INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts.
2018/04/12 11:55:46 parsed 1 programs
2018/04/12 11:55:46 executed programs: 0
syzkaller login: [ 40.173994] IPVS: ftp: loaded support on port[0] = 21
[ 40.178861] IPVS: ftp: loaded support on port[0] = 21
[ 40.183965] IPVS: ftp: loaded support on port[0] = 21
[ 40.186761] IPVS: ftp: loaded support on port[0] = 21
[ 40.197431] IPVS: ftp: loaded support on port[0] = 21
[ 40.197730] IPVS: ftp: loaded support on port[0] = 21
[ 40.224552] IPVS: ftp: loaded support on port[0] = 21
[ 40.242447] IPVS: ftp: loaded support on port[0] = 21
[ 41.275893] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 41.299954] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 41.336279] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 41.373826] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 41.389220] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 41.406210] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 41.431141] ==================================================================
[ 41.438598] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16d/0x180
[ 41.445847] Read of size 8 at addr ffff8801b1ff71a0 by task ip/4890
[ 41.452222]
[ 41.453830] CPU: 1 PID: 4890 Comm: ip Not tainted 4.16.0+ #17
[ 41.459684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 41.469007] Call Trace:
[ 41.471563]
[ 41.473693] dump_stack+0x1b9/0x294
[ 41.477300] ? dump_stack_print_info.cold.2+0x52/0x52
[ 41.482464] ? printk+0x9e/0xba
[ 41.485718] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 41.490450] ? kasan_check_write+0x14/0x20
[ 41.494661] print_address_description+0x6c/0x20b
[ 41.499476] ? tick_sched_handle+0x16d/0x180
[ 41.503860] kasan_report.cold.7+0xac/0x2f5
[ 41.508164] __asan_report_load8_noabort+0x14/0x20
[ 41.513065] tick_sched_handle+0x16d/0x180
[ 41.517273] tick_sched_timer+0x42/0x130
[ 41.521308] __hrtimer_run_queues+0x3e3/0x10a0
[ 41.525868] ? tick_sched_do_timer+0x100/0x100
[ 41.530429] ? hrtimer_start_range_ns+0xd10/0xd10
[ 41.535252] ? pvclock_read_flags+0x160/0x160
[ 41.539729] ? __local_bh_enable+0xef/0x130
[ 41.544028] ? kvm_clock_read+0x25/0x30
[ 41.547980] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 41.552974] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 41.558686] ? do_timer+0x50/0x50
[ 41.562117] ? rcu_nmi_exit+0xd7/0x2b0
[ 41.565982] ? do_raw_spin_lock+0xc1/0x200
[ 41.570192] hrtimer_interrupt+0x286/0x650
[ 41.574411] smp_apic_timer_interrupt+0x15d/0x710
[ 41.579230] ? smp_call_function_single_interrupt+0x650/0x650
[ 41.585086] ? _raw_spin_lock+0x32/0x40
[ 41.589036] ? _raw_spin_unlock+0x22/0x30
[ 41.593157] ? handle_edge_irq+0x330/0x870
[ 41.597396] ? task_prio+0x50/0x50
[ 41.600915] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 41.605736] apic_timer_interrupt+0xf/0x20
[ 41.609939]
[ 41.612153] RIP: 0010:rtnl_newlink+0x1085/0x1a40
[ 41.616879] RSP: 0018:ffff8801b1ff71c8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 41.624561] RAX: ffff8801d6896540 RBX: 0000000000000000 RCX: 0000000000000000
[ 41.631806] RDX: 0000000000000000 RSI: ffffffff85c67fbe RDI: ffffed00363fee18
[ 41.639049] RBP: ffff8801b1ff75f8 R08: ffff8801d6896540 R09: 0000000000000001
[ 41.646293] R10: ffff8801d6896540 R11: 0000000000000000 R12: ffff8801b1ff75d0
[ 41.653534] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[ 41.660786] ? rtnl_newlink+0x107e/0x1a40
[ 41.664909] ? rtnl_newlink+0x4e7/0x1a40
[ 41.668949] ? rtnl_link_unregister+0x370/0x370
[ 41.673595] ? kasan_check_read+0x11/0x20
[ 41.677716] ? rcu_is_watching+0x85/0x140
[ 41.681839] ? __lock_acquire+0x7f5/0x5130
[ 41.686061] ? graph_lock+0x170/0x170
[ 41.689866] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 41.695379] ? rtnl_get_link+0x164/0x350
[ 41.699414] ? rtnl_dump_all+0x5e0/0x5e0
[ 41.703452] ? rcu_is_watching+0x85/0x140
[ 41.707576] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 41.712742] ? __netlink_ns_capable+0x100/0x130
