         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   33.808529] audit: type=1400 audit(1589488676.059:8): avc:  denied  { execmem } for  pid=6345 comm="syz-executor905" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   33.813902] ==================================================================
[   33.835870] BUG: KASAN: slab-out-of-bounds in tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0
[   33.844119] Read of size 4 at addr ffff888098ba2590 by task syz-executor905/6345
[   33.851639] 
[   33.853260] CPU: 1 PID: 6345 Comm: syz-executor905 Not tainted 4.14.180-syzkaller #0
[   33.861115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.870445] Call Trace:
[   33.873011]  dump_stack+0x13e/0x194
[   33.876633]  ? tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0
[   33.882075]  print_address_description.cold+0x7c/0x1e2
[   33.887338]  ? tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0
[   33.892760]  kasan_report.cold+0xa9/0x2ae
[   33.896902]  tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0
[   33.902167]  tipc_sendmcast+0x599/0xb60
[   33.906120]  ? find_held_lock+0x2d/0x110
[   33.910178]  ? tipc_socketpair+0x630/0x630
[   33.914424]  ? __lock_acquire+0x5f7/0x4620
[   33.918643]  ? check_noncircular+0x20/0x20
[   33.922860]  ? __lock_acquire+0x5f7/0x4620
[   33.927089]  ? trace_hardirqs_on+0x10/0x10
[   33.931311]  ? save_trace+0x290/0x290
[   33.935101]  ? __tipc_sendmsg+0xbc5/0xfd0
[   33.939222]  __tipc_sendmsg+0xbc5/0xfd0
[   33.943176]  ? tipc_sendmcast+0xb60/0xb60
[   33.947320]  ? find_held_lock+0x2d/0x110
[   33.951356]  ? lock_sock_nested+0x98/0x100
[   33.955569]  ? mark_held_locks+0xa6/0xf0
[   33.959613]  ? __local_bh_enable_ip+0x94/0x190
[   33.964256]  tipc_sendmsg+0x4c/0x70
[   33.967937]  ? __tipc_sendmsg+0xfd0/0xfd0
[   33.972058]  sock_sendmsg+0xc5/0x100
[   33.975746]  ___sys_sendmsg+0x70a/0x840
[   33.979703]  ? do_huge_pmd_anonymous_page+0xc63/0x11e0
[   33.984960]  ? copy_msghdr_from_user+0x380/0x380
[   33.989698]  ? lock_downgrade+0x6e0/0x6e0
[   33.993829]  ? __lru_cache_add+0x17b/0x250
[   33.998050]  ? do_raw_spin_unlock+0x164/0x250
[   34.002521]  ? _raw_spin_unlock+0x29/0x40
[   34.006693]  ? do_huge_pmd_anonymous_page+0x2f9/0x11e0
[   34.011972]  ? prep_transhuge_page+0xa0/0xa0
[   34.016370]  ? pud_val+0x6c/0xd0
[   34.019723]  ? pmd_val+0xd0/0xd0
[   34.023063]  ? trace_hardirqs_on+0x10/0x10
[   34.027273]  ? __handle_mm_fault+0x644/0x3280
[   34.031744]  ? save_trace+0x290/0x290
[   34.035537]  ? copy_page_range+0x1d70/0x1d70
[   34.039920]  ? __fget_light+0x16a/0x1f0
[   34.044043]  ? sockfd_lookup_light+0xb2/0x160
[   34.048529]  __sys_sendmsg+0xa3/0x120
[   34.052319]  ? SyS_shutdown+0x160/0x160
[   34.056274]  ? up_read+0x17/0x30
[   34.059713]  ? __do_page_fault+0x35b/0xb40
[   34.063923]  SyS_sendmsg+0x27/0x40
[   34.068134]  ? __sys_sendmsg+0x120/0x120
[   34.072173]  do_syscall_64+0x1d5/0x640
[   34.076041]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   34.081225] RIP: 0033:0x440289
[   34.084391] RSP: 002b:00007ffeef8b5d48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   34.092177] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440289
[   34.099494] RDX: 0000000000000000 RSI: 0000000020000940 RDI: 0000000000000004
[   34.106760] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   34.114006] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401b10
[   34.121252] R13: 0000000000401ba0 R14: 0000000000000000 R15: 0000000000000000
[   34.128509] 
[   34.130118] Allocated by task 6345:
[   34.133725]  save_stack+0x32/0xa0
[   34.137161]  kasan_kmalloc+0xbf/0xe0
[   34.140851]  kmem_cache_alloc_trace+0x14d/0x7b0
[   34.145496]  tipc_nameseq_create+0x7e/0x2d0
[   34.149790]  tipc_nametbl_insert_publ+0x6b1/0x1450
[   34.154694]  tipc_nametbl_publish+0x211/0x3f0
[   34.159177]  tipc_bind+0x2c4/0x600
[   34.162694]  SYSC_bind+0x1a0/0x1e0
[   34.166325]  do_syscall_64+0x1d5/0x640
[   34.170256]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   34.175431] 
[   34.177039] Freed by task 4589:
[   34.180300]  save_stack+0x32/0xa0
[   34.183748]  kasan_slab_free+0x75/0xc0
[   34.187682]  kfree+0xcb/0x260
[   34.190784]  security_cred_free+0x71/0xb0
[   34.194937]  put_cred_rcu+0xe3/0x300
[   34.198644]  rcu_process_callbacks+0x792/0x1190
[   34.203289]  __do_softirq+0x254/0x9bf
[   34.207062] 
[   34.208681] The buggy address belongs to the object at ffff888098ba2580
[   34.208681]  which belongs to the cache kmalloc-32 of size 32
[   34.221155] The buggy address is located 16 bytes inside of
[   34.221155]  32-byte region [ffff888098ba2580, ffff888098ba25a0)
[   34.232837] The buggy address belongs to the page:
[   34.237748] page:ffffea000262e880 count:1 mapcount:0 mapping:ffff888098ba2000 index:0xffff888098ba2fc1
[   34.247169] flags: 0xfffe0000000100(slab)
[   34.251309] raw: 00fffe0000000100 ffff888098ba2000 ffff888098ba2fc1 0000000100000031
[   34.259178] raw: ffffea00023c91a0 ffffea000262e960 ffff88812fe541c0 0000000000000000
[   34.267034] page dumped because: kasan: bad access detected
[   34.272730] 
[   34.274334] Memory state around the buggy address:
[   34.279258]  ffff888098ba2480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   34.286590]  ffff888098ba2500: 00 00 01 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   34.293937] >ffff888098ba2580: 00 00 fc fc fc fc fc fc 00 01 fc fc fc fc fc fc
[   34.301294]                          ^
[   34.305162]  ffff888098ba2600: 00 00 fc fc fc fc fc fc 00 00 01 fc fc fc fc fc
[   34.312499]  ffff888098ba2680: 00 00 01 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   34.319845] ==================================================================
[   34.327311] Disabling lock debugging due to kernel taint
[   34.332817] Kernel panic - not syncing: panic_on_warn set ...
