INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-net-kasan-gce-0,10.128.15.205' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   55.502235] ==================================================================
[   55.503629] BUG: KASAN: slab-out-of-bounds in tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   55.504981] Read of size 4 at addr ffff8801d3ad6190 by task syzkaller002261/3003
[   55.506228] 
[   55.506578] CPU: 0 PID: 3003 Comm: syzkaller002261 Not tainted 4.13.0-rc4+ #5
[   55.507713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.508993] Call Trace:
[   55.509408]  dump_stack+0x194/0x257
[   55.509923]  ? arch_local_irq_restore+0x53/0x53
[   55.510618]  ? show_regs_print_info+0x65/0x65
[   55.511387]  ? lock_release+0xa40/0xa40
[   55.512156]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   55.513028]  print_address_description+0x73/0x250
[   55.513722]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   55.514502]  kasan_report+0x24e/0x340
[   55.515117]  __asan_report_load4_noabort+0x14/0x20
[   55.515864]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   55.516769]  tipc_sendmcast+0x704/0xe30
[   55.517379]  ? do_raw_spin_trylock+0x190/0x190
[   55.517995]  ? tipc_release+0xfe0/0xfe0
[   55.518636]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   55.519434]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   55.520264]  ? __is_insn_slot_addr+0x1fc/0x330
[   55.520965]  ? lock_downgrade+0x990/0x990
[   55.521519]  ? lock_release+0xa40/0xa40
[   55.522055]  ? unwind_dump+0x4c0/0x4c0
[   55.523990]  ? entry_SYSCALL_64_fastpath+0x1f/0xbe
[   55.528885]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   55.533618]  ? show_initstate+0xb0/0xb0
[   55.537558]  ? __bfs+0xaa/0x750
[   55.540801]  ? bpf_prog_alloc+0x310/0x310
[   55.544915]  ? is_bpf_text_address+0x7b/0x120
[   55.549385]  ? noop_count+0x40/0x40
[   55.553004]  __tipc_sendmsg+0xf49/0x1590
[   55.557046]  ? __tipc_sendmsg+0xf49/0x1590
[   55.561246]  ? update_stack_state+0x700/0x700
[   55.565729]  ? tipc_sendmcast+0xe30/0xe30
[   55.569855]  ? check_usage_backwards+0x20a/0x420
[   55.574579]  ? check_usage_forwards+0x430/0x430
[   55.579235]  ? save_stack_trace+0x16/0x20
[   55.583358]  ? save_trace+0x11f/0x350
[   55.587128]  ? pudp_huge_clear_flush+0x1f0/0x1f0
[   55.591857]  ? mark_held_locks+0xaf/0x100
[   55.595981]  ? __raw_spin_lock_init+0x1c/0x100
[   55.600535]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   55.605521]  ? lockdep_init_map+0xe4/0x650
[   55.609733]  __tipc_sendstream+0x8eb/0xc00
[   55.613948]  ? tipc_connect+0x6d0/0x6d0
[   55.617888]  ? find_held_lock+0x35/0x1d0
[   55.621934]  ? lock_acquire+0x1d5/0x580
[   55.625875]  ? lock_sock_nested+0xa3/0x110
[   55.630073]  ? lock_acquire+0x1d5/0x580
[   55.634010]  ? tipc_sendstream+0x42/0x70
[   55.638046]  ? mark_held_locks+0xaf/0x100
[   55.642173]  ? trace_hardirqs_on+0xd/0x10
[   55.646288]  ? __local_bh_enable_ip+0x9d/0x160
[   55.650841]  tipc_sendstream+0x50/0x70
[   55.654693]  ? __tipc_sendstream+0xc00/0xc00
[   55.659069]  sock_sendmsg+0xca/0x110
[   55.662757]  ___sys_sendmsg+0x755/0x890
[   55.666702]  ? copy_msghdr_from_user+0x590/0x590
[   55.671431]  ? __handle_mm_fault+0x57f/0x3810
[   55.675914]  ? check_noncircular+0x20/0x20
[   55.680113]  ? __pmd_alloc+0x4e0/0x4e0
[   55.683968]  ? __fget_light+0x297/0x380
[   55.687907]  ? fget_raw+0x20/0x20
[   55.691336]  ? find_held_lock+0x35/0x1d0
[   55.695905]  ? __fdget+0x18/0x20
