INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   29.403528] ==================================================================
[   29.410973] BUG: KASAN: stack-out-of-bounds in ipip6_tunnel_locate+0x63b/0xaa0
[   29.418313] Write of size 33 at addr ffff8801aca976d8 by task syzkaller600957/4486
[   29.425994] 
[   29.427606] CPU: 1 PID: 4486 Comm: syzkaller600957 Not tainted 4.16.0+ #1
[   29.434527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.443862] Call Trace:
[   29.446456]  dump_stack+0x1b9/0x29f
[   29.450086]  ? arch_local_irq_restore+0x52/0x52
[   29.454740]  ? printk+0x9e/0xba
[   29.458004]  ? show_regs_print_info+0x18/0x18
[   29.462490]  ? kasan_check_write+0x14/0x20
[   29.466716]  print_address_description+0x6c/0x20b
[   29.471548]  ? ipip6_tunnel_locate+0x63b/0xaa0
[   29.476108]  kasan_report.cold.7+0xac/0x2f5
[   29.480415]  check_memory_region+0x13e/0x1b0
[   29.484801]  memcpy+0x37/0x50
[   29.487889]  ipip6_tunnel_locate+0x63b/0xaa0
[   29.492278]  ? ipip6_tunnel_update+0xaa0/0xaa0
[   29.496848]  ? __might_sleep+0x95/0x190
[   29.500804]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   29.506324]  ? _copy_from_user+0xdf/0x150
[   29.510458]  ipip6_tunnel_ioctl+0xe71/0x241b
[   29.514855]  ? sit_tunnel_xmit+0x30b0/0x30b0
[   29.519247]  ? save_stack+0xa9/0xd0
[   29.522856]  ? kasan_kmalloc+0xc4/0xe0
[   29.526723]  ? kasan_slab_alloc+0x12/0x20
[   29.530854]  ? kmem_cache_alloc+0x12e/0x760
[   29.535157]  ? get_empty_filp+0x125/0x520
[   29.539283]  ? alloc_file+0x24/0x3e0
[   29.542981]  ? sock_alloc_file+0x1f3/0x4e0
[   29.547193]  ? __sys_socket+0x16f/0x250
[   29.551142]  ? SyS_socket+0x24/0x30
[   29.554752]  ? graph_lock+0x170/0x170
[   29.558538]  ? find_held_lock+0x36/0x1c0
[   29.562582]  ? find_held_lock+0x36/0x1c0
[   29.566631]  ? sit_tunnel_xmit+0x30b0/0x30b0
[   29.571025]  dev_ifsioc+0x43e/0xb90
[   29.574637]  ? sit_tunnel_xmit+0x30b0/0x30b0
[   29.579028]  ? dev_ifsioc+0x43e/0xb90
[   29.582813]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   29.587980]  ? register_gifconf+0x70/0x70
[   29.592110]  dev_ioctl+0x69a/0xcc0
[   29.595634]  sock_ioctl+0x47e/0x680
[   29.599242]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   29.604413]  ? dlci_ioctl_set+0x40/0x40
[   29.608374]  ? get_unused_fd_flags+0x190/0x190
[   29.612949]  ? dlci_ioctl_set+0x40/0x40
[   29.616905]  do_vfs_ioctl+0x1cf/0x1650
[   29.620774]  ? ioctl_preallocate+0x2e0/0x2e0
[   29.625158]  ? fget_raw+0x20/0x20
[   29.628594]  ? get_unused_fd_flags+0x121/0x190
[   29.633157]  ? __alloc_fd+0x6e0/0x6e0
[   29.636938]  ? fd_install+0x4d/0x60
[   29.640555]  ? __sys_socket+0x19f/0x250
[   29.644508]  ? security_file_ioctl+0x9b/0xd0
[   29.648898]  ksys_ioctl+0xa9/0xd0
[   29.652332]  SyS_ioctl+0x24/0x30
[   29.655674]  ? ksys_ioctl+0xd0/0xd0
[   29.659285]  do_syscall_64+0x29e/0x9d0
[   29.663159]  ? vmalloc_sync_all+0x30/0x30
[   29.667292]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   29.672038]  ? syscall_return_slowpath+0x5c0/0x5c0
[   29.676964]  ? syscall_return_slowpath+0x30f/0x5c0
[   29.681884]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   29.687229]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.692055]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.697219] RIP: 0033:0x43fe09
[   29.700387] RSP: 002b:00007fffb9d48258 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[   29.708071] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe09
[   29.715328] RDX: 00000000200001c0 RSI: 00000000000089f1 RDI: 0000000000000003
[   29.722575] RBP: 00000000006ca018 R08: 000000000000001c R09: 00000000004002c8
[   29.729822] R10: 000000000000001c R11: 0000000000000213 R12: 0000000000401730
[   29.737074] R13: 00000000004017c0 R14: 0000000000000000 R15: 0000000000000000
[   29.744329] 
[   29.745929] The buggy address belongs to the page:
[   29.750838] page:ffffea0006b2a5c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   29.758953] flags: 0x2fffc0000000000()
[   29.762819] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   29.770679] raw: 0000000000000000 ffffea0006b20101 0000000000000000 0000000000000000
[   29.778532] page dumped because: kasan: bad access detected
[   29.784214] 
[   29.785813] Memory state around the buggy address:
[   29.790720]  ffff8801aca97580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.798063]  ffff8801aca97600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[   29.805396] >ffff8801aca97680: f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 00 f2 f2 00
[   29.813038]                                                           ^
[   29.819770]  ffff8801aca97700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.827104]  ffff8801aca97780: 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 f2
[   29.834437] ==================================================================
[   29.841769] Disabling lock debugging due to kernel taint
[   29.847274] Kernel panic - not syncing: panic_on_warn set ...
