INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-kasan-gce-386-4,10.128.15.197' (ECDSA) to the list of known hosts. 2017/10/03 20:31:20 parsed 1 programs 2017/10/03 20:31:20 executed programs: 0 syzkaller login: [ 21.717480] ================================================================== [ 21.724915] BUG: KASAN: slab-out-of-bounds in tipc_nametbl_lookup_dst_nodes+0x448/0x4b0 [ 21.733032] Read of size 4 at addr ffff8801ce886c10 by task syz-executor0/2995 [ 21.740362] [ 21.741965] CPU: 0 PID: 2995 Comm: syz-executor0 Not tainted 4.14.0-rc3+ #23 [ 21.749119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.758443] Call Trace: [ 21.761004] dump_stack+0x194/0x257 [ 21.764607] ? arch_local_irq_restore+0x53/0x53 [ 21.769247] ? show_regs_print_info+0x65/0x65 [ 21.773718] ? lock_release+0xd70/0xd70 [ 21.777675] ? tipc_nametbl_lookup_dst_nodes+0x448/0x4b0 [ 21.783100] print_address_description+0x73/0x250 [ 21.787914] ? tipc_nametbl_lookup_dst_nodes+0x448/0x4b0 [ 21.793341] kasan_report+0x25b/0x340 [ 21.797120] __asan_report_load4_noabort+0x14/0x20 [ 21.802022] tipc_nametbl_lookup_dst_nodes+0x448/0x4b0 [ 21.807280] tipc_sendmcast+0x70b/0xe20 [ 21.811241] ? tipc_release+0xfd0/0xfd0 [ 21.815186] ? lru_cache_add+0x1c7/0x3a0 [ 21.819224] ? get_mem_cgroup_from_mm+0x710/0x710 [ 21.824040] ? lru_cache_add_file+0x20/0x20 [ 21.828331] ? __bfs+0x690/0x750 [ 21.831677] ? find_held_lock+0x39/0x1d0 [ 21.835717] ? check_noncircular+0x20/0x20 [ 21.839928] ? lock_downgrade+0x990/0x990 [ 21.844052] ? check_noncircular+0x20/0x20 [ 21.848263] ? pgtable_trans_huge_deposit+0x342/0x6d0 [ 21.853427] ? check_noncircular+0x20/0x20 [ 21.857650] __tipc_sendmsg+0xf49/0x1590 [ 21.861679] ? __tipc_sendmsg+0xf49/0x1590 [ 21.865893] ? perf_trace_lock_acquire+0x562/0x900 [ 21.870795] ? tipc_sendmcast+0xe20/0xe20 [ 21.874923] ? lock_downgrade+0x990/0x990 [ 21.879045] ? __check_object_size+0x25d/0x4f0 [ 21.883609] ? lock_acquire+0x1d5/0x580 [ 21.887556] ? tipc_sendmsg+0x42/0x70 [ 21.891346] ? mark_held_locks+0xb2/0x100 [ 21.895468] ? __local_bh_enable_ip+0x9d/0x160 [ 21.900023] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 21.905024] ? lock_sock_nested+0x91/0x110 [ 21.909229] ? trace_hardirqs_on+0xd/0x10 [ 21.913350] ? __local_bh_enable_ip+0x9d/0x160 [ 21.917914] tipc_sendmsg+0x50/0x70 [ 21.921512] ? __tipc_sendmsg+0x1590/0x1590 [ 21.925808] sock_sendmsg+0xca/0x110 [ 21.929495] ___sys_sendmsg+0x75b/0x8a0 [ 21.933450] ? copy_msghdr_from_user+0x590/0x590 [ 21.938183] ? __handle_mm_fault+0x587/0x39c0 [ 21.942661] ? __pmd_alloc+0x4e0/0x4e0 [ 21.946526] ? __fget_light+0x29d/0x390 [ 21.950476] ? fget_raw+0x20/0x20 [ 21.953926] ? __fdget+0x18/0x20 [ 21.957270] __sys_sendmsg+0xe5/0x210 [ 21.961041] ? __sys_sendmsg+0xe5/0x210 [ 21.964989] ? SyS_shutdown+0x290/0x290 [ 21.968937] ? down_read_trylock+0xdb/0x170 [ 21.973236] ? compat_SyS_futex+0x288/0x380 [ 21.977553] compat_SyS_sendmsg+0x2a/0x40 [ 21.981674] ? compat_SyS_getsockopt+0x420/0x420 [ 21.986403] do_fast_syscall_32+0x3f2/0xf05 [ 21.990710] ? do_int80_syscall_32+0x940/0x940 [ 21.995267] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 21.999996] ? lockdep_sys_exit+0x47/0xf0 [ 22.004117] ? syscall_return_slowpath+0x2b3/0x510 [ 22.009024] ? sysret32_from_system_call+0x5/0x3b [ 