590
[   39.723824]  ? unwind_dump+0x4c0/0x4c0
[   39.727674]  ? check_noncircular+0x20/0x20
[   39.731873]  ? tipc_sendmcast+0xe30/0xe30
[   39.735987]  ? check_usage_backwards+0x20a/0x420
[   39.740706]  ? print_shortest_lock_dependencies+0x350/0x350
[   39.746385]  ? save_stack_trace+0x16/0x20
[   39.750496]  ? save_trace+0x11f/0x350
[   39.754261]  ? mark_held_locks+0xb2/0x100
[   39.758373]  ? __raw_spin_lock_init+0x1c/0x100
[   39.762919]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   39.767896]  ? __lockdep_init_map+0xe4/0x650
[   39.772273]  ? lockdep_init_map+0x3d/0x70
[   39.776386]  __tipc_sendstream+0x8eb/0xc00
[   39.780584]  ? find_held_lock+0x39/0x1d0
[   39.784610]  ? tipc_connect+0x6d0/0x6d0
[   39.788546]  ? lock_downgrade+0x990/0x990
[   39.792656]  ? __check_object_size+0x25d/0x4f0
[   39.797202]  ? lock_acquire+0x1d5/0x580
[   39.801140]  ? tipc_sendstream+0x42/0x70
[   39.805170]  ? mark_held_locks+0xb2/0x100
[   39.809285]  ? __local_bh_enable_ip+0x9d/0x160
[   39.813834]  tipc_sendstream+0x50/0x70
[   39.817685]  ? __tipc_sendstream+0xc00/0xc00
[   39.822058]  sock_sendmsg+0xca/0x110
[   39.825737]  ___sys_sendmsg+0x75b/0x8a0
[   39.829677]  ? copy_msghdr_from_user+0x590/0x590
[   39.834400]  ? get_unused_fd_flags+0x190/0x190
[   39.838947]  ? check_noncircular+0x20/0x20
[   39.843145]  ? __handle_mm_fault+0x587/0x39c0
[   39.847601]  ? __fget_light+0x29d/0x390
[   39.851538]  ? fget_raw+0x20/0x20
[   39.854969]  ? __fdget+0x18/0x20
[   39.858300]  __sys_sendmsg+0xe5/0x210
[   39.862063]  ? __sys_sendmsg+0xe5/0x210
[   39.866003]  ? SyS_shutdown+0x290/0x290
[   39.869945]  ? handle_mm_fault+0x410/0x8d0
[   39.874141]  ? down_read_trylock+0xdb/0x170
[   39.878429]  ? __do_page_fault+0x2b8/0xb60
[   39.882639]  compat_SyS_sendmsg+0x2a/0x40
[   39.886751]  ? compat_SyS_getsockopt+0x420/0x420
[   39.891469]  do_fast_syscall_32+0x3f2/0xeed
[   39.895756]  ? do_int80_syscall_32+0x930/0x930
[   39.900303]  ? kasan_check_read+0x11/0x20
[   39.904416]  ? syscall_return_slowpath+0x500/0x500
[   39.909310]  ? SyS_rt_sigaction+0x94/0x1b0
[   39.913512]  ? lockdep_sys_exit+0x47/0xf0
[   39.917623]  ? retint_user+0x18/0x20
[   39.921302]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.926112]  entry_SYSENTER_compat+0x51/0x60
[   39.930485] RIP: 0023:0xf7fa1c79
[   39.933812] RSP: 002b:00000000ffd37d4c EFLAGS: 00000203 ORIG_RAX: 0000000000000172
[   39.941482] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000201ff000