INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts.
2018/04/06 11:48:28 parsed 1 programs
2018/04/06 11:48:28 executed programs: 0
syzkaller login: [ 330.852906] IPVS: ftp: loaded support on port[0] = 21
[ 330.852912] IPVS: ftp: loaded support on port[0] = 21
[ 330.876338] IPVS: ftp: loaded support on port[0] = 21
[ 330.878189] IPVS: ftp: loaded support on port[0] = 21
[ 330.910579] IPVS: ftp: loaded support on port[0] = 21
[ 330.937348] IPVS: ftp: loaded support on port[0] = 21
[ 330.943007] IPVS: ftp: loaded support on port[0] = 21
[ 330.953126] IPVS: ftp: loaded support on port[0] = 21
[ 331.891430] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 331.899482] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 331.916268] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 331.954819] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 331.978396] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 332.008646] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 332.023687] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 332.062369] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 332.156140] ==================================================================
[ 332.163904] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16d/0x180
[ 332.171162] Read of size 8 at addr ffff8801d32c72f0 by task ip/4962
[ 332.177547]
[ 332.179168] CPU: 0 PID: 4962 Comm: ip Not tainted 4.16.0+ #3
[ 332.184949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 332.194302] Call Trace:
[ 332.196865]
[ 332.199055] dump_stack+0x1b9/0x294
[ 332.202665] ? dump_stack_print_info.cold.2+0x52/0x52
[ 332.207874] ? printk+0x9e/0xba
[ 332.211133] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 332.215920] ? kasan_check_write+0x14/0x20
[ 332.220163] print_address_description+0x6c/0x20b
[ 332.225081] ? tick_sched_handle+0x16d/0x180
[ 332.229560] kasan_report.cold.7+0xac/0x2f5
[ 332.233873] __asan_report_load8_noabort+0x14/0x20
[ 332.238782] tick_sched_handle+0x16d/0x180
[ 332.242999] tick_sched_timer+0x42/0x130
[ 332.247088] __hrtimer_run_queues+0x3e3/0x10a0
[ 332.251673] ? tick_sched_do_timer+0x100/0x100
[ 332.256239] ? hrtimer_start_range_ns+0xd10/0xd10
[ 332.261146] ? pvclock_read_flags+0x160/0x160
[ 332.265634] ? __local_bh_enable+0xef/0x130
[ 332.269940] ? kvm_clock_read+0x25/0x30
[ 332.273935] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 332.278938] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 332.284604] ? do_timer+0x50/0x50
[ 332.288102] ? rcu_nmi_exit+0xd7/0x2b0
[ 332.292011] ? do_raw_spin_lock+0xc1/0x200
[ 332.296253] hrtimer_interrupt+0x286/0x650
[ 332.300541] smp_apic_timer_interrupt+0x15d/0x710
[ 332.305372] ? smp_call_function_single_interrupt+0x650/0x650
[ 332.311277] ? _raw_spin_lock+0x32/0x40
[ 332.315257] ? _raw_spin_unlock+0x22/0x30
[ 332.319396] ? handle_edge_irq+0x330/0x870
[ 332.323686] ? task_prio+0x50/0x50
[ 332.327274] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 332.332123] apic_timer_interrupt+0xf/0x20
[ 332.336344]
[ 332.338637] RIP: 0010:kasan_unpoison_shadow+0x14/0x50
[ 332.343814] RSP: 0018:ffff8801d32c7310 EFLAGS: 00000a02 ORIG_RAX: ffffffffffffff13
[ 332.351508] RAX: 1ffff1003a658e67 RBX: 0000000000000000 RCX: ffffffff85c13fdf
[ 332.358764] RDX: 0000000000000000 RSI: 0000000000000078 RDI: 1ffff1003a658e58
[ 332.366026] RBP: ffff8801d32c7318 R08: ffff8801aec30400 R09: ffffed003a658e5d
[ 332.373291] R10: ffffed003a658e95 R11: ffff8801d32c74af R12: ffff8801d32c7740
[ 332.380550] R13: ffff8801cf2ddac0 R14: 0000000000000000 R15: 00000000ffffffed
[ 332.387895] ? rtnl_newlink+0x112f/0x1a40
[ 332.392054] __asan_allocas_unpoison+0x16/0x20
[ 332.396659] rtnl_newlink+0x1094/0x1a40
[ 332.400632] ? _raw_spin_unlock+0x22/0x30
[ 332.404776] ? rtnl_link_unregister+0x370/0x370
[ 332.409435] ? kasan_check_read+0x11/0x20
[ 332.413571] ? rcu_is_watching+0x85/0x140
[ 332.417720] ? __lock_acquire+0x7f5/0x5130
[ 332.421959] ? graph_lock+0x170/0x170
