INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-4,10.128.0.30' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   50.225372] ==================================================================
[   50.226509] BUG: KASAN: slab-out-of-bounds in tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   50.227635] Read of size 4 at addr ffff8801d25d0810 by task syzkaller506248/3024
[   50.228626] 
[   50.228857] CPU: 1 PID: 3024 Comm: syzkaller506248 Not tainted 4.13.0-rc5-next-20170815+ #3
[   50.229966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.231247] Call Trace:
[   50.231606]  dump_stack+0x194/0x257
[   50.232104]  ? arch_local_irq_restore+0x53/0x53
[   50.232736]  ? show_regs_print_info+0x65/0x65
[   50.233341]  ? lock_release+0xa40/0xa40
[   50.233876]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   50.234601]  print_address_description+0x73/0x250
[   50.235288]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   50.236029]  kasan_report+0x24e/0x340
[   50.236546]  __asan_report_load4_noabort+0x14/0x20
[   50.237225]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   50.237972]  tipc_sendmcast+0x704/0xe30
[   50.238526]  ? pagevec_lru_move_fn+0x178/0x260
[   50.239146]  ? do_raw_spin_trylock+0x190/0x190
[   50.239784]  ? tipc_release+0xfe0/0xfe0
[   50.240358]  ? __lock_acquire+0x6aa/0x3bc0
[   50.240959]  ? __lock_acquire+0x6aa/0x3bc0
[   50.241535]  ? __is_insn_slot_addr+0x1fc/0x330
[   50.242185]  ? lock_downgrade+0x990/0x990
[   50.242756]  ? lock_release+0xa40/0xa40
[   50.243348]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   50.244128]  ? entry_SYSCALL_64_fastpath+0x1f/0xbe
[   50.244783]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   50.245418]  ? show_initstate+0xb0/0xb0
[   50.248851]  ? __bfs+0xaa/0x750
[   50.252094]  ? bpf_prog_alloc+0x310/0x310
[   50.256211]  ? is_bpf_text_address+0x7b/0x120
[   50.260678]  ? noop_count+0x40/0x40
[   50.264279]  __tipc_sendmsg+0xf49/0x1590
[   50.268306]  ? __tipc_sendmsg+0xf49/0x1590
[   50.272505]  ? unwind_dump+0x4c0/0x4c0
[   50.276368]  ? tipc_sendmcast+0xe30/0xe30
[   50.280485]  ? check_usage_backwards+0x20a/0x420
[   50.285210]  ? print_shortest_lock_dependencies+0x350/0x350
[   50.290896]  ? save_stack_trace+0x16/0x20
[   50.295008]  ? save_trace+0x11f/0x350
[   50.298773]  ? pudp_huge_clear_flush+0x1f0/0x1f0
[   50.303673]  ? mark_held_locks+0xaf/0x100
[   50.307788]  ? __raw_spin_lock_init+0x1c/0x100
[   50.312339]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   50.317325]  ? __lockdep_init_map+0xe4/0x650
[   50.321712]  ? lockdep_init_map+0x9/0x10
[   50.325751]  __tipc_sendstream+0x8eb/0xc00
[   50.329966]  ? tipc_connect+0x6d0/0x6d0
[   50.333908]  ? find_held_lock+0x35/0x1d0
[   50.337942]  ? lock_acquire+0x1d5/0x580
[   50.341890]  ? lock_sock_nested+0xa3/0x110
[   50.346093]  ? lock_acquire+0x1d5/0x580
[   50.350034]  ? tipc_sendstream+0x42/0x70
[   50.354093]  ? mark_held_locks+0xaf/0x100
[   50.358217]  ? trace_hardirqs_on+0xd/0x10
[   50.362332]  ? __local_bh_enable_ip+0x9d/0x160
[   50.366974]  tipc_sendstream+0x50/0x70
[   50.370828]  ? __tipc_sendstream+0xc00/0xc00
[   50.375206]  sock_sendmsg+0xca/0x110
[   50.378895]  ___sys_sendmsg+0x742/0x8c0
[   50.382843]  ? copy_msghdr_from_user+0x590/0x590
[   50.387581]  ? __handle_mm_fault+0x57f/0x3980
[   50.393177]  ? check_noncircular+0x20/0x20
[   50.397377]  ? __pmd_alloc+0x4e0/0x4e0
[   50.401255]  ? __fget_light+0x297/0x380
[   50.405204]  ? fget_raw+0x20/0x20
[   50.408627]  ? find_held_lock+0x35/0x1d0
