INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts.
2018/04/11 21:38:18 parsed 1 programs
2018/04/11 21:38:18 executed programs: 0
syzkaller login: [  113.329253] IPVS: ftp: loaded support on port[0] = 21
[  113.330862] IPVS: ftp: loaded support on port[0] = 21
[  113.344910] IPVS: ftp: loaded support on port[0] = 21
[  113.350874] IPVS: ftp: loaded support on port[0] = 21
[  113.353879] IPVS: ftp: loaded support on port[0] = 21
[  113.370239] IPVS: ftp: loaded support on port[0] = 21
[  113.390471] IPVS: ftp: loaded support on port[0] = 21
[  113.398295] IPVS: ftp: loaded support on port[0] = 21
[  114.445716] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  114.544837] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  114.557772] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  114.566771] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  114.577651] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  114.585767] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  114.630062] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  114.642151] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  116.369616] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  116.375743] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.485860] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  116.491985] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.557836] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  116.564041] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.576497] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  116.582630] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.616731] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  116.622952] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.652384] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  116.659177] ==================================================================
[  116.666682] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16d/0x180
[  116.673947] Read of size 8 at addr ffff8801cf88f1a0 by task ip/5634
[  116.680334] 
[  116.681945] CPU: 1 PID: 5634 Comm: ip Not tainted 4.16.0+ #2
[  116.687719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  116.697051] Call Trace:
[  116.699614]  <IRQ>
[  116.701753]  dump_stack+0x1b9/0x29f
[  116.705366]  ? arch_local_irq_restore+0x52/0x52
[  116.710023]  ? printk+0x9e/0xba
[  116.713285]  ? show_regs_print_info+0x18/0x18
[  116.717764]  ? kasan_check_write+0x14/0x20
[  116.722111]  print_address_description+0x6c/0x20b
[  116.726938]  ? tick_sched_handle+0x16d/0x180
[  116.731329]  kasan_report.cold.7+0xac/0x2f5
[  116.735636]  __asan_report_load8_noabort+0x14/0x20
[  116.740547]  tick_sched_handle+0x16d/0x180
[  116.744763]  tick_sched_timer+0x42/0x130
[  116.748808]  __hrtimer_run_queues+0x3e3/0x10a0
[  116.753376]  ? tick_sched_do_timer+0x100/0x100
[  116.757939]  ? hrtimer_start_range_ns+0xd10/0xd10
[  116.762768]  ? pvclock_read_flags+0x160/0x160
[  116.767250]  ? kvm_clock_read+0x25/0x30
[  116.771206]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  116.776205]  ? ktime_get_update_offsets_now+0x3d3/0x5c0
[  116.781553]  ? do_timer+0x50/0x50
[  116.784987]  ? rcu_nmi_exit+0xd7/0x2b0
[  116.788866]  ? do_raw_spin_lock+0xc1/0x200
[  116.793088]  hrtimer_interrupt+0x2f3/0x750
[  116.797314]  smp_apic_timer_interrupt+0x15d/0x710
[  116.802137]  ? smp_call_function_single_interrupt+0x650/0x650
[  116.808009]  ? _raw_spin_lock+0x32/0x40
[  116.811970]  ? _raw_spin_unlock+0x22/0x30
[  116.816099]  ? handle_edge_irq+0x330/0x870
[  116.820319]  ? task_prio+0x50/0x50
[  116.823855]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  116.828690]  apic_timer_interrupt+0xf/0x20
[  116.832903]  </IRQ>
[  116.835125] RIP: 0010:rtnl_newlink+0x108c/0x1a40
[  116.839859] RSP: 0018:ffff8801cf88f1c8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff12
[  116.847552] RAX: ffff8801b3d08280 RBX: 0000000000000000 RCX: 0000000000000000
[  116.854800] RDX: 0000000000000000 RSI: ffffffff85c03f2e RDI: ffff8801cf88f160
[  116.862050] RBP: ffff8801cf88f5f8 R08: ffff8801b3d08280 R09: 0000000000000000
[  116.869298] R10: ffffed0039f11d20 R11: 0000000000000003 R12: ffff8801cf88f5d0
[  116.876554] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[  116.883817]  ? rtnl_newlink+0x107e/0x1a40
[  116.887949]  ? rtnl_newlink+0x4e7/0x1a40
[  116.892014]  ? rtnl_link_unregister+0x370/0x370
[  116.896669]  ? kasan_check_read+0x11/0x20
