INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-3,10.128.0.28' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   33.235853] ==================================================================
[   33.236990] BUG: KASAN: slab-out-of-bounds in tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   33.238078] Read of size 4 at addr ffff8801d3a1d510 by task syzkaller991837/3006
[   33.239063] 
[   33.239295] CPU: 1 PID: 3006 Comm: syzkaller991837 Not tainted 4.13.0-rc6+ #46
[   33.240273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.241492] Call Trace:
[   33.241849]  dump_stack+0x194/0x257
[   33.242340]  ? arch_local_irq_restore+0x53/0x53
[   33.242962]  ? show_regs_print_info+0x65/0x65
[   33.243564]  ? lock_release+0xa40/0xa40
[   33.244099]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   33.244845]  print_address_description+0x73/0x250
[   33.245489]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   33.246213]  kasan_report+0x24e/0x340
[   33.246728]  __asan_report_load4_noabort+0x14/0x20
[   33.247401]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   33.248108]  tipc_sendmcast+0x704/0xe30
[   33.248656]  ? tipc_release+0xfe0/0xfe0
[   33.249220]  ? __is_insn_slot_addr+0x1fc/0x330
[   33.249832]  ? lock_downgrade+0x990/0x990
[   33.250427]  ? lock_release+0xa40/0xa40
[   33.250961]  ? unwind_dump+0x4c0/0x4c0
[   33.251484]  ? entry_SYSCALL_64_fastpath+0x1f/0xbe
[   33.252150]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   33.252811]  ? show_initstate+0xb0/0xb0
[   33.253379]  ? __bfs+0xaa/0x750
[   33.253855]  ? bpf_prog_alloc+0x310/0x310
[   33.254412]  ? is_bpf_text_address+0x7b/0x120
[   33.255014]  ? noop_count+0x40/0x40
[   33.255520]  __tipc_sendmsg+0xf49/0x1590
[   33.256476]  ? __tipc_sendmsg+0xf49/0x1590
[   33.260674]  ? update_stack_state+0x700/0x700
[   33.265148]  ? tipc_sendmcast+0xe30/0xe30
[   33.269265]  ? check_usage_backwards+0x20a/0x420
[   33.273991]  ? check_usage_forwards+0x430/0x430
[   33.278640]  ? save_stack_trace+0x16/0x20
[   33.282755]  ? save_trace+0x11f/0x350
[   33.286532]  ? mark_held_locks+0xaf/0x100
[   33.290658]  ? __raw_spin_lock_init+0x1c/0x100
[   33.295209]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   33.300196]  ? lockdep_init_map+0xe4/0x650
[   33.304404]  __tipc_sendstream+0x8eb/0xc00
[   33.308618]  ? tipc_connect+0x6d0/0x6d0
[   33.312558]  ? find_held_lock+0x35/0x1d0
[   33.316592]  ? lock_acquire+0x1d5/0x580
[   33.320534]  ? lock_sock_nested+0xa3/0x110
[   33.324736]  ? lock_acquire+0x1d5/0x580
[   33.328678]  ? tipc_sendstream+0x42/0x70
[   33.332719]  ? mark_held_locks+0xaf/0x100
[   33.336846]  ? trace_hardirqs_on+0xd/0x10
[   33.340966]  ? __local_bh_enable_ip+0x9d/0x160
[   33.345521]  tipc_sendstream+0x50/0x70
[   33.349378]  ? __tipc_sendstream+0xc00/0xc00
[   33.353843]  sock_sendmsg+0xca/0x110
[   33.357528]  ___sys_sendmsg+0x755/0x890
[   33.361473]  ? copy_msghdr_from_user+0x590/0x590
[   33.366205]  ? __handle_mm_fault+0x577/0x3860
[   33.370665]  ? check_noncircular+0x20/0x20
[   33.374870]  ? check_noncircular+0x20/0x20
[   33.379069]  ? __pmd_alloc+0x4e0/0x4e0
[   33.382934]  ? __fget_light+0x297/0x380
[   33.386877]  ? fget_raw+0x20/0x20
[   33.390301]  ? find_held_lock+0x35/0x1d0
[   33.394348]  ? __fdget+0x18/0x20
[   33.397686]  __sys_sendmsg+0xe5/0x210
[   33.401452]  ? __sys_sendmsg+0xe5/0x210
