INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.27' (ECDSA) to the list of known hosts.
2018/04/13 12:01:12 parsed 1 programs
2018/04/13 12:01:12 executed programs: 0
syzkaller login: [   31.045481] IPVS: ftp: loaded support on port[0] = 21
[   31.050844] IPVS: ftp: loaded support on port[0] = 21
[   31.068250] IPVS: ftp: loaded support on port[0] = 21
[   31.074092] IPVS: ftp: loaded support on port[0] = 21
[   31.093785] IPVS: ftp: loaded support on port[0] = 21
[   31.098495] IPVS: ftp: loaded support on port[0] = 21
[   31.103081] IPVS: ftp: loaded support on port[0] = 21
[   31.112333] IPVS: ftp: loaded support on port[0] = 21
[   31.153573] netlink: 'syz-executor4': attribute type 1 has an invalid length.
[   31.196831] netlink: 'syz-executor0': attribute type 1 has an invalid length.
[   31.204259] netlink: 'syz-executor4': attribute type 1 has an invalid length.
[   31.233498] netlink: 'syz-executor5': attribute type 1 has an invalid length.
[   31.257901] netlink: 'syz-executor0': attribute type 1 has an invalid length.
[   31.290704] netlink: 'syz-executor5': attribute type 1 has an invalid length.
[   31.293502] netlink: 'syz-executor4': attribute type 1 has an invalid length.
[   31.332259] netlink: 'syz-executor2': attribute type 1 has an invalid length.
[   31.346823] netlink: 'syz-executor6': attribute type 1 has an invalid length.
[   31.359567] netlink: 'syz-executor1': attribute type 1 has an invalid length.
2018/04/13 12:01:17 executed programs: 403
[   36.162576] validate_nla: 481 callbacks suppressed
[   36.162583] netlink: 'syz-executor2': attribute type 1 has an invalid length.
[   36.177223] netlink: 'syz-executor0': attribute type 1 has an invalid length.
[   36.190349] netlink: 'syz-executor3': attribute type 1 has an invalid length.
[   36.202423] netlink: 'syz-executor5': attribute type 1 has an invalid length.
[   36.210682] netlink: 'syz-executor1': attribute type 1 has an invalid length.
[   36.213190] netlink: 'syz-executor4': attribute type 1 has an invalid length.
[   36.240573] netlink: 'syz-executor7': attribute type 1 has an invalid length.
[   36.253192] ==================================================================
[   36.260721] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16c/0x180
[   36.267979] Read of size 8 at addr ffff8801acc4f2f0 by task syz-executor3/5709
[   36.275313] 
[   36.276928] CPU: 1 PID: 5709 Comm: syz-executor3 Not tainted 4.16.0+ #2
[   36.283659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.292990] Call Trace:
[   36.295552]  <IRQ>
[   36.297690]  dump_stack+0x1b9/0x294
[   36.301303]  ? dump_stack_print_info.cold.2+0x52/0x52
[   36.306473]  ? printk+0x9e/0xba
[   36.309734]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   36.314473]  ? kasan_check_write+0x14/0x20
[   36.318690]  print_address_description+0x6c/0x20b
[   36.323511]  ? tick_sched_handle+0x16c/0x180
[   36.327912]  kasan_report.cold.7+0xac/0x2f5
[   36.332216]  __asan_report_load8_noabort+0x14/0x20
[   36.337124]  tick_sched_handle+0x16c/0x180
[   36.341382]  tick_sched_timer+0x45/0x130
[   36.345425]  __hrtimer_run_queues+0x3e3/0x10a0
[   36.349996]  ? tick_sched_do_timer+0x1a0/0x1a0
[   36.354563]  ? hrtimer_start_range_ns+0xd10/0xd10
[   36.359389]  ? pvclock_read_flags+0x160/0x160
[   36.363868]  ? __local_bh_enable+0xef/0x130
[   36.368172]  ? kvm_clock_read+0x25/0x30
[   36.372131]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   36.377130]  ? ktime_get_update_offsets_now+0x3a6/0x570
[   36.382476]  ? do_timer+0x50/0x50
[   36.385910]  ? rcu_nmi_exit+0xd7/0x2b0
[   36.389782]  ? do_raw_spin_lock+0xc1/0x200
[   36.394004]  hrtimer_interrupt+0x286/0x650
[   36.398237]  smp_apic_timer_interrupt+0x15d/0x710
