INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-1,10.128.0.4' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   60.130191] ==================================================================
[   60.137626] BUG: KASAN: slab-out-of-bounds in tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   60.145743] Read of size 4 at addr ffff8801d285a990 by task syzkaller696650/2984
[   60.153255] 
[   60.154858] CPU: 0 PID: 2984 Comm: syzkaller696650 Not tainted 4.13.0-mm1+ #5
[   60.162109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.171447] Call Trace:
[   60.174011]  dump_stack+0x194/0x257
[   60.177613]  ? arch_local_irq_restore+0x53/0x53
[   60.182256]  ? show_regs_print_info+0x65/0x65
[   60.186730]  ? lock_release+0xd70/0xd70
[   60.190678]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   60.196100]  print_address_description+0x73/0x250
[   60.200914]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   60.206338]  kasan_report+0x24e/0x340
[   60.210115]  __asan_report_load4_noabort+0x14/0x20
[   60.215019]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   60.220279]  tipc_sendmcast+0x704/0xe30
[   60.224240]  ? tipc_release+0xfd0/0xfd0
[   60.228190]  ? unwind_get_return_address+0x61/0xa0
[   60.233095]  ? __is_insn_slot_addr+0x1fc/0x330
[   60.237648]  ? lock_downgrade+0x990/0x990
[   60.241775]  ? SyS_sendmsg+0x2d/0x50
[   60.245472]  ? lock_release+0xd70/0xd70
[   60.249420]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   60.255275]  ? is_bpf_text_address+0x7b/0x120
[   60.259743]  ? lock_downgrade+0x990/0x990
[   60.263863]  ? show_initstate+0xb0/0xb0
[   60.267809]  ? __bfs+0xaa/0x750
[   60.271066]  ? bpf_prog_alloc+0x310/0x310
[   60.275194]  ? noop_count+0x40/0x40
[   60.278801]  __tipc_sendmsg+0xf49/0x1590
[   60.282839]  ? __tipc_sendmsg+0xf49/0x1590
[   60.287045]  ? unwind_dump+0x4c0/0x4c0
[   60.290914]  ? tipc_sendmcast+0xe30/0xe30
[   60.295036]  ? check_usage_backwards+0x20a/0x420
[   60.299764]  ? print_shortest_lock_dependencies+0x350/0x350
[   60.305458]  ? save_stack_trace+0x16/0x20
[   60.309575]  ? save_trace+0x11f/0x350
[   60.313356]  ? mark_held_locks+0xb2/0x100
[   60.317477]  ? __raw_spin_lock_init+0x1c/0x100
[   60.322032]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   60.327018]  ? __lockdep_init_map+0xe4/0x650
[   60.331400]  ? lockdep_init_map+0x3d/0x70
[   60.335527]  __tipc_sendstream+0x8eb/0xc00
[   60.339735]  ? find_held_lock+0x39/0x1d0
[   60.343776]  ? tipc_connect+0x6d0/0x6d0
[   60.347723]  ? lock_downgrade+0x990/0x990
[   60.351841]  ? check_same_owner+0x320/0x320
[   60.356136]  ? rw_copy_check_uvector+0x1ce/0x280
[   60.360869]  ? lock_acquire+0x1d5/0x580
[   60.364813]  ? tipc_sendstream+0x42/0x70
[   60.368857]  ? mark_held_locks+0xb2/0x100
[   60.372987]  ? __local_bh_enable_ip+0x9d/0x160
[   60.377555]  tipc_sendstream+0x50/0x70
[   60.381415]  ? __tipc_sendstream+0xc00/0xc00
[   60.385800]  sock_sendmsg+0xca/0x110
[   60.389488]  ___sys_sendmsg+0x75b/0x8a0
[   60.393439]  ? copy_msghdr_from_user+0x590/0x590
[   60.398175]  ? lock_downgrade+0x990/0x990
[   60.402304]  ? __fget_light+0x29d/0x390
[   60.406253]  ? fget_raw+0x20/0x20
[   60.409687]  ? handle_mm_fault+0x410/0x8d0
[   60.413901]  ? down_read_trylock+0xdb/0x170
[   60.418200]  ? __do_page_fault+0x2b8/0xb60
[   60.422433]  ? __fdget+0x18/0x20
