[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 21.638821] random: sshd: uninitialized urandom read (32 bytes read, 34 bits of entropy available)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 23.124393] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[ 23.382750] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available)
[ 24.413505] random: nonblocking pool is initialized
Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts.
2018/04/25 13:35:22 parsed 1 programs
2018/04/25 13:35:22 executed programs: 0
[ 30.567982] IPVS: Creating netns size=2552 id=1
[ 30.817974] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 30.834793] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 30.918311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 30.932703] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 31.017954] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 31.032618] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 31.049791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 31.067853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 31.844114] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 31.928783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 32.302299] ==================================================================
[ 32.309718] BUG: KASAN: slab-out-of-bounds in ip6_tnl_xmit2+0x2043/0x20d0
[ 32.316624] Read of size 16 at addr ffff8801d7b8d030 by task syz-executor0/4150
[ 32.324113]
[ 32.325723] CPU: 1 PID: 4150 Comm: syz-executor0 Not tainted 4.4.128-gbd23e3a #19
[ 32.333321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 32.342658] 0000000000000000 54c227b52dec9696 ffff8801d78b6f90 ffffffff81e0daad
[ 32.350707] ffffea00075ee300 ffff8801d7b8d030 0000000000000000 ffff8801d7b8d038
[ 32.358740] ffff8800bb84a200 ffff8801d78b6fc8 ffffffff815150ac ffff8801d7b8d030
[ 32.366757] Call Trace:
[ 32.369332] [<ffffffff81e0daad>] dump_stack+0xc1/0x124
[ 32.374684] [<ffffffff815150ac>] print_address_description+0x6c/0x216
[ 32.381331] [<ffffffff815153cb>] kasan_report.cold.7+0x175/0x2f7
[ 32.387551] [<ffffffff83543633>] ? ip6_tnl_xmit2+0x2043/0x20d0
[ 32.393602] [<ffffffff814f8f9f>] __asan_report_load_n_noabort+0xf/0x20
[ 32.400344] [<ffffffff83543633>] ip6_tnl_xmit2+0x2043/0x20d0
[ 32.406216] [<ffffffff8122f876>] ? __lock_acquire+0xa86/0x5270
[ 32.412261] [<ffffffff835415f0>] ? ip6ip6_err+0x530/0x530
[ 32.417878] [<ffffffff8122edf0>] ? debug_check_no_locks_freed+0x210/0x210
[ 32.424879] [<ffffffff8122edf0>] ? debug_check_no_locks_freed+0x210/0x210
[ 32.431880] [<ffffffff8122edf0>] ? debug_check_no_locks_freed+0x210/0x210
[ 32.438881] [<ffffffff813202a0>] ? make_kuid+0xf0/0x180
[ 32.444317] [<ffffffff83543fd0>] ip6_tnl_xmit+0x910/0xc60
[ 32.449928] [<ffffffff835436c0>] ? ip6_tnl_xmit2+0x20d0/0x20d0
[ 32.455979] [<ffffffff82f86eb1>] dev_hard_start_xmit+0x7b1/0x11c0
[ 32.462285] [<ffffffff82f867a8>] ? dev_hard_start_xmit+0xa8/0x11c0
[ 32.468668] [<ffffffff82f89240>] __dev_queue_xmit+0x16c0/0x1c80
[ 32.474801] [<ffffffff82f87d57>] ? __dev_queue_xmit+0x1d7/0x1c80
[ 32.481033] [<ffffffff8122edf0>] ? debug_check_no_locks_freed+0x210/0x210
[ 32.488031] [<ffffffff82f87b80>] ? netdev_pick_tx+0x2c0/0x2c0
[ 32.493983] [<ffffffff81c6b310>] ? selinux_ip_postroute_compat+0x390/0x390
[ 32.501061] [<ffffffff83112be0>] ? ctnetlink_expect_event+0x770/0x770
[ 32.507706] [<ffffffff81e6d65b>] ? check_preemption_disabled+0x3b/0x170
[ 32.514551] [<ffffffff82f89817>] dev_queue_xmit+0x17/0x20