[   50.412676]  ? __fdget+0x18/0x20
[   50.416014]  __sys_sendmsg+0xe5/0x210
[   50.419777]  ? __sys_sendmsg+0xe5/0x210
[   50.423716]  ? SyS_shutdown+0x290/0x290
[   50.427660]  ? handle_mm_fault+0x4e3/0x940
[   50.431875]  ? down_read_trylock+0xdb/0x170
[   50.436167]  ? __handle_mm_fault+0x3980/0x3980
[   50.440722]  ? vmacache_find+0x61/0x270
[   50.444685]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   50.449694]  SyS_sendmsg+0x2d/0x50
[   50.453205]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   50.457926] RIP: 0033:0x43fd59
[   50.461113] RSP: 002b:00007ffdb3396e78 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   50.468796] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd59
[   50.476043] RDX: 0000000000004000 RSI: 00000000201ff000 RDI: 0000000000000003
[   50.483281] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
[   50.490519] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004016c0
[   50.497757] R13: 0000000000401750 R14: 0000000000000000 R15: 0000000000000000
[   50.505008] 
[   50.506613] Allocated by task 1:
[   50.509946]  save_stack_trace+0x16/0x20
[   50.513887]  save_stack+0x43/0xd0
[   50.517306]  kasan_kmalloc+0xad/0xe0
[   50.520987]  kmem_cache_alloc_trace+0x136/0x750
[   50.525622]  tipc_nameseq_create+0xe8/0x540
[   50.529909]  tipc_nametbl_insert_publ+0xf77/0x17c0
[   50.534804]  tipc_nametbl_publish+0x2aa/0x4f0
[   50.539273]  tipc_bind+0x33a/0x700
[   50.542787]  kernel_bind+0x62/0x80
[   50.546301]  tipc_server_start+0x39b/0xb60
[   50.550502]  tipc_topsrv_start+0x64b/0x880
[   50.554701]  tipc_init_net+0x3cc/0x570
[   50.558553]  ops_init+0x10a/0x570
[   50.561972]  register_pernet_operations+0x45e/0x980
[   50.566950]  register_pernet_subsys+0x2a/0x40
[   50.571410]  tipc_init+0x83/0x104
[   50.574830]  do_one_initcall+0x9e/0x330
[   50.578782]  kernel_init_freeable+0x46e/0x526
[   50.583251]  kernel_init+0x13/0x172
[   50.586843]  ret_from_fork+0x2a/0x40
[   50.590518] 
[   50.592110] Freed by task 0:
[   50.595099] (stack is not available)
[   50.598775] 
[   50.600371] The buggy address belongs to the object at ffff8801d25d0800
[   50.600371]  which belongs to the cache kmalloc-32 of size 32
[   50.612827] The buggy address is located 16 bytes inside of
[   50.612827]  32-byte region [ffff8801d25d0800, ffff8801d25d0820)
[   50.624492] The buggy address belongs to the page:
[   50.629388] page:ffffea0007497400 count:1 mapcount:0 mapping:ffff8801d25d0000 index:0xffff8801d25d0fc1
[   50.638805] flags: 0x200000000000100(slab)
[   50.643006] raw: 0200000000000100 ffff8801d25d0000 ffff8801d25d0fc1 0000000100000031
[   50.650852] raw: ffffea0007495260 ffffea00074aff20 ffff8801dac001c0 0000000000000000
[   50.658705] page dumped because: kasan: bad access detected
[   50.664474] 
[   50.666082] Memory state around the buggy address:
[   50.670976]  ffff8801d25d0700: 04 fc fc fc fc fc fc fc 00 06 fc fc fc fc fc fc
[   50.678298]  ffff8801d25d0780: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   50.685624] >ffff8801d25d0800: 00 00 fc fc fc fc fc fc 00 00 00 00 fc fc fc fc
[   50.692948]                          ^
[   50.696800]  ffff8801d25d0880: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   50.704124]  ffff8801d25d0900: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   50.711447] ==================================================================
[   50.718793] Disabling lock debugging due to kernel taint
[   50.724244] Kernel panic - not syncing: panic_on_warn set ...
