INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts.
2018/04/08 16:19:13 parsed 1 programs
2018/04/08 16:19:13 executed programs: 0
syzkaller login: [ 85.563960] IPVS: ftp: loaded support on port[0] = 21
[ 85.563967] IPVS: ftp: loaded support on port[0] = 21
[ 85.590363] IPVS: ftp: loaded support on port[0] = 21
[ 85.600511] IPVS: ftp: loaded support on port[0] = 21
[ 85.607375] IPVS: ftp: loaded support on port[0] = 21
[ 85.614580] IPVS: ftp: loaded support on port[0] = 21
[ 85.630788] IPVS: ftp: loaded support on port[0] = 21
[ 85.654961] IPVS: ftp: loaded support on port[0] = 21
[ 86.717000] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 86.747779] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 86.763332] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 86.803094] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 86.827628] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 86.837762] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 86.858379] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 86.875210] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 88.849207] ==================================================================
[ 88.856857] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16d/0x180
[ 88.864130] Read of size 8 at addr ffff8801b1777170 by task ip/5596
[ 88.870513]
[ 88.872125] CPU: 1 PID: 5596 Comm: ip Not tainted 4.16.0+ #4
[ 88.877903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 88.887254] Call Trace:
[ 88.889826]
[ 88.891973] dump_stack+0x1b9/0x294
[ 88.895595] ? dump_stack_print_info.cold.2+0x52/0x52
[ 88.900786] ? printk+0x9e/0xba
[ 88.904064] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 88.908811] ? kasan_check_write+0x14/0x20
[ 88.913043] print_address_description+0x6c/0x20b
[ 88.917876] ? tick_sched_handle+0x16d/0x180
[ 88.922275] kasan_report.cold.7+0xac/0x2f5
[ 88.926588] __asan_report_load8_noabort+0x14/0x20
[ 88.931526] tick_sched_handle+0x16d/0x180
[ 88.935754] tick_sched_timer+0x42/0x130
[ 88.939803] __hrtimer_run_queues+0x3e3/0x10a0
[ 88.944388] ? tick_sched_do_timer+0x100/0x100
[ 88.948960] ? hrtimer_start_range_ns+0xd10/0xd10
[ 88.953789] ? pvclock_read_flags+0x160/0x160
[ 88.958269] ? __local_bh_enable+0xef/0x130
[ 88.963102] ? kvm_clock_read+0x25/0x30
[ 88.967066] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 88.972076] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 88.977429] ? do_timer+0x50/0x50
[ 88.980866] ? rcu_nmi_exit+0xd7/0x2b0
[ 88.984739] ? do_raw_spin_lock+0xc1/0x200
[ 88.988962] hrtimer_interrupt+0x286/0x650
[ 88.993189] smp_apic_timer_interrupt+0x15d/0x710
[ 88.998029] ? smp_call_function_single_interrupt+0x650/0x650
[ 89.003913] ? _raw_spin_lock+0x32/0x40
[ 89.007875] ? _raw_spin_unlock+0x22/0x30
[ 89.012021] ? handle_edge_irq+0x330/0x870
[ 89.016249] ? task_prio+0x50/0x50
[ 89.019775] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 89.024601] apic_timer_interrupt+0xf/0x20
[ 89.028817]
[ 89.031045] RIP: 0010:memset_erms+0x0/0x10
[ 89.035265] RSP: 0018:ffff8801b1777190 EFLAGS: 00000212 ORIG_RAX: ffffffffffffff13
[ 89.042961] RAX: 1ffff100362eee39 RBX: ffffed00362eee39 RCX: 0000000000000000
[ 89.050210] RDX: 000000000000000d RSI: 0000000000000000 RDI: ffffed00362eee2c
[ 89.057465] RBP: ffff8801b17771a8 R08: ffff8801b275e380 R09: 0000000000000001
[ 89.064720] R10: ffff8801b275e380 R11: 0000000000000000 R12: 0000000000000068
[ 89.071976] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[ 89.079266] ? kasan_unpoison_shadow+0x35/0x50
[ 89.083837] __asan_allocas_unpoison+0x16/0x20
[ 89.088405] rtnl_newlink+0x1094/0x1a40
[ 89.092370] ? rtnl_link_unregister+0x370/0x370
[ 89.097029] ? kasan_check_read+0x11/0x20
[ 89.101163] ? rcu_is_watching+0x85/0x140
[ 89.105296] ? __lock_acquire+0x7f5/0x5130
[ 89.109515] ? graph_lock+0x170/0x170
[ 89.113321] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 89.118840] ? rtnl_get_link+0x164/0x350
[ 89.122883] ? rtnl_dump_all+0x5e0/0x5e0
[ 89.126928] ? rcu_is_watching+0x85/0x140
