INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-386-0,10.128.0.7' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   38.095182] ==================================================================
[   38.102577] BUG: KASAN: slab-out-of-bounds in tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   38.110689] Read of size 4 at addr ffff8801d2898690 by task syzkaller258649/2988
[   38.118188] 
[   38.119791] CPU: 1 PID: 2988 Comm: syzkaller258649 Not tainted 4.14.0-rc2+ #13
[   38.127118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   38.136441] Call Trace:
[   38.139001]  dump_stack+0x194/0x257
[   38.142600]  ? arch_local_irq_restore+0x53/0x53
[   38.147240]  ? show_regs_print_info+0x65/0x65
[   38.151712]  ? lock_release+0xd70/0xd70
[   38.155661]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   38.161085]  print_address_description+0x73/0x250
[   38.165898]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   38.171318]  kasan_report+0x25b/0x340
[   38.175091]  __asan_report_load4_noabort+0x14/0x20
[   38.179989]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   38.185245]  tipc_sendmcast+0x70b/0xe20
[   38.189201]  ? tipc_release+0xfd0/0xfd0
[   38.193145]  ? __kernel_text_address+0xd/0x40
[   38.197609]  ? __is_insn_slot_addr+0x1fc/0x330
[   38.202164]  ? lock_downgrade+0x990/0x990
[   38.206288]  ? __save_stack_trace+0x61/0xd0
[   38.210587]  ? compat_SyS_sendmsg+0x2a/0x40
[   38.214884]  ? lock_release+0xd70/0xd70
[   38.218829]  ? is_bpf_text_address+0x7b/0x120
[   38.223294]  ? lock_downgrade+0x990/0x990
[   38.227413]  ? show_initstate+0xb0/0xb0
[   38.231359]  ? bpf_prog_alloc+0x310/0x310
[   38.235478]  ? __bfs+0xaa/0x750
[   38.238734]  ? noop_count+0x40/0x40
[   38.242336]  __tipc_sendmsg+0xf49/0x1590
[   38.246367]  ? __tipc_sendmsg+0xf49/0x1590
[   38.250574]  ? rcutorture_record_progress+0x10/0x10
[   38.255573]  ? tipc_sendmcast+0xe20/0xe20
[   38.259694]  ? check_usage_backwards+0x20a/0x420
[   38.264425]  ? print_shortest_lock_dependencies+0x350/0x350
[   38.270116]  ? save_stack_trace+0x16/0x20
[   38.274233]  ? save_trace+0x11f/0x350
[   38.278008]  ? mark_held_locks+0xb2/0x100
[   38.282129]  ? __raw_spin_lock_init+0x1c/0x100
[   38.286690]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   38.291674]  ? __lockdep_init_map+0xe4/0x650
[   38.296057]  ? lockdep_init_map+0x3d/0x70
[   38.300181]  __tipc_sendstream+0x8eb/0xc00
[   38.304389]  ? find_held_lock+0x39/0x1d0
[   38.308426]  ? tipc_connect+0x6d0/0x6d0
[   38.312369]  ? lock_downgrade+0x990/0x990
[   38.316486]  ? __check_object_size+0x25d/0x4f0
[   38.321046]  ? lock_acquire+0x1d5/0x580
[   38.324989]  ? tipc_sendstream+0x42/0x70
[   38.329034]  ? mark_held_locks+0xb2/0x100
[   38.333164]  ? __local_bh_enable_ip+0x9d/0x160
[   38.337725]  tipc_sendstream+0x50/0x70
[   38.341580]  ? __tipc_sendstream+0xc00/0xc00
[   38.345959]  sock_sendmsg+0xca/0x110
[   38.349644]  ___sys_sendmsg+0x75b/0x8a0
[   38.353596]  ? copy_msghdr_from_user+0x590/0x590
[   38.358324]  ? get_unused_fd_flags+0x190/0x190
[   38.362881]  ? check_noncircular+0x20/0x20
[   38.367090]  ? __handle_mm_fault+0x587/0x39c0
[   38.371558]  ? __fget_light+0x29d/0x390
[   38.375504]  ? fget_raw+0x20/0x20
[   38.378952]  ? __fdget+0x18/0x20
[   38.382291]  __sys_sendmsg+0xe5/0x210
[   38.386062]  ? __sys_sendmsg+0xe5/0x210
[   38.390007]  ? SyS_shutdown+0x290/0x290
[   38.393974]  ? handle_mm_fault+0x410/0x8d0
[   38.398177]  ? down_read_trylock+0xdb/0x170
[   38.402475]  ? __do_page_fault+0x2b8/0xb60
