INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts. 2018/03/27 22:04:52 parsed 1 programs 2018/03/27 22:04:52 executed programs: 0 syzkaller login: [ 23.981503] IPVS: ftp: loaded support on port[0] = 21 [ 24.021947] IPVS: ftp: loaded support on port[0] = 21 [ 24.055206] IPVS: ftp: loaded support on port[0] = 21 [ 24.093026] kasan: CONFIG_KASAN_INLINE enabled [ 24.094142] BUG: unable to handle kernel [ 24.097699] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 24.097704] paging request at ffff8801b4435000 [ 24.113719] IP: __memmove+0x24/0x1a0 [ 24.117400] PGD 9cee067 P4D 9cee067 PUD 1ba6a6063 PMD 1d158f063 PTE 80000001b4435161 [ 24.125262] Oops: 0003 [#1] SMP KASAN [ 24.129036] Dumping ftrace buffer: [ 24.132547] (ftrace buffer empty) [ 24.136228] Modules linked in: [ 24.139393] CPU: 1 PID: 4326 Comm: syz-executor4 Not tainted 4.16.0-rc7+ #278 [ 24.146634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.155963] RIP: 0010:__memmove+0x24/0x1a0 [ 24.160166] RSP: 0018:ffff8801bcc2edd8 EFLAGS: 00010287 [ 24.165499] RAX: ffff8801b3b950c4 RBX: fffffffffffffffe RCX: ffffffffff7600c2 [ 24.172742] RDX: fffffffffffffffe RSI: ffff8801b4434ffc RDI: ffff8801b4435000 [ 24.180006] RBP: ffff8801bcc2edf8 R08: ffff8801b3b950be R09: ffffed0036772a19 [ 24.187247] R10: 0000000000000001 R11: ffffed0036772a18 R12: ffff8801b3b950c4 [ 24.194487] R13: ffff8801b3b950c0 R14: ffff8801bc67ae86 R15: ffff8801bc67adc0 [ 24.201732] FS: 0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:00000000f7f33b40 [ 24.209926] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 24.215777] CR2: ffff8801b4435000 CR3: 00000001bee22001 CR4: 00000000001606e0 [ 24.223021] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.230261] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.237502] Call Trace: [ 24.240059] ? memmove+0x45/0x50 [ 24.243401] skb_vlan_untag+0x470/0xc40 [ 24.247347] ? skb_vlan_pop+0x2a0/0x2a0 [ 24.251296] ? __lock_is_held+0xb6/0x140 [ 24.255337] __netif_receive_skb_core+0x119c/0x3460 [ 24.260339] ? nf_ingress+0x9f0/0x9f0 [ 24.264116] ? __skb_flow_dissect+0x4ce/0x3f00 [ 24.268675] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.273838] ? __skb_flow_get_ports+0x420/0x420 [ 24.278478] ? trace_hardirqs_off+0x10/0x10 [ 24.282775] ? __lock_is_held+0xb6/0x140 [ 24.286809] ? trace_hardirqs_off+0x10/0x10 [ 24.291110] ? find_held_lock+0x35/0x1d0 [ 24.295148] ? find_held_lock+0x35/0x1d0 [ 24.299185] ? netif_receive_skb_internal+0x1d7/0x670 [ 24.304357] ? lock_downgrade+0x980/0x980 [ 24.308483] ? pvclock_read_flags+0x160/0x160 [ 24.312955] ? lock_acquire+0x1d5/0x580 [ 24.316900] ? lock_acquire+0x1d5/0x580 [ 24.320849] ? netif_receive_skb_internal+0xa2/0x670 [ 24.325923] ? ktime_get_with_offset+0x2c1/0x420 [ 24.330651] ? lock_release+0xa40/0xa40 [ 24.334597] ? ktime_get+0x3a0/0x3a0 [ 24.338286] ? debug_object_fixup+0x30/0x30 [ 24.342579] ? find_held_lock+0x35/0x1d0 [ 24.346619] __netif_receive_skb+0x2c/0x1b0 [ 24.350912] ? __netif_receive_skb+0x2c/0x1b0 [ 24.355378] netif_receive_skb_internal+0x10b/0x670 [ 24.360364] ? dev_cpu_dead+0xb00/0xb00 [ 24.364312] ? __do_once_done+0xf2/0x300 [ 24.368344] ? rcu_pm_notify+0xc0/0xc0 [ 24.372210] netif_receive_skb+0xae/0x390 [ 24.376328] ? netif_receive_skb_internal+0x670/0x670 [ 