[   60.425780]  __sys_sendmsg+0xe5/0x210
[   60.429551]  ? __sys_sendmsg+0xe5/0x210
[   60.433498]  ? SyS_shutdown+0x290/0x290
[   60.437447]  ? __do_page_fault+0xb60/0xb60
[   60.441757]  ? fd_install+0x4d/0x60
[   60.445368]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   60.450362]  SyS_sendmsg+0x2d/0x50
[   60.453881]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   60.458607] RIP: 0033:0x43fd59
[   60.461767] RSP: 002b:00007ffe552d2818 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   60.469451] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd59
[   60.476691] RDX: 0000000000004000 RSI: 00000000201ff000 RDI: 0000000000000003
[   60.483931] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
[   60.491172] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004016c0
[   60.498413] R13: 0000000000401750 R14: 0000000000000000 R15: 0000000000000000
[   60.505672] 
[   60.507273] Allocated by task 1:
[   60.510615]  save_stack_trace+0x16/0x20
[   60.514561]  save_stack+0x43/0xd0
[   60.517982]  kasan_kmalloc+0xad/0xe0
[   60.521664]  kmem_cache_alloc_trace+0x136/0x750
[   60.526306]  tipc_nameseq_create+0xe8/0x540
[   60.530600]  tipc_nametbl_insert_publ+0xf77/0x17c0
[   60.535501]  tipc_nametbl_publish+0x2aa/0x4f0
[   60.539971]  tipc_bind+0x33a/0x700
[   60.543481]  kernel_bind+0x62/0x80
[   60.546989]  tipc_server_start+0x3a1/0xb60
[   60.551194]  tipc_topsrv_start+0x64f/0x890
[   60.555401]  tipc_init_net+0x3cc/0x570
[   60.559268]  ops_init+0x10a/0x570
[   60.562701]  register_pernet_operations+0x45e/0x980
[   60.567687]  register_pernet_subsys+0x2a/0x40
[   60.572158]  tipc_init+0x83/0x104
[   60.575582]  do_one_initcall+0x9e/0x330
[   60.579530]  kernel_init_freeable+0x469/0x521
[   60.583997]  kernel_init+0x13/0x172
[   60.587598]  ret_from_fork+0x2a/0x40
[   60.591280] 
[   60.592879] Freed by task 0:
[   60.595867] (stack is not available)
[   60.599548] 
[   60.601145] The buggy address belongs to the object at ffff8801d285a980
[   60.601145]  which belongs to the cache kmalloc-32 of size 32
[   60.613599] The buggy address is located 16 bytes inside of
[   60.613599]  32-byte region [ffff8801d285a980, ffff8801d285a9a0)
[   60.625269] The buggy address belongs to the page:
[   60.630170] page:ffffea00074a1680 count:1 mapcount:0 mapping:ffff8801d285a000 index:0xffff8801d285afc1
[   60.639590] flags: 0x200000000000100(slab)
[   60.643800] raw: 0200000000000100 ffff8801d285a000 ffff8801d285afc1 0000000100000034
[   60.651651] raw: ffffea00074bdda0 ffffea00074b4620 ffff8801dac001c0 0000000000000000
[   60.659503] page dumped because: kasan: bad access detected
[   60.665186] 
[   60.666787] Memory state around the buggy address:
[   60.671697]  ffff8801d285a880: 04 fc fc fc fc fc fc fc 00 06 fc fc fc fc fc fc
[   60.679028]  ffff8801d285a900: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   60.686359] >ffff8801d285a980: 00 00 fc fc fc fc fc fc 00 00 00 00 fc fc fc fc
[   60.693696]                          ^
[   60.697553]  ffff8801d285aa00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   60.704883]  ffff8801d285aa80: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   60.712222] ==================================================================
[   60.719550] Disabling lock debugging due to kernel taint
[   60.725020] Kernel panic - not syncing: panic_on_warn set ...
