INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts.
2018/04/08 14:46:07 parsed 1 programs
2018/04/08 14:46:07 executed programs: 0
syzkaller login: [ 25.960443] IPVS: ftp: loaded support on port[0] = 21
[ 25.969425] IPVS: ftp: loaded support on port[0] = 21
[ 25.971388] IPVS: ftp: loaded support on port[0] = 21
[ 25.981513] IPVS: ftp: loaded support on port[0] = 21
[ 25.982733] IPVS: ftp: loaded support on port[0] = 21
[ 26.016974] IPVS: ftp: loaded support on port[0] = 21
[ 26.028888] IPVS: ftp: loaded support on port[0] = 21
[ 26.040047] IPVS: ftp: loaded support on port[0] = 21
[ 27.658338] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 27.746468] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 27.772273] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 27.789809] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 27.807643] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 27.819733] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 27.912434] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 27.963631] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 29.088226] ==================================================================
[ 29.095790] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16d/0x180
[ 29.103068] Read of size 8 at addr ffff8801c54c7170 by task ip/5285
[ 29.109462]
[ 29.111084] CPU: 1 PID: 5285 Comm: ip Not tainted 4.16.0+ #4
[ 29.116867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.126206] Call Trace:
[ 29.128786]
[ 29.130936] dump_stack+0x1b9/0x294
[ 29.134546] ? dump_stack_print_info.cold.2+0x52/0x52
[ 29.139712] ? printk+0x9e/0xba
[ 29.142969] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 29.147703] ? kasan_check_write+0x14/0x20
[ 29.151918] print_address_description+0x6c/0x20b
[ 29.156740] ? tick_sched_handle+0x16d/0x180
[ 29.161125] kasan_report.cold.7+0xac/0x2f5
[ 29.165431] __asan_report_load8_noabort+0x14/0x20
[ 29.170337] tick_sched_handle+0x16d/0x180
[ 29.174578] tick_sched_timer+0x42/0x130
[ 29.178618] __hrtimer_run_queues+0x3e3/0x10a0
[ 29.183181] ? tick_sched_do_timer+0x100/0x100
[ 29.187744] ? hrtimer_start_range_ns+0xd10/0xd10
[ 29.192568] ? pvclock_read_flags+0x160/0x160
[ 29.197044] ? __local_bh_enable+0xef/0x130
[ 29.201344] ? kvm_clock_read+0x25/0x30
[ 29.205297] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 29.210293] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 29.215635] ? do_timer+0x50/0x50
[ 29.219066] ? rcu_nmi_exit+0xd7/0x2b0
[ 29.222932] ? do_raw_spin_lock+0xc1/0x200
[ 29.227151] hrtimer_interrupt+0x286/0x650
[ 29.231371] smp_apic_timer_interrupt+0x15d/0x710
[ 29.236199] ? smp_call_function_single_interrupt+0x650/0x650
[ 29.242062] ? _raw_spin_lock+0x32/0x40
[ 29.246019] ? _raw_spin_unlock+0x22/0x30
[ 29.250152] ? handle_edge_irq+0x330/0x870
[ 29.254367] ? task_prio+0x50/0x50
[ 29.257887] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 29.262709] apic_timer_interrupt+0xf/0x20
[ 29.266914]
[ 29.269129] RIP: 0010:memset_erms+0x0/0x10
[ 29.273337] RSP: 0018:ffff8801c54c7190 EFLAGS: 00000212 ORIG_RAX: ffffffffffffff13
[ 29.281028] RAX: 1ffff10038a98e39 RBX: ffffed0038a98e39 RCX: 0000000000000000
[ 29.288273] RDX: 000000000000000d RSI: 0000000000000000 RDI: ffffed0038a98e2c
[ 29.295520] RBP: ffff8801c54c71a8 R08: ffff8801c3f4e2c0 R09: 0000000000000000
[ 29.302765] R10: ffff8801c3f4e2c0 R11: 0000000000000000 R12: 0000000000000068
[ 29.310015] R13: 0000000000000005 R14: 0000000000000000 R15: 00000000ffffffa1
[ 29.317277] ? kasan_unpoison_shadow+0x35/0x50
[ 29.321837] __asan_allocas_unpoison+0x16/0x20
[ 29.326397] rtnl_newlink+0x1094/0x1a40
[ 29.330356] ? rtnl_link_unregister+0x370/0x370
[ 29.335000] ? kasan_check_read+0x11/0x20
[ 29.339132] ? rcu_is_watching+0x85/0x140
[ 29.343259] ? __lock_acquire+0x7f5/0x5130
[ 29.347478] ? graph_lock+0x170/0x170
[ 29.351278] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 29.356791] ? rtnl_get_link+0x164/0x350
[ 29.360827] ? rtnl_dump_all+0x5e0/0x5e0
