INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-next-kasan-gce-5,10.128.0.27' (ECDSA) to the list of known hosts. 2017/08/16 21:04:59 parsed 1 programs 2017/08/16 21:04:59 executed programs: 0 syzkaller login: [ 36.278132] ================================================================== [ 36.285546] BUG: KASAN: wild-memory-access in skb_copy_ubufs+0xc51/0x1940 [ 36.292438] Read of size 4096 at addr 1b91bd495e86926b by task syz-executor0/3320 [ 36.300022] [ 36.301623] CPU: 1 PID: 3320 Comm: syz-executor0 Not tainted 4.13.0-rc5-next-20170816+ #4 [ 36.309902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.319231] Call Trace: [ 36.321793] dump_stack+0x194/0x257 [ 36.325396] ? arch_local_irq_restore+0x53/0x53 [ 36.330055] ? skb_copy_ubufs+0xc51/0x1940 [ 36.334270] kasan_report+0x12e/0x340 [ 36.338052] check_memory_region+0x137/0x190 [ 36.342437] memcpy+0x23/0x50 [ 36.345526] skb_copy_ubufs+0xc51/0x1940 [ 36.349605] ? skb_release_data+0x790/0x790 [ 36.353895] ? find_get_context.isra.84+0x670/0x670 [ 36.358880] ? __is_insn_slot_addr+0x1fc/0x330 [ 36.363443] ? __lock_acquire+0x6aa/0x3bc0 [ 36.367661] ? check_noncircular+0x20/0x20 [ 36.371883] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 36.377047] ? __lock_acquire+0x6aa/0x3bc0 [ 36.381252] ? __free_insn_slot+0x5c0/0x5c0 [ 36.385551] ? __lock_is_held+0xb6/0x140 [ 36.389616] __netif_receive_skb_core+0x24e6/0x33d0 [ 36.394601] ? unwind_get_return_address+0x61/0xa0 [ 36.399522] ? nf_ingress+0x9f0/0x9f0 [ 36.403289] ? perf_trace_run_bpf_submit+0x1a7/0x290 [ 36.408380] ? perf_trace_run_bpf_submit+0x1ae/0x290 [ 36.413462] ? save_stack_trace+0x16/0x20 [ 36.417578] ? save_stack+0x43/0xd0 [ 36.421172] ? kasan_kmalloc+0xad/0xe0 [ 36.425038] ? memset+0x31/0x40 [ 36.428392] ? perf_trace_run_bpf_submit+0x1a7/0x290 [ 36.433481] ? check_noncircular+0x20/0x20 [ 36.437700] ? __skb_flow_dissect+0xfa6/0x3ad0 [ 36.442293] ? __skb_flow_get_ports+0x400/0x400 [ 36.446955] ? find_held_lock+0x35/0x1d0 [ 36.451013] ? netif_receive_skb_internal+0x1d7/0x5e0 [ 36.456189] ? lock_downgrade+0x990/0x990 [ 36.460336] ? pvclock_read_flags+0x160/0x160 [ 36.464826] ? lock_acquire+0x1d5/0x580 [ 36.468773] ? lock_acquire+0x1d5/0x580 [ 36.472725] ? netif_receive_skb_internal+0x93/0x5e0 [ 36.477807] ? ktime_get_with_offset+0x2c1/0x420 [ 36.482548] ? lock_release+0xa40/0xa40 [ 36.486496] ? do_gettimeofday+0x190/0x190 [ 36.490728] __netif_receive_skb+0x2c/0x1b0 [ 36.495024] ? __netif_receive_skb+0x2c/0x1b0 [ 36.499502] netif_receive_skb_internal+0x10b/0x5e0 [ 36.504493] ? dev_cpu_dead+0xb00/0xb00 [ 36.508444] ? tun_device_event+0xca0/0xca0 [ 36.512749] ? rcu_pm_notify+0xc0/0xc0 [ 36.516644] netif_receive_skb+0xae/0x390 [ 36.520767] ? netif_receive_skb_internal+0x5e0/0x5e0 [ 36.525932] ? perf_trace_run_bpf_submit+0x1a7/0x290 [ 36.531010] ? perf_trace_run_bpf_submit+0x1a7/0x290 [ 36.536092] ? perf_trace_run_bpf_submit+0x1ae/0x290 [ 36.541171] ? tun_rx_batched.isra.43+0x5bd/0x860 [ 36.545994] tun_rx_batched.isra.43+0x5e7/0x860 [ 36.550639] ? skb_get_hash_perturb+0x9d0/0x9d0 [ 36.555280] ? tun_sock_write_space+0x370/0x370 [ 36.560010] ? tun_free_netdev+0x1b0/0x1b0 [ 