INIT: Entering runlevel: 2

[info] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-386-4,10.128.15.197' (ECDSA) to the list of known hosts.
2017/10/03 20:31:20 parsed 1 programs
2017/10/03 20:31:20 executed programs: 0
syzkaller login: [   21.717480] ==================================================================
[   21.724915] BUG: KASAN: slab-out-of-bounds in tipc_nametbl_lookup_dst_nodes+0x448/0x4b0
[   21.733032] Read of size 4 at addr ffff8801ce886c10 by task syz-executor0/2995
[   21.740362] 
[   21.741965] CPU: 0 PID: 2995 Comm: syz-executor0 Not tainted 4.14.0-rc3+ #23
[   21.749119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   21.758443] Call Trace:
[   21.761004]  dump_stack+0x194/0x257
[   21.764607]  ? arch_local_irq_restore+0x53/0x53
[   21.769247]  ? show_regs_print_info+0x65/0x65
[   21.773718]  ? lock_release+0xd70/0xd70
[   21.777675]  ? tipc_nametbl_lookup_dst_nodes+0x448/0x4b0
[   21.783100]  print_address_description+0x73/0x250
[   21.787914]  ? tipc_nametbl_lookup_dst_nodes+0x448/0x4b0
[   21.793341]  kasan_report+0x25b/0x340
[   21.797120]  __asan_report_load4_noabort+0x14/0x20
[   21.802022]  tipc_nametbl_lookup_dst_nodes+0x448/0x4b0
[   21.807280]  tipc_sendmcast+0x70b/0xe20
[   21.811241]  ? tipc_release+0xfd0/0xfd0
[   21.815186]  ? lru_cache_add+0x1c7/0x3a0
[   21.819224]  ? get_mem_cgroup_from_mm+0x710/0x710
[   21.824040]  ? lru_cache_add_file+0x20/0x20
[   21.828331]  ? __bfs+0x690/0x750
[   21.831677]  ? find_held_lock+0x39/0x1d0
[   21.835717]  ? check_noncircular+0x20/0x20
[   21.839928]  ? lock_downgrade+0x990/0x990
[   21.844052]  ? check_noncircular+0x20/0x20
[   21.848263]  ? pgtable_trans_huge_deposit+0x342/0x6d0
[   21.853427]  ? check_noncircular+0x20/0x20
[   21.857650]  __tipc_sendmsg+0xf49/0x1590
[   21.861679]  ? __tipc_sendmsg+0xf49/0x1590
[   21.865893]  ? perf_trace_lock_acquire+0x562/0x900
[   21.870795]  ? tipc_sendmcast+0xe20/0xe20
[   21.874923]  ? lock_downgrade+0x990/0x990
[   21.879045]  ? __check_object_size+0x25d/0x4f0
[   21.883609]  ? lock_acquire+0x1d5/0x580
[   21.887556]  ? tipc_sendmsg+0x42/0x70
[   21.891346]  ? mark_held_locks+0xb2/0x100
[   21.895468]  ? __local_bh_enable_ip+0x9d/0x160
[   21.900023]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   21.905024]  ? lock_sock_nested+0x91/0x110
[   21.909229]  ? trace_hardirqs_on+0xd/0x10
[   21.913350]  ? __local_bh_enable_ip+0x9d/0x160
[   21.917914]  tipc_sendmsg+0x50/0x70
[   21.921512]  ? __tipc_sendmsg+0x1590/0x1590
[   21.925808]  sock_sendmsg+0xca/0x110
[   21.929495]  ___sys_sendmsg+0x75b/0x8a0
[   21.933450]  ? copy_msghdr_from_user+0x590/0x590
[   21.938183]  ? __handle_mm_fault+0x587/0x39c0
[   21.942661]  ? __pmd_alloc+0x4e0/0x4e0
[   21.946526]  ? __fget_light+0x29d/0x390
[   21.950476]  ? fget_raw+0x20/0x20
[   21.953926]  ? __fdget+0x18/0x20
[   21.957270]  __sys_sendmsg+0xe5/0x210
[   21.961041]  ? __sys_sendmsg+0xe5/0x210
[   21.964989]  ? SyS_shutdown+0x290/0x290
[   21.968937]  ? down_read_trylock+0xdb/0x170
[   21.973236]  ? compat_SyS_futex+0x288/0x380
[   21.977553]  compat_SyS_sendmsg+0x2a/0x40
[   21.981674]  ? compat_SyS_getsockopt+0x420/0x420
[   21.986403]  do_fast_syscall_32+0x3f2/0xf05
[   21.990710]  ? do_int80_syscall_32+0x940/0x940
[   21.995267]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   21.999996]  ? lockdep_sys_exit+0x47/0xf0