[ 41.717385] ? rtnl_link_unregister+0x370/0x370
[ 41.722029] rtnetlink_rcv_msg+0x466/0xc10
[ 41.726241] ? rtnetlink_put_metrics+0x690/0x690
[ 41.730976] netlink_rcv_skb+0x172/0x440
[ 41.735014] ? rtnetlink_put_metrics+0x690/0x690
[ 41.739745] ? netlink_ack+0xbc0/0xbc0
[ 41.743607] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 41.748774] ? netlink_skb_destructor+0x210/0x210
[ 41.753596] rtnetlink_rcv+0x1c/0x20
[ 41.757290] netlink_unicast+0x58b/0x740
[ 41.761329] ? netlink_attachskb+0x970/0x970
[ 41.765709] ? import_iovec+0x24b/0x420
[ 41.769659] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 41.774653] ? security_netlink_send+0x88/0xb0
[ 41.779213] netlink_sendmsg+0x9f0/0xfa0
[ 41.783252] ? netlink_unicast+0x740/0x740
[ 41.787470] ? security_socket_sendmsg+0x94/0xc0
[ 41.792201] ? netlink_unicast+0x740/0x740
[ 41.796416] sock_sendmsg+0xd5/0x120
[ 41.800107] ___sys_sendmsg+0x805/0x940
[ 41.804057] ? copy_msghdr_from_user+0x560/0x560
[ 41.808790] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 41.813517] ? graph_lock+0x170/0x170
[ 41.817294] ? graph_lock+0x170/0x170
[ 41.821072] ? find_held_lock+0x36/0x1c0
[ 41.825109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 41.830618] ? __fget_light+0x2ef/0x430
[ 41.834566] ? fget_raw+0x20/0x20
[ 41.837992] ? find_held_lock+0x36/0x1c0
[ 41.842041] ? lock_downgrade+0x8e0/0x8e0
[ 41.846162] ? handle_mm_fault+0x8c0/0xc70
[ 41.850376] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 41.855888] ? sockfd_lookup_light+0xc5/0x160
[ 41.860357] __sys_sendmsg+0x115/0x270
[ 41.864220] ? SyS_shutdown+0x30/0x30
[ 41.867997] ? __do_page_fault+0x441/0xe40
[ 41.872212] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 41.877037] SyS_sendmsg+0x29/0x30
[ 41.880551] ? __sys_sendmsg+0x270/0x270
[ 41.884584] do_syscall_64+0x29e/0x9d0
[ 41.888447] ? vmalloc_sync_all+0x30/0x30
[ 41.892569] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 41.897301] ? syscall_return_slowpath+0x5c0/0x5c0
[ 41.902206] ? syscall_return_slowpath+0x30f/0x5c0
[ 41.907110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 41.912621] ? retint_user+0x18/0x18
[ 41.916310] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 41.921129] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 41.926293] RIP: 0033:0x7f9ac411d320
[ 41.929978] RSP: 002b:00007ffd6560f8e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 41.937660] RAX: ffffffffffffffda RBX: 00007ffd656139e0 RCX: 00007f9ac411d320
[ 41.944902] RDX: 0000000000000000 RSI: 00007ffd6560f920 RDI: 0000000000000003
[ 41.952146] RBP: 00007ffd6560f920 R08: 0000000000000000 R09: 00007f9ac4163c00
[ 41.959389] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005acf4945
[ 41.966635] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffd656141c0
[ 41.973883]
[ 41.975481] The buggy address belongs to the page:
[ 41.980386] page:ffffea0006c7fdc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 41.988502] flags: 0x2fffc0000000000()
[ 41.992366] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 42.000222] raw: 0000000000000000 ffffea0006c70101 0000000000000000 0000000000000000
[ 42.008071] page dumped because: kasan: bad access detected
[ 42.013747]
[ 42.015347] Memory state around the buggy address:
[ 42.020248] ffff8801b1ff7080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 42.027579] ffff8801b1ff7100: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
[ 42.034910] >ffff8801b1ff7180: 00 cb cb cb cb cb cb cb 00 00 00 00 00 00 00 00
[ 42.042240] ^
[ 42.046620] ffff8801b1ff7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 42.053954] ffff8801b1ff7280: f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2
[ 42.061281] ==================================================================
[ 42.068610] Disabling lock debugging due to kernel taint
[ 42.074032] Kernel panic - not syncing: panic_on_warn set ...