[ 32.520164] [<ffffffff82f9b015>] neigh_direct_output+0x15/0x20
[ 32.526223] [<ffffffff832131db>] ip_finish_output2+0x6ab/0x1110
[ 32.532351] [<ffffffff83212d42>] ? ip_finish_output2+0x212/0x1110
[ 32.538652] [<ffffffff830f9c15>] ? nf_ct_deliver_cached_events+0x335/0x560
[ 32.545751] [<ffffffff830f9963>] ? nf_ct_deliver_cached_events+0x83/0x560
[ 32.552751] [<ffffffff83212b30>] ? ip_copy_metadata+0x700/0x700
[ 32.558880] [<ffffffff8320dcdc>] ? ip_options_fragment+0x1ac/0x280
[ 32.565289] [<ffffffff832155cb>] ip_do_fragment+0x198b/0x2150
[ 32.571248] [<ffffffff83212b30>] ? ip_copy_metadata+0x700/0x700
[ 32.577381] [<ffffffff83215ed3>] ip_fragment.constprop.50+0x143/0x200
[ 32.584038] [<ffffffff83216654>] ip_finish_output+0x6c4/0xbc0
[ 32.590007] [<ffffffff83219783>] ip_mc_output+0x233/0x980
[ 32.595613] [<ffffffff83219550>] ? ip_queue_xmit+0x1ab0/0x1ab0
[ 32.601675] [<ffffffff8321cf16>] ? ip_make_skb+0x116/0x210
[ 32.607372] [<ffffffff83215f90>] ? ip_fragment.constprop.50+0x200/0x200
[ 32.614194] [<ffffffff8321ce00>] ? ip_flush_pending_frames+0x30/0x30
[ 32.620755] [<ffffffff8321702b>] ip_local_out+0x9b/0x180
[ 32.626280] [<ffffffff8321cccc>] ip_send_skb+0x3c/0xc0
[ 32.631633] [<ffffffff832c5093>] udp_send_skb+0x5c3/0xc60
[ 32.637241] [<ffffffff832cdc4e>] udp_sendmsg+0x16ce/0x1bb0
[ 32.642945] [<ffffffff8320f390>] ? ip_reply_glue_bits+0xc0/0xc0
[ 32.649085] [<ffffffff832cc580>] ? udp4_lib_lookup+0x60/0x60
[ 32.655134] [<ffffffff832bbb50>] ? ip4_datagram_connect+0x50/0x50
[ 32.661436] [<ffffffff8113d8fa>] ? __local_bh_enable_ip+0x6a/0xd0
[ 32.667738] [<ffffffff8113d8fa>] ? __local_bh_enable_ip+0x6a/0xd0
[ 32.674065] [<ffffffff838bdc70>] ? _raw_spin_unlock_bh+0x30/0x40
[ 32.680275] [<ffffffff82f291b6>] ? release_sock+0x3b6/0x500
[ 32.686069] [<ffffffff832cabd9>] ? udp_v4_get_port+0x139/0x180
[ 32.692113] [<ffffffff832fd7a3>] inet_sendmsg+0x203/0x4d0
[ 32.697718] [<ffffffff832fd613>] ? inet_sendmsg+0x73/0x4d0
[ 32.703405] [<ffffffff832fd5a0>] ? inet_recvmsg+0x4c0/0x4c0
[ 32.709179] [<ffffffff82f1ba9c>] sock_sendmsg+0xcc/0x110
[ 32.714694] [<ffffffff82f1c77c>] SYSC_sendto+0x21c/0x370
[ 32.720212] [<ffffffff82f1c560>] ? SYSC_connect+0x300/0x300
[ 32.725997] [<ffffffff810cc640>] ? native_set_pte_at+0xe0/0xe0
[ 32.732050] [<ffffffff81508b37>] ? do_huge_pmd_anonymous_page+0x737/0x9d0
[ 32.739060] [<ffffffff838bdc1c>] ? _raw_spin_unlock+0x2c/0x50
[ 32.745014] [<ffffffff812d2771>] ? compat_SyS_futex+0x1e1/0x2f0
[ 32.751144] [<ffffffff812d2590>] ? compat_SyS_get_robust_list+0x310/0x310
[ 32.758143] [<ffffffff82f1ee00>] SyS_sendto+0x40/0x50
[ 32.763401] [<ffffffff82f1edc0>] ? SyS_getpeername+0x30/0x30
[ 32.769274] [<ffffffff81006d96>] do_fast_syscall_32+0x326/0x8b0
[ 32.775406] [<ffffffff838c00aa>] sysenter_flags_fixed+0xd/0x17
[ 32.781441]
[ 32.783047] Allocated by task 4150:
[ 32.786650] [<ffffffff810341d6>] save_stack_trace+0x26/0x50
[ 32.792562] [<ffffffff814f7f73>] save_stack+0x43/0xd0
[ 32.797967] [<ffffffff814f8257>] kasan_kmalloc+0xc7/0xe0
[ 32.803705] [<ffffffff814f4974>] __kmalloc+0x124/0x310
[ 32.809179] [<ffffffff82fabd36>] __neigh_create+0x1d6/0x1b20
[ 32.815167] [<ffffffff831ec2bd>] ipv4_neigh_lookup+0x4dd/0x700
[ 32.821326] [<ffffffff83541c03>] ip6_tnl_xmit2+0x613/0x20d0
[ 32.827227] [<ffffffff83543fd0>] ip6_tnl_xmit+0x910/0xc60
[ 32.832949] [<ffffffff82f86eb1>] dev_hard_start_xmit+0x7b1/0x11c0
[ 32.839369] [<ffffffff82f89240>] __dev_queue_xmit+0x16c0/0x1c80
[ 32.845630] [<ffffffff82f89817>] dev_queue_xmit+0x17/0x20
[ 32.851357] [<ffffffff82f9b015>] neigh_direct_output+0x15/0x20
