INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts. 2018/03/29 21:32:50 parsed 1 programs 2018/03/29 21:32:50 executed programs: 0 syzkaller login: [ 28.893616] IPVS: ftp: loaded support on port[0] = 21 [ 28.932822] ================================================================== [ 28.940252] BUG: KASAN: stack-out-of-bounds in rdma_bind_addr+0x13b/0x1d60 [ 28.947238] Read of size 48 at addr ffff8801aa2bfa00 by task syz-executor0/4426 [ 28.954652] [ 28.956252] CPU: 0 PID: 4426 Comm: syz-executor0 Not tainted 4.16.0-rc7+ #280 [ 28.963491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.972819] Call Trace: [ 28.975385] dump_stack+0x194/0x24d [ 28.978985] ? arch_local_irq_restore+0x53/0x53 [ 28.983631] ? show_regs_print_info+0x18/0x18 [ 28.988100] ? lock_release+0xa40/0xa40 [ 28.992048] ? __radix_tree_lookup+0x435/0x5e0 [ 28.996600] ? get_futex_key+0x1d50/0x1d50 [ 29.000807] ? rdma_bind_addr+0x13b/0x1d60 [ 29.005014] print_address_description+0x73/0x250 [ 29.009842] ? rdma_bind_addr+0x13b/0x1d60 [ 29.014056] kasan_report+0x23c/0x360 [ 29.017836] check_memory_region+0x137/0x190 [ 29.022217] memcpy+0x23/0x50 [ 29.025299] rdma_bind_addr+0x13b/0x1d60 [ 29.029334] ? lock_release+0xa40/0xa40 [ 29.033281] ? check_same_owner+0x320/0x320 [ 29.037581] ? cma_ndev_work_handler+0x1a0/0x1a0 [ 29.042325] ucma_bind_ip+0x10a/0x190 [ 29.046110] ? ucma_bind+0x260/0x260 [ 29.049802] ? kasan_check_write+0x14/0x20 [ 29.054013] ucma_write+0x2d6/0x3d0 [ 29.057610] ? ucma_bind+0x260/0x260 [ 29.061296] ? ucma_close_id+0x60/0x60 [ 29.065170] ? ucma_close_id+0x60/0x60 [ 29.069031] __vfs_write+0xef/0x970 [ 29.072656] ? kernel_read+0x120/0x120 [ 29.076527] ? fsnotify+0x7b3/0x1140 [ 29.080214] ? __do_page_fault+0x5f7/0xc90 [ 29.084432] ? security_file_permission+0x89/0x1e0 [ 29.089337] ? rw_verify_area+0xe5/0x2b0 [ 29.093367] ? __fdget_raw+0x20/0x20 [ 29.097055] vfs_write+0x189/0x510 [ 29.100570] SyS_write+0xef/0x220 [ 29.103993] ? __do_page_fault+0x3d6/0xc90 [ 29.108201] ? SyS_read+0x220/0x220 [ 29.111801] ? do_fast_syscall_32+0x156/0xf9f [ 29.116271] ? SyS_read+0x220/0x220 [ 29.119873] do_fast_syscall_32+0x3ec/0xf9f [ 29.124187] ? do_int80_syscall_32+0x9c0/0x9c0 [ 29.128742] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.133478] ? syscall_return_slowpath+0x2ac/0x550 [ 29.138381] ? prepare_exit_to_usermode+0x350/0x350 [ 29.143370] ? sysret32_from_system_call+0x5/0x3c [ 29.148192] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.153012] entry_SYSENTER_compat+0x70/0x7f [ 29.157390] RIP: 0023:0xf7f0fc99 [ 29.160723] RSP: 002b:00000000fffbc88c EFLAGS: 00000286 ORIG_RAX: 0000000000000004 [ 29.168400] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000080 [ 29.175646] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 29.182902] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 29.190147] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 29.197388] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 29.204644] [ 29.206242] The buggy address belongs to the page: [ 29.211142] page:ffffea0006a8afc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 29.219264] flags: 0x2fffc0000000000() [ 29.223122] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 29.230975] raw: 0000000000000000 ffffea0006a80101 0000000000000000 0000000000000000 [ 29.238828] page dumped because: kasan: bad access detected [ 29.244505] [ 29.246099] Memory state