INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-9,10.128.0.17' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   39.509709] ==================================================================
[   39.517127] BUG: KASAN: slab-out-of-bounds in tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   39.525237] Read of size 4 at addr ffff8801d2d65310 by task syzkaller011306/2992
[   39.532735] 
[   39.534340] CPU: 0 PID: 2992 Comm: syzkaller011306 Not tainted 4.13.0-next-20170908+ #18
[   39.542532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.551856] Call Trace:
[   39.554428]  dump_stack+0x194/0x257
[   39.558028]  ? arch_local_irq_restore+0x53/0x53
[   39.562666]  ? show_regs_print_info+0x65/0x65
[   39.567133]  ? lock_release+0xd70/0xd70
[   39.571080]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   39.576502]  print_address_description+0x73/0x250
[   39.581316]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   39.586737]  kasan_report+0x24e/0x340
[   39.590511]  __asan_report_load4_noabort+0x14/0x20
[   39.595411]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   39.600666]  tipc_sendmcast+0x704/0xe30
[   39.604613]  ? unwind_dump+0x4c0/0x4c0
[   39.608483]  ? tipc_release+0xfd0/0xfd0
[   39.612432]  ? unwind_get_return_address+0x61/0xa0
[   39.617337]  ? __is_insn_slot_addr+0x1fc/0x330
[   39.621888]  ? lock_downgrade+0x990/0x990
[   39.626010]  ? __sys_sendmsg+0xe5/0x210
[   39.629971]  ? lock_release+0xd70/0xd70
[   39.633915]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   39.639766]  ? is_bpf_text_address+0x7b/0x120
[   39.644232]  ? lock_downgrade+0x990/0x990
[   39.648354]  ? show_initstate+0xb0/0xb0
[   39.652304]  ? __bfs+0xaa/0x750
[   39.655560]  ? noop_count+0x40/0x40
[   39.659162]  __tipc_sendmsg+0xf49/0x1590
[   39.663191]  ? __tipc_sendmsg+0xf49/0x1590
[   39.667392]  ? unwind_dump+0x4c0/0x4c0
[   39.671267]  ? tipc_sendmcast+0xe30/0xe30
[   39.675383]  ? is_bpf_text_address+0xa4/0x120
[   39.679850]  ? check_usage_backwards+0x20a/0x420
[   39.684583]  ? print_shortest_lock_dependencies+0x350/0x350
[   39.690279]  ? save_stack_trace+0x16/0x20
[   39.694409]  ? save_trace+0x11f/0x350
[   39.698185]  ? mark_held_locks+0xb2/0x100
[   39.702307]  ? __raw_spin_lock_init+0x1c/0x100
[   39.706872]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   39.711860]  ? __lockdep_init_map+0xe4/0x650
[   39.716263]  ? lockdep_init_map+0x3d/0x70
[   39.720390]  __tipc_sendstream+0x8eb/0xc00
[   39.724600]  ? find_held_lock+0x39/0x1d0
[   39.728642]  ? tipc_connect+0x6d0/0x6d0
[   39.732591]  ? lock_downgrade+0x990/0x990
[   39.736720]  ? lock_acquire+0x1d5/0x580
[   39.740665]  ? tipc_sendstream+0x42/0x70
[   39.744710]  ? mark_held_locks+0xb2/0x100
[   39.748841]  ? __local_bh_enable_ip+0x9d/0x160
[   39.753399]  tipc_sendstream+0x50/0x70
[   39.757259]  tipc_send_packet+0x33/0x50
[   39.761203]  ? tipc_sendstream+0x70/0x70
[   39.765255]  sock_sendmsg+0xca/0x110
[   39.768942]  ___sys_sendmsg+0x75b/0x8a0
[   39.772895]  ? copy_msghdr_from_user+0x590/0x590
[   39.777630]  ? startup_64+0x10/0x30
[   39.781244]  ? __fget_light+0x29d/0x390
[   39.785192]  ? fget_raw+0x20/0x20
[   39.788625]  ? handle_mm_fault+0x410/0x8d0
[   39.792829]  ? down_read_trylock+0xdb/0x170
[   39.797118]  ? __do_page_fault+0x2b8/0xb60
[   39.801335]  ? __fdget+0x18/0x20