[ 42.074032]
[ 42.081377] CPU: 1 PID: 4890 Comm: ip Tainted: G B 4.16.0+ #17
[ 42.088531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 42.097858] Call Trace:
[ 42.100411]
[ 42.102537] dump_stack+0x1b9/0x294
[ 42.106140] ? dump_stack_print_info.cold.2+0x52/0x52
[ 42.111303] ? lock_downgrade+0x8e0/0x8e0
[ 42.115430] ? vprintk_default+0x28/0x30
[ 42.119470] ? tick_sched_handle+0xb0/0x180
[ 42.123765] panic+0x22f/0x4de
[ 42.126934] ? add_taint.cold.5+0x16/0x16
[ 42.131056] ? add_taint.cold.5+0x5/0x16
[ 42.135091] ? do_raw_spin_unlock+0x9e/0x2e0
[ 42.139472] ? tick_sched_handle+0x16d/0x180
[ 42.143866] kasan_end_report+0x47/0x4f
[ 42.147818] kasan_report.cold.7+0xc9/0x2f5
[ 42.152111] __asan_report_load8_noabort+0x14/0x20
[ 42.157012] tick_sched_handle+0x16d/0x180
[ 42.161220] tick_sched_timer+0x42/0x130
[ 42.165256] __hrtimer_run_queues+0x3e3/0x10a0
[ 42.169816] ? tick_sched_do_timer+0x100/0x100
[ 42.174374] ? hrtimer_start_range_ns+0xd10/0xd10
[ 42.179193] ? pvclock_read_flags+0x160/0x160
[ 42.183673] ? __local_bh_enable+0xef/0x130
[ 42.187973] ? kvm_clock_read+0x25/0x30
[ 42.191926] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 42.196916] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 42.202262] ? do_timer+0x50/0x50
[ 42.205687] ? rcu_nmi_exit+0xd7/0x2b0
[ 42.209548] ? do_raw_spin_lock+0xc1/0x200
[ 42.213756] hrtimer_interrupt+0x286/0x650
[ 42.217966] smp_apic_timer_interrupt+0x15d/0x710
[ 42.222779] ? smp_call_function_single_interrupt+0x650/0x650
[ 42.228638] ? _raw_spin_lock+0x32/0x40
[ 42.232587] ? _raw_spin_unlock+0x22/0x30
[ 42.236706] ? handle_edge_irq+0x330/0x870
[ 42.240913] ? task_prio+0x50/0x50
[ 42.244430] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 42.249250] apic_timer_interrupt+0xf/0x20
[ 42.253453]
[ 42.255667] RIP: 0010:rtnl_newlink+0x1085/0x1a40
[ 42.260389] RSP: 0018:ffff8801b1ff71c8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 42.268068] RAX: ffff8801d6896540 RBX: 0000000000000000 RCX: 0000000000000000
[ 42.275311] RDX: 0000000000000000 RSI: ffffffff85c67fbe RDI: ffffed00363fee18
[ 42.282553] RBP: ffff8801b1ff75f8 R08: ffff8801d6896540 R09: 0000000000000001
[ 42.289794] R10: ffff8801d6896540 R11: 0000000000000000 R12: ffff8801b1ff75d0
[ 42.297041] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[ 42.304288] ? rtnl_newlink+0x107e/0x1a40
[ 42.308415] ? rtnl_newlink+0x4e7/0x1a40
[ 42.312462] ? rtnl_link_unregister+0x370/0x370
[ 42.317113] ? kasan_check_read+0x11/0x20
[ 42.321242] ? rcu_is_watching+0x85/0x140
[ 42.325368] ? __lock_acquire+0x7f5/0x5130
[ 42.329581] ? graph_lock+0x170/0x170
[ 42.333374] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 42.338887] ? rtnl_get_link+0x164/0x350
[ 42.342924] ? rtnl_dump_all+0x5e0/0x5e0
[ 42.346961] ? rcu_is_watching+0x85/0x140
[ 42.351088] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 42.356257] ? __netlink_ns_capable+0x100/0x130