[   55.699241]  __sys_sendmsg+0xe5/0x210
[   55.703005]  ? __sys_sendmsg+0xe5/0x210
[   55.706948]  ? SyS_shutdown+0x290/0x290
[   55.710906]  ? handle_mm_fault+0x4e3/0x940
[   55.715120]  ? down_read_trylock+0xdb/0x170
[   55.719412]  ? __handle_mm_fault+0x3810/0x3810
[   55.723959]  ? vmacache_find+0x61/0x270
[   55.727912]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   55.732899]  SyS_sendmsg+0x2d/0x50
[   55.736410]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   55.741131] RIP: 0033:0x43fd59
[   55.744286] RSP: 002b:00007ffd32d14978 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   55.751958] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd59
[   55.759193] RDX: 0000000000004000 RSI: 00000000201ff000 RDI: 0000000000000003
[   55.766450] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
[   55.773705] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004016c0
[   55.781593] R13: 0000000000401750 R14: 0000000000000000 R15: 0000000000000000
[   55.788844] 
[   55.790449] Allocated by task 1:
[   55.793787]  save_stack_trace+0x16/0x20
[   55.797737]  save_stack+0x43/0xd0
[   55.801153]  kasan_kmalloc+0xad/0xe0
[   55.804831]  kmem_cache_alloc_trace+0x12f/0x740
[   55.809468]  tipc_nameseq_create+0xe8/0x540
[   55.813761]  tipc_nametbl_insert_publ+0xf77/0x17c0
[   55.818656]  tipc_nametbl_publish+0x2aa/0x4f0
[   55.823116]  tipc_bind+0x33a/0x700
[   55.826622]  kernel_bind+0x62/0x80
[   55.830128]  tipc_server_start+0x39b/0xb60
[   55.834325]  tipc_topsrv_start+0x649/0x880
[   55.838523]  tipc_init_net+0x3cc/0x570
[   55.842379]  ops_init+0x10a/0x570
[   55.845811]  register_pernet_operations+0x45e/0x980
[   55.850791]  register_pernet_subsys+0x2a/0x40
[   55.855252]  tipc_init+0x83/0x104
[   55.858668]  do_one_initcall+0x9e/0x330
[   55.862610]  kernel_init_freeable+0x469/0x521
[   55.867077]  kernel_init+0x13/0x172
[   55.870669]  ret_from_fork+0x2a/0x40
[   55.874343] 
[   55.875933] Freed by task 0:
[   55.878924] (stack is not available)
[   55.882598] 
[   55.884190] The buggy address belongs to the object at ffff8801d3ad6180
[   55.884190]  which belongs to the cache kmalloc-32 of size 32
[   55.896634] The buggy address is located 16 bytes inside of
[   55.896634]  32-byte region [ffff8801d3ad6180, ffff8801d3ad61a0)
[   55.908298] The buggy address belongs to the page:
[   55.913193] page:ffffea00074eb580 count:1 mapcount:0 mapping:ffff8801d3ad6000 index:0xffff8801d3ad6fc1
[   55.922602] flags: 0x200000000000100(slab)
[   55.926817] raw: 0200000000000100 ffff8801d3ad6000 ffff8801d3ad6fc1 000000010000003f
[   55.934670] raw: ffffea00074fb1a0 ffffea00074ef6e0 ffff8801dac001c0 0000000000000000
[   55.942514] page dumped because: kasan: bad access detected
[   55.948186] 
[   55.949775] Memory state around the buggy address:
[   55.954669]  ffff8801d3ad6080: 04 fc fc fc fc fc fc fc 00 06 fc fc fc fc fc fc
[   55.961994]  ffff8801d3ad6100: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   55.969321] >ffff8801d3ad6180: 00 00 fc fc fc fc fc fc 00 00 00 00 fc fc fc fc
[   55.976646]                          ^
[   55.980498]  ffff8801d3ad6200: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   55.987820]  ffff8801d3ad6280: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   55.995152] ==================================================================
[   56.002473] Disabling lock debugging due to kernel taint
[   56.007933] Kernel panic - not syncing: panic_on_warn set ...
