INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts.
2018/04/12 05:21:43 parsed 1 programs
2018/04/12 05:21:43 executed programs: 0
syzkaller login: [ 29.939868] IPVS: ftp: loaded support on port[0] = 21
[ 29.944976] IPVS: ftp: loaded support on port[0] = 21
[ 29.965695] IPVS: ftp: loaded support on port[0] = 21
[ 29.976603] IPVS: ftp: loaded support on port[0] = 21
[ 29.981673] IPVS: ftp: loaded support on port[0] = 21
[ 29.988173] IPVS: ftp: loaded support on port[0] = 21
[ 29.993765] IPVS: ftp: loaded support on port[0] = 21
[ 30.012884] IPVS: ftp: loaded support on port[0] = 21
[ 30.695135] ==================================================================
[ 30.702670] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16d/0x180
[ 30.709944] Read of size 8 at addr ffff8801d8f9f1a0 by task ip/4690
[ 30.716340]
[ 30.717970] CPU: 1 PID: 4690 Comm: ip Not tainted 4.16.0+ #17
[ 30.723845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 30.733201] Call Trace:
[ 30.735782]
[ 30.737931] dump_stack+0x1b9/0x294
[ 30.741555] ? dump_stack_print_info.cold.2+0x52/0x52
[ 30.746743] ? printk+0x9e/0xba
[ 30.750016] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 30.754775] ? kasan_check_write+0x14/0x20
[ 30.759010] print_address_description+0x6c/0x20b
[ 30.763854] ? tick_sched_handle+0x16d/0x180
[ 30.768261] kasan_report.cold.7+0xac/0x2f5
[ 30.772598] __asan_report_load8_noabort+0x14/0x20
[ 30.777528] tick_sched_handle+0x16d/0x180
[ 30.781772] tick_sched_timer+0x42/0x130
[ 30.785843] __hrtimer_run_queues+0x3e3/0x10a0
[ 30.790430] ? tick_sched_do_timer+0x100/0x100
[ 30.795008] ? hrtimer_start_range_ns+0xd10/0xd10
[ 30.799849] ? pvclock_read_flags+0x160/0x160
[ 30.804353] ? __local_bh_enable+0xef/0x130
[ 30.808673] ? kvm_clock_read+0x25/0x30
[ 30.812645] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 30.817662] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 30.823020] ? do_timer+0x50/0x50
[ 30.826467] ? rcu_nmi_exit+0xd7/0x2b0
[ 30.830362] ? do_raw_spin_lock+0xc1/0x200
[ 30.834608] hrtimer_interrupt+0x286/0x650
[ 30.838848] smp_apic_timer_interrupt+0x15d/0x710
[ 30.843696] ? smp_call_function_single_interrupt+0x650/0x650
[ 30.849591] ? _raw_spin_lock+0x32/0x40
[ 30.853566] ? _raw_spin_unlock+0x22/0x30
[ 30.857719] ? handle_edge_irq+0x330/0x870
[ 30.861983] ? task_prio+0x50/0x50
[ 30.865533] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 30.870390] apic_timer_interrupt+0xf/0x20
[ 30.874614]
[ 30.876844] RIP: 0010:__asan_allocas_unpoison+0x0/0x20
[ 30.882105] RSP: 0018:ffff8801d8f9f1c0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 30.889806] RAX: ffff8801b14e6500 RBX: 00000000b3d10200 RCX: ffffffff85c67fa4
[ 30.897071] RDX: 0000000000000000 RSI: ffff8801d8f9f1c8 RDI: ffff8801d8f9f160
[ 30.904336] RBP: ffff8801d8f9f5f8 R08: ffff8801b14e6500 R09: ffffed003b1f3e10
[ 30.911614] R10: ffffed003b1f3e10 R11: 0000000000000003 R12: ffff8801d8f9f5d0
[ 30.918879] R13: 0000000000000000 R14: ffffffff8958b7c0 R15: 0000000000000000
[ 30.926165] ? rtnl_newlink+0x1064/0x1a40
[ 30.930335] ? rtnl_newlink+0x1094/0x1a40
[ 30.934504] ? rtnl_link_unregister+0x370/0x370
[ 30.939180] ? kasan_check_read+0x11/0x20
[ 30.943339] ? rcu_is_watching+0x85/0x140
[ 30.947491] ? __lock_acquire+0x7f5/0x5130
[ 30.951718] ? graph_lock+0x170/0x170
[ 30.955553] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 30.961088] ? rtnl_get_link+0x164/0x350
[ 30.965142] ? rtnl_dump_all+0x5e0/0x5e0
[ 30.969194] ? rcu_is_watching+0x85/0x140
[ 30.973344] ? __netlink_ns_capable+0x100/0x130
[ 30.978015] ? rtnl_link_unregister+0x370/0x370
[ 30.982679] rtnetlink_rcv_msg+0x466/0xc10
[ 30.986911] ? rtnetlink_put_metrics+0x690/0x690
[ 30.991677] netlink_rcv_skb+0x172/0x440
[ 30.995756] ? rtnetlink_put_metrics+0x690/0x690
[ 31.000522] ? netlink_ack+0xbc0/0xbc0