[   22.004117]  ? syscall_return_slowpath+0x2b3/0x510
[   22.009024]  ? sysret32_from_system_call+0x5/0x3b
[   22.013844]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   22.018664]  entry_SYSENTER_compat+0x51/0x60
[   22.023044] RIP: 0023:0xf7f6bc79
[   22.026379] RSP: 002b:00000000ff91159c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[   22.034060] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020316000
[   22.041304] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   22.048548] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   22.055789] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   22.063030] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   22.070290] 
[   22.071890] Allocated by task 2995:
[   22.075489]  save_stack_trace+0x16/0x20
[   22.079432]  save_stack+0x43/0xd0
[   22.082855]  kasan_kmalloc+0xad/0xe0
[   22.086544]  kmem_cache_alloc_trace+0x136/0x750
[   22.091183]  tipc_nameseq_create+0xe8/0x540
[   22.095474]  tipc_nametbl_insert_publ+0xf77/0x17c0
[   22.100374]  tipc_nametbl_publish+0x2aa/0x4f0
[   22.104839]  tipc_bind+0x33a/0x700
[   22.108352]  SYSC_bind+0x1b4/0x3f0
[   22.111861]  SyS_bind+0x24/0x30
[   22.115112]  do_fast_syscall_32+0x3f2/0xf05
[   22.119400]  entry_SYSENTER_compat+0x51/0x60
[   22.123774] 
[   22.125370] Freed by task 1552:
[   22.128617]  save_stack_trace+0x16/0x20
[   22.132560]  save_stack+0x43/0xd0
[   22.135981]  kasan_slab_free+0x71/0xc0
[   22.139838]  kfree+0xca/0x250
[   22.142913]  single_release+0x88/0xb0
[   22.146684]  close_pdeo+0x130/0x420
[   22.150280]  proc_reg_release+0x12b/0x170
[   22.154399]  __fput+0x333/0x7f0
[   22.157650]  ____fput+0x15/0x20
[   22.160902]  task_work_run+0x199/0x270
[   22.164846]  exit_to_usermode_loop+0x296/0x310
[   22.169396]  syscall_return_slowpath+0x42f/0x510
[   22.174122]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   22.178845] 
[   22.180444] The buggy address belongs to the object at ffff8801ce886c00
[   22.180444]  which belongs to the cache kmalloc-32 of size 32
[   22.192893] The buggy address is located 16 bytes inside of
[   22.192893]  32-byte region [ffff8801ce886c00, ffff8801ce886c20)
[   22.204561] The buggy address belongs to the page:
[   22.209461] page:ffffea00073a2180 count:1 mapcount:0 mapping:ffff8801ce886000 index:0xffff8801ce886fc1
[   22.218879] flags: 0x200000000000100(slab)
[   22.223085] raw: 0200000000000100 ffff8801ce886000 ffff8801ce886fc1 000000010000003f
[   22.230935] raw: ffffea00073d51e0 ffffea00073c2960 ffff8801dac001c0 0000000000000000
[   22.238783] page dumped because: kasan: bad access detected
[   22.244462] 
[   22.246065] Memory state around the buggy address:
[   22.250967]  ffff8801ce886b00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   22.258297]  ffff8801ce886b80: fb fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc
[   22.265630] >ffff8801ce886c00: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   22.272959]                          ^
[   22.276813]  ffff8801ce886c80: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   22.284140]  ffff8801ce886d00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   22.291469] ==================================================================
[   22.298797] Disabling lock debugging due to kernel taint
[   22.304256] Kernel panic - not syncing: panic_on_warn set ...
