INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-4,10.128.0.37' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   33.653473] ==================================================================
[   33.660897] BUG: KASAN: slab-out-of-bounds in tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   33.669011] Read of size 4 at addr ffff8801d2fb0590 by task syzkaller046591/2986
[   33.676512] 
[   33.678118] CPU: 1 PID: 2986 Comm: syzkaller046591 Not tainted 4.13.0+ #75
[   33.685100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.694425] Call Trace:
[   33.696986]  dump_stack+0x194/0x257
[   33.700589]  ? arch_local_irq_restore+0x53/0x53
[   33.705230]  ? show_regs_print_info+0x65/0x65
[   33.709701]  ? lock_release+0xd70/0xd70
[   33.713650]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   33.719074]  print_address_description+0x73/0x250
[   33.723888]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   33.729312]  kasan_report+0x24e/0x340
[   33.733090]  __asan_report_load4_noabort+0x14/0x20
[   33.737994]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   33.743249]  tipc_sendmcast+0x704/0xe30
[   33.747197]  ? unwind_dump+0x4c0/0x4c0
[   33.751076]  ? tipc_release+0xfd0/0xfd0
[   33.755025]  ? unwind_get_return_address+0x61/0xa0
[   33.759926]  ? __is_insn_slot_addr+0x1fc/0x330
[   33.764480]  ? lock_downgrade+0x990/0x990
[   33.768605]  ? __sys_sendmsg+0xe5/0x210
[   33.772572]  ? lock_release+0xd70/0xd70
[   33.776526]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   33.782381]  ? is_bpf_text_address+0x7b/0x120
[   33.786850]  ? lock_downgrade+0x990/0x990
[   33.790971]  ? show_initstate+0xb0/0xb0
[   33.794919]  ? __bfs+0xaa/0x750
[   33.798178]  ? noop_count+0x40/0x40
[   33.801782]  __tipc_sendmsg+0xf49/0x1590
[   33.805811]  ? __tipc_sendmsg+0xf49/0x1590
[   33.810015]  ? unwind_dump+0x4c0/0x4c0
[   33.813883]  ? tipc_sendmcast+0xe30/0xe30
[   33.818002]  ? is_bpf_text_address+0xa4/0x120
[   33.822480]  ? check_usage_backwards+0x20a/0x420
[   33.827209]  ? print_shortest_lock_dependencies+0x350/0x350
[   33.832902]  ? save_stack_trace+0x16/0x20
[   33.837022]  ? save_trace+0x11f/0x350
[   33.840798]  ? mark_held_locks+0xb2/0x100
[   33.844919]  ? __raw_spin_lock_init+0x1c/0x100
[   33.849474]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   33.854460]  ? __lockdep_init_map+0xe4/0x650
[   33.858848]  ? lockdep_init_map+0x3d/0x70
[   33.862976]  __tipc_sendstream+0x8eb/0xc00
[   33.867186]  ? find_held_lock+0x39/0x1d0
[   33.871227]  ? tipc_connect+0x6d0/0x6d0
[   33.875174]  ? lock_downgrade+0x990/0x990
[   33.879301]  ? lock_acquire+0x1d5/0x580
[   33.883247]  ? tipc_sendstream+0x42/0x70
[   33.887293]  ? mark_held_locks+0xb2/0x100
[   33.891426]  ? __local_bh_enable_ip+0x9d/0x160
[   33.895985]  tipc_sendstream+0x50/0x70
[   33.899847]  tipc_send_packet+0x33/0x50
[   33.903793]  ? tipc_sendstream+0x70/0x70
[   33.907826]  sock_sendmsg+0xca/0x110
[   33.911522]  ___sys_sendmsg+0x75b/0x8a0
[   33.915474]  ? copy_msghdr_from_user+0x590/0x590
[   33.920211]  ? startup_64+0x10/0x30
[   33.923820]  ? __fget_light+0x29d/0x390
[   33.927767]  ? fget_raw+0x20/0x20
[   33.931199]  ? handle_mm_fault+0x4a2/0x860
[   33.935406]  ? down_read_trylock+0xdb/0x170
[   33.939718]  ? __fdget+0x18/0x20
[   33.943064]  __sys_sendmsg+0xe5/0x210
