INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts.
2018/04/12 02:05:35 parsed 1 programs
2018/04/12 02:05:35 executed programs: 0
syzkaller login: [ 26.678833] IPVS: ftp: loaded support on port[0] = 21
[ 26.687483] IPVS: ftp: loaded support on port[0] = 21
[ 26.696591] IPVS: ftp: loaded support on port[0] = 21
[ 26.710138] IPVS: ftp: loaded support on port[0] = 21
[ 26.710146] IPVS: ftp: loaded support on port[0] = 21
[ 26.724496] IPVS: ftp: loaded support on port[0] = 21
[ 26.741761] IPVS: ftp: loaded support on port[0] = 21
[ 26.757441] IPVS: ftp: loaded support on port[0] = 21
[ 28.447673] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 28.538145] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 28.570982] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 28.579747] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 28.597676] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 28.620657] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 28.642153] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 28.668644] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 29.061231] ==================================================================
[ 29.068826] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16d/0x180
[ 29.076146] Read of size 8 at addr ffff8801adc3f1a0 by task ip/5048
[ 29.082549]
[ 29.084179] CPU: 0 PID: 5048 Comm: ip Not tainted 4.16.0+ #17
[ 29.090069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.099430] Call Trace:
[ 29.102005]
[ 29.104159] dump_stack+0x1b9/0x294
[ 29.107785] ? dump_stack_print_info.cold.2+0x52/0x52
[ 29.112995] ? printk+0x9e/0xba
[ 29.116821] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 29.121602] ? kasan_check_write+0x14/0x20
[ 29.125845] print_address_description+0x6c/0x20b
[ 29.130780] ? tick_sched_handle+0x16d/0x180
[ 29.135190] kasan_report.cold.7+0xac/0x2f5
[ 29.139516] __asan_report_load8_noabort+0x14/0x20
[ 29.144438] tick_sched_handle+0x16d/0x180
[ 29.148662] tick_sched_timer+0x42/0x130
[ 29.152717] __hrtimer_run_queues+0x3e3/0x10a0
[ 29.157294] ? tick_sched_do_timer+0x100/0x100
[ 29.161911] ? hrtimer_start_range_ns+0xd10/0xd10
[ 29.166757] ? pvclock_read_flags+0x160/0x160
[ 29.171255] ? __local_bh_enable+0xef/0x130
[ 29.175754] ? kvm_clock_read+0x25/0x30
[ 29.179732] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 29.184754] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 29.190121] ? do_timer+0x50/0x50
[ 29.193603] ? rcu_nmi_exit+0xd7/0x2b0
[ 29.197517] ? do_raw_spin_lock+0xc1/0x200
[ 29.201759] hrtimer_interrupt+0x286/0x650
[ 29.206039] smp_apic_timer_interrupt+0x15d/0x710
[ 29.210900] ? smp_call_function_single_interrupt+0x650/0x650
[ 29.216808] ? _raw_spin_lock+0x32/0x40
[ 29.220785] ? _raw_spin_unlock+0x22/0x30
[ 29.224935] ? handle_edge_irq+0x330/0x870
[ 29.229190] ? task_prio+0x50/0x50
[ 29.232731] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 29.237582] apic_timer_interrupt+0xf/0x20
[ 29.241813]
[ 29.244064] RIP: 0010:rtnl_newlink+0x1085/0x1a40
[ 29.248815] RSP: 0018:ffff8801adc3f1c8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 29.256523] RAX: ffff8801cea94700 RBX: 0000000000000000 RCX: 0000000000000000
[ 29.263789] RDX: 0000000000000000 RSI: ffffffff85c67fbe RDI: ffffed0035b87e18
[ 29.271054] RBP: ffff8801adc3f5f8 R08: ffff8801cea94700 R09: 0000000000000000
[ 29.278341] R10: ffffed0035b87d20 R11: 0000000000000003 R12: ffff8801adc3f5d0
[ 29.285607] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[ 29.293001] ? rtnl_newlink+0x107e/0x1a40
[ 29.297163] ? rtnl_newlink+0x4e7/0x1a40
[ 29.301229] ? rtnl_link_unregister+0x370/0x370
[ 29.305904] ? kasan_check_read+0x11/0x20
[ 29.310059] ? rcu_is_watching+0x85/0x140
[ 29.314208] ? __lock_acquire+0x7f5/0x5130
[ 29.318440] ? graph_lock+0x170/0x170
[ 29.322253] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 29.327785] ? rtnl_get_link+0x164/0x350
[ 29.331845] ? rtnl_dump_all+0x5e0/0x5e0
[ 29.335947] ? rcu_is_watching+0x85/0x140