[   60.725020] 
[   60.732349] CPU: 0 PID: 2984 Comm: syzkaller696650 Tainted: G    B           4.13.0-mm1+ #5
[   60.740800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.750120] Call Trace:
[   60.752679]  dump_stack+0x194/0x257
[   60.756277]  ? arch_local_irq_restore+0x53/0x53
[   60.761185]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   60.765922]  ? tipc_nametbl_lookup_dst_nodes+0x3e0/0x4b0
[   60.771352]  panic+0x1e4/0x417
[   60.774515]  ? __warn+0x1d9/0x1d9
[   60.777944]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   60.783377]  kasan_end_report+0x50/0x50
[   60.787323]  kasan_report+0x137/0x340
[   60.791091]  __asan_report_load4_noabort+0x14/0x20
[   60.795985]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   60.801234]  tipc_sendmcast+0x704/0xe30
[   60.805196]  ? tipc_release+0xfd0/0xfd0
[   60.809149]  ? unwind_get_return_address+0x61/0xa0
[   60.814048]  ? __is_insn_slot_addr+0x1fc/0x330
[   60.818599]  ? lock_downgrade+0x990/0x990
[   60.822717]  ? SyS_sendmsg+0x2d/0x50
[   60.826403]  ? lock_release+0xd70/0xd70
[   60.830343]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   60.836203]  ? is_bpf_text_address+0x7b/0x120
[   60.840663]  ? lock_downgrade+0x990/0x990
[   60.844779]  ? show_initstate+0xb0/0xb0
[   60.848730]  ? __bfs+0xaa/0x750
[   60.851976]  ? bpf_prog_alloc+0x310/0x310
[   60.856092]  ? noop_count+0x40/0x40
[   60.859690]  __tipc_sendmsg+0xf49/0x1590
[   60.863716]  ? __tipc_sendmsg+0xf49/0x1590
[   60.867916]  ? unwind_dump+0x4c0/0x4c0
[   60.871774]  ? tipc_sendmcast+0xe30/0xe30
[   60.875900]  ? check_usage_backwards+0x20a/0x420
[   60.880624]  ? print_shortest_lock_dependencies+0x350/0x350
[   60.886305]  ? save_stack_trace+0x16/0x20
[   60.890421]  ? save_trace+0x11f/0x350
[   60.894193]  ? mark_held_locks+0xb2/0x100
[   60.898307]  ? __raw_spin_lock_init+0x1c/0x100
[   60.902856]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   60.907836]  ? __lockdep_init_map+0xe4/0x650
[   60.912212]  ? lockdep_init_map+0x3d/0x70
[   60.916331]  __tipc_sendstream+0x8eb/0xc00
[   60.920533]  ? find_held_lock+0x39/0x1d0
[   60.924563]  ? tipc_connect+0x6d0/0x6d0
[   60.928505]  ? lock_downgrade+0x990/0x990
[   60.932620]  ? check_same_owner+0x320/0x320
[   60.936908]  ? rw_copy_check_uvector+0x1ce/0x280
[   60.941631]  ? lock_acquire+0x1d5/0x580
[   60.945581]  ? tipc_sendstream+0x42/0x70
[   60.949614]  ? mark_held_locks+0xb2/0x100
[   60.953733]  ? __local_bh_enable_ip+0x9d/0x160
[   60.958286]  tipc_sendstream+0x50/0x70
[   60.962140]  ? __tipc_sendstream+0xc00/0xc00
[   60.966515]  sock_sendmsg+0xca/0x110
[   60.970195]  ___sys_sendmsg+0x75b/0x8a0
[   60.974137]  ? copy_msghdr_from_user+0x590/0x590
[   60.978861]  ? lock_downgrade+0x990/0x990
[   60.982982]  ? __fget_light+0x29d/0x390
[   60.986930]  ? fget_raw+0x20/0x20
[   60.990355]  ? handle_mm_fault+0x410/0x8d0
[   60.994556]  ? down_read_trylock+0xdb/0x170
[   60.998843]  ? __do_page_fault+0x2b8/0xb60
[   61.003049]  ? __fdget+0x18/0x20
[   61.006384]  __sys_sendmsg+0xe5/0x210
[   61.010150]  ? __sys_sendmsg+0xe5/0x210
[   61.014091]  ? SyS_shutdown+0x290/0x290
[   61.018031]  ? __do_page_fault+0xb60/0xb60
[   61.022232]  ? fd_install+0x4d/0x60
[   61.025830]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   61.030813]  SyS_sendmsg+0x2d/0x50
[   61.034326]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   61.039046] RIP: 0033:0x43fd59
[   61.042201] RSP: 002b:00007ffe552d2818 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   61.049883] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd59
[   61.057117] RDX: 0000000000004000 RSI: 00000000201ff000 RDI: 0000000000000003
[   61.064352] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
[   61.071588] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004016c0
[   61.078823] R13: 0000000000401750 R14: 0000000000000000 R15: 0000000000000000
[   61.086102] Dumping ftrace buffer:
[   61.089611]    (ftrace buffer empty)
[   61.093302] Kernel Offset: disabled
[   61.096901] Rebooting in 86400 seconds..