[ 42.360910] ? rtnl_link_unregister+0x370/0x370
[ 42.365558] rtnetlink_rcv_msg+0x466/0xc10
[ 42.369771] ? rtnetlink_put_metrics+0x690/0x690
[ 42.374513] netlink_rcv_skb+0x172/0x440
[ 42.378555] ? rtnetlink_put_metrics+0x690/0x690
[ 42.383289] ? netlink_ack+0xbc0/0xbc0
[ 42.387155] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 42.392324] ? netlink_skb_destructor+0x210/0x210
[ 42.397146] rtnetlink_rcv+0x1c/0x20
[ 42.400840] netlink_unicast+0x58b/0x740
[ 42.404880] ? netlink_attachskb+0x970/0x970
[ 42.409265] ? import_iovec+0x24b/0x420
[ 42.413217] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 42.418211] ? security_netlink_send+0x88/0xb0
[ 42.422770] netlink_sendmsg+0x9f0/0xfa0
[ 42.426815] ? netlink_unicast+0x740/0x740
[ 42.431031] ? security_socket_sendmsg+0x94/0xc0
[ 42.435766] ? netlink_unicast+0x740/0x740
[ 42.439983] sock_sendmsg+0xd5/0x120
[ 42.443676] ___sys_sendmsg+0x805/0x940
[ 42.447717] ? copy_msghdr_from_user+0x560/0x560
[ 42.452453] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 42.457184] ? graph_lock+0x170/0x170
[ 42.460961] ? graph_lock+0x170/0x170
[ 42.464737] ? find_held_lock+0x36/0x1c0
[ 42.468777] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 42.474296] ? __fget_light+0x2ef/0x430
[ 42.478250] ? fget_raw+0x20/0x20
[ 42.481683] ? find_held_lock+0x36/0x1c0
[ 42.485726] ? lock_downgrade+0x8e0/0x8e0
[ 42.489849] ? handle_mm_fault+0x8c0/0xc70
[ 42.494065] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 42.499580] ? sockfd_lookup_light+0xc5/0x160
[ 42.504051] __sys_sendmsg+0x115/0x270
[ 42.507916] ? SyS_shutdown+0x30/0x30
[ 42.511695] ? __do_page_fault+0x441/0xe40
[ 42.515912] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 42.520731] SyS_sendmsg+0x29/0x30
[ 42.524250] ? __sys_sendmsg+0x270/0x270
[ 42.528292] do_syscall_64+0x29e/0x9d0
[ 42.532154] ? vmalloc_sync_all+0x30/0x30
[ 42.536284] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 42.541022] ? syscall_return_slowpath+0x5c0/0x5c0
[ 42.545931] ? syscall_return_slowpath+0x30f/0x5c0
[ 42.550838] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 42.556351] ? retint_user+0x18/0x18
[ 42.560043] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 42.564864] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 42.570032] RIP: 0033:0x7f9ac411d320
[ 42.573719] RSP: 002b:00007ffd6560f8e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 42.581407] RAX: ffffffffffffffda RBX: 00007ffd656139e0 RCX: 00007f9ac411d320
[ 42.588653] RDX: 0000000000000000 RSI: 00007ffd6560f920 RDI: 0000000000000003
[ 42.595901] RBP: 00007ffd6560f920 R08: 0000000000000000 R09: 00007f9ac4163c00
[ 42.603148] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005acf4945
[ 42.610392] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffd656141c0
[ 42.618055] Dumping ftrace buffer:
[ 42.621569] (ftrace buffer empty)
[ 42.625249] Kernel Offset: disabled
[ 42.628851] Rebooting in 86400 seconds..