[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.47' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   34.370420] audit: type=1400 audit(1602596844.216:8): avc:  denied  { execmem } for  pid=6363 comm="syz-executor692" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   34.373246] ==================================================================
[   34.398230] BUG: KASAN: slab-out-of-bounds in tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0
[   34.406382] Read of size 4 at addr ffff88809a871bd0 by task syz-executor692/6363
[   34.413899] 
[   34.415561] CPU: 1 PID: 6363 Comm: syz-executor692 Not tainted 4.14.198-syzkaller #0
[   34.423549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.432946] Call Trace:
[   34.435529]  dump_stack+0x1b2/0x283
[   34.439158]  print_address_description.cold+0x54/0x1d3
[   34.444662]  kasan_report_error.cold+0x8a/0x194
[   34.449461]  ? tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0
[   34.454914]  __asan_report_load4_noabort+0x68/0x70
[   34.459851]  ? tipc_addr_domain_valid+0x80/0x80
[   34.464516]  ? tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0
[   34.470613]  tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0
[   34.475899]  tipc_sendmcast+0x51a/0xac0
[   34.479872]  ? check_usage_forwards+0x2d0/0x2d0
[   34.484542]  ? tipc_shutdown+0x340/0x340
[   34.488598]  ? __save_stack_trace+0x63/0x160
[   34.493004]  ? deref_stack_reg+0x124/0x1a0
[   34.497371]  ? __read_once_size_nocheck.constprop.0+0x10/0x10
[   34.503255]  ? lock_downgrade+0x740/0x740
[   34.507416]  ? unwind_next_frame+0xe54/0x17d0
[   34.511903]  ? bpf_prog_kallsyms_find.part.0+0x164/0x240
[   34.517388]  ? is_bpf_text_address+0xb8/0x150
[   34.521876]  __tipc_sendmsg+0xbab/0xf90
[   34.525856]  ? check_usage_forwards+0x2d0/0x2d0
[   34.530532]  ? tipc_sendmcast+0xac0/0xac0
[   34.534679]  ? save_trace+0xd6/0x290
[   34.538384]  ? mark_lock+0x64e/0x1050
[   34.542192]  ? check_usage_forwards+0x2d0/0x2d0
[   34.546859]  ? mark_held_locks+0xa6/0xf0
[   34.550945]  ? __local_bh_enable_ip+0xc1/0x170
[   34.555527]  tipc_sendmsg+0x4c/0x70
[   34.559188]  ? __tipc_sendmsg+0xf90/0xf90
[   34.563334]  sock_sendmsg+0xb5/0x100
[   34.567206]  ___sys_sendmsg+0x6c8/0x800
[   34.571210]  ? copy_msghdr_from_user+0x3b0/0x3b0
[   34.575983]  ? lock_downgrade+0x740/0x740
[   34.580132]  ? trace_hardirqs_on+0x10/0x10
[   34.584373]  ? __fd_install+0x1ec/0x5c0
[   34.588449]  ? lock_acquire+0x170/0x3f0
[   34.592426]  ? __fd_install+0x227/0x5c0
[   34.596398]  ? __fdget+0x167/0x1f0
[   34.599950]  ? sockfd_lookup_light+0xb2/0x160
[   34.604443]  __sys_sendmsg+0xa3/0x120
[   34.608257]  ? SyS_shutdown+0x160/0x160
[   34.612231]  ? SyS_read+0x210/0x210
[   34.615867]  ? __do_page_fault+0x19a/0xb50
[   34.620111]  SyS_sendmsg+0x27/0x40
[   34.623772]  ? __sys_sendmsg+0x120/0x120
[   34.627855]  do_syscall_64+0x1d5/0x640
[   34.631755]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.637057] RIP: 0033:0x440299
[   34.640375] RSP: 002b:00007fffcd71e948 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   34.648212] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440299
[   34.655689] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[   34.663096] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   34.670493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0
[   34.677771] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000
[   34.685046] 
[   34.686654] Allocated by task 1:
[   34.690087]  kasan_kmalloc+0xeb/0x160
[   34.694243]  __kmalloc+0x15a/0x400
[   34.697773]  tipc_nameseq_create+0x53/0x290
[   34.702080]  tipc_nametbl_insert_publ+0x59b/0x14a0
[   34.707119]  tipc_nametbl_publish+0x211/0x3f0
[   34.711604]  tipc_bind+0x2c4/0x600
[   34.715160]  tipc_server_start+0x31f/0x880
[   34.719411]  tipc_topsrv_init_net+0x53b/0x730
[   34.723919]  ops_init+0xaa/0x3e0
[   34.727287]  register_pernet_operations+0x32f/0x750
[   34.732311]  register_pernet_device+0x28/0x70
[   34.736799]  tipc_init+0x7d/0x137
[   34.740246]  do_one_initcall+0x88/0x202
[   34.744241]  kernel_init_freeable+0x558/0x619
[   34.748760]  kernel_init+0xd/0x15b
[   34.752285]  ret_from_fork+0x24/0x30
[   34.755984] 
[   34.757596] Freed by task 0:
[   34.760592] (stack is not available)
[   34.764287] 
[   34.765896] The buggy address belongs to the object at ffff88809a871bc0
[   34.765896]  which belongs to the cache kmalloc-32 of size 32
[   34.778376] The buggy address is located 16 bytes inside of
[   34.778376]  32-byte region [ffff88809a871bc0, ffff88809a871be0)
[   34.790062] The buggy address belongs to the page:
[   34.795001] page:ffffea00026a1c40 count:1 mapcount:0 mapping:ffff88809a871000 index:0xffff88809a871fc1
[   34.804615] flags: 0xfffe0000000100(slab)
[   34.808805] raw: 00fffe0000000100 ffff88809a871000 ffff88809a871fc1 000000010000003b
[   34.816678] raw: ffffea00028142a0 ffffea00025d8360 ffff88812fe501c0 0000000000000000
[   34.824546] page dumped because: kasan: bad access detected
[   34.830238] 
[   34.831846] Memory state around the buggy address:
[   34.836774]  ffff88809a871a80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   34.844239]  ffff88809a871b00: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc
[   34.851763] >ffff88809a871b80: 04 fc fc fc fc fc fc fc 00 00 fc fc fc fc fc fc
[   34.859125]                                                  ^
[   34.865133]  ffff88809a871c00: 00 00 00 00 fc fc fc fc fb fb fb fb fc fc fc fc
[   34.872485]  ffff88809a871c80: fb fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   34.879837] ==================================================================
[   34.887332] Disabling lock debugging due to kernel taint
[   34.893223] Kernel panic - not syncing: panic_on_warn set ...