[   38.406699]  compat_SyS_sendmsg+0x2a/0x40
[   38.410818]  ? compat_SyS_getsockopt+0x420/0x420
[   38.415543]  do_fast_syscall_32+0x3f2/0xf05
[   38.419853]  ? do_int80_syscall_32+0x940/0x940
[   38.424406]  ? kasan_check_read+0x11/0x20
[   38.428525]  ? syscall_return_slowpath+0x510/0x510
[   38.433424]  ? SyS_rt_sigaction+0x94/0x1b0
[   38.437631]  ? lockdep_sys_exit+0x47/0xf0
[   38.441753]  ? retint_user+0x18/0x20
[   38.445440]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   38.450260]  entry_SYSENTER_compat+0x51/0x60
[   38.454635] RIP: 0023:0xf7facc79
[   38.457973] RSP: 002b:00000000ffbdd6ac EFLAGS: 00000203 ORIG_RAX: 0000000000000172
[   38.465656] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000201ff000
[   38.472895] RDX: 0000000000004000 RSI: 0000000000000167 RDI: 000000000000001e
[   38.480135] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   38.487375] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   38.494615] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   38.501870] 
[   38.503470] Allocated by task 1:
[   38.506808]  save_stack_trace+0x16/0x20
[   38.510754]  save_stack+0x43/0xd0
[   38.514178]  kasan_kmalloc+0xad/0xe0
[   38.517863]  kmem_cache_alloc_trace+0x136/0x750
[   38.522502]  tipc_nameseq_create+0xe8/0x540
[   38.526794]  tipc_nametbl_insert_publ+0xf77/0x17c0
[   38.531692]  tipc_nametbl_publish+0x2aa/0x4f0
[   38.536155]  tipc_bind+0x33a/0x700
[   38.539666]  kernel_bind+0x62/0x80
[   38.543172]  tipc_server_start+0x3a1/0xb60
[   38.547376]  tipc_topsrv_start+0x64f/0x890
[   38.551578]  tipc_init_net+0x3cc/0x570
[   38.555433]  ops_init+0x10a/0x570
[   38.558852]  register_pernet_operations+0x45e/0x980
[   38.563839]  register_pernet_subsys+0x2a/0x40
[   38.568302]  tipc_init+0x83/0x104
[   38.571725]  do_one_initcall+0x9e/0x330
[   38.575667]  kernel_init_freeable+0x469/0x521
[   38.580129]  kernel_init+0x13/0x172
[   38.583726]  ret_from_fork+0x2a/0x40
[   38.587402] 
[   38.589005] Freed by task 0:
[   38.591991] (stack is not available)
[   38.595671] 
[   38.597267] The buggy address belongs to the object at ffff8801d2898680
[   38.597267]  which belongs to the cache kmalloc-32 of size 32
[   38.609717] The buggy address is located 16 bytes inside of
[   38.609717]  32-byte region [ffff8801d2898680, ffff8801d28986a0)
[   38.621391] The buggy address belongs to the page:
[   38.626292] page:ffffea00074a2600 count:1 mapcount:0 mapping:ffff8801d2898000 index:0xffff8801d2898fc1
[   38.635707] flags: 0x200000000000100(slab)
[   38.639911] raw: 0200000000000100 ffff8801d2898000 ffff8801d2898fc1 000000010000003c
[   38.647761] raw: ffffea00074b6b60 ffffea00074b8020 ffff8801dac001c0 0000000000000000
[   38.655608] page dumped because: kasan: bad access detected
[   38.661285] 
[   38.662880] Memory state around the buggy address:
[   38.667777]  ffff8801d2898580: 04 fc fc fc fc fc fc fc 00 06 fc fc fc fc fc fc
[   38.675105]  ffff8801d2898600: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   38.682431] >ffff8801d2898680: 00 00 fc fc fc fc fc fc 00 00 00 00 fc fc fc fc
[   38.689764]                          ^
[   38.693617]  ffff8801d2898700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   38.700948]  ffff8801d2898780: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   38.708270] ==================================================================
[   38.715595] Disabling lock debugging due to kernel taint
[   38.721040] Kernel panic - not syncing: panic_on_warn set ...