22.013844] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 22.018664] entry_SYSENTER_compat+0x51/0x60 [ 22.023044] RIP: 0023:0xf7f6bc79 [ 22.026379] RSP: 002b:00000000ff91159c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 22.034060] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020316000 [ 22.041304] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 22.048548] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 22.055789] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 22.063030] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 22.070290] [ 22.071890] Allocated by task 2995: [ 22.075489] save_stack_trace+0x16/0x20 [ 22.079432] save_stack+0x43/0xd0 [ 22.082855] kasan_kmalloc+0xad/0xe0 [ 22.086544] kmem_cache_alloc_trace+0x136/0x750 [ 22.091183] tipc_nameseq_create+0xe8/0x540 [ 22.095474] tipc_nametbl_insert_publ+0xf77/0x17c0 [ 22.100374] tipc_nametbl_publish+0x2aa/0x4f0 [ 22.104839] tipc_bind+0x33a/0x700 [ 22.108352] SYSC_bind+0x1b4/0x3f0 [ 22.111861] SyS_bind+0x24/0x30 [ 22.115112] do_fast_syscall_32+0x3f2/0xf05 [ 22.119400] entry_SYSENTER_compat+0x51/0x60 [ 22.123774] [ 22.125370] Freed by task 1552: [ 22.128617] save_stack_trace+0x16/0x20 [ 22.132560] save_stack+0x43/0xd0 [ 22.135981] kasan_slab_free+0x71/0xc0 [ 22.139838] kfree+0xca/0x250 [ 22.142913] single_release+0x88/0xb0 [ 22.146684] close_pdeo+0x130/0x420 [ 22.150280] proc_reg_release+0x12b/0x170 [ 22.154399] __fput+0x333/0x7f0 [ 22.157650] ____fput+0x15/0x20 [ 22.160902] task_work_run+0x199/0x270 [ 22.164846] exit_to_usermode_loop+0x296/0x310 [ 22.169396] syscall_return_slowpath+0x42f/0x510 [ 22.174122] entry_SYSCALL_64_fastpath+0xbc/0xbe [ 22.178845] [ 22.180444] The buggy address belongs to the object at ffff8801ce886c00 [ 22.180444] which belongs to the cache kmalloc-32 of size 32 [ 22.192893] The buggy address is located 16 bytes inside of [ 22.192893] 32-byte region [ffff8801ce886c00, ffff8801ce886c20) [ 22.204561] The buggy address belongs to the page: [ 22.209461] page:ffffea00073a2180 count:1 mapcount:0 mapping:ffff8801ce886000 index:0xffff8801ce886fc1 [ 22.218879] flags: 0x200000000000100(slab) [ 22.223085] raw: 0200000000000100 ffff8801ce886000 ffff8801ce886fc1 000000010000003f [ 22.230935] raw: ffffea00073d51e0 ffffea00073c2960 ffff8801dac001c0 0000000000000000 [ 22.238783] page dumped because: kasan: bad access detected [ 22.244462] [ 22.246065] Memory state around the buggy address: [ 22.250967] ffff8801ce886b00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 22.258297] ffff8801ce886b80: fb fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc [ 22.265630] >ffff8801ce886c00: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 22.272959] ^ [ 22.276813] ffff8801ce886c80: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 22.284140] ffff8801ce886d00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 22.291469] ================================================================== [ 22.298797] Disabling lock debugging due to kernel taint [ 22.304256] Kernel panic - not syncing: panic_on_warn set ... [ 22.304256] [ 22.311587] CPU: 0 PID: 2995 Comm: syz-executor0 Tainted: G B 4.14.0-rc3+ #23 [ 22.319953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.329273] Call Trace: [ 22.331829] dump_stack+0x194/0x257 [ 22.335423] ? arch_local_irq_restore+0x53/0x53 [ 22.340058] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 22.344783] ? tipc_nametbl_lookup_dst_nodes+0x3f0/0x4b0 [ 22.350204] panic+0x1e4/0x417 [ 22.353363] ? __warn+0x1d9/0x1d9 [ 22.356788] ? tipc_nametbl_lookup_dst_nodes+0x448/0x4b0 [ 22.362205] kasan_end_report+0x50/0x50 [ 22.366144] kasan_report+0x144/0x340 [ 22.369910] __asan_report_load4_noabort+0x14/0x20 [ 22.374805] tipc_nametbl_lookup_dst_nodes+0x448/0x4b0 [ 22.380051] tipc_sendmcast+0x70b/0xe20 [ 22.383998] ? tipc_release+0xfd0/0xfd0 [ 22.387935] ? lru_cache_add+0x1c7/0x3a0 [ 22.391959] ? get_mem_cgroup_from_mm+0x710/0x710 [ 22.396766] ? lru_cache_add_file+0x20/0x20 [ 22.401052] ? __bfs+0x690/0x750 [ 22.404388] ? find_held_lock+0x39/0x1d0 [ 22.408417] ? check_noncircular+0x20/0x20 [ 22.412618] ? lock_downgrade+0x990/0x990 [ 22.416731] ? check_noncircular+0x20/0x20 [ 22.420931] ? pgtable_trans_huge_deposit+0x342/0x6d0 [ 22.426089] ? check_noncircular+0x20/0x20 [ 22.430302] __tipc_sendmsg+0xf49/0x1590 [ 22.434328] ? __tipc_sendmsg+0xf49/0x1590 [ 22.438533] ? perf_trace_lock_acquire+0x562/0x900 [ 22.443427] ? tipc_sendmcast+0xe20/0xe20 [ 22.447542] ? lock_downgrade+0x990/0x990 [ 22.451654] ? __check_object_size+0x25d/0x4f0 [ 22.456205] ? lock_acquire+0x1d5/0x580 [ 22.460143] ? tipc_sendmsg+0x42/0x70 [ 22.463914] ? mark_held_locks+0xb2/0x100 [ 22.468027] ? __local_bh_enable_ip+0x9d/0x160 [ 22.472577] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 22.477559] ? lock_sock_nested+0x91/0x110 [ 22.481758] ? trace_hardirqs_on+0xd/0x10 [ 22.485870] ? __local_bh_enable_ip+0x9d/0x160 [ 22.490421] tipc_sendmsg+0x50/0x70 [ 22.494012] ? __tipc_sendmsg+0x1590/0x1590 [ 22.498304] sock_sendmsg+0xca/0x110 [ 22.501985] ___sys_sendmsg+0x75b/0x8a0 [ 22.505927] ? copy_msghdr_from_user+0x590/0x590 [ 22.510648] ? __handle_mm_fault+0x587/0x39c0 [ 22.515110] ? __pmd_alloc+0x4e0/0x4e0 [ 22.518965] ? __fget_light+0x29d/0x390 [ 22.522904] ? fget_raw+0x20/0x20 [ 22.526335] ? __fdget+0x18/0x20 [ 22.529673] __sys_sendmsg+0xe5/0x210 [ 22.533440] ? __sys_sendmsg+0xe5/0x210 [ 22.537380] ? SyS_shutdown+0x290/0x290 [ 22.541318] ? down_read_trylock+0xdb/0x170 [ 22.545611] ? compat_SyS_futex+0x288/0x380 [ 22.549914] compat_SyS_sendmsg+0x2a/0x40 [ 22.554026] ? compat_SyS_getsockopt+0x420/0x420 [ 22.558749] do_fast_syscall_32+0x3f2/0xf05 [ 22.563040] ? do_int80_syscall_32+0x940/0x940 [ 22.567587] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 22.572310] ? lockdep_sys_exit+0x47/0xf0 [ 22.576422] ? syscall_return_slowpath+0x2b3/0x510 [ 22.581319] ? sysret32_from_system_call+0x5/0x3b [ 22.586127] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 22.590937] entry_SYSENTER_compat+0x51/0x60 [ 22.595310] RIP: 0023:0xf7f6bc79 [ 22.598637] RSP: 002b:00000000ff91159c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 22.606310] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020316000 [ 22.613545] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 22.620781] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 22.628016] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 22.635252] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 22.642534] Dumping ftrace buffer: [ 22.646040] (ftrace buffer empty) [ 22.649716] Kernel Offset: disabled [ 22.653310] Rebooting in 86400 seconds..