INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.4' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   23.671243] ==================================================================
[   23.678669] BUG: KASAN: stack-out-of-bounds in rdma_bind_addr+0x13b/0x1d60
[   23.685658] Read of size 48 at addr ffff8801b3157a50 by task syzkaller397326/4414
[   23.693245] 
[   23.694850] CPU: 0 PID: 4414 Comm: syzkaller397326 Not tainted 4.16.0-rc7+ #370
[   23.702264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.711594] Call Trace:
[   23.714166]  dump_stack+0x194/0x24d
[   23.717767]  ? arch_local_irq_restore+0x53/0x53
[   23.722408]  ? show_regs_print_info+0x18/0x18
[   23.726872]  ? lock_release+0xa40/0xa40
[   23.730819]  ? __radix_tree_lookup+0x435/0x5e0
[   23.735374]  ? rdma_bind_addr+0x13b/0x1d60
[   23.739586]  print_address_description+0x73/0x250
[   23.744402]  ? rdma_bind_addr+0x13b/0x1d60
[   23.748612]  kasan_report+0x23c/0x360
[   23.752391]  check_memory_region+0x137/0x190
[   23.756773]  memcpy+0x23/0x50
[   23.759855]  rdma_bind_addr+0x13b/0x1d60
[   23.763889]  ? lock_release+0xa40/0xa40
[   23.767838]  ? check_same_owner+0x320/0x320
[   23.772139]  ? cma_ndev_work_handler+0x1a0/0x1a0
[   23.776881]  ucma_bind_ip+0x10a/0x190
[   23.780654]  ? ucma_bind+0x260/0x260
[   23.784348]  ? kasan_check_write+0x14/0x20
[   23.788560]  ucma_write+0x2d6/0x3d0
[   23.792161]  ? ucma_bind+0x260/0x260
[   23.795846]  ? ucma_close_id+0x60/0x60
[   23.799713]  ? ucma_close_id+0x60/0x60
[   23.803573]  __vfs_write+0xef/0x970
[   23.807178]  ? kernel_read+0x120/0x120
[   23.811052]  ? fsnotify+0x7b3/0x1140
[   23.814746]  ? rcu_pm_notify+0xc0/0xc0
[   23.818615]  ? security_file_permission+0x89/0x1e0
[   23.823518]  ? rw_verify_area+0xe5/0x2b0
[   23.827552]  ? __fdget_raw+0x20/0x20
[   23.831241]  vfs_write+0x189/0x510
[   23.834760]  SyS_write+0xef/0x220
[   23.838184]  ? filp_open+0x70/0x70
[   23.841698]  ? SyS_read+0x220/0x220
[   23.845301]  ? do_syscall_64+0xb7/0x940
[   23.849250]  ? SyS_read+0x220/0x220
[   23.852851]  do_syscall_64+0x281/0x940
[   23.856717]  ? __do_page_fault+0xc90/0xc90
[   23.860925]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.865654]  ? syscall_return_slowpath+0x550/0x550
[   23.870560]  ? syscall_return_slowpath+0x2ac/0x550
[   23.875472]  ? prepare_exit_to_usermode+0x350/0x350
[   23.880467]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   23.885806]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   23.890630]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   23.895790] RIP: 0033:0x43fdd9
[   23.898952] RSP: 002b:00007ffdfd7b90e8 EFLAGS: 00000217 ORIG_RAX: 0000000000000001
[   23.906633] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdd9
[   23.913875] RDX: 0000000000000090 RSI: 0000000020000080 RDI: 0000000000000003
[   23.921118] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   23.928359] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401700
[   23.935601] R13: 0000000000401790 R14: 0000000000000000 R15: 0000000000000000
[   23.942865] 
[   23.944464] The buggy address belongs to the page:
[   23.949368] page:ffffea0006cc55c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   23.957743] flags: 0x2fffc0000000000()
[   23.961602] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   23.969605] raw: 0000000000000000 ffffea0006cc0101 0000000000000000 0000000000000000
[   23.977564] page dumped because: kasan: bad access detected
[   23.983243] 
[   23.984966] Memory state around the buggy address:
[   23.989864]  ffff8801b3157900: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2
[   23.997196]  ffff8801b3157980: f2 f2 f2 f2 f2 f2 04 f2 f2 f2 f3 f3 f3 f3 00 00
[   24.004532] >ffff8801b3157a00: 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 f2 f2
[   24.011862]                                                              ^
[   24.018846]  ffff8801b3157a80: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[   24.026177]  ffff8801b3157b00: f1 f1 f1 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00
[   24.033507] ==================================================================
[   24.040839] Disabling lock debugging due to kernel taint
[   24.046400] Kernel panic - not syncing: panic_on_warn set ...