[   33.946835]  ? __sys_sendmsg+0xe5/0x210
[   33.950785]  ? SyS_shutdown+0x290/0x290
[   33.954744]  ? __do_page_fault+0xb60/0xb60
[   33.958956]  ? fd_install+0x4d/0x60
[   33.962569]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   33.967571]  SyS_sendmsg+0x2d/0x50
[   33.971099]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   33.975825] RIP: 0033:0x43fd79
[   33.978987] RSP: 002b:00007ffc54515d78 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   33.986670] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd79
[   33.993910] RDX: 0000000000000004 RSI: 00000000207ca000 RDI: 0000000000000003
[   34.001153] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
[   34.008394] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004016e0
[   34.015642] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   34.022901] 
[   34.024501] Allocated by task 1:
[   34.027839]  save_stack_trace+0x16/0x20
[   34.031793]  save_stack+0x43/0xd0
[   34.035216]  kasan_kmalloc+0xad/0xe0
[   34.038900]  kmem_cache_alloc_trace+0x136/0x750
[   34.043546]  tipc_nameseq_create+0xe8/0x540
[   34.047838]  tipc_nametbl_insert_publ+0xf77/0x17c0
[   34.052736]  tipc_nametbl_publish+0x2aa/0x4f0
[   34.057199]  tipc_bind+0x33a/0x700
[   34.060708]  kernel_bind+0x62/0x80
[   34.064218]  tipc_server_start+0x3a1/0xb60
[   34.068421]  tipc_topsrv_start+0x64f/0x890
[   34.072627]  tipc_init_net+0x3cc/0x570
[   34.076484]  ops_init+0x10a/0x570
[   34.079907]  register_pernet_operations+0x45e/0x980
[   34.084892]  register_pernet_subsys+0x2a/0x40
[   34.089358]  tipc_init+0x83/0x104
[   34.092780]  do_one_initcall+0x9e/0x330
[   34.096724]  kernel_init_freeable+0x469/0x521
[   34.101190]  kernel_init+0x13/0x172
[   34.104788]  ret_from_fork+0x2a/0x40
[   34.108469] 
[   34.110065] Freed by task 0:
[   34.113051] (stack is not available)
[   34.116731] 
[   34.118331] The buggy address belongs to the object at ffff8801d2fb0580
[   34.118331]  which belongs to the cache kmalloc-32 of size 32
[   34.130781] The buggy address is located 16 bytes inside of
[   34.130781]  32-byte region [ffff8801d2fb0580, ffff8801d2fb05a0)
[   34.142449] The buggy address belongs to the page:
[   34.147348] page:ffffea00074bec00 count:1 mapcount:0 mapping:ffff8801d2fb0000 index:0xffff8801d2fb0fc1
[   34.156764] flags: 0x200000000000100(slab)
[   34.160970] raw: 0200000000000100 ffff8801d2fb0000 ffff8801d2fb0fc1 000000010000003f
[   34.168820] raw: ffffea000750f560 ffffea00074a0320 ffff8801dac001c0 0000000000000000
[   34.176680] page dumped because: kasan: bad access detected
[   34.182357] 
[   34.183955] Memory state around the buggy address:
[   34.188851]  ffff8801d2fb0480: 04 fc fc fc fc fc fc fc 00 06 fc fc fc fc fc fc
[   34.196177]  ffff8801d2fb0500: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   34.203513] >ffff8801d2fb0580: 00 00 fc fc fc fc fc fc 00 00 00 00 fc fc fc fc
[   34.210839]                          ^
[   34.214695]  ffff8801d2fb0600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   34.222028]  ffff8801d2fb0680: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   34.229356] ==================================================================
[   34.236695] Disabling lock debugging due to kernel taint
[   34.242154] Kernel panic - not syncing: panic_on_warn set ...