[   39.804675]  __sys_sendmsg+0xe5/0x210
[   39.808446]  ? __sys_sendmsg+0xe5/0x210
[   39.812393]  ? SyS_shutdown+0x290/0x290
[   39.816338]  ? __do_page_fault+0xb60/0xb60
[   39.820544]  ? fd_install+0x4d/0x60
[   39.824153]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   39.829145]  SyS_sendmsg+0x2d/0x50
[   39.832666]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   39.837396] RIP: 0033:0x43fd79
[   39.840904] RSP: 002b:00007ffcfb086778 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   39.848581] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd79
[   39.855821] RDX: 0000000000000004 RSI: 00000000207ca000 RDI: 0000000000000003
[   39.863060] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
[   39.870300] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004016e0
[   39.877540] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   39.884796] 
[   39.886394] Allocated by task 1:
[   39.889728]  save_stack_trace+0x16/0x20
[   39.893673]  save_stack+0x43/0xd0
[   39.897094]  kasan_kmalloc+0xad/0xe0
[   39.900776]  kmem_cache_alloc_trace+0x136/0x750
[   39.905414]  tipc_nameseq_create+0xe8/0x540
[   39.909705]  tipc_nametbl_insert_publ+0xf77/0x17c0
[   39.914602]  tipc_nametbl_publish+0x2aa/0x4f0
[   39.919065]  tipc_bind+0x33a/0x700
[   39.922572]  kernel_bind+0x62/0x80
[   39.926079]  tipc_server_start+0x3a1/0xb60
[   39.930280]  tipc_topsrv_start+0x64f/0x890
[   39.934484]  tipc_init_net+0x3cc/0x570
[   39.938339]  ops_init+0x10a/0x570
[   39.941759]  register_pernet_operations+0x45e/0x980
[   39.946743]  register_pernet_subsys+0x2a/0x40
[   39.951207]  tipc_init+0x83/0x104
[   39.954630]  do_one_initcall+0x9e/0x330
[   39.958573]  kernel_init_freeable+0x469/0x521
[   39.963034]  kernel_init+0x13/0x172
[   39.966630]  ret_from_fork+0x2a/0x40
[   39.970308] 
[   39.971904] Freed by task 0:
[   39.974890] (stack is not available)
[   39.978569] 
[   39.980166] The buggy address belongs to the object at ffff8801d2d65300
[   39.980166]  which belongs to the cache kmalloc-32 of size 32
[   39.992614] The buggy address is located 16 bytes inside of
[   39.992614]  32-byte region [ffff8801d2d65300, ffff8801d2d65320)
[   40.004279] The buggy address belongs to the page:
[   40.009176] page:ffffea00074b5940 count:1 mapcount:0 mapping:ffff8801d2d65000 index:0xffff8801d2d65fc1
[   40.018590] flags: 0x200000000000100(slab)
[   40.022794] raw: 0200000000000100 ffff8801d2d65000 ffff8801d2d65fc1 000000010000003f
[   40.030649] raw: ffffea00074dbca0 ffffea00074b1760 ffff8801dac001c0 0000000000000000
[   40.038495] page dumped because: kasan: bad access detected
[   40.044169] 
[   40.045765] Memory state around the buggy address:
[   40.050660]  ffff8801d2d65200: 04 fc fc fc fc fc fc fc 00 06 fc fc fc fc fc fc
[   40.057985]  ffff8801d2d65280: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   40.065311] >ffff8801d2d65300: 00 00 fc fc fc fc fc fc 00 00 00 00 fc fc fc fc
[   40.072635]                          ^
[   40.076489]  ffff8801d2d65380: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   40.083814]  ffff8801d2d65400: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   40.091138] ==================================================================
[   40.098464] Disabling lock debugging due to kernel taint
[   40.103924] Kernel panic - not syncing: panic_on_warn set ...