36.564240] ? check_noncircular+0x20/0x20 [ 36.568464] tun_get_user+0x11dd/0x2150 [ 36.572448] ? tun_flow_update+0xf70/0xf70 [ 36.576672] ? __tun_get+0x1ab/0x2e0 [ 36.580360] ? lock_downgrade+0x990/0x990 [ 36.584487] ? lock_release+0xa40/0xa40 [ 36.588440] ? __lock_is_held+0xb6/0x140 [ 36.592496] ? __tun_get+0x1d4/0x2e0 [ 36.596183] ? tun_chr_close+0x60/0x60 [ 36.600060] tun_chr_write_iter+0xd8/0x190 [ 36.604275] __vfs_write+0x684/0x970 [ 36.607967] ? default_llseek+0x290/0x290 [ 36.612099] ? _cond_resched+0x14/0x30 [ 36.615968] ? avc_policy_seqno+0x9/0x20 [ 36.620000] ? selinux_file_permission+0x82/0x460 [ 36.624837] ? rw_verify_area+0xe5/0x2b0 [ 36.628875] ? __fdget_raw+0x20/0x20 [ 36.632569] vfs_write+0x189/0x510 [ 36.636093] SyS_write+0xef/0x220 [ 36.639523] ? SyS_read+0x220/0x220 [ 36.643123] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 36.648118] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 36.652863] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 36.657589] RIP: 0033:0x40b751 [ 36.660746] RSP: 002b:00007f7f1bc96c10 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 36.668427] RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 000000000040b751 [ 36.675669] RDX: 0000000000000011 RSI: 0000000020014fab RDI: 0000000000000003 [ 36.682908] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 36.690148] R10: 00000000000f4246 R11: 0000000000000293 R12: 00000000004bab1b [ 36.697389] R13: 00000000ffffffff R14: 0000000000000011 R15: 0000000020014fab [ 36.704664] ================================================================== [ 36.711988] Disabling lock debugging due to kernel taint [ 36.717458] Kernel panic - not syncing: panic_on_warn set ... [ 36.717458] [ 36.724789] CPU: 1 PID: 3320 Comm: syz-executor0 Tainted: G B 4.13.0-rc5-next-20170816+ #4 [ 36.734281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.743600] Call Trace: [ 36.746158] dump_stack+0x194/0x257 [ 36.749754] ? arch_local_irq_restore+0x53/0x53 [ 36.754388] ? kasan_end_report+0x32/0x50 [ 36.758507] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 36.763244] ? skb_copy_ubufs+0xb90/0x1940 [ 36.767450] panic+0x1e4/0x417 [ 36.770609] ? __warn+0x1d9/0x1d9 [ 36.774047] ? skb_copy_ubufs+0xc51/0x1940 [ 36.778252] kasan_end_report+0x50/0x50 [ 36.782193] kasan_report+0x137/0x340 [ 36.785967] check_memory_region+0x137/0x190 [ 36.790344] memcpy+0x23/0x50 [ 36.793418] skb_copy_ubufs+0xc51/0x1940 [ 36.797469] ? skb_release_data+0x790/0x790 [ 36.801755] ? find_get_context.isra.84+0x670/0x670 [ 36.806737] ? __is_insn_slot_addr+0x1fc/0x330 [ 36.811296] ? __lock_acquire+0x6aa/0x3bc0 [ 36.815509] ? check_noncircular+0x20/0x20 [ 36.819729] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 36.824899] ? __lock_acquire+0x6aa/0x3bc0 [ 36.829106] ? __free_insn_slot+0x5c0/0x5c0 [ 36.833404] ? __lock_is_held+0xb6/0x140 [ 36.837454] __netif_receive_skb_core+0x24e6/0x33d0 [ 36.842440] ? unwind_get_return_address+0x61/0xa0 [ 36.847359] ? nf_ingress+0x9f0/0x9f0 [ 36.851130] ? perf_trace_run_bpf_submit+0x1a7/0x290 [ 36.856214] ? perf_trace_run_bpf_submit+0x1ae/0x290 [ 36.861297] ? save_stack_trace+0x16/0x20 [ 