INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts.
2018/04/09 01:45:54 parsed 1 programs
2018/04/09 01:45:54 executed programs: 0
syzkaller login: [ 52.190310] IPVS: ftp: loaded support on port[0] = 21
[ 52.191538] IPVS: ftp: loaded support on port[0] = 21
[ 52.213132] IPVS: ftp: loaded support on port[0] = 21
[ 52.219723] IPVS: ftp: loaded support on port[0] = 21
[ 52.225593] IPVS: ftp: loaded support on port[0] = 21
[ 52.227504] IPVS: ftp: loaded support on port[0] = 21
[ 52.238982] IPVS: ftp: loaded support on port[0] = 21
[ 52.247712] IPVS: ftp: loaded support on port[0] = 21
[ 52.782167] ==================================================================
[ 52.789688] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16d/0x180
[ 52.796944] Read of size 8 at addr ffff8801ac457180 by task ip/4692
[ 52.803321]
[ 52.804936] CPU: 1 PID: 4692 Comm: ip Not tainted 4.16.0+ #4
[ 52.810733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 52.821300] Call Trace:
[ 52.823868]
[ 52.826008] dump_stack+0x1b9/0x294
[ 52.829628] ? dump_stack_print_info.cold.2+0x52/0x52
[ 52.834803] ? printk+0x9e/0xba
[ 52.838059] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 52.842798] ? kasan_check_write+0x14/0x20
[ 52.847013] print_address_description+0x6c/0x20b
[ 52.852141] ? tick_sched_handle+0x16d/0x180
[ 52.856533] kasan_report.cold.7+0xac/0x2f5
[ 52.860840] __asan_report_load8_noabort+0x14/0x20
[ 52.865750] tick_sched_handle+0x16d/0x180
[ 52.869966] tick_sched_timer+0x42/0x130
[ 52.874099] __hrtimer_run_queues+0x3e3/0x10a0
[ 52.878664] ? tick_sched_do_timer+0x100/0x100
[ 52.883226] ? hrtimer_start_range_ns+0xd10/0xd10
[ 52.888054] ? pvclock_read_flags+0x160/0x160
[ 52.892533] ? __local_bh_enable+0xef/0x130
[ 52.896836] ? kvm_clock_read+0x25/0x30
[ 52.900791] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 52.905786] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 52.911139] ? do_timer+0x50/0x50
[ 52.914570] ? rcu_nmi_exit+0xd7/0x2b0
[ 52.918441] ? do_raw_spin_lock+0xc1/0x200
[ 52.922655] hrtimer_interrupt+0x286/0x650
[ 52.926876] smp_apic_timer_interrupt+0x15d/0x710
[ 52.931700] ? smp_call_function_single_interrupt+0x650/0x650
[ 52.937564] ? _raw_spin_lock+0x32/0x40
[ 52.941528] ? _raw_spin_unlock+0x22/0x30
[ 52.945660] ? handle_edge_irq+0x330/0x870
[ 52.949883] ? task_prio+0x50/0x50
[ 52.953408] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 52.958237] apic_timer_interrupt+0xf/0x20
[ 52.962444]
[ 52.964667] RIP: 0010:kasan_unpoison_shadow+0x14/0x50
[ 52.969830] RSP: 0018:ffff8801ac4571a0 EFLAGS: 00000a06 ORIG_RAX: ffffffffffffff13
[ 52.977523] RAX: 1ffff1003588ae39 RBX: 00000000ad18c200 RCX: ffffffff85c14f14
[ 52.984774] RDX: 0000000000000000 RSI: 0000000000000148 RDI: 1ffff1003588ae10
[ 52.992025] RBP: ffff8801ac4571a8 R08: ffff8801d7010540 R09: ffffed003588adf4
[ 52.999287] R10: ffffed003588adf4 R11: 0000000000000003 R12: ffff8801ac4575d0
[ 53.006538] R13: 0000000000000000 R14: ffffffff89577960 R15: 0000000000000000
[ 53.013803] ? rtnl_newlink+0x1064/0x1a40
[ 53.017937] __asan_allocas_unpoison+0x16/0x20
[ 53.022502] rtnl_newlink+0x1094/0x1a40
[ 53.026462] ? rtnl_link_unregister+0x370/0x370
[ 53.031107] ? kasan_check_read+0x11/0x20
[ 53.035230] ? rcu_is_watching+0x85/0x140
[ 53.039354] ? __lock_acquire+0x7f5/0x5130
[ 53.043566] ? graph_lock+0x170/0x170
[ 53.047361] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 53.052875] ? rtnl_get_link+0x164/0x350
[ 53.056920] ? rtnl_dump_all+0x5e0/0x5e0
[ 53.060963] ? rcu_is_watching+0x85/0x140
[ 53.065096] ? __netlink_ns_capable+0x100/0x130
[ 53.069742] ? rtnl_link_unregister+0x370/0x370
[ 53.074406] rtnetlink_rcv_msg+0x466/0xc10
[ 53.078629] ? rtnetlink_put_metrics+0x690/0x690
[ 53.083367] netlink_rcv_skb+0x172/0x440
[ 53.087406] ? rtnetlink_put_metrics+0x690/0x690
[ 53.092144] ? netlink_ack+0xbc0/0xbc0