[ 29.340114] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 29.345335] ? __netlink_ns_capable+0x100/0x130
[ 29.350104] ? rtnl_link_unregister+0x370/0x370
[ 29.354783] rtnetlink_rcv_msg+0x466/0xc10
[ 29.359053] ? rtnetlink_put_metrics+0x690/0x690
[ 29.363846] netlink_rcv_skb+0x172/0x440
[ 29.367907] ? rtnetlink_put_metrics+0x690/0x690
[ 29.372680] ? netlink_ack+0xbc0/0xbc0
[ 29.376677] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 29.381886] ? netlink_skb_destructor+0x210/0x210
[ 29.386742] rtnetlink_rcv+0x1c/0x20
[ 29.390468] netlink_unicast+0x58b/0x740
[ 29.394537] ? netlink_attachskb+0x970/0x970
[ 29.398951] ? import_iovec+0x24b/0x420
[ 29.402953] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 29.408084] ? security_netlink_send+0x88/0xb0
[ 29.412702] netlink_sendmsg+0x9f0/0xfa0
[ 29.416771] ? netlink_unicast+0x740/0x740
[ 29.421002] ? security_socket_sendmsg+0x94/0xc0
[ 29.425777] ? netlink_unicast+0x740/0x740
[ 29.430023] sock_sendmsg+0xd5/0x120
[ 29.433746] ___sys_sendmsg+0x805/0x940
[ 29.437718] ? copy_msghdr_from_user+0x560/0x560
[ 29.442469] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 29.447220] ? graph_lock+0x170/0x170
[ 29.451020] ? graph_lock+0x170/0x170
[ 29.454836] ? find_held_lock+0x36/0x1c0
[ 29.458894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 29.464427] ? __fget_light+0x2ef/0x430
[ 29.468408] ? fget_raw+0x20/0x20
[ 29.471863] ? find_held_lock+0x36/0x1c0
[ 29.475924] ? lock_downgrade+0x8e0/0x8e0
[ 29.480075] ? handle_mm_fault+0x8c0/0xc70
[ 29.484332] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 29.490238] ? sockfd_lookup_light+0xc5/0x160
[ 29.494857] __sys_sendmsg+0x115/0x270
[ 29.498759] ? SyS_shutdown+0x30/0x30
[ 29.502572] ? __do_page_fault+0x441/0xe40
[ 29.506826] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 29.511675] SyS_sendmsg+0x29/0x30
[ 29.515216] ? __sys_sendmsg+0x270/0x270
[ 29.519309] do_syscall_64+0x29e/0x9d0
[ 29.523200] ? vmalloc_sync_all+0x30/0x30
[ 29.527342] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 29.532188] ? syscall_return_slowpath+0x5c0/0x5c0
[ 29.537112] ? syscall_return_slowpath+0x30f/0x5c0
[ 29.542049] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 29.547580] ? retint_user+0x18/0x18
[ 29.551290] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 29.556124] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 29.561301] RIP: 0033:0x7feb7b5a0320
[ 29.564999] RSP: 002b:00007ffd4fc93c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 29.572706] RAX: ffffffffffffffda RBX: 00007ffd4fc97d70 RCX: 00007feb7b5a0320
[ 29.579966] RDX: 0000000000000000 RSI: 00007ffd4fc93cb0 RDI: 0000000000000003
[ 29.587224] RBP: 00007ffd4fc93cb0 R08: 0000000000000000 R09: 0000000000000000
[ 29.594505] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005acebef4
[ 29.601773] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffd4fc98548
[ 29.609050]
[ 29.610666] The buggy address belongs to the page:
[ 29.615582] page:ffffea0006b70fc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 29.623719] flags: 0x2fffc0000000000()
[ 29.627598] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 29.635473] raw: 0000000000000000 ffffea0006b70101 0000000000000000 0000000000000000
[ 29.643344] page dumped because: kasan: bad access detected
[ 29.649044]
[ 29.650658] Memory state around the buggy address:
[ 29.655576] ffff8801adc3f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 29.662935] ffff8801adc3f100: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
[ 29.670284] >ffff8801adc3f180: 00 cb cb cb cb cb cb cb 00 00 00 00 00 00 00 00
[ 29.677640] ^
[ 29.682042] ffff8801adc3f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 29.689405] ffff8801adc3f280: f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2
[ 29.696844] ==================================================================
[ 29.704189] Disabling lock debugging due to kernel taint
[ 29.709623] Kernel panic - not syncing: panic_on_warn set ...