[ 29.364866] ? rcu_is_watching+0x85/0x140
[ 29.368989] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 29.374160] ? __netlink_ns_capable+0x100/0x130
[ 29.378808] ? rtnl_link_unregister+0x370/0x370
[ 29.383455] rtnetlink_rcv_msg+0x466/0xc10
[ 29.387675] ? rtnetlink_put_metrics+0x690/0x690
[ 29.392414] netlink_rcv_skb+0x172/0x440
[ 29.396450] ? rtnetlink_put_metrics+0x690/0x690
[ 29.401182] ? netlink_ack+0xbc0/0xbc0
[ 29.405047] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 29.410213] ? netlink_skb_destructor+0x210/0x210
[ 29.415040] rtnetlink_rcv+0x1c/0x20
[ 29.418733] netlink_unicast+0x58b/0x740
[ 29.422775] ? netlink_attachskb+0x970/0x970
[ 29.427256] ? import_iovec+0x24b/0x420
[ 29.431208] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 29.436199] ? security_netlink_send+0x8f/0xc0
[ 29.440760] netlink_sendmsg+0x9d8/0xf80
[ 29.444800] ? netlink_unicast+0x740/0x740
[ 29.449022] ? security_socket_sendmsg+0x9b/0xd0
[ 29.453759] ? netlink_unicast+0x740/0x740
[ 29.457972] sock_sendmsg+0xd5/0x120
[ 29.461665] ___sys_sendmsg+0x805/0x940
[ 29.465618] ? copy_msghdr_from_user+0x560/0x560
[ 29.470352] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 29.475085] ? graph_lock+0x170/0x170
[ 29.478864] ? graph_lock+0x170/0x170
[ 29.482643] ? find_held_lock+0x36/0x1c0
[ 29.486681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 29.492198] ? __fget_light+0x2ef/0x430
[ 29.496148] ? fget_raw+0x20/0x20
[ 29.499580] ? find_held_lock+0x36/0x1c0
[ 29.503622] ? lock_downgrade+0x8e0/0x8e0
[ 29.507744] ? handle_mm_fault+0x8c0/0xc70
[ 29.511964] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 29.517484] ? sockfd_lookup_light+0xc5/0x160
[ 29.521956] __sys_sendmsg+0x115/0x270
[ 29.525822] ? SyS_shutdown+0x30/0x30
[ 29.529604] ? __do_page_fault+0x441/0xe40
[ 29.533822] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 29.538645] SyS_sendmsg+0x29/0x30
[ 29.542161] ? __sys_sendmsg+0x270/0x270
[ 29.546198] do_syscall_64+0x29e/0x9d0
[ 29.550062] ? vmalloc_sync_all+0x30/0x30
[ 29.554187] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 29.558920] ? syscall_return_slowpath+0x5c0/0x5c0
[ 29.563827] ? syscall_return_slowpath+0x30f/0x5c0
[ 29.568736] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 29.574248] ? retint_user+0x18/0x18
[ 29.577938] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 29.582758] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 29.587925] RIP: 0033:0x7fc685ccd320
[ 29.591612] RSP: 002b:00007ffd18914498 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 29.599295] RAX: ffffffffffffffda RBX: 00007ffd18918590 RCX: 00007fc685ccd320
[ 29.606543] RDX: 0000000000000000 RSI: 00007ffd189144d0 RDI: 0000000000000003
[ 29.613801] RBP: 00007ffd189144d0 R08: 0000000000000000 R09: 00007fc685d13c00
[ 29.621049] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005aca2b34
[ 29.628294] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffd18918d70
[ 29.635546]
[ 29.637146] The buggy address belongs to the page:
[ 29.642049] page:ffffea00071531c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 29.650613] flags: 0x2fffc0000000000()
[ 29.654486] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 29.662342] raw: 0000000000000000 ffffea0007150101 0000000000000000 0000000000000000
[ 29.670192] page dumped because: kasan: bad access detected
[ 29.675874]
[ 29.677477] Memory state around the buggy address:
[ 29.682383] ffff8801c54c7000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 29.689716] ffff8801c54c7080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 29.697047] >ffff8801c54c7100: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
[ 29.704376] ^
[ 29.711361] ffff8801c54c7180: 00 cb cb cb cb cb cb cb 00 00 00 00 00 00 00 00
[ 29.718695] ffff8801c54c7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 29.726030] ==================================================================
[ 29.733361] Disabling lock debugging due to kernel taint
[ 29.738783] Kernel panic - not syncing: panic_on_warn set ...