[   36.403064]  ? smp_call_function_single_interrupt+0x650/0x650
[   36.408927]  ? _raw_spin_lock+0x32/0x40
[   36.412884]  ? _raw_spin_unlock+0x22/0x30
[   36.417024]  ? handle_edge_irq+0x330/0x870
[   36.421249]  ? task_prio+0x50/0x50
[   36.424773]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.429601]  apic_timer_interrupt+0xf/0x20
[   36.433817]  </IRQ>
[   36.436039] RIP: 0010:nfnetlink_rcv_msg+0x6a0/0xfe0
[   36.441072] RSP: 0018:ffff8801acc4f310 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[   36.448764] RAX: ffff8801ad6ec300 RBX: ffffffff8606e8d0 RCX: ffffffff85ec17df
[   36.456014] RDX: 0000000000000000 RSI: ffffffff85ec18a9 RDI: 0000000000000005
[   36.463265] RBP: ffff8801acc4f480 R08: ffff8801ad6ec300 R09: ffffed0036096094
[   36.470517] R10: ffffed0036096094 R11: ffff8801b04b04a3 R12: 0000000000000000
[   36.477780] R13: 0000000000000003 R14: 0000000000000000 R15: ffff8801ad55f780
[   36.485047]  ? ip_set_dump_start+0x20e0/0x20e0
[   36.489615]  ? nfnetlink_rcv_msg+0x5cf/0xfe0
[   36.494007]  ? nfnetlink_rcv_msg+0x699/0xfe0
[   36.498413]  ? nfnetlink_bind+0x3a0/0x3a0
[   36.502581]  ? graph_lock+0x170/0x170
[   36.506361]  ? find_held_lock+0x36/0x1c0
[   36.510409]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.515934]  netlink_rcv_skb+0x172/0x440
[   36.519981]  ? nfnetlink_bind+0x3a0/0x3a0
[   36.524158]  ? netlink_ack+0xbc0/0xbc0
[   36.528037]  ? __netlink_ns_capable+0x100/0x130
[   36.532689]  nfnetlink_rcv+0x1fe/0x1ba0
[   36.536645]  ? kasan_check_read+0x11/0x20
[   36.540775]  ? rcu_is_watching+0x85/0x140
[   36.544905]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   36.550084]  ? nfnl_err_reset+0x2d0/0x2d0
[   36.554217]  ? netlink_remove_tap+0x610/0x610
[   36.558707]  ? refcount_add_not_zero+0x320/0x320
[   36.563442]  ? kasan_check_read+0x11/0x20
[   36.567581]  ? rcu_is_watching+0x85/0x140
[   36.571709]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   36.576887]  ? netlink_skb_destructor+0x210/0x210
[   36.581714]  ? kasan_check_write+0x14/0x20
[   36.585935]  netlink_unicast+0x58b/0x740
[   36.589980]  ? netlink_attachskb+0x970/0x970
[   36.594370]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.599890]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   36.604891]  ? security_netlink_send+0x88/0xb0
[   36.609454]  netlink_sendmsg+0x9f0/0xfa0
[   36.613504]  ? netlink_unicast+0x740/0x740
[   36.617723]  ? security_socket_sendmsg+0x94/0xc0
[   36.622460]  ? netlink_unicast+0x740/0x740
[   36.626680]  sock_sendmsg+0xd5/0x120
[   36.630375]  ___sys_sendmsg+0x805/0x940
[   36.634332]  ? copy_msghdr_from_user+0x560/0x560
[   36.639078]  ? lock_downgrade+0x8e0/0x8e0
[   36.643216]  ? __fget_light+0x2ef/0x430
[   36.647176]  ? fget_raw+0x20/0x20
[   36.650612]  ? __fd_install+0x2de/0x880
[   36.654574]  ? get_unused_fd_flags+0x190/0x190
[   36.659144]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   36.664667]  ? sockfd_lookup_light+0xc5/0x160
[   36.669145]  __sys_sendmsg+0x115/0x270
[   36.673018]  ? SyS_shutdown+0x30/0x30
[   36.676804]  ? SyS_futex+0x3a4/0x56d
[   36.680503]  ? fd_install+0x4d/0x60
[   36.684120]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   36.688685]  SyS_sendmsg+0x29/0x30
[   36.692212]  ? __sys_sendmsg+0x270/0x270
[   36.696255]  do_syscall_64+0x29e/0x9d0
[   36.700122]  ? vmalloc_sync_all+0x30/0x30
[   36.704252]  ? kasan_check_write+0x14/0x20
[   36.708468]  ? syscall_return_slowpath+0x5c0/0x5c0
[   36.713387]  ? syscall_return_slowpath+0x30f/0x5c0
[   36.718301]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   36.723653]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.728485]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   36.733657] RIP: 0033:0x455319
