INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts.
2018/04/12 11:06:57 parsed 1 programs
2018/04/12 11:06:57 executed programs: 0
syzkaller login: [ 42.100597] IPVS: ftp: loaded support on port[0] = 21
[ 42.108771] IPVS: ftp: loaded support on port[0] = 21
[ 42.112770] IPVS: ftp: loaded support on port[0] = 21
[ 42.118868] IPVS: ftp: loaded support on port[0] = 21
[ 42.121679] IPVS: ftp: loaded support on port[0] = 21
[ 42.134688] IPVS: ftp: loaded support on port[0] = 21
[ 42.145461] IPVS: ftp: loaded support on port[0] = 21
[ 42.166764] IPVS: ftp: loaded support on port[0] = 21
[ 43.164912] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 43.189981] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 43.241415] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 43.290325] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 43.302603] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 43.309147] ==================================================================
[ 43.316584] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16d/0x180
[ 43.323844] Read of size 8 at addr ffff8801b024f1a0 by task ip/4905
[ 43.330227]
[ 43.331843] CPU: 1 PID: 4905 Comm: ip Not tainted 4.16.0+ #17
[ 43.337705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 43.347038] Call Trace:
[ 43.349599]
[ 43.351736] dump_stack+0x1b9/0x294
[ 43.355345] ? dump_stack_print_info.cold.2+0x52/0x52
[ 43.360515] ? printk+0x9e/0xba
[ 43.363777] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 43.368515] ? kasan_check_write+0x14/0x20
[ 43.372732] print_address_description+0x6c/0x20b
[ 43.377662] ? tick_sched_handle+0x16d/0x180
[ 43.382055] kasan_report.cold.7+0xac/0x2f5
[ 43.386369] __asan_report_load8_noabort+0x14/0x20
[ 43.391278] tick_sched_handle+0x16d/0x180
[ 43.395496] tick_sched_timer+0x42/0x130
[ 43.399542] __hrtimer_run_queues+0x3e3/0x10a0
[ 43.404107] ? tick_sched_do_timer+0x100/0x100
[ 43.408682] ? hrtimer_start_range_ns+0xd10/0xd10
[ 43.413514] ? pvclock_read_flags+0x160/0x160
[ 43.417995] ? __local_bh_enable+0xef/0x130
[ 43.422302] ? kvm_clock_read+0x25/0x30
[ 43.426260] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 43.431261] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 43.436608] ? do_timer+0x50/0x50
[ 43.440042] ? rcu_nmi_exit+0xd7/0x2b0
[ 43.443915] ? do_raw_spin_lock+0xc1/0x200
[ 43.448133] hrtimer_interrupt+0x286/0x650
[ 43.452357] smp_apic_timer_interrupt+0x15d/0x710
[ 43.457184] ? smp_call_function_single_interrupt+0x650/0x650
[ 43.463053] ? _raw_spin_lock+0x32/0x40
[ 43.467010] ? _raw_spin_unlock+0x22/0x30
[ 43.471167] ? handle_edge_irq+0x330/0x870
[ 43.475390] ? task_prio+0x50/0x50
[ 43.478919] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 43.483748] apic_timer_interrupt+0xf/0x20
[ 43.487961]
[ 43.490181] RIP: 0010:rtnl_newlink+0x108c/0x1a40
[ 43.494914] RSP: 0018:ffff8801b024f1c8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 43.502606] RAX: ffff8801d2456240 RBX: 0000000000000000 RCX: 0000000000000000
[ 43.509871] RDX: 0000000000000000 RSI: ffffffff85c67fbe RDI: ffff8801b024f160
[ 43.517125] RBP: ffff8801b024f5f8 R08: ffff8801d2456240 R09: 0000000000000000
[ 43.524377] R10: ffffed0036049d20 R11: 0000000000000003 R12: ffff8801b024f5d0
[ 43.531641] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[ 43.538922] ? rtnl_newlink+0x107e/0x1a40
[ 43.543055] ? rtnl_newlink+0x4e7/0x1a40
[ 43.547099] ? _raw_spin_unlock+0x22/0x30
[ 43.551235] ? rtnl_link_unregister+0x370/0x370
[ 43.555889] ? kasan_check_read+0x11/0x20
[ 43.560019] ? rcu_is_watching+0x85/0x140
[ 43.564149] ? __lock_acquire+0x7f5/0x5130
[ 43.568377] ? graph_lock+0x170/0x170
[ 43.572198] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 43.577730] ? rtnl_get_link+0x164/0x350
[ 43.581774] ? rtnl_dump_all+0x5e0/0x5e0
[ 43.585905] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 43.591080] ? __netlink_ns_capable+0x100/0x130