[ 89.131070] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 89.136248] ? __netlink_ns_capable+0x100/0x130
[ 89.140905] ? rtnl_link_unregister+0x370/0x370
[ 89.145554] rtnetlink_rcv_msg+0x466/0xc10
[ 89.149773] ? rtnetlink_put_metrics+0x690/0x690
[ 89.154515] netlink_rcv_skb+0x172/0x440
[ 89.158561] ? rtnetlink_put_metrics+0x690/0x690
[ 89.163304] ? netlink_ack+0xbc0/0xbc0
[ 89.167191] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 89.172368] ? netlink_skb_destructor+0x210/0x210
[ 89.177196] rtnetlink_rcv+0x1c/0x20
[ 89.180895] netlink_unicast+0x58b/0x740
[ 89.184942] ? netlink_attachskb+0x970/0x970
[ 89.189333] ? import_iovec+0x24b/0x420
[ 89.193290] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 89.198305] ? security_netlink_send+0x8f/0xc0
[ 89.202872] netlink_sendmsg+0x9d8/0xf80
[ 89.206921] ? netlink_unicast+0x740/0x740
[ 89.211573] ? security_socket_sendmsg+0x9b/0xd0
[ 89.216311] ? netlink_unicast+0x740/0x740
[ 89.220533] sock_sendmsg+0xd5/0x120
[ 89.224243] ___sys_sendmsg+0x805/0x940
[ 89.228210] ? copy_msghdr_from_user+0x560/0x560
[ 89.232953] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 89.237690] ? graph_lock+0x170/0x170
[ 89.241479] ? graph_lock+0x170/0x170
[ 89.245264] ? find_held_lock+0x36/0x1c0
[ 89.249308] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 89.254826] ? __fget_light+0x2ef/0x430
[ 89.258781] ? fget_raw+0x20/0x20
[ 89.262218] ? find_held_lock+0x36/0x1c0
[ 89.266261] ? lock_downgrade+0x8e0/0x8e0
[ 89.270390] ? handle_mm_fault+0x8c0/0xc70
[ 89.274625] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 89.280145] ? sockfd_lookup_light+0xc5/0x160
[ 89.284621] __sys_sendmsg+0x115/0x270
[ 89.288491] ? SyS_shutdown+0x30/0x30
[ 89.292273] ? __do_page_fault+0x441/0xe40
[ 89.296498] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 89.301336] SyS_sendmsg+0x29/0x30
[ 89.304857] ? __sys_sendmsg+0x270/0x270
[ 89.308898] do_syscall_64+0x29e/0x9d0
[ 89.312767] ? vmalloc_sync_all+0x30/0x30
[ 89.316899] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 89.321727] ? syscall_return_slowpath+0x5c0/0x5c0
[ 89.326637] ? syscall_return_slowpath+0x30f/0x5c0
[ 89.331552] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 89.337068] ? retint_user+0x18/0x18
[ 89.340769] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 89.345598] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 89.350768] RIP: 0033:0x7f3fa16f3320
[ 89.354458] RSP: 002b:00007fff8e9857c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 89.362151] RAX: ffffffffffffffda RBX: 00007fff8e9898c0 RCX: 00007f3fa16f3320
[ 89.369401] RDX: 0000000000000000 RSI: 00007fff8e985800 RDI: 0000000000000003
[ 89.376653] RBP: 00007fff8e985800 R08: 0000000000000000 R09: 00007f3fa1739c00
[ 89.383905] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005aca4107
[ 89.391166] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007fff8e98a0a0
[ 89.398423]
[ 89.400031] The buggy address belongs to the page:
[ 89.404942] page:ffffea0006c5ddc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 89.413063] flags: 0x2fffc0000000000()
[ 89.416933] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 89.424800] raw: 0000000000000000 ffffea0006c50101 0000000000000000 0000000000000000
[ 89.432675] page dumped because: kasan: bad access detected
[ 89.438363]
[ 89.439971] Memory state around the buggy address:
[ 89.444879] ffff8801b1777000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 89.452232] ffff8801b1777080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 89.459571] >ffff8801b1777100: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
[ 89.466909] ^
[ 89.473904] ffff8801b1777180: 00 cb cb cb cb cb cb cb 00 00 00 00 00 00 00 00
[ 89.481246] ffff8801b1777200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 89.488584] ==================================================================
[ 89.495921] Disabling lock debugging due to kernel taint
[ 89.501527] Kernel panic - not syncing: panic_on_warn set ...