around the buggy address: [ 29.250997] ffff8801aa2bf900: f1 f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2 [ 29.258324] ffff8801aa2bf980: f3 f3 f3 f3 00 00 00 00 00 00 00 f1 f1 f1 f1 00 [ 29.265651] >ffff8801aa2bfa00: 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 [ 29.272980] ^ [ 29.277365] ffff8801aa2bfa80: 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f3 f3 f3 [ 29.284709] ffff8801aa2bfb00: f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 29.292036] ================================================================== [ 29.299365] Disabling lock debugging due to kernel taint [ 29.304885] Kernel panic - not syncing: panic_on_warn set ... [ 29.304885] [ 29.312223] CPU: 0 PID: 4426 Comm: syz-executor0 Tainted: G B 4.16.0-rc7+ #280 [ 29.320769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.330095] Call Trace: [ 29.332662] dump_stack+0x194/0x24d [ 29.336262] ? arch_local_irq_restore+0x53/0x53 [ 29.340903] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.345631] ? vsnprintf+0x1ed/0x1900 [ 29.349401] ? rdma_bind_addr+0xd0/0x1d60 [ 29.353520] panic+0x1e4/0x41c [ 29.356694] ? refcount_error_report+0x214/0x214 [ 29.361420] ? add_taint+0x1c/0x50 [ 29.364928] ? add_taint+0x1c/0x50 [ 29.368439] ? rdma_bind_addr+0x13b/0x1d60 [ 29.372644] kasan_end_report+0x50/0x50 [ 29.376588] kasan_report+0x149/0x360 [ 29.380358] check_memory_region+0x137/0x190 [ 29.384735] memcpy+0x23/0x50 [ 29.387814] rdma_bind_addr+0x13b/0x1d60 [ 29.391847] ? lock_release+0xa40/0xa40 [ 29.395795] ? check_same_owner+0x320/0x320 [ 29.400088] ? cma_ndev_work_handler+0x1a0/0x1a0 [ 29.404826] ucma_bind_ip+0x10a/0x190 [ 29.408594] ? ucma_bind+0x260/0x260 [ 29.412282] ? kasan_check_write+0x14/0x20 [ 29.416494] ucma_write+0x2d6/0x3d0 [ 29.420106] ? ucma_bind+0x260/0x260 [ 29.423798] ? ucma_close_id+0x60/0x60 [ 29.427667] ? ucma_close_id+0x60/0x60 [ 29.431529] __vfs_write+0xef/0x970 [ 29.435137] ? kernel_read+0x120/0x120 [ 29.438999] ? fsnotify+0x7b3/0x1140 [ 29.442686] ? __do_page_fault+0x5f7/0xc90 [ 29.446902] ? security_file_permission+0x89/0x1e0 [ 29.451837] ? rw_verify_area+0xe5/0x2b0 [ 29.455885] ? __fdget_raw+0x20/0x20 [ 29.459586] vfs_write+0x189/0x510 [ 29.463110] SyS_write+0xef/0x220 [ 29.466539] ? __do_page_fault+0x3d6/0xc90 [ 29.470767] ? SyS_read+0x220/0x220 [ 29.474368] ? do_fast_syscall_32+0x156/0xf9f [ 29.478834] ? SyS_read+0x220/0x220 [ 29.482433] do_fast_syscall_32+0x3ec/0xf9f [ 29.486733] ? do_int80_syscall_32+0x9c0/0x9c0 [ 29.491285] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.496022] ? syscall_return_slowpath+0x2ac/0x550 [ 29.500929] ? prepare_exit_to_usermode+0x350/0x350 [ 29.505917] ? sysret32_from_system_call+0x5/0x3c [ 29.510730] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.515546] entry_SYSENTER_compat+0x70/0x7f [ 29.519925] RIP: 0023:0xf7f0fc99 [ 29.523256] RSP: 002b:00000000fffbc88c EFLAGS: 00000286 ORIG_RAX: 0000000000000004 [ 29.530934] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000080 [ 29.538176] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000 [ 29.545416] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 29.552656] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 29.559896] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 29.567482] Dumping ftrace buffer: [ 29.570997] (ftrace buffer empty) [ 29.574683] Kernel Offset: disabled [ 29.578284] Rebooting in 86400 seconds..