INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-kasan-gce-4,10.128.15.219' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.381955] ================================================================== [ 41.389360] BUG: KASAN: slab-out-of-bounds in tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0 [ 41.397479] Read of size 4 at addr ffff8801d28afb90 by task syzkaller696544/2984 [ 41.404980] [ 41.406581] CPU: 0 PID: 2984 Comm: syzkaller696544 Not tainted 4.14.0-rc4+ #131 [ 41.414003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.423338] Call Trace: [ 41.425912] dump_stack+0x194/0x257 [ 41.429526] ? arch_local_irq_restore+0x53/0x53 [ 41.434173] ? show_regs_print_info+0x65/0x65 [ 41.438651] ? lock_release+0xd70/0xd70 [ 41.442605] ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0 [ 41.448040] print_address_description+0x73/0x250 [ 41.452875] ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0 [ 41.458337] kasan_report+0x25b/0x340 [ 41.462127] __asan_report_load4_noabort+0x14/0x20 [ 41.467032] tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0 [ 41.472297] tipc_sendmcast+0x70b/0xe20 [ 41.476246] ? unwind_dump+0x4c0/0x4c0 [ 41.480554] ? tipc_release+0xfd0/0xfd0 [ 41.484503] ? __kernel_text_address+0xd/0x40 [ 41.488969] ? __is_insn_slot_addr+0x1fc/0x330 [ 41.493522] ? lock_downgrade+0x990/0x990 [ 41.497641] ? __save_stack_trace+0x61/0xd0 [ 41.501943] ? __sys_sendmsg+0xe5/0x210 [ 41.505897] ? lock_release+0xd70/0xd70 [ 41.509842] ? is_bpf_text_address+0x7b/0x120 [ 41.514307] ? lock_downgrade+0x990/0x990 [ 41.518430] ? show_initstate+0xb0/0xb0 [ 41.522377] ? bpf_prog_alloc+0x310/0x310 [ 41.526498] ? __bfs+0xaa/0x750 [ 41.529753] ? lock_release+0xd70/0xd70 [ 41.533694] ? noop_count+0x40/0x40 [ 41.537298] __tipc_sendmsg+0xf49/0x1590 [ 41.541332] ? __tipc_sendmsg+0xf49/0x1590 [ 41.545537] ? rcutorture_record_progress+0x10/0x10 [ 41.550533] ? tipc_sendmcast+0xe20/0xe20 [ 41.554658] ? check_usage_backwards+0x20a/0x420 [ 41.559385] ? print_shortest_lock_dependencies+0x350/0x350 [ 41.565080] ? save_stack_trace+0x16/0x20 [ 41.569197] ? save_trace+0x11f/0x350 [ 41.572975] ? mark_held_locks+0xb2/0x100 [ 41.577094] ? __raw_spin_lock_init+0x1c/0x100 [ 41.581649] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.586635] ? __lockdep_init_map+0xe4/0x650 [ 41.591033] ? lockdep_init_map+0x3d/0x70 [ 41.595172] __tipc_sendstream+0x8eb/0xc00 [ 41.599392] ? find_held_lock+0x39/0x1d0 [ 41.603441] ? tipc_connect+0x6d0/0x6d0 [ 41.607396] ? lock_downgrade+0x990/0x990 [ 41.611528] ? lock_acquire+0x1d5/0x580 [ 41.615479] ? tipc_sendstream+0x42/0x70 [ 41.619529] ? mark_held_locks+0xb2/0x100 [ 41.623663] ? __local_bh_enable_ip+0x9d/0x160 [ 41.628238] tipc_sendstream+0x50/0x70 [ 41.632121] tipc_send_packet+0x33/0x50 [ 41.636083] ? tipc_sendstream+0x70/0x70 [ 41.640137] sock_sendmsg+0xca/0x110 [ 41.643850] ___sys_sendmsg+0x75b/0x8a0 [ 41.647816] ? copy_msghdr_from_user+0x590/0x590 [ 41.652571] ? __fget_light+0x29d/0x390 [ 41.656525] ? fget_raw+0x20/0x20 [ 41.659963] ? vmacache_find+0x5f/0x280 [ 41.663964] ? __fdget+0x18/0x20 [ 41.667333] __sys_sendmsg+0xe5/0x210 [ 41.671119] ? __sys_sendmsg+0xe5/0x210 [ 41.675077] ? SyS_shutdown+0x290/0x290 [ 41.679034] ? __do_page_fault+0xd60/0xd60 [ 41.683250] ? fd_install+0x4d/0x60 [ 