[ 89.501527]
[ 89.508888] CPU: 1 PID: 5596 Comm: ip Tainted: G B 4.16.0+ #4
[ 89.515964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 89.525297] Call Trace:
[ 89.527861]
[ 89.530004] dump_stack+0x1b9/0x294
[ 89.533624] ? dump_stack_print_info.cold.2+0x52/0x52
[ 89.538801] ? lock_downgrade+0x8e0/0x8e0
[ 89.542934] ? vprintk_default+0x28/0x30
[ 89.546978] ? tick_sched_handle+0x100/0x180
[ 89.551369] panic+0x22f/0x4de
[ 89.554545] ? add_taint.cold.5+0x16/0x16
[ 89.558674] ? add_taint.cold.5+0x5/0x16
[ 89.562720] ? do_raw_spin_unlock+0x9e/0x2e0
[ 89.567112] ? tick_sched_handle+0x16d/0x180
[ 89.571505] kasan_end_report+0x47/0x4f
[ 89.575460] kasan_report.cold.7+0xc9/0x2f5
[ 89.579764] __asan_report_load8_noabort+0x14/0x20
[ 89.584703] tick_sched_handle+0x16d/0x180
[ 89.588922] tick_sched_timer+0x42/0x130
[ 89.592961] __hrtimer_run_queues+0x3e3/0x10a0
[ 89.597521] ? tick_sched_do_timer+0x100/0x100
[ 89.602082] ? hrtimer_start_range_ns+0xd10/0xd10
[ 89.606909] ? pvclock_read_flags+0x160/0x160
[ 89.611385] ? __local_bh_enable+0xef/0x130
[ 89.615688] ? kvm_clock_read+0x25/0x30
[ 89.619644] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 89.624641] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 89.629987] ? do_timer+0x50/0x50
[ 89.633424] ? rcu_nmi_exit+0xd7/0x2b0
[ 89.637293] ? do_raw_spin_lock+0xc1/0x200
[ 89.641506] hrtimer_interrupt+0x286/0x650
[ 89.645726] smp_apic_timer_interrupt+0x15d/0x710
[ 89.650549] ? smp_call_function_single_interrupt+0x650/0x650
[ 89.656425] ? _raw_spin_lock+0x32/0x40
[ 89.660387] ? _raw_spin_unlock+0x22/0x30
[ 89.664514] ? handle_edge_irq+0x330/0x870
[ 89.668729] ? task_prio+0x50/0x50
[ 89.672251] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 89.677075] apic_timer_interrupt+0xf/0x20
[ 89.681282]
[ 89.683497] RIP: 0010:memset_erms+0x0/0x10
[ 89.687707] RSP: 0018:ffff8801b1777190 EFLAGS: 00000212 ORIG_RAX: ffffffffffffff13
[ 89.695393] RAX: 1ffff100362eee39 RBX: ffffed00362eee39 RCX: 0000000000000000
[ 89.702643] RDX: 000000000000000d RSI: 0000000000000000 RDI: ffffed00362eee2c
[ 89.709892] RBP: ffff8801b17771a8 R08: ffff8801b275e380 R09: 0000000000000001
[ 89.717143] R10: ffff8801b275e380 R11: 0000000000000000 R12: 0000000000000068
[ 89.724392] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[ 89.731654] ? kasan_unpoison_shadow+0x35/0x50
[ 89.736222] __asan_allocas_unpoison+0x16/0x20
[ 89.740797] rtnl_newlink+0x1094/0x1a40
[ 89.744756] ? rtnl_link_unregister+0x370/0x370
[ 89.749402] ? kasan_check_read+0x11/0x20
[ 89.753532] ? rcu_is_watching+0x85/0x140
[ 89.757661] ? __lock_acquire+0x7f5/0x5130
[ 89.761879] ? graph_lock+0x170/0x170
[ 89.765671] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 89.771187] ? rtnl_get_link+0x164/0x350
[ 89.775239] ? rtnl_dump_all+0x5e0/0x5e0
[ 89.779277] ? rcu_is_watching+0x85/0x140
[ 89.783408] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 89.788580] ? __netlink_ns_capable+0x100/0x130