[ 32.857518] [<ffffffff832131db>] ip_finish_output2+0x6ab/0x1110
[ 32.863775] [<ffffffff832155cb>] ip_do_fragment+0x198b/0x2150
[ 32.869856] [<ffffffff83215ed3>] ip_fragment.constprop.50+0x143/0x200
[ 32.876631] [<ffffffff83216654>] ip_finish_output+0x6c4/0xbc0
[ 32.882724] [<ffffffff83219783>] ip_mc_output+0x233/0x980
[ 32.888457] [<ffffffff8321702b>] ip_local_out+0x9b/0x180
[ 32.894099] [<ffffffff8321cccc>] ip_send_skb+0x3c/0xc0
[ 32.899569] [<ffffffff832c5093>] udp_send_skb+0x5c3/0xc60
[ 32.905305] [<ffffffff832cdc4e>] udp_sendmsg+0x16ce/0x1bb0
[ 32.911129] [<ffffffff832fd7a3>] inet_sendmsg+0x203/0x4d0
[ 32.916863] [<ffffffff82f1ba9c>] sock_sendmsg+0xcc/0x110
[ 32.922505] [<ffffffff82f1c77c>] SYSC_sendto+0x21c/0x370
[ 32.928242] [<ffffffff82f1ee00>] SyS_sendto+0x40/0x50
[ 32.933618] [<ffffffff81006d96>] do_fast_syscall_32+0x326/0x8b0
[ 32.939866] [<ffffffff838c00aa>] sysenter_flags_fixed+0xd/0x17
[ 32.946037]
[ 32.947644] Freed by task 0:
[ 32.950634] (stack is not available)
[ 32.954320]
[ 32.955931] The buggy address belongs to the object at ffff8801d7b8cd80
[ 32.955931] which belongs to the cache kmalloc-1024 of size 1024
[ 32.968738] The buggy address is located 688 bytes inside of
[ 32.968738] 1024-byte region [ffff8801d7b8cd80, ffff8801d7b8d180)
[ 32.980684] The buggy address belongs to the page:
[ 33.013923] syz-executor0: Corrupted page table at address 804f3d8
[ 33.020285] PGD 80000001d060e067 PUD 1d060f067 PMD 1d0619067 PTE ffffffff8148ca77
[ 33.028442] Bad pagetable: 0009 [#1] PREEMPT SMP KASAN
[ 33.034298] Dumping ftrace buffer:
[ 33.037827] (ftrace buffer empty)
[ 33.041558] Modules linked in:
[ 33.044889] CPU: 0 PID: 3795 Comm: w�H�����utor0 Not tainted 4.4.128-gbd23e3a #19
[ 33.052606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 33.061968] task: ffff8801cb46e000 task.stack: ffffea00075ee300
[ 33.068029] RIP: 0010:[<ffffffff81e39dee>] [<ffffffff81e39dee>] copy_user_generic_unrolled+0x9e/0xc0
[ 33.077654] RSP: 0000:ffff8801d91e7d00 EFLAGS: 00010202
[ 33.083210] RAX: ffff8801cb46e000 RBX: ffff8801d91e7d88 RCX: 0000000000000001
[ 33.090502] RDX: 0000000000000001 RSI: 000000000804f3d8 RDI: ffff8801d91e7d88
[ 33.097801] RBP: ffff8801d91e7d30 R08: ffff8801cb46e900 R09: 0000000000000001
[ 33.105073] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
[ 33.112367] R13: 00007ffffffff000 R14: 000000000804f3d8 R15: ffff8801cb46e000
[ 33.119640] FS: 0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:000000000995e900
[ 33.127868] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 33.133751] CR2: 000000000804f3d8 CR3: 00000001d996c000 CR4: 0000000000160670
[ 33.141026] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.148298] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.155572] Stack:
[ 33.157749] ffffffff8142a327 000000000804f3d8 ffff8801d91e7e08 000000000804f3e7
[ 33.165855] ffff8801d91e7d88 ffff8801d91e7f58 ffff8801d91e7e30 ffffffff810d5384
[ 33.174130] fffffbfff088e71d ffff8801d91e7fe0 000000084ae0f9a1 1ffff1003b23cfad
[ 33.182253] Call Trace:
[ 33.184832] <UNK>
[ 33.186885] Code: [ 33.189162] ------------[ cut here ]------------
[ 33.193927] WARNING: CPU: 0 PID: 3795 at include/linux/uaccess.h:15 __probe_kernel_read+0x1b9/0x200()
[ 33.203383] Kernel panic - not syncing: panic_on_warn set ...
[ 33.203383]
[ 34.352884] Shutting down cpus with NMI
[ 34.358082] Dumping ftrace buffer:
[ 34.361614] (ftrace buffer empty)
[ 34.365295] Kernel Offset: disabled
[ 34.368892] Rebooting in 86400 seconds..