INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts.
2018/04/08 04:31:21 parsed 1 programs
2018/04/08 04:31:21 executed programs: 0
syzkaller login: [ 30.146711] IPVS: ftp: loaded support on port[0] = 21
[ 30.152254] IPVS: ftp: loaded support on port[0] = 21
[ 30.186774] IPVS: ftp: loaded support on port[0] = 21
[ 30.191941] IPVS: ftp: loaded support on port[0] = 21
[ 30.218455] IPVS: ftp: loaded support on port[0] = 21
[ 30.222918] IPVS: ftp: loaded support on port[0] = 21
[ 30.273436] IPVS: ftp: loaded support on port[0] = 21
[ 30.273528] IPVS: ftp: loaded support on port[0] = 21
[ 31.803367] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 31.968581] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 31.986320] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 31.994707] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 32.014998] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 32.079655] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 32.132534] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 32.186875] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 33.987269] ==================================================================
[ 33.994880] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16d/0x180
[ 34.002159] Read of size 8 at addr ffff8801b3cb71a0 by task ip/5476
[ 34.008543]
[ 34.010153] CPU: 0 PID: 5476 Comm: ip Not tainted 4.16.0+ #4
[ 34.015922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.025253] Call Trace:
[ 34.027812]
[ 34.029951] dump_stack+0x1b9/0x294
[ 34.033562] ? dump_stack_print_info.cold.2+0x52/0x52
[ 34.038735] ? printk+0x9e/0xba
[ 34.042013] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 34.046757] ? kasan_check_write+0x14/0x20
[ 34.050972] print_address_description+0x6c/0x20b
[ 34.055799] ? tick_sched_handle+0x16d/0x180
[ 34.060187] kasan_report.cold.7+0xac/0x2f5
[ 34.064490] __asan_report_load8_noabort+0x14/0x20
[ 34.069403] tick_sched_handle+0x16d/0x180
[ 34.073618] tick_sched_timer+0x42/0x130
[ 34.077658] __hrtimer_run_queues+0x3e3/0x10a0
[ 34.082227] ? tick_sched_do_timer+0x100/0x100
[ 34.086794] ? hrtimer_start_range_ns+0xd10/0xd10
[ 34.091627] ? pvclock_read_flags+0x160/0x160
[ 34.096105] ? __local_bh_enable+0xef/0x130
[ 34.100408] ? kvm_clock_read+0x25/0x30
[ 34.104367] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 34.109382] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 34.114725] ? do_timer+0x50/0x50
[ 34.118157] ? rcu_nmi_exit+0xd7/0x2b0
[ 34.122039] ? do_raw_spin_lock+0xc1/0x200
[ 34.126607] hrtimer_interrupt+0x286/0x650
[ 34.130832] smp_apic_timer_interrupt+0x15d/0x710
[ 34.135656] ? smp_call_function_single_interrupt+0x650/0x650
[ 34.141521] ? _raw_spin_lock+0x32/0x40
[ 34.145479] ? _raw_spin_unlock+0x22/0x30
[ 34.149613] ? handle_edge_irq+0x330/0x870
[ 34.153832] ? task_prio+0x50/0x50
[ 34.157356] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.162199] apic_timer_interrupt+0xf/0x20
[ 34.166408]
[ 34.168628] RIP: 0010:rtnl_newlink+0x1085/0x1a40
[ 34.173357] RSP: 0018:ffff8801b3cb71c8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 34.181048] RAX: ffff8801b333c740 RBX: 0000000000000000 RCX: 0000000000000000
[ 34.188296] RDX: 0000000000000000 RSI: ffffffff85c14f2e RDI: ffffed0036796e18
[ 34.195543] RBP: ffff8801b3cb75f8 R08: ffff8801b333c740 R09: 0000000000000000
[ 34.202788] R10: ffffed0036796d20 R11: 0000000000000003 R12: ffff8801b3cb75d0
[ 34.210040] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[ 34.217308] ? rtnl_newlink+0x107e/0x1a40
[ 34.221446] ? rtnl_newlink+0x4e7/0x1a40
[ 34.225498] ? rtnl_link_unregister+0x370/0x370
[ 34.230148] ? kasan_check_read+0x11/0x20
[ 34.234283] ? rcu_is_watching+0x85/0x140
[ 34.238411] ? __lock_acquire+0x7f5/0x5130
[ 34.242625] ? graph_lock+0x170/0x170
[ 34.246420] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 34.251935] ? rtnl_get_link+0x164/0x350
[ 34.255975] ? rtnl_dump_all+0x5e0/0x5e0
[ 34.260017] ? rcu_is_watching+0x85/0x140