[   34.242154] 
[   34.249485] CPU: 1 PID: 2986 Comm: syzkaller046591 Tainted: G    B           4.13.0+ #75
[   34.257678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.267000] Call Trace:
[   34.269556]  dump_stack+0x194/0x257
[   34.273152]  ? arch_local_irq_restore+0x53/0x53
[   34.277787]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   34.282512]  ? tipc_nametbl_lookup_dst_nodes+0x470/0x4b0
[   34.287927]  panic+0x1e4/0x417
[   34.291084]  ? __warn+0x1d9/0x1d9
[   34.294508]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   34.299923]  kasan_end_report+0x50/0x50
[   34.303872]  kasan_report+0x137/0x340
[   34.307637]  __asan_report_load4_noabort+0x14/0x20
[   34.312531]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   34.317785]  tipc_sendmcast+0x704/0xe30
[   34.321727]  ? unwind_dump+0x4c0/0x4c0
[   34.325583]  ? tipc_release+0xfd0/0xfd0
[   34.329523]  ? unwind_get_return_address+0x61/0xa0
[   34.334417]  ? __is_insn_slot_addr+0x1fc/0x330
[   34.338965]  ? lock_downgrade+0x990/0x990
[   34.343081]  ? __sys_sendmsg+0xe5/0x210
[   34.347026]  ? lock_release+0xd70/0xd70
[   34.350964]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   34.356811]  ? is_bpf_text_address+0x7b/0x120
[   34.361270]  ? lock_downgrade+0x990/0x990
[   34.365388]  ? show_initstate+0xb0/0xb0
[   34.369327]  ? __bfs+0xaa/0x750
[   34.372575]  ? noop_count+0x40/0x40
[   34.376168]  __tipc_sendmsg+0xf49/0x1590
[   34.380192]  ? __tipc_sendmsg+0xf49/0x1590
[   34.384401]  ? unwind_dump+0x4c0/0x4c0
[   34.388257]  ? tipc_sendmcast+0xe30/0xe30
[   34.392372]  ? is_bpf_text_address+0xa4/0x120
[   34.396833]  ? check_usage_backwards+0x20a/0x420
[   34.401554]  ? print_shortest_lock_dependencies+0x350/0x350
[   34.407235]  ? save_stack_trace+0x16/0x20
[   34.411345]  ? save_trace+0x11f/0x350
[   34.415113]  ? mark_held_locks+0xb2/0x100
[   34.419226]  ? __raw_spin_lock_init+0x1c/0x100
[   34.423774]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.428754]  ? __lockdep_init_map+0xe4/0x650
[   34.433127]  ? lockdep_init_map+0x3d/0x70
[   34.437242]  __tipc_sendstream+0x8eb/0xc00
[   34.441444]  ? find_held_lock+0x39/0x1d0
[   34.445473]  ? tipc_connect+0x6d0/0x6d0
[   34.449413]  ? lock_downgrade+0x990/0x990
[   34.453529]  ? lock_acquire+0x1d5/0x580
[   34.457465]  ? tipc_sendstream+0x42/0x70
[   34.461496]  ? mark_held_locks+0xb2/0x100
[   34.465614]  ? __local_bh_enable_ip+0x9d/0x160
[   34.470165]  tipc_sendstream+0x50/0x70
[   34.474021]  tipc_send_packet+0x33/0x50
[   34.477960]  ? tipc_sendstream+0x70/0x70
[   34.481988]  sock_sendmsg+0xca/0x110
[   34.485666]  ___sys_sendmsg+0x75b/0x8a0
[   34.489618]  ? copy_msghdr_from_user+0x590/0x590
[   34.494341]  ? startup_64+0x10/0x30
[   34.497938]  ? __fget_light+0x29d/0x390
[   34.501877]  ? fget_raw+0x20/0x20
[   34.505298]  ? handle_mm_fault+0x4a2/0x860
[   34.509496]  ? down_read_trylock+0xdb/0x170
[   34.513788]  ? __fdget+0x18/0x20
[   34.517441]  __sys_sendmsg+0xe5/0x210
[   34.521206]  ? __sys_sendmsg+0xe5/0x210
[   34.525149]  ? SyS_shutdown+0x290/0x290
[   34.529090]  ? __do_page_fault+0xb60/0xb60
[   34.533290]  ? fd_install+0x4d/0x60
[   34.536897]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.541881]  SyS_sendmsg+0x2d/0x50
[   34.545390]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   34.550111] RIP: 0033:0x43fd79
[   34.553266] RSP: 002b:00007ffc54515d78 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   34.561325] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd79
[   34.568561] RDX: 0000000000000004 RSI: 00000000207ca000 RDI: 0000000000000003
[   34.575797] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
[   34.583031] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004016e0
[   34.590265] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   34.597570] Dumping ftrace buffer:
[   34.601077]    (ftrace buffer empty)
[   34.604752] Kernel Offset: disabled
[   34.608344] Rebooting in 86400 seconds..