[   36.736826] RSP: 002b:00007fc264ff0c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   36.744517] RAX: ffffffffffffffda RBX: 00007fc264ff16d4 RCX: 0000000000455319
[   36.751766] RDX: 0000000000000000 RSI: 0000000020d65000 RDI: 0000000000000004
[   36.759018] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   36.766269] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   36.773518] R13: 00000000000004f0 R14: 00000000006fa720 R15: 0000000000000000
[   36.780774] 
[   36.782378] The buggy address belongs to the page:
[   36.787287] page:ffffea0006b313c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   36.795758] flags: 0x2fffc0000000000()
[   36.799639] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   36.807504] raw: 0000000000000000 ffffea0006b30101 0000000000000000 0000000000000000
[   36.815359] page dumped because: kasan: bad access detected
[   36.821043] 
[   36.822647] Memory state around the buggy address:
[   36.827553]  ffff8801acc4f180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.834889]  ffff8801acc4f200: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
[   36.842225] >ffff8801acc4f280: 00 00 00 00 00 00 00 00 00 00 00 cb cb cb cb cb
[   36.849559]                                                              ^
[   36.856552]  ffff8801acc4f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.863903]  ffff8801acc4f380: 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2
[   36.871235] ==================================================================
[   36.878569] Disabling lock debugging due to kernel taint
[   36.883997] Kernel panic - not syncing: panic_on_warn set ...
[   36.883997] 
[   36.891347] CPU: 1 PID: 5709 Comm: syz-executor3 Tainted: G    B             4.16.0+ #2
[   36.899552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.908892] Call Trace:
[   36.911462]  <IRQ>
[   36.913608]  dump_stack+0x1b9/0x294
[   36.917222]  ? dump_stack_print_info.cold.2+0x52/0x52
[   36.922393]  ? lock_downgrade+0x8e0/0x8e0
[   36.926517]  ? vprintk_default+0x28/0x30
[   36.930555]  ? tick_sched_handle+0x150/0x180
[   36.934944]  panic+0x22f/0x4de
[   36.938116]  ? add_taint.cold.5+0x16/0x16
[   36.942242]  ? add_taint.cold.5+0x5/0x16
[   36.946281]  ? do_raw_spin_unlock+0x9e/0x2e0
[   36.950665]  ? tick_sched_handle+0x16c/0x180
[   36.955053]  kasan_end_report+0x47/0x4f
[   36.959008]  kasan_report.cold.7+0xc9/0x2f5
[   36.963314]  __asan_report_load8_noabort+0x14/0x20
[   36.968221]  tick_sched_handle+0x16c/0x180
[   36.972437]  tick_sched_timer+0x45/0x130
[   36.976483]  __hrtimer_run_queues+0x3e3/0x10a0
[   36.981051]  ? tick_sched_do_timer+0x1a0/0x1a0
[   36.985617]  ? hrtimer_start_range_ns+0xd10/0xd10
[   36.990442]  ? pvclock_read_flags+0x160/0x160
[   36.994920]  ? __local_bh_enable+0xef/0x130
[   36.999223]  ? kvm_clock_read+0x25/0x30
[   37.003188]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   37.008187]  ? ktime_get_update_offsets_now+0x3a6/0x570
[   37.013534]  ? do_timer+0x50/0x50
[   37.016966]  ? rcu_nmi_exit+0xd7/0x2b0
[   37.020843]  ? do_raw_spin_lock+0xc1/0x200
[   37.025059]  hrtimer_interrupt+0x286/0x650
[   37.029275]  smp_apic_timer_interrupt+0x15d/0x710
[   37.034102]  ? smp_call_function_single_interrupt+0x650/0x650
[   37.039962]  ? _raw_spin_lock+0x32/0x40
[   37.043923]  ? _raw_spin_unlock+0x22/0x30
[   37.048054]  ? handle_edge_irq+0x330/0x870
[   37.052270]  ? task_prio+0x50/0x50
[   37.056501]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.061330]  apic_timer_interrupt+0xf/0x20
[   37.065541]  </IRQ>
[   37.067758] RIP: 0010:nfnetlink_rcv_msg+0x6a0/0xfe0
[   37.072753] RSP: 0018:ffff8801acc4f310 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[   37.080445] RAX: ffff8801ad6ec300 RBX: ffffffff8606e8d0 RCX: ffffffff85ec17df
