Warning: Permanently added '10.128.1.41' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.870320] audit: type=1400 audit(1602344812.158:8): avc: denied { execmem } for pid=6344 comm="syz-executor991" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 32.872270] ================================================================== [ 32.897787] BUG: KASAN: slab-out-of-bounds in tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0 [ 32.906028] Read of size 4 at addr ffff88809af06750 by task syz-executor991/6344 [ 32.913599] [ 32.915214] CPU: 0 PID: 6344 Comm: syz-executor991 Not tainted 4.14.198-syzkaller #0 [ 32.923341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.932690] Call Trace: [ 32.935266] dump_stack+0x1b2/0x283 [ 32.938881] print_address_description.cold+0x54/0x1d3 [ 32.944268] kasan_report_error.cold+0x8a/0x194 [ 32.948941] ? tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0 [ 32.954375] __asan_report_load4_noabort+0x68/0x70 [ 32.959387] ? tipc_addr_domain_valid+0x80/0x80 [ 32.964038] ? tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0 [ 32.969501] tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0 [ 32.974771] tipc_sendmcast+0x51a/0xac0 [ 32.978739] ? check_usage_forwards+0x2d0/0x2d0 [ 32.983411] ? tipc_shutdown+0x340/0x340 [ 32.987456] ? __save_stack_trace+0x63/0x160 [ 32.991842] ? deref_stack_reg+0x124/0x1a0 [ 32.996058] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 33.001936] ? lock_downgrade+0x740/0x740 [ 33.006062] ? unwind_next_frame+0xe54/0x17d0 [ 33.010534] ? bpf_prog_kallsyms_find.part.0+0x164/0x240 [ 33.015958] ? is_bpf_text_address+0xb8/0x150 [ 33.020447] __tipc_sendmsg+0xbab/0xf90 [ 33.024398] ? check_usage_forwards+0x2d0/0x2d0 [ 33.029042] ? tipc_sendmcast+0xac0/0xac0 [ 33.033230] ? save_trace+0xd6/0x290 [ 33.037043] ? mark_lock+0x64e/0x1050 [ 33.040849] ? check_usage_forwards+0x2d0/0x2d0 [ 33.045516] ? mark_held_locks+0xa6/0xf0 [ 33.049645] ? __local_bh_enable_ip+0xc1/0x170 [ 33.054227] tipc_sendmsg+0x4c/0x70 [ 33.057829] ? __tipc_sendmsg+0xf90/0xf90 [ 33.061953] sock_sendmsg+0xb5/0x100 [ 33.065667] ___sys_sendmsg+0x6c8/0x800 [ 33.069629] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 33.074367] ? lock_downgrade+0x740/0x740 [ 33.078505] ? do_raw_spin_unlock+0x164/0x220 [ 33.082976] ? _raw_spin_unlock+0x29/0x40 [ 33.087098] ? do_huge_pmd_anonymous_page+0x732/0x1670 [ 33.092368] ? prep_transhuge_page+0xa0/0xa0 [ 33.096769] ? vm_insert_page+0x7c0/0x7c0 [ 33.100902] ? __fdget+0x167/0x1f0 [ 33.104436] ? sockfd_lookup_light+0xb2/0x160 [ 33.108907] __sys_sendmsg+0xa3/0x120 [ 33.112698] ? SyS_shutdown+0x160/0x160 [ 33.116668] ? up_read+0x17/0x30 [ 33.120014] ? __do_page_fault+0x19a/0xb50 [ 33.124312] SyS_sendmsg+0x27/0x40 [ 33.127839] ? __sys_sendmsg+0x120/0x120 [ 33.131888] do_syscall_64+0x1d5/0x640 [ 33.135766] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.140931] RIP: 0033:0x440299 [ 33.144096] RSP: 002b:00007ffd8cabab98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 33.151781] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440299 [ 33.159026] RDX: 0000000000000000 RSI: 00000000200014c0 RDI: 0000000000000003 [ 33.166270] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 33.173540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0 [ 33.180797] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 33.188053] [ 33.189660] Allocated by task 1: [ 33.193019] kasan_kmalloc+0xeb/0x160 [ 33.196809] __kmalloc+0x15a/0x400 [ 33.200325] tipc_nameseq_create+0x53/0x290 [ 33.204635] tipc_nametbl_insert_publ+0x59b/0x14a0 [ 33.209553] tipc_nametbl_publish+0x211/0x3f0 [ 33.214023] tipc_bind+0x2c4/0x600 [ 33.217534] tipc_server_start+0x31f/0x880 [ 33.221742] tipc_topsrv_init_net+0x53b/0x730 [ 33.226209] ops_init+0xaa/0x3e0 [ 33.229550] register_pernet_operations+0x32f/0x750 [ 33.234539] register_pernet_device+0x28/0x70 [ 33.239021] tipc_init+0x7d/0x137 [ 33.242525] do_one_initcall+0x88/0x202 [ 33.246482] kernel_init_freeable+0x558/0x619 [ 33.250981] kernel_init+0xd/0x15b [ 33.254516] ret_from_fork+0x24/0x30 [ 33.258214] [ 33.259834] Freed by task 0: [ 33.262824] (stack is not available) [ 33.266513] [ 33.268114] The buggy address belongs to the object at ffff88809af06740 [ 33.268114] which