[ 332.425773] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 332.431397] ? rtnl_get_link+0x164/0x350
[ 332.435450] ? rtnl_dump_all+0x5e0/0x5e0
[ 332.439501] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 332.444744] ? __netlink_ns_capable+0x100/0x130
[ 332.449676] ? rtnl_link_unregister+0x370/0x370
[ 332.454344] rtnetlink_rcv_msg+0x466/0xc10
[ 332.458575] ? rtnetlink_put_metrics+0x690/0x690
[ 332.463366] netlink_rcv_skb+0x172/0x440
[ 332.467425] ? rtnetlink_put_metrics+0x690/0x690
[ 332.472175] ? netlink_ack+0xbc0/0xbc0
[ 332.476064] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 332.481258] ? netlink_skb_destructor+0x210/0x210
[ 332.486128] rtnetlink_rcv+0x1c/0x20
[ 332.489840] netlink_unicast+0x58b/0x740
[ 332.493991] ? netlink_attachskb+0x970/0x970
[ 332.498416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 332.504084] ? __fget_light+0x2ef/0x430
[ 332.508068] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 332.513159] ? security_netlink_send+0x8f/0xc0
[ 332.517744] netlink_sendmsg+0x9d8/0xf80
[ 332.521800] ? netlink_unicast+0x740/0x740
[ 332.526048] ? graph_lock+0x170/0x170
[ 332.529849] ? security_socket_sendmsg+0x9b/0xd0
[ 332.534602] ? netlink_unicast+0x740/0x740
[ 332.538899] sock_sendmsg+0xd5/0x120
[ 332.542605] __sys_sendto+0x3d7/0x670
[ 332.546422] ? SyS_getpeername+0x30/0x30
[ 332.550475] ? lock_downgrade+0x8e0/0x8e0
[ 332.554655] ? handle_mm_fault+0x8c0/0xc70
[ 332.558882] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 332.564414] ? handle_mm_fault+0x55a/0xc70
[ 332.568644] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 332.574173] ? __do_page_fault+0x441/0xe40
[ 332.578410] ? mm_fault_error+0x380/0x380
[ 332.582547] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 332.587378] SyS_sendto+0x40/0x60
[ 332.590819] ? __sys_sendto+0x670/0x670
[ 332.594786] do_syscall_64+0x29e/0x9d0
[ 332.598658] ? vmalloc_sync_all+0x30/0x30
[ 332.602795] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 332.607541] ? syscall_return_slowpath+0x5c0/0x5c0
[ 332.612464] ? syscall_return_slowpath+0x30f/0x5c0
[ 332.617386] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 332.622928] ? retint_user+0x18/0x18
[ 332.626652] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 332.631482] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 332.636658] RIP: 0033:0x7f63884b4282
[ 332.640348] RSP: 002b:00007ffeef9434a0 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 332.648040] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f63884b4282
[ 332.655288] RDX: 0000000000000020 RSI: 00007ffeef9434e0 RDI: 0000000000000003
[ 332.662540] RBP: 00007ffeef943f4a R08: 0000000000000000 R09: 0000000000000000
[ 332.669788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 332.677038] R13: 00007ffeef943c60 R14: 00007ffeef943c68 R15: 0000000000000000
[ 332.684292]
[ 332.685894] The buggy address belongs to the page:
[ 332.690802] page:ffffea00074cb1c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 332.698921] flags: 0x2fffc0000000000()
[ 332.702788] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 332.710647] raw: 0000000000000000 ffffea00074c0101 0000000000000000 0000000000000000
[ 332.718510] page dumped because: kasan: bad access detected
[ 332.724192]
[ 332.725791] Memory state around the buggy address:
[ 332.730696] ffff8801d32c7180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 332.738040] ffff8801d32c7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 332.745393] >ffff8801d32c7280: 00 00 00 00 00 00 00 00 ca ca ca ca 00 cb cb cb
[ 332.752735] ^
[ 332.759722] ffff8801d32c7300: cb cb cb cb 00 00 00 00 00 00 00 00 00 00 00 00
[ 332.767061] ffff8801d32c7380: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[ 332.774401] ==================================================================
[ 332.781737] Disabling lock debugging due to kernel taint
[ 332.787162] Kernel panic - not syncing: panic_on_warn set ...