[   40.103924] 
[   40.111254] CPU: 0 PID: 2992 Comm: syzkaller011306 Tainted: G    B           4.13.0-next-20170908+ #18
[   40.120659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.129975] Call Trace:
[   40.132530]  dump_stack+0x194/0x257
[   40.136124]  ? arch_local_irq_restore+0x53/0x53
[   40.140760]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.145485]  ? tipc_nametbl_lookup_dst_nodes+0x4a0/0x4b0
[   40.150908]  panic+0x1e4/0x417
[   40.154064]  ? __warn+0x1d9/0x1d9
[   40.157492]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   40.162906]  kasan_end_report+0x50/0x50
[   40.166842]  kasan_report+0x137/0x340
[   40.170609]  __asan_report_load4_noabort+0x14/0x20
[   40.175503]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   40.180748]  tipc_sendmcast+0x704/0xe30
[   40.184687]  ? unwind_dump+0x4c0/0x4c0
[   40.188542]  ? tipc_release+0xfd0/0xfd0
[   40.192481]  ? unwind_get_return_address+0x61/0xa0
[   40.197374]  ? __is_insn_slot_addr+0x1fc/0x330
[   40.201919]  ? lock_downgrade+0x990/0x990
[   40.206033]  ? __sys_sendmsg+0xe5/0x210
[   40.209974]  ? lock_release+0xd70/0xd70
[   40.213911]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   40.219757]  ? is_bpf_text_address+0x7b/0x120
[   40.224218]  ? lock_downgrade+0x990/0x990
[   40.228332]  ? show_initstate+0xb0/0xb0
[   40.232277]  ? __bfs+0xaa/0x750
[   40.235522]  ? noop_count+0x40/0x40
[   40.239114]  __tipc_sendmsg+0xf49/0x1590
[   40.243141]  ? __tipc_sendmsg+0xf49/0x1590
[   40.247337]  ? unwind_dump+0x4c0/0x4c0
[   40.251198]  ? tipc_sendmcast+0xe30/0xe30
[   40.255311]  ? is_bpf_text_address+0xa4/0x120
[   40.259770]  ? check_usage_backwards+0x20a/0x420
[   40.264491]  ? print_shortest_lock_dependencies+0x350/0x350
[   40.270172]  ? save_stack_trace+0x16/0x20
[   40.274281]  ? save_trace+0x11f/0x350
[   40.278048]  ? mark_held_locks+0xb2/0x100
[   40.282159]  ? __raw_spin_lock_init+0x1c/0x100
[   40.286704]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.291681]  ? __lockdep_init_map+0xe4/0x650
[   40.296061]  ? lockdep_init_map+0x3d/0x70
[   40.300175]  __tipc_sendstream+0x8eb/0xc00
[   40.304376]  ? find_held_lock+0x39/0x1d0
[   40.308404]  ? tipc_connect+0x6d0/0x6d0
[   40.312341]  ? lock_downgrade+0x990/0x990
[   40.316458]  ? lock_acquire+0x1d5/0x580
[   40.320394]  ? tipc_sendstream+0x42/0x70
[   40.324425]  ? mark_held_locks+0xb2/0x100
[   40.328547]  ? __local_bh_enable_ip+0x9d/0x160
[   40.333100]  tipc_sendstream+0x50/0x70
[   40.336950]  tipc_send_packet+0x33/0x50
[   40.340885]  ? tipc_sendstream+0x70/0x70
[   40.344909]  sock_sendmsg+0xca/0x110
[   40.348588]  ___sys_sendmsg+0x75b/0x8a0
[   40.352528]  ? copy_msghdr_from_user+0x590/0x590
[   40.357250]  ? startup_64+0x10/0x30
[   40.360845]  ? __fget_light+0x29d/0x390
[   40.364783]  ? fget_raw+0x20/0x20
[   40.368202]  ? handle_mm_fault+0x410/0x8d0
[   40.372398]  ? down_read_trylock+0xdb/0x170
[   40.376682]  ? __do_page_fault+0x2b8/0xb60
[   40.380887]  ? __fdget+0x18/0x20
[   40.384223]  __sys_sendmsg+0xe5/0x210
[   40.387988]  ? __sys_sendmsg+0xe5/0x210
[   40.391928]  ? SyS_shutdown+0x290/0x290
[   40.395868]  ? __do_page_fault+0xb60/0xb60
[   40.400067]  ? fd_install+0x4d/0x60
[   40.403663]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.408642]  SyS_sendmsg+0x2d/0x50
[   40.412149]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   40.416865] RIP: 0033:0x43fd79
[   40.420030] RSP: 002b:00007ffcfb086778 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   40.427700] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd79
[   40.434932] RDX: 0000000000000004 RSI: 00000000207ca000 RDI: 0000000000000003
[   40.442164] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
[   40.449836] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004016e0
[   40.457068] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   40.464668] Dumping ftrace buffer:
[   40.468170]    (ftrace buffer empty)
[   40.471849] Kernel Offset: disabled
[   40.475443] Rebooting in 86400 seconds..