[   29.847274] 
[   29.854633] CPU: 1 PID: 4486 Comm: syzkaller600957 Tainted: G    B            4.16.0+ #1
[   29.862837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.872162] Call Trace:
[   29.874726]  dump_stack+0x1b9/0x29f
[   29.878331]  ? arch_local_irq_restore+0x52/0x52
[   29.882977]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   29.887713]  ? ipip6_tunnel_locate+0x620/0xaa0
[   29.892272]  panic+0x22f/0x4de
[   29.895445]  ? add_taint.cold.5+0x16/0x16
[   29.899571]  ? do_raw_spin_unlock+0x9e/0x2e0
[   29.903955]  ? do_raw_spin_unlock+0x9e/0x2e0
[   29.908341]  ? ipip6_tunnel_locate+0x63b/0xaa0
[   29.912901]  kasan_end_report+0x47/0x4f
[   29.916850]  kasan_report.cold.7+0xc9/0x2f5
[   29.921146]  check_memory_region+0x13e/0x1b0
[   29.925530]  memcpy+0x37/0x50
[   29.928625]  ipip6_tunnel_locate+0x63b/0xaa0
[   29.933012]  ? ipip6_tunnel_update+0xaa0/0xaa0
[   29.937580]  ? __might_sleep+0x95/0x190
[   29.941533]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   29.947053]  ? _copy_from_user+0xdf/0x150
[   29.951190]  ipip6_tunnel_ioctl+0xe71/0x241b
[   29.955585]  ? sit_tunnel_xmit+0x30b0/0x30b0
[   29.959969]  ? save_stack+0xa9/0xd0
[   29.963573]  ? kasan_kmalloc+0xc4/0xe0
[   29.967435]  ? kasan_slab_alloc+0x12/0x20
[   29.971560]  ? kmem_cache_alloc+0x12e/0x760
[   29.975857]  ? get_empty_filp+0x125/0x520
[   29.979978]  ? alloc_file+0x24/0x3e0
[   29.983666]  ? sock_alloc_file+0x1f3/0x4e0
[   29.987877]  ? __sys_socket+0x16f/0x250
[   29.991828]  ? SyS_socket+0x24/0x30
[   29.995433]  ? graph_lock+0x170/0x170
[   29.999215]  ? find_held_lock+0x36/0x1c0
[   30.003261]  ? find_held_lock+0x36/0x1c0
[   30.007305]  ? sit_tunnel_xmit+0x30b0/0x30b0
[   30.011688]  dev_ifsioc+0x43e/0xb90
[   30.015290]  ? sit_tunnel_xmit+0x30b0/0x30b0
[   30.019674]  ? dev_ifsioc+0x43e/0xb90
[   30.023453]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   30.028620]  ? register_gifconf+0x70/0x70
[   30.032746]  dev_ioctl+0x69a/0xcc0
[   30.036262]  sock_ioctl+0x47e/0x680
[   30.039867]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   30.045037]  ? dlci_ioctl_set+0x40/0x40
[   30.048992]  ? get_unused_fd_flags+0x190/0x190
[   30.053552]  ? dlci_ioctl_set+0x40/0x40
[   30.057502]  do_vfs_ioctl+0x1cf/0x1650
[   30.061366]  ? ioctl_preallocate+0x2e0/0x2e0
[   30.065748]  ? fget_raw+0x20/0x20
[   30.069186]  ? get_unused_fd_flags+0x121/0x190
[   30.073748]  ? __alloc_fd+0x6e0/0x6e0
[   30.077525]  ? fd_install+0x4d/0x60
[   30.081131]  ? __sys_socket+0x19f/0x250
[   30.085084]  ? security_file_ioctl+0x9b/0xd0
[   30.089467]  ksys_ioctl+0xa9/0xd0
[   30.092900]  SyS_ioctl+0x24/0x30
[   30.096240]  ? ksys_ioctl+0xd0/0xd0
[   30.099861]  do_syscall_64+0x29e/0x9d0
[   30.103733]  ? vmalloc_sync_all+0x30/0x30
[   30.107859]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.112594]  ? syscall_return_slowpath+0x5c0/0x5c0
[   30.117497]  ? syscall_return_slowpath+0x30f/0x5c0
[   30.122408]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   30.127747]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.132567]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.137731] RIP: 0033:0x43fe09
[   30.140896] RSP: 002b:00007fffb9d48258 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
[   30.148581] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe09
[   30.155826] RDX: 00000000200001c0 RSI: 00000000000089f1 RDI: 0000000000000003
[   30.163070] RBP: 00000000006ca018 R08: 000000000000001c R09: 00000000004002c8
[   30.170316] R10: 000000000000001c R11: 0000000000000213 R12: 0000000000401730
[   30.177559] R13: 00000000004017c0 R14: 0000000000000000 R15: 0000000000000000
[   30.185250] Dumping ftrace buffer:
[   30.188767]    (ftrace buffer empty)
[   30.192451] Kernel Offset: disabled
[   30.196051] Rebooting in 86400 seconds..