[  116.900797]  ? rcu_is_watching+0x85/0x140
[  116.904936]  ? __lock_acquire+0x7f5/0x5130
[  116.909157]  ? graph_lock+0x170/0x170
[  116.912970]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  116.918489]  ? rtnl_get_link+0x164/0x350
[  116.922533]  ? rtnl_dump_all+0x5e0/0x5e0
[  116.926579]  ? rcu_is_watching+0x85/0x140
[  116.930713]  ? rcu_bh_force_quiescent_state+0x20/0x20
[  116.935888]  ? __netlink_ns_capable+0x100/0x130
[  116.940542]  ? rtnl_link_unregister+0x370/0x370
[  116.945193]  rtnetlink_rcv_msg+0x466/0xc10
[  116.949413]  ? rtnetlink_put_metrics+0x690/0x690
[  116.954159]  netlink_rcv_skb+0x172/0x440
[  116.958210]  ? rtnetlink_put_metrics+0x690/0x690
[  116.962951]  ? netlink_ack+0xbc0/0xbc0
[  116.966823]  ? rcu_bh_force_quiescent_state+0x20/0x20
[  116.971999]  ? netlink_skb_destructor+0x210/0x210
[  116.976834]  rtnetlink_rcv+0x1c/0x20
[  116.980528]  netlink_unicast+0x58b/0x740
[  116.984573]  ? netlink_attachskb+0x970/0x970
[  116.988962]  ? import_iovec+0x24b/0x420
[  116.992920]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  116.997925]  ? security_netlink_send+0x8f/0xc0
[  117.002493]  netlink_sendmsg+0x9d8/0xf80
[  117.006543]  ? netlink_unicast+0x740/0x740
[  117.010761]  ? security_socket_sendmsg+0x9b/0xd0
[  117.015502]  ? netlink_unicast+0x740/0x740
[  117.019721]  sock_sendmsg+0xd5/0x120
[  117.023419]  ___sys_sendmsg+0x805/0x940
[  117.027384]  ? copy_msghdr_from_user+0x560/0x560
[  117.032125]  ? vm_insert_mixed_mkwrite+0x40/0x40
[  117.036860]  ? graph_lock+0x170/0x170
[  117.040645]  ? graph_lock+0x170/0x170
[  117.044431]  ? find_held_lock+0x36/0x1c0
[  117.048476]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  117.053998]  ? __fget_light+0x2ef/0x430
[  117.057957]  ? fget_raw+0x20/0x20
[  117.061397]  ? find_held_lock+0x36/0x1c0
[  117.065448]  ? lock_downgrade+0x8e0/0x8e0
[  117.069584]  ? handle_mm_fault+0x8c0/0xc70
[  117.073804]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  117.079322]  ? sockfd_lookup_light+0xc5/0x160
[  117.083798]  __sys_sendmsg+0x115/0x270
[  117.087671]  ? SyS_shutdown+0x30/0x30
[  117.091460]  ? __do_page_fault+0x441/0xe40
[  117.095686]  ? syscall_slow_exit_work+0x4f0/0x4f0
[  117.100512]  SyS_sendmsg+0x29/0x30
[  117.104033]  ? __sys_sendmsg+0x270/0x270
[  117.108075]  do_syscall_64+0x29e/0x9d0
[  117.111944]  ? vmalloc_sync_all+0x30/0x30
[  117.116073]  ? syscall_slow_exit_work+0x4f0/0x4f0
[  117.120897]  ? syscall_return_slowpath+0x5c0/0x5c0
[  117.125808]  ? syscall_return_slowpath+0x30f/0x5c0
[  117.130720]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  117.136240]  ? retint_user+0x18/0x18
[  117.139943]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  117.144777]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  117.149950] RIP: 0033:0x7f638bb09320
[  117.153642] RSP: 002b:00007ffd653f8c58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  117.161332] RAX: ffffffffffffffda RBX: 00007ffd653fcd50 RCX: 00007f638bb09320
[  117.168584] RDX: 0000000000000000 RSI: 00007ffd653f8c90 RDI: 0000000000000003
[  117.175832] RBP: 00007ffd653f8c90 R08: 0000000000000000 R09: 0000000000000000
[  117.183082] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005ace804f
[  117.190854] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffd653fd528
[  117.198113] 
[  117.199720] The buggy address belongs to the page:
[  117.204632] page:ffffea00073e23c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[  117.212756] flags: 0x2fffc0000000000()
[  117.216628] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[  117.224495] raw: 0000000000000000 dead000000000101 0000000000000000 0000000000000000
[  117.232349] page dumped because: kasan: bad access detected
[  117.238042] 
[  117.239654] Memory state around the buggy address:
[  117.244564]  ffff8801cf88f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  117.251904]  ffff8801cf88f100: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
[  117.259243] >ffff8801cf88f180: 00 cb cb cb cb cb cb cb 00 00 00 00 00 00 00 00
[  117.266576]                                ^
[  117.270964]  ffff8801cf88f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[  117.278308]  ffff8801cf88f280: f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2
[  117.285642] ==================================================================
[  117.292979] Disabling lock debugging due to kernel taint
[  117.298405] Kernel panic - not syncing: panic_on_warn set ...