[ 34.264150] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 34.269318] ? __netlink_ns_capable+0x100/0x130
[ 34.273967] ? rtnl_link_unregister+0x370/0x370
[ 34.278614] rtnetlink_rcv_msg+0x466/0xc10
[ 34.282828] ? rtnetlink_put_metrics+0x690/0x690
[ 34.287572] netlink_rcv_skb+0x172/0x440
[ 34.291611] ? rtnetlink_put_metrics+0x690/0x690
[ 34.296348] ? netlink_ack+0xbc0/0xbc0
[ 34.300231] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 34.305415] ? netlink_skb_destructor+0x210/0x210
[ 34.310244] rtnetlink_rcv+0x1c/0x20
[ 34.313939] netlink_unicast+0x58b/0x740
[ 34.317985] ? netlink_attachskb+0x970/0x970
[ 34.322375] ? import_iovec+0x24b/0x420
[ 34.326337] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 34.331334] ? security_netlink_send+0x8f/0xc0
[ 34.335900] netlink_sendmsg+0x9d8/0xf80
[ 34.339947] ? netlink_unicast+0x740/0x740
[ 34.344165] ? security_socket_sendmsg+0x9b/0xd0
[ 34.348899] ? netlink_unicast+0x740/0x740
[ 34.353117] sock_sendmsg+0xd5/0x120
[ 34.356829] ___sys_sendmsg+0x805/0x940
[ 34.360785] ? copy_msghdr_from_user+0x560/0x560
[ 34.365523] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 34.370261] ? graph_lock+0x170/0x170
[ 34.374051] ? graph_lock+0x170/0x170
[ 34.377829] ? find_held_lock+0x36/0x1c0
[ 34.381872] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.387388] ? __fget_light+0x2ef/0x430
[ 34.391341] ? fget_raw+0x20/0x20
[ 34.394777] ? find_held_lock+0x36/0x1c0
[ 34.398823] ? lock_downgrade+0x8e0/0x8e0
[ 34.402971] ? handle_mm_fault+0x8c0/0xc70
[ 34.407192] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 34.412711] ? sockfd_lookup_light+0xc5/0x160
[ 34.417184] __sys_sendmsg+0x115/0x270
[ 34.421054] ? SyS_shutdown+0x30/0x30
[ 34.424837] ? __do_page_fault+0x441/0xe40
[ 34.429062] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 34.433886] SyS_sendmsg+0x29/0x30
[ 34.437404] ? __sys_sendmsg+0x270/0x270
[ 34.441444] do_syscall_64+0x29e/0x9d0
[ 34.445309] ? vmalloc_sync_all+0x30/0x30
[ 34.449438] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 34.454260] ? syscall_return_slowpath+0x5c0/0x5c0
[ 34.459172] ? syscall_return_slowpath+0x30f/0x5c0
[ 34.464092] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.469608] ? retint_user+0x18/0x18
[ 34.473305] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.478132] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 34.483300] RIP: 0033:0x7f3f6b502320
[ 34.486989] RSP: 002b:00007ffe8c017868 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 34.494680] RAX: ffffffffffffffda RBX: 00007ffe8c01b960 RCX: 00007f3f6b502320
[ 34.501939] RDX: 0000000000000000 RSI: 00007ffe8c0178a0 RDI: 0000000000000003
[ 34.509187] RBP: 00007ffe8c0178a0 R08: 0000000000000000 R09: 0000000000000000
[ 34.516435] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005ac99b1f
[ 34.523685] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffe8c01c138
[ 34.530937]
[ 34.532540] The buggy address belongs to the page:
[ 34.537446] page:ffffea0006cf2dc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 34.545581] flags: 0x2fffc0000000000()
[ 34.549450] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 34.557313] raw: 0000000000000000 ffffea0006cf0101 0000000000000000 0000000000000000
[ 34.565266] page dumped because: kasan: bad access detected
[ 34.570949]
[ 34.572551] Memory state around the buggy address:
[ 34.577458] ffff8801b3cb7080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 34.584801] ffff8801b3cb7100: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
[ 34.592149] >ffff8801b3cb7180: 00 cb cb cb cb cb cb cb 00 00 00 00 00 00 00 00
[ 34.599483] ^
[ 34.603869] ffff8801b3cb7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 34.611206] ffff8801b3cb7280: f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2
[ 34.618540] ==================================================================
[ 34.625875] Disabling lock debugging due to kernel taint
[ 34.631298] Kernel panic - not syncing: panic_on_warn set ...