24.381491] ? find_held_lock+0x35/0x1d0 [ 24.385527] ? tun_rx_batched.isra.50+0x5c4/0x870 [ 24.390343] tun_rx_batched.isra.50+0x5ee/0x870 [ 24.394985] ? tun_sock_write_space+0x370/0x370 [ 24.399635] tun_get_user+0x299e/0x3c20 [ 24.403587] ? find_held_lock+0x35/0x1d0 [ 24.407630] ? tun_build_skb.isra.48+0x1840/0x1840 [ 24.412533] ? find_held_lock+0x35/0x1d0 [ 24.416569] ? __fget+0x342/0x5b0 [ 24.420004] ? tun_get+0x1ab/0x2e0 [ 24.423519] ? lock_release+0xa40/0xa40 [ 24.427466] ? __lock_is_held+0xb6/0x140 [ 24.431505] ? tun_get+0x1d4/0x2e0 [ 24.435014] ? tun_do_read+0x27c0/0x27c0 [ 24.439051] ? sock_unregister+0x140/0x140 [ 24.443258] tun_chr_write_iter+0xb9/0x160 [ 24.447466] __vfs_write+0x684/0x970 [ 24.451153] ? kernel_read+0x120/0x120 [ 24.455022] ? __schedule+0x1ec0/0x1ec0 [ 24.458972] ? rw_verify_area+0xe5/0x2b0 [ 24.463002] ? __fdget_raw+0x20/0x20 [ 24.466691] vfs_write+0x189/0x510 [ 24.470205] SyS_write+0xef/0x220 [ 24.473631] ? exit_to_usermode_loop+0x198/0x2f0 [ 24.478358] ? SyS_read+0x220/0x220 [ 24.481957] ? do_fast_syscall_32+0x156/0xf9f [ 24.486424] ? SyS_read+0x220/0x220 [ 24.490024] do_fast_syscall_32+0x3ec/0xf9f [ 24.494320] ? do_int80_syscall_32+0x9c0/0x9c0 [ 24.498874] ? _raw_spin_unlock_irq+0x27/0x70 [ 24.503341] ? finish_task_switch+0x1c1/0x7e0 [ 24.507837] ? syscall_return_slowpath+0x2ac/0x550 [ 24.512740] ? prepare_exit_to_usermode+0x350/0x350 [ 24.517726] ? sysret32_from_system_call+0x5/0x3c [ 24.522542] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.527359] entry_SYSENTER_compat+0x70/0x7f [ 24.531735] RIP: 0023:0xf7f37c99 [ 24.535070] RSP: 002b:00000000f7f3309c EFLAGS: 00000286 ORIG_RAX: 0000000000000004 [ 24.542750] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000180 [ 24.549990] RDX: 000000000000004a RSI: 0000000000000000 RDI: 0000000000000000 [ 24.557231] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 24.564470] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 24.571711] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 24.578961] Code: 90 90 90 90 90 90 90 48 89 f8 48 83 fa 20 0f 82 03 01 00 00 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f 9f 00 00 00 48 89 d1 a4 c3 48 81 fa a8 02 00 00 72 05 40 38 fe 74 3b 48 83 ea 20 [ 24.598053] RIP: __memmove+0x24/0x1a0 RSP: ffff8801bcc2edd8 [ 24.603731] CR2: ffff8801b4435000 [ 24.607156] ---[ end trace bba77f887fd99164 ]--- [ 24.607161] general protection fault: 0000 [#2] SMP KASAN [ 24.607169] Dumping ftrace buffer: [ 24.611889] Kernel panic - not syncing: Fatal exception in interrupt [ 24.617403] (ftrace buffer empty) [ 24.631051] Modules linked in: [ 24.634222] CPU: 0 PID: 4328 Comm: syz-executor3 Tainted: G D 4.16.0-rc7+ #278 [ 24.642765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.652095] RIP: 0010:cpuacct_account_field+0x171/0x3b0 [ 24.657427] RSP: 0018:ffff8801db207888 EFLAGS: 00010803 [ 24.662764] RAX: dffffc0000000000 RBX: ffff8801bec36040 RCX: 0000000000000000 [ 24.670009] RDX: 12062d8bf2062da7 RSI: ffffffff87b448c0 RDI: 90316c5f90316d3f [ 24.677251] RBP: ffff8801db207920 R08: 1ffff1003b640e53 R09: 000000000000000a [ 24.684496] R10: ffff8801db207758 R11: 0000000000000040 R12: 90316c5f90316c5f [ 24.691737] R13: 0000000000000010 R14: 1ffff1003b640f13 R15: 00000000000f4240 [ 24.698981] FS: 