[ 29.738783]
[ 29.746128] CPU: 1 PID: 5285 Comm: ip Tainted: G B 4.16.0+ #4
[ 29.753197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.762522] Call Trace:
[ 29.765080]
[ 29.767211] dump_stack+0x1b9/0x294
[ 29.770813] ? dump_stack_print_info.cold.2+0x52/0x52
[ 29.775981] ? lock_downgrade+0x8e0/0x8e0
[ 29.780103] ? vprintk_default+0x28/0x30
[ 29.784140] ? tick_sched_handle+0x100/0x180
[ 29.788522] panic+0x22f/0x4de
[ 29.791689] ? add_taint.cold.5+0x16/0x16
[ 29.795811] ? add_taint.cold.5+0x5/0x16
[ 29.799847] ? do_raw_spin_unlock+0x9e/0x2e0
[ 29.804228] ? tick_sched_handle+0x16d/0x180
[ 29.808611] kasan_end_report+0x47/0x4f
[ 29.812560] kasan_report.cold.7+0xc9/0x2f5
[ 29.816858] __asan_report_load8_noabort+0x14/0x20
[ 29.821760] tick_sched_handle+0x16d/0x180
[ 29.825970] tick_sched_timer+0x42/0x130
[ 29.830008] __hrtimer_run_queues+0x3e3/0x10a0
[ 29.834570] ? tick_sched_do_timer+0x100/0x100
[ 29.839126] ? hrtimer_start_range_ns+0xd10/0xd10
[ 29.843951] ? pvclock_read_flags+0x160/0x160
[ 29.848421] ? __local_bh_enable+0xef/0x130
[ 29.852717] ? kvm_clock_read+0x25/0x30
[ 29.856667] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 29.861658] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 29.866994] ? do_timer+0x50/0x50
[ 29.870427] ? rcu_nmi_exit+0xd7/0x2b0
[ 29.874294] ? do_raw_spin_lock+0xc1/0x200
[ 29.878504] hrtimer_interrupt+0x286/0x650
[ 29.882720] smp_apic_timer_interrupt+0x15d/0x710
[ 29.887535] ? smp_call_function_single_interrupt+0x650/0x650
[ 29.893392] ? _raw_spin_lock+0x32/0x40
[ 29.897340] ? _raw_spin_unlock+0x22/0x30
[ 29.901464] ? handle_edge_irq+0x330/0x870
[ 29.905677] ? task_prio+0x50/0x50
[ 29.909193] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 29.914028] apic_timer_interrupt+0xf/0x20
[ 29.918233]
[ 29.920447] RIP: 0010:memset_erms+0x0/0x10
[ 29.924652] RSP: 0018:ffff8801c54c7190 EFLAGS: 00000212 ORIG_RAX: ffffffffffffff13
[ 29.932332] RAX: 1ffff10038a98e39 RBX: ffffed0038a98e39 RCX: 0000000000000000
[ 29.939576] RDX: 000000000000000d RSI: 0000000000000000 RDI: ffffed0038a98e2c
[ 29.946820] RBP: ffff8801c54c71a8 R08: ffff8801c3f4e2c0 R09: 0000000000000000
[ 29.954065] R10: ffff8801c3f4e2c0 R11: 0000000000000000 R12: 0000000000000068
[ 29.961307] R13: 0000000000000005 R14: 0000000000000000 R15: 00000000ffffffa1
[ 29.968563] ? kasan_unpoison_shadow+0x35/0x50
[ 29.973119] __asan_allocas_unpoison+0x16/0x20
[ 29.977677] rtnl_newlink+0x1094/0x1a40
[ 29.981627] ? rtnl_link_unregister+0x370/0x370
[ 29.986273] ? kasan_check_read+0x11/0x20
[ 29.990396] ? rcu_is_watching+0x85/0x140
[ 29.994534] ? __lock_acquire+0x7f5/0x5130
[ 29.998746] ? graph_lock+0x170/0x170
[ 30.002530] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 30.008044] ? rtnl_get_link+0x164/0x350
[ 30.012080] ? rtnl_dump_all+0x5e0/0x5e0
[ 30.016122] ? rcu_is_watching+0x85/0x140
[ 30.020244] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 30.025411] ? __netlink_ns_capable+0x100/0x130