[ 89.793230] ? rtnl_link_unregister+0x370/0x370
[ 89.797875] rtnetlink_rcv_msg+0x466/0xc10
[ 89.802091] ? rtnetlink_put_metrics+0x690/0x690
[ 89.806828] netlink_rcv_skb+0x172/0x440
[ 89.810866] ? rtnetlink_put_metrics+0x690/0x690
[ 89.815601] ? netlink_ack+0xbc0/0xbc0
[ 89.819468] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 89.824637] ? netlink_skb_destructor+0x210/0x210
[ 89.829472] rtnetlink_rcv+0x1c/0x20
[ 89.833166] netlink_unicast+0x58b/0x740
[ 89.837208] ? netlink_attachskb+0x970/0x970
[ 89.841595] ? import_iovec+0x24b/0x420
[ 89.845550] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 89.850545] ? security_netlink_send+0x8f/0xc0
[ 89.855118] netlink_sendmsg+0x9d8/0xf80
[ 89.859161] ? netlink_unicast+0x740/0x740
[ 89.863374] ? security_socket_sendmsg+0x9b/0xd0
[ 89.868110] ? netlink_unicast+0x740/0x740
[ 89.872325] sock_sendmsg+0xd5/0x120
[ 89.876026] ___sys_sendmsg+0x805/0x940
[ 89.879983] ? copy_msghdr_from_user+0x560/0x560
[ 89.884722] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 89.889458] ? graph_lock+0x170/0x170
[ 89.893236] ? graph_lock+0x170/0x170
[ 89.897019] ? find_held_lock+0x36/0x1c0
[ 89.901068] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 89.906584] ? __fget_light+0x2ef/0x430
[ 89.910533] ? fget_raw+0x20/0x20
[ 89.913968] ? find_held_lock+0x36/0x1c0
[ 89.918013] ? lock_downgrade+0x8e0/0x8e0
[ 89.922145] ? handle_mm_fault+0x8c0/0xc70
[ 89.926361] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 89.931878] ? sockfd_lookup_light+0xc5/0x160
[ 89.936365] __sys_sendmsg+0x115/0x270
[ 89.940231] ? SyS_shutdown+0x30/0x30
[ 89.944014] ? __do_page_fault+0x441/0xe40
[ 89.948240] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 89.953064] SyS_sendmsg+0x29/0x30
[ 89.956581] ? __sys_sendmsg+0x270/0x270
[ 89.960621] do_syscall_64+0x29e/0x9d0
[ 89.964486] ? vmalloc_sync_all+0x30/0x30
[ 89.968613] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 89.973438] ? syscall_return_slowpath+0x5c0/0x5c0
[ 89.978347] ? syscall_return_slowpath+0x30f/0x5c0
[ 89.983258] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 89.988780] ? retint_user+0x18/0x18
[ 89.992489] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 89.997312] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 90.002482] RIP: 0033:0x7f3fa16f3320
[ 90.006170] RSP: 002b:00007fff8e9857c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 90.013856] RAX: ffffffffffffffda RBX: 00007fff8e9898c0 RCX: 00007f3fa16f3320
[ 90.021644] RDX: 0000000000000000 RSI: 00007fff8e985800 RDI: 0000000000000003
[ 90.028894] RBP: 00007fff8e985800 R08: 0000000000000000 R09: 00007f3fa1739c00
[ 90.036140] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005aca4107
[ 90.043388] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007fff8e98a0a0
[ 90.051121] Dumping ftrace buffer:
[ 90.054642] (ftrace buffer empty)
[ 90.058327] Kernel Offset: disabled
[ 90.061932] Rebooting in 86400 seconds..