[ 31.004415] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 31.009621] ? netlink_skb_destructor+0x210/0x210
[ 31.014479] rtnetlink_rcv+0x1c/0x20
[ 31.018197] netlink_unicast+0x58b/0x740
[ 31.022258] ? netlink_attachskb+0x970/0x970
[ 31.026662] ? import_iovec+0x24b/0x420
[ 31.030632] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 31.035650] ? security_netlink_send+0x88/0xb0
[ 31.040235] netlink_sendmsg+0x9f0/0xfa0
[ 31.044320] ? netlink_unicast+0x740/0x740
[ 31.048559] ? security_socket_sendmsg+0x94/0xc0
[ 31.053313] ? netlink_unicast+0x740/0x740
[ 31.057553] sock_sendmsg+0xd5/0x120
[ 31.061270] ___sys_sendmsg+0x805/0x940
[ 31.065245] ? copy_msghdr_from_user+0x560/0x560
[ 31.069996] ? save_stack+0xa9/0xd0
[ 31.073616] ? save_stack+0x43/0xd0
[ 31.077235] ? __kasan_slab_free+0x11a/0x170
[ 31.081639] ? kasan_slab_free+0xe/0x10
[ 31.085607] ? do_sys_open+0x57f/0x770
[ 31.089486] ? SyS_open+0x2d/0x40
[ 31.092932] ? do_syscall_64+0x29e/0x9d0
[ 31.096985] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 31.102363] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 31.107902] ? __fget_light+0x2ef/0x430
[ 31.111872] ? fget_raw+0x20/0x20
[ 31.115328] ? kasan_check_write+0x14/0x20
[ 31.119566] ? do_raw_spin_lock+0xc1/0x200
[ 31.123811] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 31.128914] ? debug_check_no_obj_freed+0x2ff/0x584
[ 31.133930] ? kasan_check_read+0x11/0x20
[ 31.138078] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 31.143623] ? sockfd_lookup_light+0xc5/0x160
[ 31.148121] __sys_sendmsg+0x115/0x270
[ 31.152004] ? SyS_shutdown+0x30/0x30
[ 31.155801] ? kmem_cache_free+0x25c/0x2d0
[ 31.160030] ? putname+0xf7/0x130
[ 31.163502] ? do_sys_open+0x3b7/0x770
[ 31.167401] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 31.172242] SyS_sendmsg+0x29/0x30
[ 31.175782] ? __sys_sendmsg+0x270/0x270
[ 31.179843] do_syscall_64+0x29e/0x9d0
[ 31.183736] ? vmalloc_sync_all+0x30/0x30
[ 31.187886] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 31.192635] ? syscall_return_slowpath+0x5c0/0x5c0
[ 31.197563] ? syscall_return_slowpath+0x30f/0x5c0
[ 31.202494] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[ 31.207856] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 31.212694] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 31.217878] RIP: 0033:0x7ff5ac31d320
[ 31.221581] RSP: 002b:00007ffdb251cf58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 31.229310] RAX: ffffffffffffffda RBX: 00007ffdb2521050 RCX: 00007ff5ac31d320
[ 31.236578] RDX: 0000000000000000 RSI: 00007ffdb251cf90 RDI: 0000000000000003
[ 31.243840] RBP: 00007ffdb251cf90 R08: 0000000000000000 R09: 00007ff5ac5cc0b0
[ 31.251103] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005aceecea
[ 31.258369] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffdb2521830
[ 31.265652]
[ 31.267279] The buggy address belongs to the page:
[ 31.272200] page:ffffea000763e7c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 31.280337] flags: 0x2fffc0000000000()
[ 31.284220] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 31.292092] raw: 0000000000000000 ffffea0007630101 0000000000000000 0000000000000000
[ 31.299980] page dumped because: kasan: bad access detected
[ 31.305680]
[ 31.307301] Memory state around the buggy address:
[ 31.312221] ffff8801d8f9f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 31.319574] ffff8801d8f9f100: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
[ 31.326937] >ffff8801d8f9f180: 00 cb cb cb cb cb cb cb 00 00 00 00 00 00 00 00
[ 31.334293] ^
[ 31.338707] ffff8801d8f9f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 31.346072] ffff8801d8f9f280: f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2
[ 31.353420] ==================================================================
[ 31.360773] Disabling lock debugging due to kernel taint
[ 31.366208] Kernel panic - not syncing: panic_on_warn set ...