[  117.298405] 
[  117.305757] CPU: 1 PID: 5634 Comm: ip Tainted: G    B            4.16.0+ #2
[  117.312829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  117.322157] Call Trace:
[  117.324722]  <IRQ>
[  117.326856]  dump_stack+0x1b9/0x29f
[  117.330465]  ? arch_local_irq_restore+0x52/0x52
[  117.335116]  ? lock_downgrade+0x8e0/0x8e0
[  117.339243]  ? vprintk_default+0x28/0x30
[  117.343286]  ? tick_sched_handle+0xe0/0x180
[  117.347591]  panic+0x22f/0x4de
[  117.350764]  ? add_taint.cold.5+0x16/0x16
[  117.354893]  ? add_taint.cold.5+0x5/0x16
[  117.358934]  ? do_raw_spin_unlock+0x9e/0x2e0
[  117.363320]  ? tick_sched_handle+0x16d/0x180
[  117.367711]  kasan_end_report+0x47/0x4f
[  117.371670]  kasan_report.cold.7+0xc9/0x2f5
[  117.375974]  __asan_report_load8_noabort+0x14/0x20
[  117.380883]  tick_sched_handle+0x16d/0x180
[  117.385096]  tick_sched_timer+0x42/0x130
[  117.389139]  __hrtimer_run_queues+0x3e3/0x10a0
[  117.393701]  ? tick_sched_do_timer+0x100/0x100
[  117.398270]  ? hrtimer_start_range_ns+0xd10/0xd10
[  117.403094]  ? pvclock_read_flags+0x160/0x160
[  117.407568]  ? kvm_clock_read+0x25/0x30
[  117.411527]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  117.416525]  ? ktime_get_update_offsets_now+0x3d3/0x5c0
[  117.421870]  ? do_timer+0x50/0x50
[  117.425301]  ? rcu_nmi_exit+0xd7/0x2b0
[  117.429168]  ? do_raw_spin_lock+0xc1/0x200
[  117.433384]  hrtimer_interrupt+0x2f3/0x750
[  117.437603]  smp_apic_timer_interrupt+0x15d/0x710
[  117.442428]  ? smp_call_function_single_interrupt+0x650/0x650
[  117.448306]  ? _raw_spin_lock+0x32/0x40
[  117.452261]  ? _raw_spin_unlock+0x22/0x30
[  117.456390]  ? handle_edge_irq+0x330/0x870
[  117.460607]  ? task_prio+0x50/0x50
[  117.464132]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  117.468960]  apic_timer_interrupt+0xf/0x20
[  117.473168]  </IRQ>
[  117.475388] RIP: 0010:rtnl_newlink+0x108c/0x1a40
[  117.480121] RSP: 0018:ffff8801cf88f1c8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff12
[  117.487807] RAX: ffff8801b3d08280 RBX: 0000000000000000 RCX: 0000000000000000
[  117.495057] RDX: 0000000000000000 RSI: ffffffff85c03f2e RDI: ffff8801cf88f160
[  117.502306] RBP: ffff8801cf88f5f8 R08: ffff8801b3d08280 R09: 0000000000000000
[  117.509555] R10: ffffed0039f11d20 R11: 0000000000000003 R12: ffff8801cf88f5d0
[  117.516803] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[  117.524147]  ? rtnl_newlink+0x107e/0x1a40
[  117.528277]  ? rtnl_newlink+0x4e7/0x1a40
[  117.532321]  ? rtnl_link_unregister+0x370/0x370
[  117.536971]  ? kasan_check_read+0x11/0x20
[  117.541098]  ? rcu_is_watching+0x85/0x140
[  117.545229]  ? __lock_acquire+0x7f5/0x5130
[  117.549446]  ? graph_lock+0x170/0x170
[  117.553240]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  117.558755]  ? rtnl_get_link+0x164/0x350
[  117.562796]  ? rtnl_dump_all+0x5e0/0x5e0
[  117.566837]  ? rcu_is_watching+0x85/0x140
[  117.570969]  ? rcu_bh_force_quiescent_state+0x20/0x20
[  117.576141]  ? __netlink_ns_capable+0x100/0x130