[ 29.709623]
[ 29.716979] CPU: 0 PID: 5048 Comm: ip Tainted: G B 4.16.0+ #17
[ 29.724150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.733503] Call Trace:
[ 29.736076]
[ 29.738231] dump_stack+0x1b9/0x294
[ 29.741849] ? dump_stack_print_info.cold.2+0x52/0x52
[ 29.747037] ? lock_downgrade+0x8e0/0x8e0
[ 29.751179] ? vprintk_default+0x28/0x30
[ 29.755235] ? tick_sched_handle+0xb0/0x180
[ 29.759544] panic+0x22f/0x4de
[ 29.762722] ? add_taint.cold.5+0x16/0x16
[ 29.766869] ? add_taint.cold.5+0x5/0x16
[ 29.770918] ? do_raw_spin_unlock+0x9e/0x2e0
[ 29.775311] ? tick_sched_handle+0x16d/0x180
[ 29.779716] kasan_end_report+0x47/0x4f
[ 29.783685] kasan_report.cold.7+0xc9/0x2f5
[ 29.787996] __asan_report_load8_noabort+0x14/0x20
[ 29.792917] tick_sched_handle+0x16d/0x180
[ 29.797144] tick_sched_timer+0x42/0x130
[ 29.801194] __hrtimer_run_queues+0x3e3/0x10a0
[ 29.805764] ? tick_sched_do_timer+0x100/0x100
[ 29.810336] ? hrtimer_start_range_ns+0xd10/0xd10
[ 29.815169] ? pvclock_read_flags+0x160/0x160
[ 29.819653] ? __local_bh_enable+0xef/0x130
[ 29.823962] ? kvm_clock_read+0x25/0x30
[ 29.827921] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 29.832934] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 29.838288] ? do_timer+0x50/0x50
[ 29.841727] ? rcu_nmi_exit+0xd7/0x2b0
[ 29.845605] ? do_raw_spin_lock+0xc1/0x200
[ 29.849834] hrtimer_interrupt+0x286/0x650
[ 29.854065] smp_apic_timer_interrupt+0x15d/0x710
[ 29.858904] ? smp_call_function_single_interrupt+0x650/0x650
[ 29.864779] ? _raw_spin_lock+0x32/0x40
[ 29.868740] ? _raw_spin_unlock+0x22/0x30
[ 29.872875] ? handle_edge_irq+0x330/0x870
[ 29.877098] ? task_prio+0x50/0x50
[ 29.880634] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 29.885462] apic_timer_interrupt+0xf/0x20
[ 29.889700]
[ 29.891928] RIP: 0010:rtnl_newlink+0x1085/0x1a40
[ 29.896662] RSP: 0018:ffff8801adc3f1c8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 29.904358] RAX: ffff8801cea94700 RBX: 0000000000000000 RCX: 0000000000000000
[ 29.911613] RDX: 0000000000000000 RSI: ffffffff85c67fbe RDI: ffffed0035b87e18
[ 29.918875] RBP: ffff8801adc3f5f8 R08: ffff8801cea94700 R09: 0000000000000000
[ 29.926149] R10: ffffed0035b87d20 R11: 0000000000000003 R12: ffff8801adc3f5d0
[ 29.933426] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[ 29.940707] ? rtnl_newlink+0x107e/0x1a40
[ 29.944863] ? rtnl_newlink+0x4e7/0x1a40
[ 29.948913] ? rtnl_link_unregister+0x370/0x370
[ 29.953576] ? kasan_check_read+0x11/0x20
[ 29.957728] ? rcu_is_watching+0x85/0x140
[ 29.961863] ? __lock_acquire+0x7f5/0x5130
[ 29.966085] ? graph_lock+0x170/0x170
[ 29.969886] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 29.975412] ? rtnl_get_link+0x164/0x350
[ 29.979458] ? rtnl_dump_all+0x5e0/0x5e0
[ 29.983509] ? rcu_is_watching+0x85/0x140
[ 29.987664] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 29.992854] ? __netlink_ns_capable+0x100/0x130