[ 31.366208]
[ 31.373570] CPU: 1 PID: 4690 Comm: ip Tainted: G B 4.16.0+ #17
[ 31.380752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 31.390092] Call Trace:
[ 31.392663]
[ 31.394811] dump_stack+0x1b9/0x294
[ 31.398428] ? dump_stack_print_info.cold.2+0x52/0x52
[ 31.403597] ? lock_downgrade+0x8e0/0x8e0
[ 31.407726] ? vprintk_default+0x28/0x30
[ 31.411775] ? tick_sched_handle+0xb0/0x180
[ 31.416084] panic+0x22f/0x4de
[ 31.419267] ? add_taint.cold.5+0x16/0x16
[ 31.423408] ? add_taint.cold.5+0x5/0x16
[ 31.427494] ? do_raw_spin_unlock+0x9e/0x2e0
[ 31.431892] ? tick_sched_handle+0x16d/0x180
[ 31.436291] kasan_end_report+0x47/0x4f
[ 31.440259] kasan_report.cold.7+0xc9/0x2f5
[ 31.444575] __asan_report_load8_noabort+0x14/0x20
[ 31.449515] tick_sched_handle+0x16d/0x180
[ 31.453752] tick_sched_timer+0x42/0x130
[ 31.457816] __hrtimer_run_queues+0x3e3/0x10a0
[ 31.462404] ? tick_sched_do_timer+0x100/0x100
[ 31.466986] ? hrtimer_start_range_ns+0xd10/0xd10
[ 31.471822] ? pvclock_read_flags+0x160/0x160
[ 31.476318] ? __local_bh_enable+0xef/0x130
[ 31.480645] ? kvm_clock_read+0x25/0x30
[ 31.484625] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 31.489644] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 31.495002] ? do_timer+0x50/0x50
[ 31.498476] ? rcu_nmi_exit+0xd7/0x2b0
[ 31.502365] ? do_raw_spin_lock+0xc1/0x200
[ 31.506607] hrtimer_interrupt+0x286/0x650
[ 31.510835] smp_apic_timer_interrupt+0x15d/0x710
[ 31.515678] ? smp_call_function_single_interrupt+0x650/0x650
[ 31.521571] ? _raw_spin_lock+0x32/0x40
[ 31.525548] ? _raw_spin_unlock+0x22/0x30
[ 31.529690] ? handle_edge_irq+0x330/0x870
[ 31.533920] ? task_prio+0x50/0x50
[ 31.537460] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 31.542309] apic_timer_interrupt+0xf/0x20
[ 31.546534]
[ 31.548768] RIP: 0010:__asan_allocas_unpoison+0x0/0x20
[ 31.554024] RSP: 0018:ffff8801d8f9f1c0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 31.561722] RAX: ffff8801b14e6500 RBX: 00000000b3d10200 RCX: ffffffff85c67fa4
[ 31.568979] RDX: 0000000000000000 RSI: ffff8801d8f9f1c8 RDI: ffff8801d8f9f160
[ 31.576237] RBP: ffff8801d8f9f5f8 R08: ffff8801b14e6500 R09: ffffed003b1f3e10
[ 31.583505] R10: ffffed003b1f3e10 R11: 0000000000000003 R12: ffff8801d8f9f5d0
[ 31.590763] R13: 0000000000000000 R14: ffffffff8958b7c0 R15: 0000000000000000
[ 31.598033] ? rtnl_newlink+0x1064/0x1a40
[ 31.602176] ? rtnl_newlink+0x1094/0x1a40
[ 31.606323] ? rtnl_link_unregister+0x370/0x370
[ 31.610989] ? kasan_check_read+0x11/0x20
[ 31.615133] ? rcu_is_watching+0x85/0x140
[ 31.619305] ? __lock_acquire+0x7f5/0x5130
[ 31.623544] ? graph_lock+0x170/0x170
[ 31.627363] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 31.632908] ? rtnl_get_link+0x164/0x350
[ 31.636961] ? rtnl_dump_all+0x5e0/0x5e0
[ 31.641014] ? rcu_is_watching+0x85/0x140
[ 31.645155] ? __netlink_ns_capable+0x100/0x130
[ 31.649818] ? rtnl_link_unregister+0x370/0x370
[ 31.654489] rtnetlink_rcv_msg+0x466/0xc10
[ 31.658727] ? rtnetlink_put_metrics+0x690/0x690
[ 31.663486] netlink_rcv_skb+0x172/0x440