[  117.580792]  ? rtnl_link_unregister+0x370/0x370
[  117.585444]  rtnetlink_rcv_msg+0x466/0xc10
[  117.589660]  ? rtnetlink_put_metrics+0x690/0x690
[  117.594401]  netlink_rcv_skb+0x172/0x440
[  117.598441]  ? rtnetlink_put_metrics+0x690/0x690
[  117.603178]  ? netlink_ack+0xbc0/0xbc0
[  117.607050]  ? rcu_bh_force_quiescent_state+0x20/0x20
[  117.612221]  ? netlink_skb_destructor+0x210/0x210
[  117.617043]  rtnetlink_rcv+0x1c/0x20
[  117.620737]  netlink_unicast+0x58b/0x740
[  117.624778]  ? netlink_attachskb+0x970/0x970
[  117.629166]  ? import_iovec+0x24b/0x420
[  117.633121]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  117.638117]  ? security_netlink_send+0x8f/0xc0
[  117.642678]  netlink_sendmsg+0x9d8/0xf80
[  117.646724]  ? netlink_unicast+0x740/0x740
[  117.650943]  ? security_socket_sendmsg+0x9b/0xd0
[  117.655677]  ? netlink_unicast+0x740/0x740
[  117.659894]  sock_sendmsg+0xd5/0x120
[  117.663586]  ___sys_sendmsg+0x805/0x940
[  117.667539]  ? copy_msghdr_from_user+0x560/0x560
[  117.672279]  ? vm_insert_mixed_mkwrite+0x40/0x40
[  117.677015]  ? graph_lock+0x170/0x170
[  117.680797]  ? graph_lock+0x170/0x170
[  117.684580]  ? find_held_lock+0x36/0x1c0
[  117.688621]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  117.694136]  ? __fget_light+0x2ef/0x430
[  117.698090]  ? fget_raw+0x20/0x20
[  117.701527]  ? find_held_lock+0x36/0x1c0
[  117.705571]  ? lock_downgrade+0x8e0/0x8e0
[  117.709698]  ? handle_mm_fault+0x8c0/0xc70
[  117.713914]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  117.719432]  ? sockfd_lookup_light+0xc5/0x160
[  117.723911]  __sys_sendmsg+0x115/0x270
[  117.727780]  ? SyS_shutdown+0x30/0x30
[  117.731563]  ? __do_page_fault+0x441/0xe40
[  117.735785]  ? syscall_slow_exit_work+0x4f0/0x4f0
[  117.740606]  SyS_sendmsg+0x29/0x30
[  117.744122]  ? __sys_sendmsg+0x270/0x270
[  117.748163]  do_syscall_64+0x29e/0x9d0
[  117.752028]  ? vmalloc_sync_all+0x30/0x30
[  117.756160]  ? syscall_slow_exit_work+0x4f0/0x4f0
[  117.760981]  ? syscall_return_slowpath+0x5c0/0x5c0
[  117.765978]  ? syscall_return_slowpath+0x30f/0x5c0
[  117.770889]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  117.776408]  ? retint_user+0x18/0x18
[  117.780104]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  117.784936]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  117.790106] RIP: 0033:0x7f638bb09320
[  117.793795] RSP: 002b:00007ffd653f8c58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  117.801483] RAX: ffffffffffffffda RBX: 00007ffd653fcd50 RCX: 00007f638bb09320
[  117.808735] RDX: 0000000000000000 RSI: 00007ffd653f8c90 RDI: 0000000000000003
[  117.815983] RBP: 00007ffd653f8c90 R08: 0000000000000000 R09: 0000000000000000
[  117.823230] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005ace804f
[  117.830482] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffd653fd528
[  117.838301] Dumping ftrace buffer:
[  117.841835]    (ftrace buffer empty)
[  117.845529] Kernel Offset: disabled
[  117.849135] Rebooting in 86400 seconds..