[ 29.997512] ? rtnl_link_unregister+0x370/0x370
[ 30.002180] rtnetlink_rcv_msg+0x466/0xc10
[ 30.006403] ? rtnetlink_put_metrics+0x690/0x690
[ 30.011146] netlink_rcv_skb+0x172/0x440
[ 30.015200] ? rtnetlink_put_metrics+0x690/0x690
[ 30.019953] ? netlink_ack+0xbc0/0xbc0
[ 30.023824] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 30.029002] ? netlink_skb_destructor+0x210/0x210
[ 30.033843] rtnetlink_rcv+0x1c/0x20
[ 30.037541] netlink_unicast+0x58b/0x740
[ 30.041601] ? netlink_attachskb+0x970/0x970
[ 30.046005] ? import_iovec+0x24b/0x420
[ 30.049976] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 30.054994] ? security_netlink_send+0x88/0xb0
[ 30.059571] netlink_sendmsg+0x9f0/0xfa0
[ 30.063629] ? netlink_unicast+0x740/0x740
[ 30.067853] ? security_socket_sendmsg+0x94/0xc0
[ 30.072608] ? netlink_unicast+0x740/0x740
[ 30.076832] sock_sendmsg+0xd5/0x120
[ 30.080536] ___sys_sendmsg+0x805/0x940
[ 30.084500] ? copy_msghdr_from_user+0x560/0x560
[ 30.089253] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 30.093994] ? graph_lock+0x170/0x170
[ 30.097787] ? graph_lock+0x170/0x170
[ 30.101584] ? find_held_lock+0x36/0x1c0
[ 30.105647] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 30.111174] ? __fget_light+0x2ef/0x430
[ 30.115134] ? fget_raw+0x20/0x20
[ 30.118576] ? find_held_lock+0x36/0x1c0
[ 30.122624] ? lock_downgrade+0x8e0/0x8e0
[ 30.126841] ? handle_mm_fault+0x8c0/0xc70
[ 30.131068] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 30.136591] ? sockfd_lookup_light+0xc5/0x160
[ 30.141070] __sys_sendmsg+0x115/0x270
[ 30.144953] ? SyS_shutdown+0x30/0x30
[ 30.148742] ? __do_page_fault+0x441/0xe40
[ 30.152967] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 30.157810] SyS_sendmsg+0x29/0x30
[ 30.161335] ? __sys_sendmsg+0x270/0x270
[ 30.165385] do_syscall_64+0x29e/0x9d0
[ 30.169259] ? vmalloc_sync_all+0x30/0x30
[ 30.173390] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 30.178226] ? syscall_return_slowpath+0x5c0/0x5c0
[ 30.183143] ? syscall_return_slowpath+0x30f/0x5c0
[ 30.188074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 30.193599] ? retint_user+0x18/0x18
[ 30.197301] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 30.202130] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 30.207303] RIP: 0033:0x7feb7b5a0320
[ 30.210996] RSP: 002b:00007ffd4fc93c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 30.218694] RAX: ffffffffffffffda RBX: 00007ffd4fc97d70 RCX: 00007feb7b5a0320
[ 30.225952] RDX: 0000000000000000 RSI: 00007ffd4fc93cb0 RDI: 0000000000000003
[ 30.233213] RBP: 00007ffd4fc93cb0 R08: 0000000000000000 R09: 0000000000000000
[ 30.240478] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005acebef4
[ 30.247730] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffd4fc98548
[ 30.255589] Dumping ftrace buffer:
[ 30.259113] (ftrace buffer empty)
[ 30.262806] Kernel Offset: disabled
[ 30.266441] Rebooting in 86400 seconds..