[   24.046400] 
[   24.053746] CPU: 0 PID: 4414 Comm: syzkaller397326 Tainted: G    B            4.16.0-rc7+ #370
[   24.062471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.071792] Call Trace:
[   24.074352]  dump_stack+0x194/0x24d
[   24.077949]  ? arch_local_irq_restore+0x53/0x53
[   24.082592]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   24.087319]  ? vsnprintf+0x1ed/0x1900
[   24.091089]  ? rdma_bind_addr+0xd0/0x1d60
[   24.095211]  panic+0x1e4/0x41c
[   24.098375]  ? refcount_error_report+0x214/0x214
[   24.103102]  ? add_taint+0x1c/0x50
[   24.106614]  ? add_taint+0x1c/0x50
[   24.110131]  ? rdma_bind_addr+0x13b/0x1d60
[   24.114337]  kasan_end_report+0x50/0x50
[   24.118278]  kasan_report+0x149/0x360
[   24.122049]  check_memory_region+0x137/0x190
[   24.126428]  memcpy+0x23/0x50
[   24.129505]  rdma_bind_addr+0x13b/0x1d60
[   24.133539]  ? lock_release+0xa40/0xa40
[   24.137480]  ? check_same_owner+0x320/0x320
[   24.141772]  ? cma_ndev_work_handler+0x1a0/0x1a0
[   24.146508]  ucma_bind_ip+0x10a/0x190
[   24.150278]  ? ucma_bind+0x260/0x260
[   24.153964]  ? kasan_check_write+0x14/0x20
[   24.158170]  ucma_write+0x2d6/0x3d0
[   24.161764]  ? ucma_bind+0x260/0x260
[   24.165452]  ? ucma_close_id+0x60/0x60
[   24.169314]  ? ucma_close_id+0x60/0x60
[   24.173170]  __vfs_write+0xef/0x970
[   24.176767]  ? kernel_read+0x120/0x120
[   24.180625]  ? fsnotify+0x7b3/0x1140
[   24.184307]  ? rcu_pm_notify+0xc0/0xc0
[   24.188177]  ? security_file_permission+0x89/0x1e0
[   24.193077]  ? rw_verify_area+0xe5/0x2b0
[   24.197107]  ? __fdget_raw+0x20/0x20
[   24.200792]  vfs_write+0x189/0x510
[   24.204305]  SyS_write+0xef/0x220
[   24.207725]  ? filp_open+0x70/0x70
[   24.211237]  ? SyS_read+0x220/0x220
[   24.214836]  ? do_syscall_64+0xb7/0x940
[   24.218780]  ? SyS_read+0x220/0x220
[   24.222377]  do_syscall_64+0x281/0x940
[   24.226234]  ? __do_page_fault+0xc90/0xc90
[   24.230438]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   24.235164]  ? syscall_return_slowpath+0x550/0x550
[   24.240078]  ? syscall_return_slowpath+0x2ac/0x550
[   24.244975]  ? prepare_exit_to_usermode+0x350/0x350
[   24.249964]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   24.255300]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   24.260115]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   24.265273] RIP: 0033:0x43fdd9
[   24.268432] RSP: 002b:00007ffdfd7b90e8 EFLAGS: 00000217 ORIG_RAX: 0000000000000001
[   24.276194] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdd9
[   24.283434] RDX: 0000000000000090 RSI: 0000000020000080 RDI: 0000000000000003
[   24.290673] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   24.297915] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401700
[   24.305162] R13: 0000000000401790 R14: 0000000000000000 R15: 0000000000000000
[   24.312872] Dumping ftrace buffer:
[   24.316381]    (ftrace buffer empty)
[   24.320059] Kernel Offset: disabled
[   24.323656] Rebooting in 86400 seconds..