36.865414] ? save_stack+0x43/0xd0 [ 36.869009] ? kasan_kmalloc+0xad/0xe0 [ 36.872867] ? memset+0x31/0x40 [ 36.876131] ? perf_trace_run_bpf_submit+0x1a7/0x290 [ 36.881217] ? check_noncircular+0x20/0x20 [ 36.885428] ? __skb_flow_dissect+0xfa6/0x3ad0 [ 36.890052] ? __skb_flow_get_ports+0x400/0x400 [ 36.894716] ? find_held_lock+0x35/0x1d0 [ 36.898759] ? netif_receive_skb_internal+0x1d7/0x5e0 [ 36.903923] ? lock_downgrade+0x990/0x990 [ 36.908054] ? pvclock_read_flags+0x160/0x160 [ 36.912533] ? lock_acquire+0x1d5/0x580 [ 36.916475] ? lock_acquire+0x1d5/0x580 [ 36.920419] ? netif_receive_skb_internal+0x93/0x5e0 [ 36.925493] ? ktime_get_with_offset+0x2c1/0x420 [ 36.930236] ? lock_release+0xa40/0xa40 [ 36.934178] ? do_gettimeofday+0x190/0x190 [ 36.938396] __netif_receive_skb+0x2c/0x1b0 [ 36.942684] ? __netif_receive_skb+0x2c/0x1b0 [ 36.947153] netif_receive_skb_internal+0x10b/0x5e0 [ 36.952140] ? dev_cpu_dead+0xb00/0xb00 [ 36.956084] ? tun_device_event+0xca0/0xca0 [ 36.960385] ? rcu_pm_notify+0xc0/0xc0 [ 36.964262] netif_receive_skb+0xae/0x390 [ 36.968378] ? netif_receive_skb_internal+0x5e0/0x5e0 [ 36.973541] ? perf_trace_run_bpf_submit+0x1a7/0x290 [ 36.978617] ? perf_trace_run_bpf_submit+0x1a7/0x290 [ 36.983688] ? perf_trace_run_bpf_submit+0x1ae/0x290 [ 36.988764] ? tun_rx_batched.isra.43+0x5bd/0x860 [ 36.993579] tun_rx_batched.isra.43+0x5e7/0x860 [ 36.998220] ? skb_get_hash_perturb+0x9d0/0x9d0 [ 37.002860] ? tun_sock_write_space+0x370/0x370 [ 37.007502] ? tun_free_netdev+0x1b0/0x1b0 [ 37.011718] ? check_noncircular+0x20/0x20 [ 37.015933] tun_get_user+0x11dd/0x2150 [ 37.019899] ? tun_flow_update+0xf70/0xf70 [ 37.024118] ? __tun_get+0x1ab/0x2e0 [ 37.027805] ? lock_downgrade+0x990/0x990 [ 37.031929] ? lock_release+0xa40/0xa40 [ 37.035877] ? __lock_is_held+0xb6/0x140 [ 37.039925] ? __tun_get+0x1d4/0x2e0 [ 37.043610] ? tun_chr_close+0x60/0x60 [ 37.047484] tun_chr_write_iter+0xd8/0x190 [ 37.051696] __vfs_write+0x684/0x970 [ 37.055387] ? default_llseek+0x290/0x290 [ 37.059515] ? _cond_resched+0x14/0x30 [ 37.063375] ? avc_policy_seqno+0x9/0x20 [ 37.067408] ? selinux_file_permission+0x82/0x460 [ 37.072237] ? rw_verify_area+0xe5/0x2b0 [ 37.076270] ? __fdget_raw+0x20/0x20 [ 37.079963] vfs_write+0x189/0x510 [ 37.083482] SyS_write+0xef/0x220 [ 37.086912] ? SyS_read+0x220/0x220 [ 37.090507] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 37.095497] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.100236] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 37.104972] RIP: 0033:0x40b751 [ 37.108131] RSP: 002b:00007f7f1bc96c10 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 37.115818] RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 000000000040b751 [ 37.123060] RDX: 0000000000000011 RSI: 0000000020014fab RDI: 0000000000000003 [ 37.130298] RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 [ 37.137537] R10: 00000000000f4246 R11: 0000000000000293 R12: 00000000004bab1b [ 37.144776] R13: 00000000ffffffff R14: 0000000000000011 R15: 0000000020014fab [ 37.152080] Dumping ftrace buffer: [ 37.155590] (ftrace buffer empty) [ 37.159266] Kernel Offset: disabled [ 37.162864] Rebooting in 86400 seconds..