[   33.405395]  ? SyS_shutdown+0x290/0x290
[   33.409338]  ? handle_mm_fault+0x4a2/0x860
[   33.413539]  ? down_read_trylock+0xdb/0x170
[   33.417829]  ? __handle_mm_fault+0x3860/0x3860
[   33.422375]  ? vmacache_find+0x61/0x270
[   33.426326]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   33.431314]  SyS_sendmsg+0x2d/0x50
[   33.434824]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   33.439545] RIP: 0033:0x43fd59
[   33.442701] RSP: 002b:00007ffc48629388 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   33.450374] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd59
[   33.457609] RDX: 0000000000004000 RSI: 00000000201ff000 RDI: 0000000000000003
[   33.464846] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
[   33.472083] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004016c0
[   33.479319] R13: 0000000000401750 R14: 0000000000000000 R15: 0000000000000000
[   33.486573] 
[   33.488169] Allocated by task 1:
[   33.491502]  save_stack_trace+0x16/0x20
[   33.495441]  save_stack+0x43/0xd0
[   33.498870]  kasan_kmalloc+0xad/0xe0
[   33.502550]  kmem_cache_alloc_trace+0x12f/0x740
[   33.507189]  tipc_nameseq_create+0xe8/0x540
[   33.511474]  tipc_nametbl_insert_publ+0xf77/0x17c0
[   33.516368]  tipc_nametbl_publish+0x2aa/0x4f0
[   33.520830]  tipc_bind+0x33a/0x700
[   33.524334]  kernel_bind+0x62/0x80
[   33.527839]  tipc_server_start+0x39b/0xb60
[   33.532038]  tipc_topsrv_start+0x649/0x880
[   33.536240]  tipc_init_net+0x3cc/0x570
[   33.540095]  ops_init+0x10a/0x570
[   33.543513]  register_pernet_operations+0x45e/0x980
[   33.548494]  register_pernet_subsys+0x2a/0x40
[   33.552958]  tipc_init+0x83/0x104
[   33.556378]  do_one_initcall+0x9e/0x330
[   33.560321]  kernel_init_freeable+0x469/0x521
[   33.564783]  kernel_init+0x13/0x172
[   33.568375]  ret_from_fork+0x2a/0x40
[   33.572059] 
[   33.573652] Freed by task 0:
[   33.576632] (stack is not available)
[   33.580309] 
[   33.581908] The buggy address belongs to the object at ffff8801d3a1d500
[   33.581908]  which belongs to the cache kmalloc-32 of size 32
[   33.594360] The buggy address is located 16 bytes inside of
[   33.594360]  32-byte region [ffff8801d3a1d500, ffff8801d3a1d520)
[   33.606023] The buggy address belongs to the page:
[   33.610919] page:ffffea00074e8740 count:1 mapcount:0 mapping:ffff8801d3a1d000 index:0xffff8801d3a1dfc1
[   33.620329] flags: 0x200000000000100(slab)
[   33.624530] raw: 0200000000000100 ffff8801d3a1d000 ffff8801d3a1dfc1 000000010000003f
[   33.632379] raw: ffffea00074e84a0 ffffea00074bf2a0 ffff8801dac001c0 0000000000000000
[   33.640224] page dumped because: kasan: bad access detected
[   33.645900] 
[   33.647492] Memory state around the buggy address:
[   33.652385]  ffff8801d3a1d400: 04 fc fc fc fc fc fc fc 00 06 fc fc fc fc fc fc
[   33.659710]  ffff8801d3a1d480: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   33.667034] >ffff8801d3a1d500: 00 00 fc fc fc fc fc fc 00 00 00 00 fc fc fc fc
[   33.674357]                          ^
[   33.678209]  ffff8801d3a1d580: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   33.685532]  ffff8801d3a1d600: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   33.692854] ==================================================================
[   33.700177] Disabling lock debugging due to kernel taint
[   33.705631] Kernel panic - not syncing: panic_on_warn set ...