[ 30.030057] ? rtnl_link_unregister+0x370/0x370
[ 30.034699] rtnetlink_rcv_msg+0x466/0xc10
[ 30.038911] ? rtnetlink_put_metrics+0x690/0x690
[ 30.043642] netlink_rcv_skb+0x172/0x440
[ 30.047679] ? rtnetlink_put_metrics+0x690/0x690
[ 30.052411] ? netlink_ack+0xbc0/0xbc0
[ 30.056272] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 30.061437] ? netlink_skb_destructor+0x210/0x210
[ 30.066254] rtnetlink_rcv+0x1c/0x20
[ 30.069942] netlink_unicast+0x58b/0x740
[ 30.073980] ? netlink_attachskb+0x970/0x970
[ 30.078361] ? import_iovec+0x24b/0x420
[ 30.082310] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 30.087298] ? security_netlink_send+0x8f/0xc0
[ 30.091948] netlink_sendmsg+0x9d8/0xf80
[ 30.095984] ? netlink_unicast+0x740/0x740
[ 30.100198] ? security_socket_sendmsg+0x9b/0xd0
[ 30.104927] ? netlink_unicast+0x740/0x740
[ 30.109135] sock_sendmsg+0xd5/0x120
[ 30.112826] ___sys_sendmsg+0x805/0x940
[ 30.116777] ? copy_msghdr_from_user+0x560/0x560
[ 30.121507] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 30.126237] ? graph_lock+0x170/0x170
[ 30.130101] ? graph_lock+0x170/0x170
[ 30.133877] ? find_held_lock+0x36/0x1c0
[ 30.137913] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 30.143426] ? __fget_light+0x2ef/0x430
[ 30.147378] ? fget_raw+0x20/0x20
[ 30.150809] ? find_held_lock+0x36/0x1c0
[ 30.154843] ? lock_downgrade+0x8e0/0x8e0
[ 30.158965] ? handle_mm_fault+0x8c0/0xc70
[ 30.163175] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 30.168689] ? sockfd_lookup_light+0xc5/0x160
[ 30.173157] __sys_sendmsg+0x115/0x270
[ 30.177027] ? SyS_shutdown+0x30/0x30
[ 30.180804] ? __do_page_fault+0x441/0xe40
[ 30.185027] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 30.189846] SyS_sendmsg+0x29/0x30
[ 30.193358] ? __sys_sendmsg+0x270/0x270
[ 30.197393] do_syscall_64+0x29e/0x9d0
[ 30.201254] ? vmalloc_sync_all+0x30/0x30
[ 30.205376] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 30.210108] ? syscall_return_slowpath+0x5c0/0x5c0
[ 30.215015] ? syscall_return_slowpath+0x30f/0x5c0
[ 30.219923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 30.225434] ? retint_user+0x18/0x18
[ 30.229125] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 30.233944] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 30.239108] RIP: 0033:0x7fc685ccd320
[ 30.242792] RSP: 002b:00007ffd18914498 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 30.250471] RAX: ffffffffffffffda RBX: 00007ffd18918590 RCX: 00007fc685ccd320
[ 30.257714] RDX: 0000000000000000 RSI: 00007ffd189144d0 RDI: 0000000000000003
[ 30.264955] RBP: 00007ffd189144d0 R08: 0000000000000000 R09: 00007fc685d13c00
[ 30.272200] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005aca2b34
[ 30.279444] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffd18918d70
[ 30.287164] Dumping ftrace buffer:
[ 30.290677] (ftrace buffer empty)
[ 30.294362] Kernel Offset: disabled
[ 30.297963] Rebooting in 86400 seconds..