[   34.893223] 
[   34.900725] CPU: 1 PID: 6363 Comm: syz-executor692 Tainted: G    B           4.14.198-syzkaller #0
[   34.909825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.919300] Call Trace:
[   34.921895]  dump_stack+0x1b2/0x283
[   34.925577]  panic+0x1f9/0x42d
[   34.928773]  ? add_taint.cold+0x16/0x16
[   34.932756]  kasan_end_report+0x43/0x49
[   34.936719]  kasan_report_error.cold+0xa7/0x194
[   34.941414]  ? tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0
[   34.946853]  __asan_report_load4_noabort+0x68/0x70
[   34.951775]  ? tipc_addr_domain_valid+0x80/0x80
[   34.956433]  ? tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0
[   34.961875]  tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0
[   34.967140]  tipc_sendmcast+0x51a/0xac0
[   34.971125]  ? check_usage_forwards+0x2d0/0x2d0
[   34.975895]  ? tipc_shutdown+0x340/0x340
[   34.979972]  ? __save_stack_trace+0x63/0x160
[   34.984372]  ? deref_stack_reg+0x124/0x1a0
[   34.988625]  ? __read_once_size_nocheck.constprop.0+0x10/0x10
[   34.994502]  ? lock_downgrade+0x740/0x740
[   34.998636]  ? unwind_next_frame+0xe54/0x17d0
[   35.003120]  ? bpf_prog_kallsyms_find.part.0+0x164/0x240
[   35.008562]  ? is_bpf_text_address+0xb8/0x150
[   35.013118]  __tipc_sendmsg+0xbab/0xf90
[   35.017231]  ? check_usage_forwards+0x2d0/0x2d0
[   35.021909]  ? tipc_sendmcast+0xac0/0xac0
[   35.026046]  ? save_trace+0xd6/0x290
[   35.029748]  ? mark_lock+0x64e/0x1050
[   35.033537]  ? check_usage_forwards+0x2d0/0x2d0
[   35.038194]  ? mark_held_locks+0xa6/0xf0
[   35.042260]  ? __local_bh_enable_ip+0xc1/0x170
[   35.046837]  tipc_sendmsg+0x4c/0x70
[   35.050466]  ? __tipc_sendmsg+0xf90/0xf90
[   35.054610]  sock_sendmsg+0xb5/0x100
[   35.058325]  ___sys_sendmsg+0x6c8/0x800
[   35.062299]  ? copy_msghdr_from_user+0x3b0/0x3b0
[   35.067041]  ? lock_downgrade+0x740/0x740
[   35.071176]  ? trace_hardirqs_on+0x10/0x10
[   35.075394]  ? __fd_install+0x1ec/0x5c0
[   35.079354]  ? lock_acquire+0x170/0x3f0
[   35.083315]  ? __fd_install+0x227/0x5c0
[   35.087274]  ? __fdget+0x167/0x1f0
[   35.090801]  ? sockfd_lookup_light+0xb2/0x160
[   35.095299]  __sys_sendmsg+0xa3/0x120
[   35.099087]  ? SyS_shutdown+0x160/0x160
[   35.103069]  ? SyS_read+0x210/0x210
[   35.106678]  ? __do_page_fault+0x19a/0xb50
[   35.110917]  SyS_sendmsg+0x27/0x40
[   35.114444]  ? __sys_sendmsg+0x120/0x120
[   35.118489]  do_syscall_64+0x1d5/0x640
[   35.122381]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   35.127553] RIP: 0033:0x440299
[   35.131869] RSP: 002b:00007fffcd71e948 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   35.139609] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440299
[   35.146861] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[   35.154120] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   35.161374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0
[   35.168641] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000
[   35.177036] Kernel Offset: disabled
[   35.180677] Rebooting in 86400 seconds..