[ 332.787162]
[ 332.794503] CPU: 0 PID: 4962 Comm: ip Tainted: G B 4.16.0+ #3
[ 332.801574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 332.810907] Call Trace:
[ 332.813463]
[ 332.815597] dump_stack+0x1b9/0x294
[ 332.819201] ? dump_stack_print_info.cold.2+0x52/0x52
[ 332.824366] ? lock_downgrade+0x8e0/0x8e0
[ 332.828489] ? vprintk_default+0x28/0x30
[ 332.832528] ? tick_sched_handle+0x100/0x180
[ 332.836923] panic+0x22f/0x4de
[ 332.840089] ? add_taint.cold.5+0x16/0x16
[ 332.844213] ? add_taint.cold.5+0x5/0x16
[ 332.848249] ? do_raw_spin_unlock+0x9e/0x2e0
[ 332.852646] ? tick_sched_handle+0x16d/0x180
[ 332.857034] kasan_end_report+0x47/0x4f
[ 332.860985] kasan_report.cold.7+0xc9/0x2f5
[ 332.865289] __asan_report_load8_noabort+0x14/0x20
[ 332.870201] tick_sched_handle+0x16d/0x180
[ 332.874412] tick_sched_timer+0x42/0x130
[ 332.878448] __hrtimer_run_queues+0x3e3/0x10a0
[ 332.883011] ? tick_sched_do_timer+0x100/0x100
[ 332.887579] ? hrtimer_start_range_ns+0xd10/0xd10
[ 332.892403] ? pvclock_read_flags+0x160/0x160
[ 332.896882] ? __local_bh_enable+0xef/0x130
[ 332.901188] ? kvm_clock_read+0x25/0x30
[ 332.905141] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 332.910137] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 332.915475] ? do_timer+0x50/0x50
[ 332.918907] ? rcu_nmi_exit+0xd7/0x2b0
[ 332.922781] ? do_raw_spin_lock+0xc1/0x200
[ 332.926992] hrtimer_interrupt+0x286/0x650
[ 332.931212] smp_apic_timer_interrupt+0x15d/0x710
[ 332.936034] ? smp_call_function_single_interrupt+0x650/0x650
[ 332.941900] ? _raw_spin_lock+0x32/0x40
[ 332.945851] ? _raw_spin_unlock+0x22/0x30
[ 332.949974] ? handle_edge_irq+0x330/0x870
[ 332.954186] ? task_prio+0x50/0x50
[ 332.957710] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 332.962620] apic_timer_interrupt+0xf/0x20
[ 332.966828]
[ 332.969043] RIP: 0010:kasan_unpoison_shadow+0x14/0x50
[ 332.974214] RSP: 0018:ffff8801d32c7310 EFLAGS: 00000a02 ORIG_RAX: ffffffffffffff13
[ 332.981901] RAX: 1ffff1003a658e67 RBX: 0000000000000000 RCX: ffffffff85c13fdf
[ 332.989146] RDX: 0000000000000000 RSI: 0000000000000078 RDI: 1ffff1003a658e58
[ 332.996390] RBP: ffff8801d32c7318 R08: ffff8801aec30400 R09: ffffed003a658e5d
[ 333.003723] R10: ffffed003a658e95 R11: ffff8801d32c74af R12: ffff8801d32c7740
[ 333.010969] R13: ffff8801cf2ddac0 R14: 0000000000000000 R15: 00000000ffffffed
[ 333.018234] ? rtnl_newlink+0x112f/0x1a40
[ 333.022361] __asan_allocas_unpoison+0x16/0x20
[ 333.026929] rtnl_newlink+0x1094/0x1a40
[ 333.030880] ? _raw_spin_unlock+0x22/0x30
[ 333.035018] ? rtnl_link_unregister+0x370/0x370
[ 333.039667] ? kasan_check_read+0x11/0x20
[ 333.043796] ? rcu_is_watching+0x85/0x140
[ 333.047921] ? __lock_acquire+0x7f5/0x5130
[ 333.052136] ? graph_lock+0x170/0x170
[ 333.055935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 333.061450] ? rtnl_get_link+0x164/0x350