[   37.087696] RDX: 0000000000000000 RSI: ffffffff85ec18a9 RDI: 0000000000000005
[   37.094945] RBP: ffff8801acc4f480 R08: ffff8801ad6ec300 R09: ffffed0036096094
[   37.102192] R10: ffffed0036096094 R11: ffff8801b04b04a3 R12: 0000000000000000
[   37.109442] R13: 0000000000000003 R14: 0000000000000000 R15: ffff8801ad55f780
[   37.116707]  ? ip_set_dump_start+0x20e0/0x20e0
[   37.121270]  ? nfnetlink_rcv_msg+0x5cf/0xfe0
[   37.125657]  ? nfnetlink_rcv_msg+0x699/0xfe0
[   37.130069]  ? nfnetlink_bind+0x3a0/0x3a0
[   37.134197]  ? graph_lock+0x170/0x170
[   37.137977]  ? find_held_lock+0x36/0x1c0
[   37.142021]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.147543]  netlink_rcv_skb+0x172/0x440
[   37.151592]  ? nfnetlink_bind+0x3a0/0x3a0
[   37.155718]  ? netlink_ack+0xbc0/0xbc0
[   37.159586]  ? __netlink_ns_capable+0x100/0x130
[   37.164232]  nfnetlink_rcv+0x1fe/0x1ba0
[   37.168188]  ? kasan_check_read+0x11/0x20
[   37.172314]  ? rcu_is_watching+0x85/0x140
[   37.176440]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   37.181612]  ? nfnl_err_reset+0x2d0/0x2d0
[   37.185745]  ? netlink_remove_tap+0x610/0x610
[   37.190220]  ? refcount_add_not_zero+0x320/0x320
[   37.194955]  ? kasan_check_read+0x11/0x20
[   37.199083]  ? rcu_is_watching+0x85/0x140
[   37.203218]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   37.209086]  ? netlink_skb_destructor+0x210/0x210
[   37.213910]  ? kasan_check_write+0x14/0x20
[   37.218124]  netlink_unicast+0x58b/0x740
[   37.222171]  ? netlink_attachskb+0x970/0x970
[   37.226576]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.232096]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   37.237093]  ? security_netlink_send+0x88/0xb0
[   37.241660]  netlink_sendmsg+0x9f0/0xfa0
[   37.245707]  ? netlink_unicast+0x740/0x740
[   37.249925]  ? security_socket_sendmsg+0x94/0xc0
[   37.254669]  ? netlink_unicast+0x740/0x740
[   37.258897]  sock_sendmsg+0xd5/0x120
[   37.262604]  ___sys_sendmsg+0x805/0x940
[   37.266581]  ? copy_msghdr_from_user+0x560/0x560
[   37.271318]  ? lock_downgrade+0x8e0/0x8e0
[   37.275457]  ? __fget_light+0x2ef/0x430
[   37.279409]  ? fget_raw+0x20/0x20
[   37.282848]  ? __fd_install+0x2de/0x880
[   37.286804]  ? get_unused_fd_flags+0x190/0x190
[   37.291381]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   37.296902]  ? sockfd_lookup_light+0xc5/0x160
[   37.301378]  __sys_sendmsg+0x115/0x270
[   37.305245]  ? SyS_shutdown+0x30/0x30
[   37.309027]  ? SyS_futex+0x3a4/0x56d
[   37.312724]  ? fd_install+0x4d/0x60
[   37.316348]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   37.320927]  SyS_sendmsg+0x29/0x30
[   37.324452]  ? __sys_sendmsg+0x270/0x270
[   37.328498]  do_syscall_64+0x29e/0x9d0
[   37.332368]  ? vmalloc_sync_all+0x30/0x30
[   37.336498]  ? kasan_check_write+0x14/0x20
[   37.340713]  ? syscall_return_slowpath+0x5c0/0x5c0
[   37.345627]  ? syscall_return_slowpath+0x30f/0x5c0
[   37.350538]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   37.355885]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.360714]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   37.365884] RIP: 0033:0x455319
[   37.369052] RSP: 002b:00007fc264ff0c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   37.376741] RAX: ffffffffffffffda RBX: 00007fc264ff16d4 RCX: 0000000000455319
[   37.383992] RDX: 0000000000000000 RSI: 0000000020d65000 RDI: 0000000000000004
[   37.391243] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   37.398492] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   37.405740] R13: 00000000000004f0 R14: 00000000006fa720 R15: 0000000000000000
[   37.413406] Dumping ftrace buffer:
[   37.416921]    (ftrace buffer empty)
[   37.420605] Kernel Offset: disabled
[   37.424208] Rebooting in 86400 seconds..