[ 43.595731] ? rtnl_link_unregister+0x370/0x370
[ 43.600382] rtnetlink_rcv_msg+0x466/0xc10
[ 43.604599] ? rtnetlink_put_metrics+0x690/0x690
[ 43.609702] netlink_rcv_skb+0x172/0x440
[ 43.613749] ? rtnetlink_put_metrics+0x690/0x690
[ 43.618487] ? netlink_ack+0xbc0/0xbc0
[ 43.622355] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 43.627527] ? netlink_skb_destructor+0x210/0x210
[ 43.632353] rtnetlink_rcv+0x1c/0x20
[ 43.636051] netlink_unicast+0x58b/0x740
[ 43.640112] ? netlink_attachskb+0x970/0x970
[ 43.644500] ? import_iovec+0x24b/0x420
[ 43.648459] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 43.653460] ? security_netlink_send+0x88/0xb0
[ 43.658027] netlink_sendmsg+0x9f0/0xfa0
[ 43.662072] ? netlink_unicast+0x740/0x740
[ 43.666290] ? security_socket_sendmsg+0x94/0xc0
[ 43.671034] ? netlink_unicast+0x740/0x740
[ 43.675254] sock_sendmsg+0xd5/0x120
[ 43.678954] ___sys_sendmsg+0x805/0x940
[ 43.682913] ? copy_msghdr_from_user+0x560/0x560
[ 43.687669] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 43.692406] ? graph_lock+0x170/0x170
[ 43.696190] ? graph_lock+0x170/0x170
[ 43.699982] ? find_held_lock+0x36/0x1c0
[ 43.704026] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 43.709544] ? __fget_light+0x2ef/0x430
[ 43.713501] ? fget_raw+0x20/0x20
[ 43.716934] ? find_held_lock+0x36/0x1c0
[ 43.720978] ? lock_downgrade+0x8e0/0x8e0
[ 43.725106] ? handle_mm_fault+0x8c0/0xc70
[ 43.729352] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 43.734872] ? sockfd_lookup_light+0xc5/0x160
[ 43.739349] __sys_sendmsg+0x115/0x270
[ 43.743244] ? SyS_shutdown+0x30/0x30
[ 43.747055] ? __do_page_fault+0x441/0xe40
[ 43.751293] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 43.756127] SyS_sendmsg+0x29/0x30
[ 43.759652] ? __sys_sendmsg+0x270/0x270
[ 43.763702] do_syscall_64+0x29e/0x9d0
[ 43.767573] ? vmalloc_sync_all+0x30/0x30
[ 43.771709] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 43.776453] ? syscall_return_slowpath+0x5c0/0x5c0
[ 43.781371] ? syscall_return_slowpath+0x30f/0x5c0
[ 43.786299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 43.791823] ? retint_user+0x18/0x18
[ 43.795523] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 43.800355] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 43.805529] RIP: 0033:0x7fbcaeeee320
[ 43.809224] RSP: 002b:00007ffc150f66e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 43.816920] RAX: ffffffffffffffda RBX: 00007ffc150fa7e0 RCX: 00007fbcaeeee320
[ 43.824174] RDX: 0000000000000000 RSI: 00007ffc150f6720 RDI: 0000000000000003
[ 43.831426] RBP: 00007ffc150f6720 R08: 0000000000000000 R09: 0000000000000000
[ 43.838773] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005acf3dd4
[ 43.846031] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffc150fafb8
[ 43.853308]
[ 43.854915] The buggy address belongs to the page:
[ 43.859826] page:ffffea0006c093c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 43.867960] flags: 0x2fffc0000000000()
[ 43.871835] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 43.879701] raw: 0000000000000000 ffffea0006c00101 0000000000000000 0000000000000000
[ 43.887561] page dumped because: kasan: bad access detected
[ 43.893246]
[ 43.894850] Memory state around the buggy address:
[ 43.899758] ffff8801b024f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 43.907099] ffff8801b024f100: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
[ 43.914447] >ffff8801b024f180: 00 cb cb cb cb cb cb cb 00 00 00 00 00 00 00 00
[ 43.921784] ^
[ 43.926174] ffff8801b024f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 43.933521] ffff8801b024f280: f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2
[ 43.940855] ==================================================================
[ 43.948193] Disabling lock debugging due to kernel taint
[ 43.953622] Kernel panic - not syncing: panic_on_warn set ...