[ 53.096006] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 53.101177] ? netlink_skb_destructor+0x210/0x210
[ 53.106002] rtnetlink_rcv+0x1c/0x20
[ 53.109695] netlink_unicast+0x58b/0x740
[ 53.113748] ? netlink_attachskb+0x970/0x970
[ 53.118134] ? import_iovec+0x24b/0x420
[ 53.122087] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 53.127080] ? security_netlink_send+0x8f/0xc0
[ 53.131643] netlink_sendmsg+0x9d8/0xf80
[ 53.135684] ? netlink_unicast+0x740/0x740
[ 53.139897] ? security_socket_sendmsg+0x9b/0xd0
[ 53.144632] ? netlink_unicast+0x740/0x740
[ 53.148847] sock_sendmsg+0xd5/0x120
[ 53.152545] ___sys_sendmsg+0x805/0x940
[ 53.156512] ? copy_msghdr_from_user+0x560/0x560
[ 53.161247] ? save_stack+0xa9/0xd0
[ 53.164859] ? save_stack+0x43/0xd0
[ 53.168471] ? __kasan_slab_free+0x11a/0x170
[ 53.172855] ? kasan_slab_free+0xe/0x10
[ 53.176808] ? do_sys_open+0x57f/0x770
[ 53.180675] ? SyS_open+0x2d/0x40
[ 53.184497] ? do_syscall_64+0x29e/0x9d0
[ 53.188538] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 53.193883] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 53.199399] ? __fget_light+0x2ef/0x430
[ 53.203363] ? fget_raw+0x20/0x20
[ 53.206807] ? kasan_check_write+0x14/0x20
[ 53.211023] ? do_raw_spin_lock+0xc1/0x200
[ 53.215236] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 53.220320] ? debug_check_no_obj_freed+0x2ff/0x584
[ 53.225317] ? kasan_check_read+0x11/0x20
[ 53.229451] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 53.234981] ? sockfd_lookup_light+0xc5/0x160
[ 53.239465] __sys_sendmsg+0x115/0x270
[ 53.243334] ? SyS_shutdown+0x30/0x30
[ 53.247124] ? kmem_cache_free+0x25c/0x2d0
[ 53.251339] ? putname+0xf7/0x130
[ 53.254770] ? do_sys_open+0x3b7/0x770
[ 53.259429] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 53.264252] SyS_sendmsg+0x29/0x30
[ 53.267769] ? __sys_sendmsg+0x270/0x270
[ 53.271805] do_syscall_64+0x29e/0x9d0
[ 53.275673] ? vmalloc_sync_all+0x30/0x30
[ 53.279801] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 53.284535] ? syscall_return_slowpath+0x5c0/0x5c0
[ 53.289445] ? syscall_return_slowpath+0x30f/0x5c0
[ 53.294356] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[ 53.299699] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 53.304519] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 53.309685] RIP: 0033:0x7f1c67472320
[ 53.313374] RSP: 002b:00007ffc3336d728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 53.321061] RAX: ffffffffffffffda RBX: 00007ffc33371820 RCX: 00007f1c67472320
[ 53.328308] RDX: 0000000000000000 RSI: 00007ffc3336d760 RDI: 0000000000000003
[ 53.335558] RBP: 00007ffc3336d760 R08: 0000000000000000 R09: 00007f1c677210b0
[ 53.342805] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005acac5d5
[ 53.350059] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffc33372000
[ 53.357338]
[ 53.358948] The buggy address belongs to the page:
[ 53.363858] page:ffffea0006b115c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 53.371978] flags: 0x2fffc0000000000()
[ 53.375845] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 53.383702] raw: 0000000000000000 ffffea0006b10101 0000000000000000 0000000000000000
[ 53.391554] page dumped because: kasan: bad access detected
[ 53.397236]
[ 53.398839] Memory state around the buggy address:
[ 53.403747] ffff8801ac457080: ca ca ca ca 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.411083] ffff8801ac457100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.418422] >ffff8801ac457180: cb cb cb cb 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.425754] ^
[ 53.429097] ffff8801ac457200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 53.436433] ffff8801ac457280: f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2
[ 53.443767] ==================================================================
[ 53.451103] Disabling lock debugging due to kernel taint
[ 53.456533] Kernel panic - not syncing: panic_on_warn set ...
