INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.44' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.624529] ================================================================== [ 28.631945] BUG: KASAN: stack-out-of-bounds in rdma_bind_addr+0x13b/0x1d60 [ 28.638936] Read of size 48 at addr ffff8801af717a50 by task syzkaller366236/4421 [ 28.646531] [ 28.648140] CPU: 0 PID: 4421 Comm: syzkaller366236 Not tainted 4.16.0-rc7+ #5 [ 28.655384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.664709] Call Trace: [ 28.667283] dump_stack+0x194/0x24d [ 28.670890] ? arch_local_irq_restore+0x53/0x53 [ 28.675552] ? show_regs_print_info+0x18/0x18 [ 28.680022] ? lock_release+0xa40/0xa40 [ 28.683987] ? __radix_tree_lookup+0x435/0x5e0 [ 28.688547] ? rdma_bind_addr+0x13b/0x1d60 [ 28.692757] print_address_description+0x73/0x250 [ 28.697571] ? rdma_bind_addr+0x13b/0x1d60 [ 28.701779] kasan_report+0x23c/0x360 [ 28.705556] check_memory_region+0x137/0x190 [ 28.709945] memcpy+0x23/0x50 [ 28.713025] rdma_bind_addr+0x13b/0x1d60 [ 28.717071] ? lock_release+0xa40/0xa40 [ 28.721018] ? check_same_owner+0x320/0x320 [ 28.725317] ? cma_ndev_work_handler+0x1a0/0x1a0 [ 28.730147] ucma_bind_ip+0x10a/0x190 [ 28.733920] ? ucma_bind+0x260/0x260 [ 28.737614] ? kasan_check_write+0x14/0x20 [ 28.741832] ucma_write+0x2d6/0x3d0 [ 28.745433] ? ucma_bind+0x260/0x260 [ 28.749122] ? ucma_close_id+0x60/0x60 [ 28.752990] ? ucma_close_id+0x60/0x60 [ 28.756849] __vfs_write+0xef/0x970 [ 28.760453] ? kernel_read+0x120/0x120 [ 28.764318] ? fsnotify+0x7b3/0x1140 [ 28.768005] ? rcu_pm_notify+0xc0/0xc0 [ 28.771882] ? security_file_permission+0x89/0x1e0 [ 28.776785] ? rw_verify_area+0xe5/0x2b0 [ 28.780816] ? __fdget_raw+0x20/0x20 [ 28.784508] vfs_write+0x189/0x510 [ 28.788034] SyS_write+0xef/0x220 [ 28.791471] ? filp_open+0x70/0x70 [ 28.794985] ? SyS_read+0x220/0x220 [ 28.798590] ? do_syscall_64+0xb7/0x940 [ 28.802538] ? SyS_read+0x220/0x220 [ 28.806140] do_syscall_64+0x281/0x940 [ 28.810000] ? __do_page_fault+0xc90/0xc90 [ 28.814207] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.818941] ? syscall_return_slowpath+0x550/0x550 [ 28.823842] ? syscall_return_slowpath+0x2ac/0x550 [ 28.828744] ? prepare_exit_to_usermode+0x350/0x350 [ 28.833736] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 28.839075] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.843896] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 28.849058] RIP: 0033:0x43fdd9 [ 28.852222] RSP: 002b:00007ffc69ab4bb8 EFLAGS: 00000217 ORIG_RAX: 0000000000000001 [ 28.859901] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdd9 [ 28.867144] RDX: 0000000000000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 28.874388] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 28.881718] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401700 [ 28.888959] R13: 0000000000401790 R14: 0000000000000000 R15: 0000000000000000 [ 28.896239] [ 28.897850] The buggy address belongs to the page: [ 28.902750] page:ffffea0006bdc5c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 28.910864] flags: 0x2fffc0000000000() [ 28.914724] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 28.922576] raw: 0000000000000000 ffffea0006bd0101 0000000000000000 0000000000000000 [ 28.930423] page dumped because: kasan: bad access detected [ 28.936106] [ 28.937702] Memory state around the buggy address: [ 28.942601] ffff8801af717900: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 [ 28.949944] ffff8801af717980: f2 f2 f2 f2 f2 f2 04 f2 f2 f2 f3 f3 f3 f3 00 00 [ 28.957275] >ffff8801af717a00: 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 f2 f2 [ 28.964603] ^ [ 28.971585] ffff8801af717a80: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 28.978913] ffff8801af717b00: f1 f1 f1 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 [ 28.986245] ================================================================== [ 28.993585] Disabling lock debugging due to kernel taint [ 28.999142] Kernel panic - not syncing: panic_on_warn set ... [ 28.999142] [ 29.006491] CPU: 0 PID: 4421 Comm: syzkaller366236 Tainted: G B 4.16.0-rc7+ #5 [ 29.015035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.024360] Call Trace: [ 29.026921] dump_stack+0x194/0x24d [ 29.030519] ? arch_local_irq_restore+0x53/0x53 [ 29.035159] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.039895] ? vsnprintf+0x1ed/0x1900 [ 29.043671] ? rdma_bind_addr+0xd0/0x1d60 [ 29.047788] panic+0x1e4/0x41c [ 29.050951] ? refcount_error_report+0x214/0x214 [ 29.055676] ? add_taint+0x1c/0x50 [ 29.059186] ? add_taint+0x1c/0x50 [ 29.062696] ? rdma_bind_addr+0x13b/0x1d60 [ 29.066911] kasan_end_report+0x50/0x50 [ 29.070856] kasan_report+0x149/0x360 [ 29.074625] check_memory_region+0x137/0x190 [ 29.079001] memcpy+0x23/0x50 [ 29.082085] rdma_bind_addr+0x13b/0x1d60 [ 29.086115] ? lock_release+0xa40/0xa40 [ 29.090060] ? check_same_owner+0x320/0x320 [ 29.094355] ? cma_ndev_work_handler+0x1a0/0x1a0 [ 29.099090] ucma_bind_ip+0x10a/0x190 [ 29.102863] ? ucma_bind+0x260/0x260 [ 29.106550] ? kasan_check_write+0x14/0x20 [ 29.110757] ucma_write+0x2d6/0x3d0 [ 29.114355] ? ucma_bind+0x260/0x260 [ 29.118043] ? ucma_close_id+0x60/0x60 [ 29.121903] ? ucma_close_id+0x60/0x60 [ 29.125759] __vfs_write+0xef/0x970 [ 29.129357] ? kernel_read+0x120/0x120 [ 29.133216] ? fsnotify+0x7b3/0x1140 [ 29.136906] ? rcu_pm_notify+0xc0/0xc0 [ 29.140771] ? security_file_permission+0x89/0x1e0 [ 29.145683] ? rw_verify_area+0xe5/0x2b0 [ 29.149714] ? __fdget_raw+0x20/0x20 [ 29.153399] vfs_write+0x189/0x510 [ 29.156912] SyS_write+0xef/0x220 [ 29.160332] ? filp_open+0x70/0x70 [ 29.163846] ? SyS_read+0x220/0x220 [ 29.167633] ? do_syscall_64+0xb7/0x940 [ 29.171581] ? SyS_read+0x220/0x220 [ 29.175180] do_syscall_64+0x281/0x940 [ 29.179038] ? __do_page_fault+0xc90/0xc90 [ 29.183247] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.187973] ? syscall_return_slowpath+0x550/0x550 [ 29.192871] ? syscall_return_slowpath+0x2ac/0x550 [ 29.197777] ? prepare_exit_to_usermode+0x350/0x350 [ 29.202767] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 29.208104] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.212934] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 29.218094] RIP: 0033:0x43fdd9 [ 29.221260] RSP: 002b:00007ffc69ab4bb8 EFLAGS: 00000217 ORIG_RAX: 0000000000000001 [ 29.228951] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdd9 [ 29.236192] RDX: 0000000000000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 29.243430] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 29.250669] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401700 [ 29.257910] R13: 0000000000401790 R14: 0000000000000000 R15: 0000000000000000 [ 29.265578] Dumping ftrace buffer: [ 29.269088] (ftrace buffer empty) [ 29.272768] Kernel Offset: disabled [ 29.276366] Rebooting in 86400 seconds..