[ 34.631298]
[ 34.638640] CPU: 0 PID: 5476 Comm: ip Tainted: G B 4.16.0+ #4
[ 34.645712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.655044] Call Trace:
[ 34.657608]
[ 34.659748] dump_stack+0x1b9/0x294
[ 34.663356] ? dump_stack_print_info.cold.2+0x52/0x52
[ 34.668531] ? lock_downgrade+0x8e0/0x8e0
[ 34.672657] ? vprintk_default+0x28/0x30
[ 34.676701] ? tick_sched_handle+0x100/0x180
[ 34.681090] panic+0x22f/0x4de
[ 34.684261] ? add_taint.cold.5+0x16/0x16
[ 34.688386] ? add_taint.cold.5+0x5/0x16
[ 34.692425] ? do_raw_spin_unlock+0x9e/0x2e0
[ 34.696813] ? tick_sched_handle+0x16d/0x180
[ 34.701200] kasan_end_report+0x47/0x4f
[ 34.705155] kasan_report.cold.7+0xc9/0x2f5
[ 34.709457] __asan_report_load8_noabort+0x14/0x20
[ 34.714364] tick_sched_handle+0x16d/0x180
[ 34.718582] tick_sched_timer+0x42/0x130
[ 34.722622] __hrtimer_run_queues+0x3e3/0x10a0
[ 34.727184] ? tick_sched_do_timer+0x100/0x100
[ 34.731742] ? hrtimer_start_range_ns+0xd10/0xd10
[ 34.736562] ? pvclock_read_flags+0x160/0x160
[ 34.741046] ? __local_bh_enable+0xef/0x130
[ 34.745345] ? kvm_clock_read+0x25/0x30
[ 34.749296] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 34.754290] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 34.759632] ? do_timer+0x50/0x50
[ 34.763068] ? rcu_nmi_exit+0xd7/0x2b0
[ 34.766942] ? do_raw_spin_lock+0xc1/0x200
[ 34.771160] hrtimer_interrupt+0x286/0x650
[ 34.775376] smp_apic_timer_interrupt+0x15d/0x710
[ 34.780195] ? smp_call_function_single_interrupt+0x650/0x650
[ 34.786061] ? _raw_spin_lock+0x32/0x40
[ 34.790021] ? _raw_spin_unlock+0x22/0x30
[ 34.794151] ? handle_edge_irq+0x330/0x870
[ 34.798370] ? task_prio+0x50/0x50
[ 34.801891] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.806714] apic_timer_interrupt+0xf/0x20
[ 34.810921]
[ 34.813141] RIP: 0010:rtnl_newlink+0x1085/0x1a40
[ 34.817869] RSP: 0018:ffff8801b3cb71c8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 34.825556] RAX: ffff8801b333c740 RBX: 0000000000000000 RCX: 0000000000000000
[ 34.832817] RDX: 0000000000000000 RSI: ffffffff85c14f2e RDI: ffffed0036796e18
[ 34.840067] RBP: ffff8801b3cb75f8 R08: ffff8801b333c740 R09: 0000000000000000
[ 34.847311] R10: ffffed0036796d20 R11: 0000000000000003 R12: ffff8801b3cb75d0
[ 34.854555] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[ 34.861814] ? rtnl_newlink+0x107e/0x1a40
[ 34.865941] ? rtnl_newlink+0x4e7/0x1a40
[ 34.869982] ? rtnl_link_unregister+0x370/0x370
[ 34.874630] ? kasan_check_read+0x11/0x20
[ 34.878771] ? rcu_is_watching+0x85/0x140
[ 34.882896] ? __lock_acquire+0x7f5/0x5130
[ 34.887109] ? graph_lock+0x170/0x170
[ 34.890898] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 34.896412] ? rtnl_get_link+0x164/0x350
[ 34.900454] ? rtnl_dump_all+0x5e0/0x5e0
[ 34.904491] ? rcu_is_watching+0x85/0x140
[ 34.908616] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 34.913785] ? __netlink_ns_capable+0x100/0x130