0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:00000000f7f6cb40 [ 24.707179] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 24.713033] CR2: 00000000f7f6bc10 CR3: 00000001bc6f4006 CR4: 00000000001606f0 [ 24.720278] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.727522] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.734779] Call Trace: [ 24.737333] [ 24.739460] ? cpuacct_charge+0x5c0/0x5c0 [ 24.743593] ? find_held_lock+0x35/0x1d0 [ 24.747637] account_system_index_time+0x1b4/0x5e0 [ 24.752537] ? lock_downgrade+0x980/0x980 [ 24.756657] ? account_guest_time+0x420/0x420 [ 24.761128] ? pvclock_read_flags+0x160/0x160 [ 24.765595] ? find_held_lock+0x35/0x1d0 [ 24.769633] account_system_time+0x7f/0xb0 [ 24.773846] account_process_tick+0xd4/0x3e0 [ 24.778229] ? thread_group_cputime+0xef0/0xef0 [ 24.782870] ? get_monotonic_coarse64+0x470/0x470 [ 24.787693] update_process_times+0x23/0x60 [ 24.791988] tick_sched_handle+0x85/0x160 [ 24.796110] tick_sched_timer+0x42/0x120 [ 24.800145] __hrtimer_run_queues+0x39c/0xec0 [ 24.804618] ? tick_sched_do_timer+0xe0/0xe0 [ 24.809002] ? hrtimer_fixup_init+0x70/0x70 [ 24.813301] ? pvclock_read_flags+0x160/0x160 [ 24.817771] ? lock_acquire+0x1d5/0x580 [ 24.821716] ? ktime_get+0x26f/0x3a0 [ 24.825405] ? kvm_clock_get_cycles+0x25/0x30 [ 24.829871] ? ktime_get_update_offsets_now+0x34a/0x520 [ 24.835210] ? do_timer+0x50/0x50 [ 24.838639] ? native_apic_msr_write+0x5c/0x80 [ 24.843195] ? rcu_idle_enter+0x530/0x530 [ 24.847315] ? lapic_next_event+0x54/0x80 [ 24.851439] ? clockevents_program_event+0x108/0x2e0 [ 24.856530] hrtimer_interrupt+0x2a5/0x6f0 [ 24.860753] smp_apic_timer_interrupt+0x14a/0x700 [ 24.865579] ? smp_reschedule_interrupt+0xe6/0x650 [ 24.870481] ? smp_call_function_single_interrupt+0x640/0x640 [ 24.876339] ? _raw_spin_lock+0x32/0x40 [ 24.880283] ? _raw_spin_unlock+0x22/0x30 [ 24.884405] ? handle_edge_irq+0x2b4/0x7c0 [ 24.888614] ? task_prio+0x50/0x50 [ 24.892127] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.896942] apic_timer_interrupt+0xf/0x20 [ 24.901148] [ 24.903370] RIP: 0010:__memmove+0x24/0x1a0 [ 24.907583] RSP: 0018:ffff8801b3afedd8 EFLAGS: 00010287 ORIG_RAX: ffffffffffffff12 [ 24.915262] RAX: ffff8801bc086544 RBX: fffffffffffffffe RCX: ffffffffffda29a4 [ 24.922510] RDX: fffffffffffffffe RSI: ffff8801bc2e3b9a RDI: ffff8801bc2e3b9e [ 24.929754] RBP: ffff8801b3afedf8 R08: ffff8801bc08653e R09: ffffed0037810ca9 [ 24.937018] R10: 0000000000000001 R11: ffffed0037810ca8 R12: ffff8801bc086544 [ 24.944258] R13: ffff8801bc086540 R14: ffff8801bc0854c6 R15: ffff8801bc085400 [ 24.951518] ? memmove+0x45/0x50 [ 24.954854] skb_vlan_untag+0x470/0xc40 [ 24.958798] ? skb_vlan_pop+0x2a0/0x2a0 [ 24.962742] ? __lock_is_held+0xb6/0x140 [ 24.966779] __netif_receive_skb_core+0x119c/0x3460 [ 24.971768] ? nf_ingress+0x9f0/0x9f0 [ 24.975536] ? print_irqtrace_events+0x270/0x270 [ 24.980261] ? __skb_flow_dissect+0x4ce/0x3f00 [ 24.984809] ? save_stack+0xa3/0xd0 [ 24.988407] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 24.993567] ? __skb_flow_get_ports+0x420/0x420 [ 24.998209] ? trace_hardirqs_off+0x10/0x10 [ 25.002499] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.007676] ? find_held_lock+0x35/0x1d0 [ 25.011709] ? netif_receive_skb_internal+0x1d7/0x670 [ 25.016868] ? lock_downgrade+0x980/0x980 [ 25.020989] ? pvclock_read_flags+0x160/0x160 [ 25.025463] ? lock_acquire+0x1d5/0x580 [ 25.029403] ? lock_acquire+0x1d5/0x580 [ 25.033345] ? netif_receive_skb_internal+0xa2/0x670 [ 25.038416] ? ktime_get_with_offset+0x2c1/0x420 [ 25.043140] ? lock_release+0xa40/0xa40 [ 25.047082] ? ktime_get+0x3a0/0x3a0 [ 25.050768] __netif_receive_skb+0x2c/0x1b0 [ 25.055056] ? __netif_receive_skb+0x2c/0x1b0 [ 25.059520] netif_receive_skb_internal+0x10b/0x670 [ 25.064503] ? dev_cpu_dead+0xb00/0xb00 [ 25.068446] ? __do_once_start+0x8a/0xd0 [ 25.072477] ? rcu_pm_notify+0xc0/0xc0 [ 25.076337] netif_receive_skb+0xae/0x390 [ 25.080455] ? netif_receive_skb_internal+0x670/0x670 [ 25.085610] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.090594] ? find_held_lock+0x35/0x1d0 [ 25.094627] ? tun_rx_batched.isra.50+0x5c4/0x870 [ 25.099449] tun_rx_batched.isra.50+0x5ee/0x870 [ 25.104087] ? tun_sock_write_space+0x370/0x370 [ 25.108729] tun_get_user+0x299e/0x3c20 [ 25.112671] ? find_held_lock+0x35/0x1d0 [ 25.116706] ? tun_build_skb.isra.48+0x1840/0x1840 [ 25.121603] ? find_held_lock+0x35/0x1d0 [ 25.125637] ? __fget+0x342/0x5b0 [ 25.129063] ? tun_get+0x1ab/0x2e0 [ 25.132573] ? lock_release+0xa40/0xa40 [ 25.136518] ? __lock_is_held+0xb6/0x140 [ 25.140551] ? tun_get+0x1d4/0x2e0 [ 25.144058] ? tun_do_read+0x27c0/0x27c0 [ 25.148090] ? sock_unregister+0x140/0x140 [ 25.152298] tun_chr_write_iter+0xb9/0x160 [ 25.156500] __vfs_write+0x684/0x970 [ 25.160183] ? kernel_read+0x120/0x120 [ 25.164045] ? __schedule+0x1ec0/0x1ec0 [ 25.167992] ? rw_verify_area+0xe5/0x2b0 [ 25.172021] ? __fdget_raw+0x20/0x20 [ 25.175702] vfs_write+0x189/0x510 [ 25.179212] SyS_write+0xef/0x220 [ 25.182636] ? exit_to_usermode_loop+0x198/0x2f0 [ 25.187358] ? SyS_read+0x220/0x220 [ 25.190952] ? do_fast_syscall_32+0x156/0xf9f [ 25.195416] ? SyS_read+0x220/0x220 [ 25.199012] do_fast_syscall_32+0x3ec/0xf9f [ 25.203305] ? do_int80_syscall_32+0x9c0/0x9c0 [ 25.207855] ? finish_task_switch+0x1c1/0x7e0 [ 25.212319] ? syscall_return_slowpath+0x2ac/0x550 [ 25.217216] ? prepare_exit_to_usermode+0x350/0x350 [ 25.222199] ? sysret32_from_system_call+0x5/0x3c [ 25.227010] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.231823] entry_SYSENTER_compat+0x70/0x7f [ 25.236202] RIP: 0023:0xf7f70c99 [ 25.239533] RSP: 002b:00000000f7f6c09c EFLAGS: 00000286 ORIG_RAX: 0000000000000004 [ 25.247210] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000180 [ 25.254447] RDX: 000000000000004a RSI: 0000000000000000 RDI: 0000000000000000 [ 25.261686] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 25.268925] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 25.276164] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.283409] Code: 87 0f 84 81 00 00 00 4c 63 ad 70 ff ff ff 48 b8 00 00 00 00 00 fc ff df 49 c1 e5 03 49 8d bc 24 e0 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e0 01 00 00 49 8b 9c 24 e0 00 00 00 65 48 03 [ 25.302471] RIP: cpuacct_account_field+0x171/0x3b0 RSP: ffff8801db207888 [ 25.309278] ---[ end trace bba77f887fd99165 ]--- [ 25.698745] Shutting down cpus with NMI [ 25.703070] Dumping ftrace buffer: [ 25.706597] (ftrace buffer empty) [ 25.710279] Kernel Offset: disabled [ 25.713885] Rebooting in 86400 seconds..