[   22.304256] 
[   22.311587] CPU: 0 PID: 2995 Comm: syz-executor0 Tainted: G    B           4.14.0-rc3+ #23
[   22.319953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.329273] Call Trace:
[   22.331829]  dump_stack+0x194/0x257
[   22.335423]  ? arch_local_irq_restore+0x53/0x53
[   22.340058]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   22.344783]  ? tipc_nametbl_lookup_dst_nodes+0x3f0/0x4b0
[   22.350204]  panic+0x1e4/0x417
[   22.353363]  ? __warn+0x1d9/0x1d9
[   22.356788]  ? tipc_nametbl_lookup_dst_nodes+0x448/0x4b0
[   22.362205]  kasan_end_report+0x50/0x50
[   22.366144]  kasan_report+0x144/0x340
[   22.369910]  __asan_report_load4_noabort+0x14/0x20
[   22.374805]  tipc_nametbl_lookup_dst_nodes+0x448/0x4b0
[   22.380051]  tipc_sendmcast+0x70b/0xe20
[   22.383998]  ? tipc_release+0xfd0/0xfd0
[   22.387935]  ? lru_cache_add+0x1c7/0x3a0
[   22.391959]  ? get_mem_cgroup_from_mm+0x710/0x710
[   22.396766]  ? lru_cache_add_file+0x20/0x20
[   22.401052]  ? __bfs+0x690/0x750
[   22.404388]  ? find_held_lock+0x39/0x1d0
[   22.408417]  ? check_noncircular+0x20/0x20
[   22.412618]  ? lock_downgrade+0x990/0x990
[   22.416731]  ? check_noncircular+0x20/0x20
[   22.420931]  ? pgtable_trans_huge_deposit+0x342/0x6d0
[   22.426089]  ? check_noncircular+0x20/0x20
[   22.430302]  __tipc_sendmsg+0xf49/0x1590
[   22.434328]  ? __tipc_sendmsg+0xf49/0x1590
[   22.438533]  ? perf_trace_lock_acquire+0x562/0x900
[   22.443427]  ? tipc_sendmcast+0xe20/0xe20
[   22.447542]  ? lock_downgrade+0x990/0x990
[   22.451654]  ? __check_object_size+0x25d/0x4f0
[   22.456205]  ? lock_acquire+0x1d5/0x580
[   22.460143]  ? tipc_sendmsg+0x42/0x70
[   22.463914]  ? mark_held_locks+0xb2/0x100
[   22.468027]  ? __local_bh_enable_ip+0x9d/0x160
[   22.472577]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   22.477559]  ? lock_sock_nested+0x91/0x110
[   22.481758]  ? trace_hardirqs_on+0xd/0x10
[   22.485870]  ? __local_bh_enable_ip+0x9d/0x160
[   22.490421]  tipc_sendmsg+0x50/0x70
[   22.494012]  ? __tipc_sendmsg+0x1590/0x1590
[   22.498304]  sock_sendmsg+0xca/0x110
[   22.501985]  ___sys_sendmsg+0x75b/0x8a0
[   22.505927]  ? copy_msghdr_from_user+0x590/0x590
[   22.510648]  ? __handle_mm_fault+0x587/0x39c0
[   22.515110]  ? __pmd_alloc+0x4e0/0x4e0
[   22.518965]  ? __fget_light+0x29d/0x390
[   22.522904]  ? fget_raw+0x20/0x20
[   22.526335]  ? __fdget+0x18/0x20
[   22.529673]  __sys_sendmsg+0xe5/0x210
[   22.533440]  ? __sys_sendmsg+0xe5/0x210
[   22.537380]  ? SyS_shutdown+0x290/0x290
[   22.541318]  ? down_read_trylock+0xdb/0x170
[   22.545611]  ? compat_SyS_futex+0x288/0x380
[   22.549914]  compat_SyS_sendmsg+0x2a/0x40
[   22.554026]  ? compat_SyS_getsockopt+0x420/0x420
[   22.558749]  do_fast_syscall_32+0x3f2/0xf05
[   22.563040]  ? do_int80_syscall_32+0x940/0x940
[   22.567587]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   22.572310]  ? lockdep_sys_exit+0x47/0xf0
[   22.576422]  ? syscall_return_slowpath+0x2b3/0x510
[   22.581319]  ? sysret32_from_system_call+0x5/0x3b
[   22.586127]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   22.590937]  entry_SYSENTER_compat+0x51/0x60
[   22.595310] RIP: 0023:0xf7f6bc79
[   22.598637] RSP: 002b:00000000ff91159c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[   22.606310] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020316000
[   22.613545] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   22.620781] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   22.628016] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   22.635252] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   22.642534] Dumping ftrace buffer:
[   22.646040]    (ftrace buffer empty)
[   22.649716] Kernel Offset: disabled
[   22.653310] Rebooting in 86400 seconds..