[   56.007933] 
[   56.015265] CPU: 0 PID: 3003 Comm: syzkaller002261 Tainted: G    B           4.13.0-rc4+ #5
[   56.023732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   56.033063] Call Trace:
[   56.035617]  dump_stack+0x194/0x257
[   56.039206]  ? arch_local_irq_restore+0x53/0x53
[   56.043841]  ? kasan_end_report+0x32/0x50
[   56.047991]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   56.052717]  ? tipc_nametbl_lookup_dst_nodes+0x460/0x4b0
[   56.058150]  panic+0x1e4/0x417
[   56.061308]  ? __warn+0x1d9/0x1d9
[   56.064737]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   56.070152]  kasan_end_report+0x50/0x50
[   56.074090]  kasan_report+0x137/0x340
[   56.077857]  __asan_report_load4_noabort+0x14/0x20
[   56.082748]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   56.088008]  tipc_sendmcast+0x704/0xe30
[   56.091953]  ? do_raw_spin_trylock+0x190/0x190
[   56.096502]  ? tipc_release+0xfe0/0xfe0
[   56.100456]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   56.105523]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   56.110539]  ? __is_insn_slot_addr+0x1fc/0x330
[   56.115086]  ? lock_downgrade+0x990/0x990
[   56.119197]  ? lock_release+0xa40/0xa40
[   56.123135]  ? unwind_dump+0x4c0/0x4c0
[   56.126986]  ? entry_SYSCALL_64_fastpath+0x1f/0xbe
[   56.131878]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   56.136602]  ? show_initstate+0xb0/0xb0
[   56.140543]  ? __bfs+0xaa/0x750
[   56.143784]  ? bpf_prog_alloc+0x310/0x310
[   56.147896]  ? is_bpf_text_address+0x7b/0x120
[   56.152354]  ? noop_count+0x40/0x40
[   56.155945]  __tipc_sendmsg+0xf49/0x1590
[   56.159969]  ? __tipc_sendmsg+0xf49/0x1590
[   56.164168]  ? update_stack_state+0x700/0x700
[   56.168629]  ? tipc_sendmcast+0xe30/0xe30
[   56.172739]  ? check_usage_backwards+0x20a/0x420
[   56.177456]  ? check_usage_forwards+0x430/0x430
[   56.182102]  ? save_stack_trace+0x16/0x20
[   56.186211]  ? save_trace+0x11f/0x350
[   56.189984]  ? pudp_huge_clear_flush+0x1f0/0x1f0
[   56.194703]  ? mark_held_locks+0xaf/0x100
[   56.198815]  ? __raw_spin_lock_init+0x1c/0x100
[   56.203359]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   56.208342]  ? lockdep_init_map+0xe4/0x650
[   56.212544]  __tipc_sendstream+0x8eb/0xc00
[   56.216746]  ? tipc_connect+0x6d0/0x6d0
[   56.220694]  ? find_held_lock+0x35/0x1d0
[   56.224723]  ? lock_acquire+0x1d5/0x580
[   56.228666]  ? lock_sock_nested+0xa3/0x110
[   56.232864]  ? lock_acquire+0x1d5/0x580
[   56.236802]  ? tipc_sendstream+0x42/0x70
[   56.240849]  ? mark_held_locks+0xaf/0x100
[   56.244975]  ? trace_hardirqs_on+0xd/0x10
[   56.249089]  ? __local_bh_enable_ip+0x9d/0x160
[   56.253643]  tipc_sendstream+0x50/0x70
[   56.257595]  ? __tipc_sendstream+0xc00/0xc00
[   56.261970]  sock_sendmsg+0xca/0x110
[   56.265647]  ___sys_sendmsg+0x755/0x890
[   56.269586]  ? copy_msghdr_from_user+0x590/0x590
[   56.274319]  ? __handle_mm_fault+0x57f/0x3810
[   56.278783]  ? check_noncircular+0x20/0x20
[   56.282981]  ? __pmd_alloc+0x4e0/0x4e0
[   56.286834]  ? __fget_light+0x297/0x380
[   56.290771]  ? fget_raw+0x20/0x20
[   56.294194]  ? find_held_lock+0x35/0x1d0
[   56.298228]  ? __fdget+0x18/0x20
[   56.301565]  __sys_sendmsg+0xe5/0x210
[   56.305330]  ? __sys_sendmsg+0xe5/0x210
[   56.309267]  ? SyS_shutdown+0x290/0x290
[   56.313208]  ? handle_mm_fault+0x4e3/0x940
[   56.317411]  ? down_read_trylock+0xdb/0x170
[   56.321701]  ? __handle_mm_fault+0x3810/0x3810
[   56.326252]  ? vmacache_find+0x61/0x270
[   56.330202]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   56.335186]  SyS_sendmsg+0x2d/0x50
[   56.338695]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   56.343413] RIP: 0033:0x43fd59
[   56.346568] RSP: 002b:00007ffd32d14978 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   56.354237] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd59
[   56.361472] RDX: 0000000000004000 RSI: 00000000201ff000 RDI: 0000000000000003
[   56.368705] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
[   56.375937] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004016c0
[   56.383169] R13: 0000000000401750 R14: 0000000000000000 R15: 0000000000000000
[   56.390760] Dumping ftrace buffer:
[   56.394281]    (ftrace buffer empty)
[   56.397963] Kernel Offset: disabled
[   56.401556] Rebooting in 86400 seconds..