[ 333.065487] ? rtnl_dump_all+0x5e0/0x5e0
[ 333.069530] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 333.074707] ? __netlink_ns_capable+0x100/0x130
[ 333.079354] ? rtnl_link_unregister+0x370/0x370
[ 333.084001] rtnetlink_rcv_msg+0x466/0xc10
[ 333.088226] ? rtnetlink_put_metrics+0x690/0x690
[ 333.092960] netlink_rcv_skb+0x172/0x440
[ 333.096996] ? rtnetlink_put_metrics+0x690/0x690
[ 333.101732] ? netlink_ack+0xbc0/0xbc0
[ 333.105603] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 333.110769] ? netlink_skb_destructor+0x210/0x210
[ 333.115597] rtnetlink_rcv+0x1c/0x20
[ 333.119287] netlink_unicast+0x58b/0x740
[ 333.123327] ? netlink_attachskb+0x970/0x970
[ 333.127712] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 333.133311] ? __fget_light+0x2ef/0x430
[ 333.137268] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 333.142261] ? security_netlink_send+0x8f/0xc0
[ 333.146818] netlink_sendmsg+0x9d8/0xf80
[ 333.150868] ? netlink_unicast+0x740/0x740
[ 333.155089] ? graph_lock+0x170/0x170
[ 333.158867] ? security_socket_sendmsg+0x9b/0xd0
[ 333.163610] ? netlink_unicast+0x740/0x740
[ 333.167821] sock_sendmsg+0xd5/0x120
[ 333.171513] __sys_sendto+0x3d7/0x670
[ 333.175289] ? SyS_getpeername+0x30/0x30
[ 333.179326] ? lock_downgrade+0x8e0/0x8e0
[ 333.183451] ? handle_mm_fault+0x8c0/0xc70
[ 333.187671] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 333.193189] ? handle_mm_fault+0x55a/0xc70
[ 333.197406] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 333.202928] ? __do_page_fault+0x441/0xe40
[ 333.207140] ? mm_fault_error+0x380/0x380
[ 333.211273] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 333.216095] SyS_sendto+0x40/0x60
[ 333.219524] ? __sys_sendto+0x670/0x670
[ 333.223474] do_syscall_64+0x29e/0x9d0
[ 333.227425] ? vmalloc_sync_all+0x30/0x30
[ 333.231548] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 333.236283] ? syscall_return_slowpath+0x5c0/0x5c0
[ 333.241188] ? syscall_return_slowpath+0x30f/0x5c0
[ 333.246103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 333.251617] ? retint_user+0x18/0x18
[ 333.255313] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 333.260132] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 333.265298] RIP: 0033:0x7f63884b4282
[ 333.268990] RSP: 002b:00007ffeef9434a0 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 333.276675] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f63884b4282
[ 333.284794] RDX: 0000000000000020 RSI: 00007ffeef9434e0 RDI: 0000000000000003
[ 333.292049] RBP: 00007ffeef943f4a R08: 0000000000000000 R09: 0000000000000000
[ 333.299298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 333.306544] R13: 00007ffeef943c60 R14: 00007ffeef943c68 R15: 0000000000000000
[ 333.314279] Dumping ftrace buffer:
[ 333.317793] (ftrace buffer empty)
[ 333.321475] Kernel Offset: disabled
[ 333.325078] Rebooting in 86400 seconds..