[ 34.918439] ? rtnl_link_unregister+0x370/0x370
[ 34.923098] rtnetlink_rcv_msg+0x466/0xc10
[ 34.927310] ? rtnetlink_put_metrics+0x690/0x690
[ 34.932049] netlink_rcv_skb+0x172/0x440
[ 34.936100] ? rtnetlink_put_metrics+0x690/0x690
[ 34.940836] ? netlink_ack+0xbc0/0xbc0
[ 34.944701] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 34.949869] ? netlink_skb_destructor+0x210/0x210
[ 34.954690] rtnetlink_rcv+0x1c/0x20
[ 34.958380] netlink_unicast+0x58b/0x740
[ 34.962421] ? netlink_attachskb+0x970/0x970
[ 34.966811] ? import_iovec+0x24b/0x420
[ 34.970764] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 34.975756] ? security_netlink_send+0x8f/0xc0
[ 34.980315] netlink_sendmsg+0x9d8/0xf80
[ 34.984353] ? netlink_unicast+0x740/0x740
[ 34.988567] ? security_socket_sendmsg+0x9b/0xd0
[ 34.993301] ? netlink_unicast+0x740/0x740
[ 34.997520] sock_sendmsg+0xd5/0x120
[ 35.001213] ___sys_sendmsg+0x805/0x940
[ 35.005167] ? copy_msghdr_from_user+0x560/0x560
[ 35.009902] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 35.014636] ? graph_lock+0x170/0x170
[ 35.018414] ? graph_lock+0x170/0x170
[ 35.022193] ? find_held_lock+0x36/0x1c0
[ 35.026233] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.031747] ? __fget_light+0x2ef/0x430
[ 35.035698] ? fget_raw+0x20/0x20
[ 35.039132] ? find_held_lock+0x36/0x1c0
[ 35.043172] ? lock_downgrade+0x8e0/0x8e0
[ 35.047297] ? handle_mm_fault+0x8c0/0xc70
[ 35.051516] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 35.057041] ? sockfd_lookup_light+0xc5/0x160
[ 35.061516] __sys_sendmsg+0x115/0x270
[ 35.065379] ? SyS_shutdown+0x30/0x30
[ 35.069177] ? __do_page_fault+0x441/0xe40
[ 35.073398] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 35.078227] SyS_sendmsg+0x29/0x30
[ 35.081747] ? __sys_sendmsg+0x270/0x270
[ 35.085796] do_syscall_64+0x29e/0x9d0
[ 35.089662] ? vmalloc_sync_all+0x30/0x30
[ 35.093787] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 35.098628] ? syscall_return_slowpath+0x5c0/0x5c0
[ 35.103536] ? syscall_return_slowpath+0x30f/0x5c0
[ 35.108446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.113961] ? retint_user+0x18/0x18
[ 35.117652] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.122472] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 35.127638] RIP: 0033:0x7f3f6b502320
[ 35.131323] RSP: 002b:00007ffe8c017868 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 35.139009] RAX: ffffffffffffffda RBX: 00007ffe8c01b960 RCX: 00007f3f6b502320
[ 35.146262] RDX: 0000000000000000 RSI: 00007ffe8c0178a0 RDI: 0000000000000003
[ 35.153509] RBP: 00007ffe8c0178a0 R08: 0000000000000000 R09: 0000000000000000
[ 35.160756] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005ac99b1f
[ 35.168004] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffe8c01c138
[ 35.175748] Dumping ftrace buffer:
[ 35.179270] (ftrace buffer empty)
[ 35.182954] Kernel Offset: disabled
[ 35.186560] Rebooting in 86400 seconds..