belongs to the cache kmalloc-32 of size 32 [ 33.280573] The buggy address is located 16 bytes inside of [ 33.280573] 32-byte region [ffff88809af06740, ffff88809af06760) [ 33.292282] The buggy address belongs to the page: [ 33.297204] page:ffffea00026bc180 count:1 mapcount:0 mapping:ffff88809af06000 index:0xffff88809af06fc1 [ 33.306623] flags: 0xfffe0000000100(slab) [ 33.310748] raw: 00fffe0000000100 ffff88809af06000 ffff88809af06fc1 0000000100000034 [ 33.318702] raw: ffffea00026c33a0 ffffea0002a95b20 ffff88812fe501c0 0000000000000000 [ 33.326567] page dumped because: kasan: bad access detected [ 33.332252] [ 33.333941] Memory state around the buggy address: [ 33.338866] ffff88809af06600: 00 00 01 fc fc fc fc fc 00 00 01 fc fc fc fc fc [ 33.346219] ffff88809af06680: 00 01 fc fc fc fc fc fc 00 00 fc fc fc fc fc fc [ 33.353570] >ffff88809af06700: 04 fc fc fc fc fc fc fc 00 00 fc fc fc fc fc fc [ 33.360928] ^ [ 33.366976] ffff88809af06780: 00 00 01 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 33.374326] ffff88809af06800: 00 02 fc fc fc fc fc fc 00 00 01 fc fc fc fc fc [ 33.381664] ================================================================== [ 33.389137] Disabling lock debugging due to kernel taint [ 33.394633] Kernel panic - not syncing: panic_on_warn set ... [ 33.394633] [ 33.401996] CPU: 0 PID: 6344 Comm: syz-executor991 Tainted: G B 4.14.198-syzkaller #0 [ 33.411090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.420444] Call Trace: [ 33.423034] dump_stack+0x1b2/0x283 [ 33.426676] panic+0x1f9/0x42d [ 33.429862] ? add_taint.cold+0x16/0x16 [ 33.433834] kasan_end_report+0x43/0x49 [ 33.437781] kasan_report_error.cold+0xa7/0x194 [ 33.442428] ? tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0 [ 33.447861] __asan_report_load4_noabort+0x68/0x70 [ 33.452791] ? tipc_addr_domain_valid+0x80/0x80 [ 33.457543] ? tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0 [ 33.462968] tipc_nametbl_lookup_dst_nodes+0x44c/0x4c0 [ 33.468221] tipc_sendmcast+0x51a/0xac0 [ 33.472176] ? check_usage_forwards+0x2d0/0x2d0 [ 33.476834] ? tipc_shutdown+0x340/0x340 [ 33.480995] ? __save_stack_trace+0x63/0x160 [ 33.485386] ? deref_stack_reg+0x124/0x1a0 [ 33.489598] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 33.495461] ? lock_downgrade+0x740/0x740 [ 33.499589] ? unwind_next_frame+0xe54/0x17d0 [ 33.504060] ? bpf_prog_kallsyms_find.part.0+0x164/0x240 [ 33.509848] ? is_bpf_text_address+0xb8/0x150 [ 33.514330] __tipc_sendmsg+0xbab/0xf90 [ 33.518279] ? check_usage_forwards+0x2d0/0x2d0 [ 33.522935] ? tipc_sendmcast+0xac0/0xac0 [ 33.527071] ? save_trace+0xd6/0x290 [ 33.530764] ? mark_lock+0x64e/0x1050 [ 33.534537] ? check_usage_forwards+0x2d0/0x2d0 [ 33.539179] ? mark_held_locks+0xa6/0xf0 [ 33.543215] ? __local_bh_enable_ip+0xc1/0x170 [ 33.547769] tipc_sendmsg+0x4c/0x70 [ 33.551385] ? __tipc_sendmsg+0xf90/0xf90 [ 33.555521] sock_sendmsg+0xb5/0x100 [ 33.559208] ___sys_sendmsg+0x6c8/0x800 [ 33.563169] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 33.567913] ? lock_downgrade+0x740/0x740 [ 33.572035] ? do_raw_spin_unlock+0x164/0x220 [ 33.576507] ? _raw_spin_unlock+0x29/0x40 [ 33.580629] ? do_huge_pmd_anonymous_page+0x732/0x1670 [ 33.585903] ? prep_transhuge_page+0xa0/0xa0 [ 33.590290] ? vm_insert_page+0x7c0/0x7c0 [ 33.594430] ? __fdget+0x167/0x1f0 [ 33.597959] ? sockfd_lookup_light+0xb2/0x160 [ 33.602514] __sys_sendmsg+0xa3/0x120 [ 33.606303] ? SyS_shutdown+0x160/0x160 [ 33.610253] ? up_read+0x17/0x30 [ 33.613593] ? __do_page_fault+0x19a/0xb50 [ 33.617817] SyS_sendmsg+0x27/0x40 [ 33.621328] ? __sys_sendmsg+0x120/0x120 [ 33.625365] do_syscall_64+0x1d5/0x640 [ 33.629227] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.634389] RIP: 0033:0x440299 [ 33.637553] RSP: 002b:00007ffd8cabab98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 33.645241] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440299 [ 33.652501] RDX: 0000000000000000 RSI: 00000000200014c0 RDI: 0000000000000003 [ 33.659745] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 33.667003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0 [ 33.674244] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 33.682874] Kernel Offset: disabled [ 33.686492] Rebooting in 86400 seconds..