[ 53.456533]
[ 53.463877] CPU: 1 PID: 4692 Comm: ip Tainted: G B 4.16.0+ #4
[ 53.470948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 53.480276] Call Trace:
[ 53.482831]
[ 53.484970] dump_stack+0x1b9/0x294
[ 53.488573] ? dump_stack_print_info.cold.2+0x52/0x52
[ 53.493739] ? lock_downgrade+0x8e0/0x8e0
[ 53.497864] ? vprintk_default+0x28/0x30
[ 53.501906] ? tick_sched_handle+0x100/0x180
[ 53.506291] panic+0x22f/0x4de
[ 53.509471] ? add_taint.cold.5+0x16/0x16
[ 53.513597] ? add_taint.cold.5+0x5/0x16
[ 53.517639] ? do_raw_spin_unlock+0x9e/0x2e0
[ 53.522029] ? tick_sched_handle+0x16d/0x180
[ 53.526423] kasan_end_report+0x47/0x4f
[ 53.530375] kasan_report.cold.7+0xc9/0x2f5
[ 53.534681] __asan_report_load8_noabort+0x14/0x20
[ 53.539676] tick_sched_handle+0x16d/0x180
[ 53.543889] tick_sched_timer+0x42/0x130
[ 53.547930] __hrtimer_run_queues+0x3e3/0x10a0
[ 53.552489] ? tick_sched_do_timer+0x100/0x100
[ 53.557047] ? hrtimer_start_range_ns+0xd10/0xd10
[ 53.561869] ? pvclock_read_flags+0x160/0x160
[ 53.566341] ? __local_bh_enable+0xef/0x130
[ 53.570641] ? kvm_clock_read+0x25/0x30
[ 53.574604] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 53.579598] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 53.584939] ? do_timer+0x50/0x50
[ 53.588368] ? rcu_nmi_exit+0xd7/0x2b0
[ 53.592232] ? do_raw_spin_lock+0xc1/0x200
[ 53.596445] hrtimer_interrupt+0x286/0x650
[ 53.600663] smp_apic_timer_interrupt+0x15d/0x710
[ 53.605484] ? smp_call_function_single_interrupt+0x650/0x650
[ 53.611345] ? _raw_spin_lock+0x32/0x40
[ 53.615298] ? _raw_spin_unlock+0x22/0x30
[ 53.619422] ? handle_edge_irq+0x330/0x870
[ 53.623635] ? task_prio+0x50/0x50
[ 53.627158] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 53.631977] apic_timer_interrupt+0xf/0x20
[ 53.636180]
[ 53.638399] RIP: 0010:kasan_unpoison_shadow+0x14/0x50
[ 53.643569] RSP: 0018:ffff8801ac4571a0 EFLAGS: 00000a06 ORIG_RAX: ffffffffffffff13
[ 53.651255] RAX: 1ffff1003588ae39 RBX: 00000000ad18c200 RCX: ffffffff85c14f14
[ 53.658503] RDX: 0000000000000000 RSI: 0000000000000148 RDI: 1ffff1003588ae10
[ 53.665755] RBP: ffff8801ac4571a8 R08: ffff8801d7010540 R09: ffffed003588adf4
[ 53.673010] R10: ffffed003588adf4 R11: 0000000000000003 R12: ffff8801ac4575d0
[ 53.680258] R13: 0000000000000000 R14: ffffffff89577960 R15: 0000000000000000
[ 53.687524] ? rtnl_newlink+0x1064/0x1a40
[ 53.691655] __asan_allocas_unpoison+0x16/0x20
[ 53.696224] rtnl_newlink+0x1094/0x1a40
[ 53.700180] ? rtnl_link_unregister+0x370/0x370
[ 53.704910] ? kasan_check_read+0x11/0x20
[ 53.709033] ? rcu_is_watching+0x85/0x140
[ 53.713159] ? __lock_acquire+0x7f5/0x5130
[ 53.717371] ? graph_lock+0x170/0x170
[ 53.721166] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 53.726678] ? rtnl_get_link+0x164/0x350
[ 53.730719] ? rtnl_dump_all+0x5e0/0x5e0
[ 53.734761] ? rcu_is_watching+0x85/0x140
[ 53.738894] ? __netlink_ns_capable+0x100/0x130
[ 53.743541] ? rtnl_link_unregister+0x370/0x370
[ 53.748186] rtnetlink_rcv_msg+0x466/0xc10
[ 53.752415] ? rtnetlink_put_metrics+0x690/0x690
[ 53.757158] netlink_rcv_skb+0x172/0x440