[ 43.953622]
[ 43.960975] CPU: 1 PID: 4905 Comm: ip Tainted: G B 4.16.0+ #17
[ 43.968138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 43.977470] Call Trace:
[ 43.980032]
[ 43.982169] dump_stack+0x1b9/0x294
[ 43.985783] ? dump_stack_print_info.cold.2+0x52/0x52
[ 43.990954] ? lock_downgrade+0x8e0/0x8e0
[ 43.995083] ? vprintk_default+0x28/0x30
[ 43.999132] ? tick_sched_handle+0xb0/0x180
[ 44.003433] panic+0x22f/0x4de
[ 44.006607] ? add_taint.cold.5+0x16/0x16
[ 44.010735] ? add_taint.cold.5+0x5/0x16
[ 44.014776] ? do_raw_spin_unlock+0x9e/0x2e0
[ 44.019165] ? tick_sched_handle+0x16d/0x180
[ 44.023558] kasan_end_report+0x47/0x4f
[ 44.027512] kasan_report.cold.7+0xc9/0x2f5
[ 44.031814] __asan_report_load8_noabort+0x14/0x20
[ 44.036730] tick_sched_handle+0x16d/0x180
[ 44.040943] tick_sched_timer+0x42/0x130
[ 44.044987] __hrtimer_run_queues+0x3e3/0x10a0
[ 44.049552] ? tick_sched_do_timer+0x100/0x100
[ 44.054115] ? hrtimer_start_range_ns+0xd10/0xd10
[ 44.058940] ? pvclock_read_flags+0x160/0x160
[ 44.063415] ? __local_bh_enable+0xef/0x130
[ 44.067721] ? kvm_clock_read+0x25/0x30
[ 44.071679] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 44.076678] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 44.082026] ? do_timer+0x50/0x50
[ 44.085465] ? rcu_nmi_exit+0xd7/0x2b0
[ 44.089336] ? do_raw_spin_lock+0xc1/0x200
[ 44.093552] hrtimer_interrupt+0x286/0x650
[ 44.097772] smp_apic_timer_interrupt+0x15d/0x710
[ 44.102596] ? smp_call_function_single_interrupt+0x650/0x650
[ 44.108462] ? _raw_spin_lock+0x32/0x40
[ 44.112417] ? _raw_spin_unlock+0x22/0x30
[ 44.116545] ? handle_edge_irq+0x330/0x870
[ 44.120767] ? task_prio+0x50/0x50
[ 44.124294] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 44.129124] apic_timer_interrupt+0xf/0x20
[ 44.133336]
[ 44.135558] RIP: 0010:rtnl_newlink+0x108c/0x1a40
[ 44.140289] RSP: 0018:ffff8801b024f1c8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 44.147977] RAX: ffff8801d2456240 RBX: 0000000000000000 RCX: 0000000000000000
[ 44.155228] RDX: 0000000000000000 RSI: ffffffff85c67fbe RDI: ffff8801b024f160
[ 44.162481] RBP: ffff8801b024f5f8 R08: ffff8801d2456240 R09: 0000000000000000
[ 44.169743] R10: ffffed0036049d20 R11: 0000000000000003 R12: ffff8801b024f5d0
[ 44.176993] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[ 44.184256] ? rtnl_newlink+0x107e/0x1a40
[ 44.188387] ? rtnl_newlink+0x4e7/0x1a40
[ 44.192431] ? _raw_spin_unlock+0x22/0x30
[ 44.196571] ? rtnl_link_unregister+0x370/0x370
[ 44.201222] ? kasan_check_read+0x11/0x20
[ 44.205356] ? rcu_is_watching+0x85/0x140
[ 44.209486] ? __lock_acquire+0x7f5/0x5130
[ 44.213719] ? graph_lock+0x170/0x170
[ 44.217513] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 44.223029] ? rtnl_get_link+0x164/0x350
[ 44.227075] ? rtnl_dump_all+0x5e0/0x5e0
[ 44.231133] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 44.236308] ? __netlink_ns_capable+0x100/0x130