[   33.705631] 
[   33.712963] CPU: 1 PID: 3006 Comm: syzkaller991837 Tainted: G    B           4.13.0-rc6+ #46
[   33.721501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.730820] Call Trace:
[   33.733376]  dump_stack+0x194/0x257
[   33.736971]  ? arch_local_irq_restore+0x53/0x53
[   33.741604]  ? kasan_end_report+0x32/0x50
[   33.745733]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   33.750458]  ? tipc_nametbl_lookup_dst_nodes+0x3c0/0x4b0
[   33.755872]  panic+0x1e4/0x417
[   33.759029]  ? __warn+0x1d9/0x1d9
[   33.762453]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   33.767868]  kasan_end_report+0x50/0x50
[   33.771806]  kasan_report+0x137/0x340
[   33.775586]  __asan_report_load4_noabort+0x14/0x20
[   33.780481]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   33.785739]  tipc_sendmcast+0x704/0xe30
[   33.789686]  ? tipc_release+0xfe0/0xfe0
[   33.793636]  ? __is_insn_slot_addr+0x1fc/0x330
[   33.798187]  ? lock_downgrade+0x990/0x990
[   33.802306]  ? lock_release+0xa40/0xa40
[   33.806244]  ? unwind_dump+0x4c0/0x4c0
[   33.810098]  ? entry_SYSCALL_64_fastpath+0x1f/0xbe
[   33.814996]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   33.819722]  ? show_initstate+0xb0/0xb0
[   33.823663]  ? __bfs+0xaa/0x750
[   33.826909]  ? bpf_prog_alloc+0x310/0x310
[   33.831022]  ? is_bpf_text_address+0x7b/0x120
[   33.835484]  ? noop_count+0x40/0x40
[   33.839081]  __tipc_sendmsg+0xf49/0x1590
[   33.843107]  ? __tipc_sendmsg+0xf49/0x1590
[   33.847315]  ? update_stack_state+0x700/0x700
[   33.851780]  ? tipc_sendmcast+0xe30/0xe30
[   33.855895]  ? check_usage_backwards+0x20a/0x420
[   33.860616]  ? check_usage_forwards+0x430/0x430
[   33.865256]  ? save_stack_trace+0x16/0x20
[   33.869368]  ? save_trace+0x11f/0x350
[   33.873136]  ? mark_held_locks+0xaf/0x100
[   33.877248]  ? __raw_spin_lock_init+0x1c/0x100
[   33.881797]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   33.886779]  ? lockdep_init_map+0xe4/0x650
[   33.890983]  __tipc_sendstream+0x8eb/0xc00
[   33.895190]  ? tipc_connect+0x6d0/0x6d0
[   33.899128]  ? find_held_lock+0x35/0x1d0
[   33.903155]  ? lock_acquire+0x1d5/0x580
[   33.907095]  ? lock_sock_nested+0xa3/0x110
[   33.911291]  ? lock_acquire+0x1d5/0x580
[   33.915228]  ? tipc_sendstream+0x42/0x70
[   33.919257]  ? mark_held_locks+0xaf/0x100
[   33.923372]  ? trace_hardirqs_on+0xd/0x10
[   33.927485]  ? __local_bh_enable_ip+0x9d/0x160
[   33.932034]  tipc_sendstream+0x50/0x70
[   33.935891]  ? __tipc_sendstream+0xc00/0xc00
[   33.940265]  sock_sendmsg+0xca/0x110
[   33.943945]  ___sys_sendmsg+0x755/0x890
[   33.947887]  ? copy_msghdr_from_user+0x590/0x590
[   33.952611]  ? __handle_mm_fault+0x577/0x3860
[   33.957077]  ? check_noncircular+0x20/0x20
[   33.961279]  ? check_noncircular+0x20/0x20
[   33.965479]  ? __pmd_alloc+0x4e0/0x4e0
[   33.969332]  ? __fget_light+0x297/0x380
[   33.973272]  ? fget_raw+0x20/0x20
[   33.976690]  ? find_held_lock+0x35/0x1d0
[   33.980727]  ? __fdget+0x18/0x20
[   33.984061]  __sys_sendmsg+0xe5/0x210
[   33.987825]  ? __sys_sendmsg+0xe5/0x210
[   33.991764]  ? SyS_shutdown+0x290/0x290
[   33.995705]  ? handle_mm_fault+0x4a2/0x860
[   33.999905]  ? down_read_trylock+0xdb/0x170
[   34.004193]  ? __handle_mm_fault+0x3860/0x3860
[   34.008739]  ? vmacache_find+0x61/0x270
[   34.012683]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.017665]  SyS_sendmsg+0x2d/0x50
[   34.021172]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   34.025893] RIP: 0033:0x43fd59
[   34.029047] RSP: 002b:00007ffc48629388 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   34.036722] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd59
[   34.043958] RDX: 0000000000004000 RSI: 00000000201ff000 RDI: 0000000000000003
[   34.051193] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
[   34.058436] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004016c0
[   34.065670] R13: 0000000000401750 R14: 0000000000000000 R15: 0000000000000000
[   34.072950] Dumping ftrace buffer:
[   34.076456]    (ftrace buffer empty)
[   34.080133] Kernel Offset: disabled
[   34.083726] Rebooting in 86400 seconds..