[   38.721040] 
[   38.728366] CPU: 1 PID: 2988 Comm: syzkaller258649 Tainted: G    B           4.14.0-rc2+ #13
[   38.736901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   38.746219] Call Trace:
[   38.748774]  dump_stack+0x194/0x257
[   38.752376]  ? arch_local_irq_restore+0x53/0x53
[   38.757011]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   38.761733]  ? tipc_nametbl_lookup_dst_nodes+0x3f0/0x4b0
[   38.767148]  panic+0x1e4/0x417
[   38.770306]  ? __warn+0x1d9/0x1d9
[   38.773734]  ? tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   38.779149]  kasan_end_report+0x50/0x50
[   38.783093]  kasan_report+0x144/0x340
[   38.786860]  __asan_report_load4_noabort+0x14/0x20
[   38.791753]  tipc_nametbl_lookup_dst_nodes+0x4a3/0x4b0
[   38.796996]  tipc_sendmcast+0x70b/0xe20
[   38.800941]  ? tipc_release+0xfd0/0xfd0
[   38.804880]  ? __kernel_text_address+0xd/0x40
[   38.809339]  ? __is_insn_slot_addr+0x1fc/0x330
[   38.813886]  ? lock_downgrade+0x990/0x990
[   38.817996]  ? __save_stack_trace+0x61/0xd0
[   38.822286]  ? compat_SyS_sendmsg+0x2a/0x40
[   38.826573]  ? lock_release+0xd70/0xd70
[   38.830511]  ? is_bpf_text_address+0x7b/0x120
[   38.834969]  ? lock_downgrade+0x990/0x990
[   38.839088]  ? show_initstate+0xb0/0xb0
[   38.843025]  ? bpf_prog_alloc+0x310/0x310
[   38.847149]  ? __bfs+0xaa/0x750
[   38.850394]  ? noop_count+0x40/0x40
[   38.853988]  __tipc_sendmsg+0xf49/0x1590
[   38.858013]  ? __tipc_sendmsg+0xf49/0x1590
[   38.862212]  ? rcutorture_record_progress+0x10/0x10
[   38.867196]  ? tipc_sendmcast+0xe20/0xe20
[   38.871308]  ? check_usage_backwards+0x20a/0x420
[   38.876029]  ? print_shortest_lock_dependencies+0x350/0x350
[   38.881710]  ? save_stack_trace+0x16/0x20
[   38.885819]  ? save_trace+0x11f/0x350
[   38.889592]  ? mark_held_locks+0xb2/0x100
[   38.893708]  ? __raw_spin_lock_init+0x1c/0x100
[   38.898253]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   38.903230]  ? __lockdep_init_map+0xe4/0x650
[   38.907602]  ? lockdep_init_map+0x3d/0x70
[   38.911721]  __tipc_sendstream+0x8eb/0xc00
[   38.915920]  ? find_held_lock+0x39/0x1d0
[   38.919947]  ? tipc_connect+0x6d0/0x6d0
[   38.923884]  ? lock_downgrade+0x990/0x990
[   38.927996]  ? __check_object_size+0x25d/0x4f0
[   38.932546]  ? lock_acquire+0x1d5/0x580
[   38.936483]  ? tipc_sendstream+0x42/0x70
[   38.940513]  ? mark_held_locks+0xb2/0x100
[   38.944632]  ? __local_bh_enable_ip+0x9d/0x160
[   38.949198]  tipc_sendstream+0x50/0x70
[   38.953052]  ? __tipc_sendstream+0xc00/0xc00
[   38.957424]  sock_sendmsg+0xca/0x110
[   38.961103]  ___sys_sendmsg+0x75b/0x8a0
[   38.965042]  ? copy_msghdr_from_user+0x590/0x590
[   38.969762]  ? get_unused_fd_flags+0x190/0x190
[   38.974311]  ? check_noncircular+0x20/0x20
[   38.978512]  ? __handle_mm_fault+0x587/0x39c0
[   38.982970]  ? __fget_light+0x29d/0x390
[   38.986910]  ? fget_raw+0x20/0x20
[   38.990339]  ? __fdget+0x18/0x20
[   38.993672]  __sys_sendmsg+0xe5/0x210
[   38.997434]  ? __sys_sendmsg+0xe5/0x210
[   39.001375]  ? SyS_shutdown+0x290/0x290
[   39.005318]  ? handle_mm_fault+0x410/0x8d0
[   39.009514]  ? down_read_trylock+0xdb/0x170
[   39.013797]  ? __do_page_fault+0x2b8/0xb60
[   39.018006]  compat_SyS_sendmsg+0x2a/0x40
[   39.022117]  ? compat_SyS_getsockopt+0x420/0x420
[   39.026845]  do_fast_syscall_32+0x3f2/0xf05
[   39.031135]  ? do_int80_syscall_32+0x940/0x940
[   39.035684]  ? kasan_check_read+0x11/0x20
[   39.039798]  ? syscall_return_slowpath+0x510/0x510
[   39.044692]  ? SyS_rt_sigaction+0x94/0x1b0
[   39.048891]  ? lockdep_sys_exit+0x47/0xf0
[   39.053003]  ? retint_user+0x18/0x20
[   39.056684]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.061495]  entry_SYSENTER_compat+0x51/0x60
[   39.066128] RIP: 0023:0xf7facc79
[   39.069462] RSP: 002b:00000000ffbdd6ac EFLAGS: 00000203 ORIG_RAX: 0000000000000172
[   39.077133] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000201ff000
[   39.084367] RDX: 0000000000004000 RSI: 0000000000000167 RDI: 000000000000001e
[   39.091599] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000