[   34.332817] 
[   34.340204] CPU: 1 PID: 6345 Comm: syz-executor905 Tainted: G    B           4.14.180-syzkaller #0
[   34.349290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.358636] Call Trace:
[   34.361232]  dump_stack+0x13e/0x194
[   34.364858]  panic+0x1f9/0x42d
[   34.368041]  ? add_taint.cold+0x16/0x16
[   34.372014]  ? tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0
[   34.377458]  kasan_end_report+0x43/0x49
[   34.381441]  kasan_report.cold+0x12f/0x2ae
[   34.385652]  tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0
[   34.390903]  tipc_sendmcast+0x599/0xb60
[   34.394878]  ? find_held_lock+0x2d/0x110
[   34.398918]  ? tipc_socketpair+0x630/0x630
[   34.403129]  ? __lock_acquire+0x5f7/0x4620
[   34.407356]  ? check_noncircular+0x20/0x20
[   34.411578]  ? __lock_acquire+0x5f7/0x4620
[   34.415807]  ? trace_hardirqs_on+0x10/0x10
[   34.421002]  ? save_trace+0x290/0x290
[   34.424786]  ? __tipc_sendmsg+0xbc5/0xfd0
[   34.428998]  __tipc_sendmsg+0xbc5/0xfd0
[   34.432954]  ? tipc_sendmcast+0xb60/0xb60
[   34.437080]  ? find_held_lock+0x2d/0x110
[   34.441142]  ? lock_sock_nested+0x98/0x100
[   34.445370]  ? mark_held_locks+0xa6/0xf0
[   34.449420]  ? __local_bh_enable_ip+0x94/0x190
[   34.453982]  tipc_sendmsg+0x4c/0x70
[   34.457587]  ? __tipc_sendmsg+0xfd0/0xfd0
[   34.461712]  sock_sendmsg+0xc5/0x100
[   34.465433]  ___sys_sendmsg+0x70a/0x840
[   34.469403]  ? do_huge_pmd_anonymous_page+0xc63/0x11e0
[   34.474792]  ? copy_msghdr_from_user+0x380/0x380
[   34.479530]  ? lock_downgrade+0x6e0/0x6e0
[   34.483658]  ? __lru_cache_add+0x17b/0x250
[   34.487886]  ? do_raw_spin_unlock+0x164/0x250
[   34.492442]  ? _raw_spin_unlock+0x29/0x40
[   34.496566]  ? do_huge_pmd_anonymous_page+0x2f9/0x11e0
[   34.501819]  ? prep_transhuge_page+0xa0/0xa0
[   34.506202]  ? pud_val+0x6c/0xd0
[   34.509541]  ? pmd_val+0xd0/0xd0
[   34.512881]  ? trace_hardirqs_on+0x10/0x10
[   34.517108]  ? __handle_mm_fault+0x644/0x3280
[   34.521594]  ? save_trace+0x290/0x290
[   34.525392]  ? copy_page_range+0x1d70/0x1d70
[   34.529774]  ? __fget_light+0x16a/0x1f0
[   34.533724]  ? sockfd_lookup_light+0xb2/0x160
[   34.538280]  __sys_sendmsg+0xa3/0x120
[   34.542058]  ? SyS_shutdown+0x160/0x160
[   34.546012]  ? up_read+0x17/0x30
[   34.549372]  ? __do_page_fault+0x35b/0xb40
[   34.553605]  SyS_sendmsg+0x27/0x40
[   34.557122]  ? __sys_sendmsg+0x120/0x120
[   34.561237]  do_syscall_64+0x1d5/0x640
[   34.565122]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   34.570288] RIP: 0033:0x440289
[   34.573469] RSP: 002b:00007ffeef8b5d48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   34.581159] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440289
[   34.588415] RDX: 0000000000000000 RSI: 0000000020000940 RDI: 0000000000000004
[   34.595693] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   34.602938] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401b10
[   34.610182] R13: 0000000000401ba0 R14: 0000000000000000 R15: 0000000000000000
[   34.619024] Kernel Offset: disabled
[   34.622641] Rebooting in 86400 seconds..