[ 44.240961] ? rtnl_link_unregister+0x370/0x370
[ 44.245612] rtnetlink_rcv_msg+0x466/0xc10
[ 44.249833] ? rtnetlink_put_metrics+0x690/0x690
[ 44.254577] netlink_rcv_skb+0x172/0x440
[ 44.258623] ? rtnetlink_put_metrics+0x690/0x690
[ 44.263361] ? netlink_ack+0xbc0/0xbc0
[ 44.267229] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 44.272400] ? netlink_skb_destructor+0x210/0x210
[ 44.277224] rtnetlink_rcv+0x1c/0x20
[ 44.280920] netlink_unicast+0x58b/0x740
[ 44.284966] ? netlink_attachskb+0x970/0x970
[ 44.289365] ? import_iovec+0x24b/0x420
[ 44.293323] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 44.298326] ? security_netlink_send+0x88/0xb0
[ 44.302892] netlink_sendmsg+0x9f0/0xfa0
[ 44.306937] ? netlink_unicast+0x740/0x740
[ 44.311161] ? security_socket_sendmsg+0x94/0xc0
[ 44.315905] ? netlink_unicast+0x740/0x740
[ 44.320121] sock_sendmsg+0xd5/0x120
[ 44.323816] ___sys_sendmsg+0x805/0x940
[ 44.327773] ? copy_msghdr_from_user+0x560/0x560
[ 44.332512] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 44.337250] ? graph_lock+0x170/0x170
[ 44.341034] ? graph_lock+0x170/0x170
[ 44.344827] ? find_held_lock+0x36/0x1c0
[ 44.348874] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 44.354479] ? __fget_light+0x2ef/0x430
[ 44.358434] ? fget_raw+0x20/0x20
[ 44.361869] ? find_held_lock+0x36/0x1c0
[ 44.365912] ? lock_downgrade+0x8e0/0x8e0
[ 44.370039] ? handle_mm_fault+0x8c0/0xc70
[ 44.374257] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 44.379796] ? sockfd_lookup_light+0xc5/0x160
[ 44.384273] __sys_sendmsg+0x115/0x270
[ 44.388318] ? SyS_shutdown+0x30/0x30
[ 44.392103] ? __do_page_fault+0x441/0xe40
[ 44.396322] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 44.401145] SyS_sendmsg+0x29/0x30
[ 44.404668] ? __sys_sendmsg+0x270/0x270
[ 44.408721] do_syscall_64+0x29e/0x9d0
[ 44.412591] ? vmalloc_sync_all+0x30/0x30
[ 44.416720] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 44.421461] ? syscall_return_slowpath+0x5c0/0x5c0
[ 44.426373] ? syscall_return_slowpath+0x30f/0x5c0
[ 44.431285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 44.436803] ? retint_user+0x18/0x18
[ 44.441640] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 44.446466] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 44.451635] RIP: 0033:0x7fbcaeeee320
[ 44.455326] RSP: 002b:00007ffc150f66e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 44.463019] RAX: ffffffffffffffda RBX: 00007ffc150fa7e0 RCX: 00007fbcaeeee320
[ 44.470270] RDX: 0000000000000000 RSI: 00007ffc150f6720 RDI: 0000000000000003
[ 44.477521] RBP: 00007ffc150f6720 R08: 0000000000000000 R09: 0000000000000000
[ 44.484772] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005acf3dd4
[ 44.492023] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffc150fafb8
[ 44.499768] Dumping ftrace buffer:
[ 44.503291] (ftrace buffer empty)
[ 44.506982] Kernel Offset: disabled
[ 44.510589] Rebooting in 86400 seconds..