[   50.724244] 
[   50.731573] CPU: 1 PID: 3024 Comm: syzkaller506248 Tainted: G    B           4.13.0-rc5-next-20170815+ #3
[   50.741241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.750564] Call Trace:
[   50.753122]  dump_stack+0x194/0x257
[   50.756716]  ? arch_local_irq_restore+0x53/0x53
[   50.761361]  ? kasan_end_report+0x32/0x50
[   50.765472]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   50.770281]  ? tipc_nametbl_lookup_dst_nodes+0x3e0/0x4b0
[   50.775706]  panic+0x1e4/0x417
[   50.778863]  ? __warn+0x1d9/0x1d9
[   50.782285]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   50.787700]  kasan_end_report+0x50/0x50
[   50.791648]  kasan_report+0x137/0x340
[   50.795422]  __asan_report_load4_noabort+0x14/0x20
[   50.800323]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   50.805576]  tipc_sendmcast+0x704/0xe30
[   50.809513]  ? pagevec_lru_move_fn+0x178/0x260
[   50.814063]  ? do_raw_spin_trylock+0x190/0x190
[   50.818614]  ? tipc_release+0xfe0/0xfe0
[   50.822555]  ? __lock_acquire+0x6aa/0x3bc0
[   50.826759]  ? __lock_acquire+0x6aa/0x3bc0
[   50.830963]  ? __is_insn_slot_addr+0x1fc/0x330
[   50.835510]  ? lock_downgrade+0x990/0x990
[   50.839622]  ? lock_release+0xa40/0xa40
[   50.843561]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   50.849409]  ? entry_SYSCALL_64_fastpath+0x1f/0xbe
[   50.854302]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   50.859024]  ? show_initstate+0xb0/0xb0
[   50.862960]  ? __bfs+0xaa/0x750
[   50.866201]  ? bpf_prog_alloc+0x310/0x310
[   50.870321]  ? is_bpf_text_address+0x7b/0x120
[   50.874781]  ? noop_count+0x40/0x40
[   50.878374]  __tipc_sendmsg+0xf49/0x1590
[   50.882397]  ? __tipc_sendmsg+0xf49/0x1590
[   50.886609]  ? unwind_dump+0x4c0/0x4c0
[   50.890466]  ? tipc_sendmcast+0xe30/0xe30
[   50.894599]  ? check_usage_backwards+0x20a/0x420
[   50.899321]  ? print_shortest_lock_dependencies+0x350/0x350
[   50.905010]  ? save_stack_trace+0x16/0x20
[   50.909122]  ? save_trace+0x11f/0x350
[   50.912886]  ? pudp_huge_clear_flush+0x1f0/0x1f0
[   50.917613]  ? mark_held_locks+0xaf/0x100
[   50.921724]  ? __raw_spin_lock_init+0x1c/0x100
[   50.926272]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   50.931261]  ? __lockdep_init_map+0xe4/0x650
[   50.935641]  ? lockdep_init_map+0x9/0x10
[   50.939668]  __tipc_sendstream+0x8eb/0xc00
[   50.943873]  ? tipc_connect+0x6d0/0x6d0
[   50.947810]  ? find_held_lock+0x35/0x1d0
[   50.951840]  ? lock_acquire+0x1d5/0x580
[   50.955778]  ? lock_sock_nested+0xa3/0x110
[   50.959976]  ? lock_acquire+0x1d5/0x580
[   50.963914]  ? tipc_sendstream+0x42/0x70
[   50.967941]  ? mark_held_locks+0xaf/0x100
[   50.972058]  ? trace_hardirqs_on+0xd/0x10
[   50.976168]  ? __local_bh_enable_ip+0x9d/0x160
[   50.980893]  tipc_sendstream+0x50/0x70
[   50.984757]  ? __tipc_sendstream+0xc00/0xc00
[   50.989131]  sock_sendmsg+0xca/0x110
[   50.992818]  ___sys_sendmsg+0x742/0x8c0
[   50.996759]  ? copy_msghdr_from_user+0x590/0x590
[   51.001484]  ? __handle_mm_fault+0x57f/0x3980
[   51.005946]  ? check_noncircular+0x20/0x20
[   51.010144]  ? __pmd_alloc+0x4e0/0x4e0
[   51.013997]  ? __fget_light+0x297/0x380
[   51.017936]  ? fget_raw+0x20/0x20
[   51.021354]  ? find_held_lock+0x35/0x1d0
[   51.025389]  ? __fdget+0x18/0x20
[   51.028721]  __sys_sendmsg+0xe5/0x210
[   51.032484]  ? __sys_sendmsg+0xe5/0x210
[   51.036426]  ? SyS_shutdown+0x290/0x290
[   51.040366]  ? handle_mm_fault+0x4e3/0x940
[   51.044566]  ? down_read_trylock+0xdb/0x170
[   51.048852]  ? __handle_mm_fault+0x3980/0x3980
[   51.053396]  ? vmacache_find+0x61/0x270
[   51.057341]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   51.062323]  SyS_sendmsg+0x2d/0x50
[   51.065827]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   51.070549] RIP: 0033:0x43fd59
[   51.073704] RSP: 002b:00007ffdb3396e78 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   51.081374] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd59
[   51.088609] RDX: 0000000000004000 RSI: 00000000201ff000 RDI: 0000000000000003
[   51.095845] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
[   51.103079] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004016c0
[   51.110314] R13: 0000000000401750 R14: 0000000000000000 R15: 0000000000000000
[   51.117599] Dumping ftrace buffer:
[   51.121103]    (ftrace buffer empty)
[   51.124779] Kernel Offset: disabled
[   51.128373] Rebooting in 86400 seconds..