[ 53.761207] ? rtnetlink_put_metrics+0x690/0x690
[ 53.765939] ? netlink_ack+0xbc0/0xbc0
[ 53.769804] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 53.774982] ? netlink_skb_destructor+0x210/0x210
[ 53.779808] rtnetlink_rcv+0x1c/0x20
[ 53.783500] netlink_unicast+0x58b/0x740
[ 53.787541] ? netlink_attachskb+0x970/0x970
[ 53.791933] ? import_iovec+0x24b/0x420
[ 53.795887] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 53.800881] ? security_netlink_send+0x8f/0xc0
[ 53.805528] netlink_sendmsg+0x9d8/0xf80
[ 53.809566] ? netlink_unicast+0x740/0x740
[ 53.813778] ? security_socket_sendmsg+0x9b/0xd0
[ 53.818508] ? netlink_unicast+0x740/0x740
[ 53.822721] sock_sendmsg+0xd5/0x120
[ 53.826408] ___sys_sendmsg+0x805/0x940
[ 53.830359] ? copy_msghdr_from_user+0x560/0x560
[ 53.835092] ? save_stack+0xa9/0xd0
[ 53.838702] ? save_stack+0x43/0xd0
[ 53.842315] ? __kasan_slab_free+0x11a/0x170
[ 53.846699] ? kasan_slab_free+0xe/0x10
[ 53.850654] ? do_sys_open+0x57f/0x770
[ 53.854518] ? SyS_open+0x2d/0x40
[ 53.857959] ? do_syscall_64+0x29e/0x9d0
[ 53.862005] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 53.867351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 53.872866] ? __fget_light+0x2ef/0x430
[ 53.876815] ? fget_raw+0x20/0x20
[ 53.880244] ? kasan_check_write+0x14/0x20
[ 53.884454] ? do_raw_spin_lock+0xc1/0x200
[ 53.888674] ? _raw_spin_unlock_irqrestore+0x63/0xc0
[ 53.893782] ? debug_check_no_obj_freed+0x2ff/0x584
[ 53.898783] ? kasan_check_read+0x11/0x20
[ 53.902913] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 53.908437] ? sockfd_lookup_light+0xc5/0x160
[ 53.912911] __sys_sendmsg+0x115/0x270
[ 53.916776] ? SyS_shutdown+0x30/0x30
[ 53.920556] ? kmem_cache_free+0x25c/0x2d0
[ 53.924774] ? putname+0xf7/0x130
[ 53.928205] ? do_sys_open+0x3b7/0x770
[ 53.932081] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 53.936902] SyS_sendmsg+0x29/0x30
[ 53.940418] ? __sys_sendmsg+0x270/0x270
[ 53.944465] do_syscall_64+0x29e/0x9d0
[ 53.948339] ? vmalloc_sync_all+0x30/0x30
[ 53.952473] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 53.957213] ? syscall_return_slowpath+0x5c0/0x5c0
[ 53.962125] ? syscall_return_slowpath+0x30f/0x5c0
[ 53.967041] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[ 53.972386] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 53.977211] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 53.982377] RIP: 0033:0x7f1c67472320
[ 53.986063] RSP: 002b:00007ffc3336d728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 53.993750] RAX: ffffffffffffffda RBX: 00007ffc33371820 RCX: 00007f1c67472320
[ 54.001000] RDX: 0000000000000000 RSI: 00007ffc3336d760 RDI: 0000000000000003
[ 54.008347] RBP: 00007ffc3336d760 R08: 0000000000000000 R09: 00007f1c677210b0
[ 54.015599] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005acac5d5
[ 54.022856] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffc33372000
[ 54.030533] Dumping ftrace buffer:
[ 54.034054] (ftrace buffer empty)
[ 54.037740] Kernel Offset: disabled
[ 54.041345] Rebooting in 86400 seconds..