41.686885] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.691900] SyS_sendmsg+0x2d/0x50 [ 41.695433] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 41.700162] RIP: 0033:0x43fd59 [ 41.703321] RSP: 002b:00007fffc6bc7d68 EFLAGS: 00000203 ORIG_RAX: 000000000000002e [ 41.711002] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd59 [ 41.718245] RDX: 0000000000000004 RSI: 00000000203bbfc8 RDI: 0000000000000003 [ 41.725489] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 41.732731] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004016c0 [ 41.739971] R13: 0000000000401750 R14: 0000000000000000 R15: 0000000000000000 [ 41.747229] [ 41.748832] Allocated by task 1: [ 41.752172] save_stack_trace+0x16/0x20 [ 41.756120] save_stack+0x43/0xd0 [ 41.759541] kasan_kmalloc+0xad/0xe0 [ 41.763225] kmem_cache_alloc_trace+0x136/0x750 [ 41.767863] tipc_nameseq_create+0xe8/0x540 [ 41.772168] tipc_nametbl_insert_publ+0xf77/0x17c0 [ 41.777066] tipc_nametbl_publish+0x2aa/0x4f0 [ 41.781528] tipc_bind+0x33a/0x700 [ 41.785038] kernel_bind+0x62/0x80 [ 41.788546] tipc_server_start+0x3a1/0xb60 [ 41.792751] tipc_topsrv_start+0x64f/0x890 [ 41.796960] tipc_init_net+0x3cc/0x570 [ 41.800832] ops_init+0x10a/0x570 [ 41.804282] register_pernet_operations+0x45e/0x980 [ 41.809298] register_pernet_subsys+0x2a/0x40 [ 41.813764] tipc_init+0x83/0x104 [ 41.817186] do_one_initcall+0x9e/0x330 [ 41.821131] kernel_init_freeable+0x469/0x521 [ 41.825595] kernel_init+0x13/0x172 [ 41.829191] ret_from_fork+0x2a/0x40 [ 41.832873] [ 41.834470] Freed by task 0: [ 41.837455] (stack is not available) [ 41.841138] [ 41.842737] The buggy address belongs to the object at ffff8801d28afb80 [ 41.842737] which belongs to the cache kmalloc-32 of size 32 [ 41.855191] The buggy address is located 16 bytes inside of [ 41.855191] 32-byte region [ffff8801d28afb80, ffff8801d28afba0) [ 41.866868] The buggy address belongs to the page: [ 41.871772] page:ffffea00074a2bc0 count:1 mapcount:0 mapping:ffff8801d28af000 index:0xffff8801d28affc1 [ 41.881195] flags: 0x200000000000100(slab) [ 41.885400] raw: 0200000000000100 ffff8801d28af000 ffff8801d28affc1 000000010000003f [ 41.893249] raw: ffffea00074ec6e0 ffffea00074a7260 ffff8801dac001c0 0000000000000000 [ 41.901095] page dumped because: kasan: bad access detected [ 41.906772] [ 41.908370] Memory state around the buggy address: [ 41.913268] ffff8801d28afa80: 04 fc fc fc fc fc fc fc 00 06 fc fc fc fc fc fc [ 41.920600] ffff8801d28afb00: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc [ 41.927929] >ffff8801d28afb80: 00 00 fc fc fc fc fc fc 00 00 00 00 fc fc fc fc [ 41.935255] ^ [ 41.939109] ffff8801d28afc00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 41.946438] ffff8801d28afc80: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc [ 41.953771] ================================================================== [ 41.961099] Disabling lock debugging due to kernel taint [ 41.966559] Kernel panic - not syncing: panic_on_warn set ... [ 41.966559] [ 41.973895] CPU: 0 PID: 2984 Comm: syzkaller696544 Tainted: G B 4.14.0-rc4+ #131 [ 41.982529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.991852] Call Trace: [ 41.994416] dump_stack+0x194/0x257 [ 41.998024] ? arch_local_irq_restore+0x53/0x53 [ 42.002671] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 42.007398] ? tipc_nametbl_lookup_dst_nodes+0x3f0/0x4b0 [ 42.012818] panic+0x1e4/0x417 [ 42.015989] ? __warn+0x1d9/0x1d9 [ 42.019421] ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0 [ 42.024845] kasan_end_report+0x50/0x50 [ 42.028795] kasan_report+0x144/0x340 [ 42.032569] __asan_report_load4_noabort+0x14/0x20 [ 42.037467] tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0 [ 42.042723] tipc_sendmcast+0x70b/0xe20 [ 42.046666] ? unwind_dump+0x4c0/0x4c0 [ 42.050526] ? tipc_release+0xfd0/0xfd0 [ 42.054466] ? __kernel_text_address+0xd/0x40 [ 42.058934] ? __is_insn_slot_addr+0x1fc/0x330 [ 42.063481] ? lock_downgrade+0x990/0x990 [ 42.067593] ? __save_stack_trace+0x61/0xd0 [ 42.071885] ? __sys_sendmsg+0xe5/0x210 [ 42.075829] ? lock_release+0xd70/0xd70 [ 42.079767] ? is_bpf_text_address+0x7b/0x120 [ 42.084230] ? lock_downgrade+0x990/0x990 [ 42.088349] ? show_initstate+0xb0/0xb0 [ 42.092288] ? bpf_prog_alloc+0x310/0x310 [ 42.096399] ? __bfs+0xaa/0x750 [ 42.099644] ? lock_release+0xd70/0xd70 [ 42.103586] ? noop_count+0x40/0x40 [ 42.107181] __tipc_sendmsg+0xf49/0x1590 [ 42.111205] ? __tipc_sendmsg+0xf49/0x1590 [ 42.115411] ? rcutorture_record_progress+0x10/0x10 [ 42.120404] ? tipc_sendmcast+0xe20/0xe20 [ 42.124521] ? check_usage_backwards+0x20a/0x420 [ 42.129246] ? print_shortest_lock_dependencies+0x350/0x350 [ 42.134935] ? save_stack_trace+0x16/0x20 [ 42.139061] ? save_trace+0x11f/0x350 [ 42.142839] ? mark_held_locks+0xb2/0x100 [ 42.146961] ? __raw_spin_lock_init+0x1c/0x100 [ 42.151516] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 42.156504] ? __lockdep_init_map+0xe4/0x650 [ 42.160889] ? lockdep_init_map+0x3d/0x70 [ 42.165023] __tipc_sendstream+0x8eb/0xc00 [ 42.169235] ? find_held_lock+0x39/0x1d0 [ 42.173273] ? tipc_connect+0x6d0/0x6d0 [ 42.177215] ? lock_downgrade+0x990/0x990 [ 42.181336] ? lock_acquire+0x1d5/0x580 [ 42.185281] ? tipc_sendstream+0x42/0x70 [ 42.189317] ? mark_held_locks+0xb2/0x100 [ 42.193439] ? __local_bh_enable_ip+0x9d/0x160 [ 42.197997] tipc_sendstream+0x50/0x70 [ 42.201858] tipc_send_packet+0x33/0x50 [ 42.205808] ? tipc_sendstream+0x70/0x70 [ 42.209843] sock_sendmsg+0xca/0x110 [ 42.213529] ___sys_sendmsg+0x75b/0x8a0 [ 42.217474] ? copy_msghdr_from_user+0x590/0x590 [ 42.222218] ? __fget_light+0x29d/0x390 [ 42.226175] ? fget_raw+0x20/0x20 [ 42.229605] ? vmacache_find+0x5f/0x280 [ 42.233557] ? __fdget+0x18/0x20 [ 42.236901] __sys_sendmsg+0xe5/0x210 [ 42.240672] ? __sys_sendmsg+0xe5/0x210 [ 42.244615] ? SyS_shutdown+0x290/0x290 [ 42.248559] ? __do_page_fault+0xd60/0xd60 [ 42.252763] ? fd_install+0x4d/0x60 [ 42.256370] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 42.261356] SyS_sendmsg+0x2d/0x50 [ 42.264874] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 42.269602] RIP: 0033:0x43fd59 [ 42.272758] RSP: 002b:00007fffc6bc7d68 EFLAGS: 00000203 ORIG_RAX: 000000000000002e [ 42.280433] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd59 [ 42.287669] RDX: 0000000000000004 RSI: 00000000203bbfc8 RDI: 0000000000000003 [ 42.294909] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 42.302152] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004016c0 [ 42.309389] R13: 0000000000401750 R14: 0000000000000000 R15: 0000000000000000 [ 42.316677] Dumping ftrace buffer: [ 42.320191] (ftrace buffer empty) [ 42.323880] Kernel Offset: disabled [ 42.327481] Rebooting in 86400 seconds..