[ 31.667546] ? rtnetlink_put_metrics+0x690/0x690
[ 31.672290] ? netlink_ack+0xbc0/0xbc0
[ 31.676162] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 31.681338] ? netlink_skb_destructor+0x210/0x210
[ 31.686170] rtnetlink_rcv+0x1c/0x20
[ 31.689872] netlink_unicast+0x58b/0x740
[ 31.693914] ? netlink_attachskb+0x970/0x970
[ 31.698305] ? import_iovec+0x24b/0x420
[ 31.702264] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 31.707267] ? security_netlink_send+0x88/0xb0
[ 31.711837] netlink_sendmsg+0x9f0/0xfa0
[ 31.715885] ? netlink_unicast+0x740/0x740
[ 31.720103] ? security_socket_sendmsg+0x94/0xc0
[ 31.724848] ? netlink_unicast+0x740/0x740
[ 31.729065] sock_sendmsg+0xd5/0x120
[ 31.732759] ___sys_sendmsg+0x805/0x940
[ 31.736713] ? copy_msghdr_from_user+0x560/0x560
[ 31.741454] ? save_stack+0xa9/0xd0
[ 31.745060] ? save_stack+0x43/0xd0
[ 31.748663] ? __kasan_slab_free+0x11a/0x170
[ 31.753048] ? kasan_slab_free+0xe/0x10
[ 31.757029] ? do_sys_open+0x57f/0x770
[ 31.760905] ? SyS_open+0x2d/0x40
[ 31.764344] ? do_syscall_64+0x29e/0x9d0
[ 31.768384] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 31.773729] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 31.779256] ? __fget_light+0x2ef/0x430
[ 31.783213] ? fget_raw+0x20/0x20
[ 31.786658] ? kasan_check_write+0x14/0x20
[ 31.790878] ? do_raw_spin_lock+0xc1/0x200
[ 31.795098] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 31.800183] ? debug_check_no_obj_freed+0x2ff/0x584
[ 31.805179] ? kasan_check_read+0x11/0x20
[ 31.809309] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 31.814836] ? sockfd_lookup_light+0xc5/0x160
[ 31.819309] __sys_sendmsg+0x115/0x270
[ 31.823175] ? SyS_shutdown+0x30/0x30
[ 31.826954] ? kmem_cache_free+0x25c/0x2d0
[ 31.831166] ? putname+0xf7/0x130
[ 31.834598] ? do_sys_open+0x3b7/0x770
[ 31.838465] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 31.843286] SyS_sendmsg+0x29/0x30
[ 31.846806] ? __sys_sendmsg+0x270/0x270
[ 31.850846] do_syscall_64+0x29e/0x9d0
[ 31.854714] ? vmalloc_sync_all+0x30/0x30
[ 31.858848] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 31.863581] ? syscall_return_slowpath+0x5c0/0x5c0
[ 31.868498] ? syscall_return_slowpath+0x30f/0x5c0
[ 31.873414] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[ 31.878763] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 31.883586] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 31.888752] RIP: 0033:0x7ff5ac31d320
[ 31.892440] RSP: 002b:00007ffdb251cf58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 31.900125] RAX: ffffffffffffffda RBX: 00007ffdb2521050 RCX: 00007ff5ac31d320
[ 31.907371] RDX: 0000000000000000 RSI: 00007ffdb251cf90 RDI: 0000000000000003
[ 31.914625] RBP: 00007ffdb251cf90 R08: 0000000000000000 R09: 00007ff5ac5cc0b0
[ 31.921874] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005aceecea
[ 31.929125] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffdb2521830
[ 31.936890] Dumping ftrace buffer:
[ 31.940407] (ftrace buffer empty)
[ 31.944101] Kernel Offset: disabled
[ 31.947705] Rebooting in 86400 seconds..