INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts.
2018/04/07 20:00:06 parsed 1 programs
2018/04/07 20:00:06 executed programs: 0
syzkaller login: [ 30.147829] IPVS: ftp: loaded support on port[0] = 21
[ 30.163773] IPVS: ftp: loaded support on port[0] = 21
[ 30.167040] IPVS: ftp: loaded support on port[0] = 21
[ 30.184170] IPVS: ftp: loaded support on port[0] = 21
[ 30.196238] IPVS: ftp: loaded support on port[0] = 21
[ 30.212562] IPVS: ftp: loaded support on port[0] = 21
[ 30.222087] IPVS: ftp: loaded support on port[0] = 21
[ 30.231398] IPVS: ftp: loaded support on port[0] = 21
[ 31.950571] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 31.963081] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 31.976844] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 32.019741] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 32.040691] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 32.065571] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 32.113445] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 32.126844] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 34.099186] ==================================================================
[ 34.106745] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16d/0x180
[ 34.117407] Read of size 8 at addr ffff8801bd3471a0 by task ip/5519
[ 34.123789]
[ 34.125401] CPU: 1 PID: 5519 Comm: ip Not tainted 4.16.0+ #1
[ 34.131175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.140506] Call Trace:
[ 34.143069]
[ 34.145211] dump_stack+0x1b9/0x29f
[ 34.148822] ? arch_local_irq_restore+0x52/0x52
[ 34.153472] ? printk+0x9e/0xba
[ 34.156736] ? show_regs_print_info+0x18/0x18
[ 34.161221] ? kasan_check_write+0x14/0x20
[ 34.165450] print_address_description+0x6c/0x20b
[ 34.170284] ? tick_sched_handle+0x16d/0x180
[ 34.174679] kasan_report.cold.7+0xac/0x2f5
[ 34.178987] __asan_report_load8_noabort+0x14/0x20
[ 34.183900] tick_sched_handle+0x16d/0x180
[ 34.188118] tick_sched_timer+0x42/0x130
[ 34.192164] __hrtimer_run_queues+0x3e3/0x10a0
[ 34.196736] ? tick_sched_do_timer+0x100/0x100
[ 34.201303] ? hrtimer_start_range_ns+0xd10/0xd10
[ 34.206136] ? pvclock_read_flags+0x160/0x160
[ 34.210621] ? kvm_clock_read+0x25/0x30
[ 34.214575] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 34.219577] ? ktime_get_update_offsets_now+0x3d3/0x5c0
[ 34.224924] ? do_timer+0x50/0x50
[ 34.228376] ? rcu_nmi_exit+0xd7/0x2b0
[ 34.232264] ? do_raw_spin_lock+0xc1/0x200
[ 34.236489] hrtimer_interrupt+0x2f3/0x750
[ 34.240717] smp_apic_timer_interrupt+0x15d/0x710
[ 34.245541] ? smp_call_function_single_interrupt+0x650/0x650
[ 34.251407] ? _raw_spin_lock+0x32/0x40
[ 34.255367] ? _raw_spin_unlock+0x22/0x30
[ 34.259499] ? handle_edge_irq+0x330/0x870
[ 34.263718] ? task_prio+0x50/0x50
[ 34.267245] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.272079] apic_timer_interrupt+0xf/0x20
[ 34.276292]
[ 34.278516] RIP: 0010:rtnl_newlink+0x1085/0x1a40
[ 34.283250] RSP: 0018:ffff8801bd3471c8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff12
[ 34.290942] RAX: ffff8801b4f30380 RBX: 0000000000000000 RCX: 0000000000000000
[ 34.298209] RDX: 0000000000000000 RSI: ffffffff85c03f2e RDI: ffffed0037a68e18
[ 34.305469] RBP: ffff8801bd3475f8 R08: ffff8801b4f30380 R09: 0000000000000000
[ 34.312720] R10: ffffed0037a68d20 R11: 0000000000000003 R12: ffff8801bd3475d0
[ 34.319970] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[ 34.327241] ? rtnl_newlink+0x107e/0x1a40
[ 34.331374] ? rtnl_newlink+0x4e7/0x1a40
[ 34.335428] ? rtnl_link_unregister+0x370/0x370
[ 34.340081] ? kasan_check_read+0x11/0x20
[ 34.344219] ? rcu_is_watching+0x85/0x140
[ 34.348355] ? __lock_acquire+0x7f5/0x5130
[ 34.352575] ? graph_lock+0x170/0x170
[ 34.356408] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 34.361944] ? rtnl_get_link+0x164/0x350
[ 34.365990] ? rtnl_dump_all+0x5e0/0x5e0
[ 34.370043] ? rcu_is_watching+0x85/0x140
[ 34.374179] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 34.379356] ? __netlink_ns_capable+0x100/0x130
[ 34.384015] ? rtnl_link_unregister+0x370/0x370
[ 34.388675] rtnetlink_rcv_msg+0x466/0xc10
[ 34.392897] ? rtnetlink_put_metrics+0x690/0x690
[ 34.397646] netlink_rcv_skb+0x172/0x440
[ 34.401693] ? rtnetlink_put_metrics+0x690/0x690
[ 34.406434] ? netlink_ack+0xbc0/0xbc0
[ 34.410310] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 34.415490] ? netlink_skb_destructor+0x210/0x210
[ 34.420323] rtnetlink_rcv+0x1c/0x20
[ 34.424024] netlink_unicast+0x58b/0x740
[ 34.428082] ? netlink_attachskb+0x970/0x970
[ 34.432483] ? import_iovec+0x24b/0x420
[ 34.436442] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 34.441622] ? security_netlink_send+0x8f/0xc0
[ 34.446200] netlink_sendmsg+0x9d8/0xf80
[ 34.450247] ? netlink_unicast+0x740/0x740
[ 34.454467] ? security_socket_sendmsg+0x9b/0xd0
[ 34.459207] ? netlink_unicast+0x740/0x740
[ 34.463426] sock_sendmsg+0xd5/0x120
[ 34.467122] ___sys_sendmsg+0x805/0x940
[ 34.471084] ? copy_msghdr_from_user+0x560/0x560
[ 34.475825] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 34.480563] ? graph_lock+0x170/0x170
[ 34.484350] ? graph_lock+0x170/0x170
[ 34.488132] ? find_held_lock+0x36/0x1c0
[ 34.492183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.497724] ? __fget_light+0x2ef/0x430
[ 34.501682] ? fget_raw+0x20/0x20
[ 34.505124] ? find_held_lock+0x36/0x1c0
[ 34.509181] ? lock_downgrade+0x8e0/0x8e0
[ 34.513319] ? handle_mm_fault+0x8c0/0xc70
[ 34.517560] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 34.523830] ? sockfd_lookup_light+0xc5/0x160
[ 34.528314] __sys_sendmsg+0x115/0x270
[ 34.532208] ? SyS_shutdown+0x30/0x30
[ 34.535997] ? __do_page_fault+0x441/0xe40
[ 34.540241] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 34.545087] SyS_sendmsg+0x29/0x30
[ 34.548608] ? __sys_sendmsg+0x270/0x270
[ 34.552652] do_syscall_64+0x29e/0x9d0
[ 34.556521] ? vmalloc_sync_all+0x30/0x30
[ 34.560652] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 34.565395] ? syscall_return_slowpath+0x5c0/0x5c0
[ 34.570311] ? syscall_return_slowpath+0x30f/0x5c0
[ 34.575226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.580748] ? retint_user+0x18/0x18
[ 34.584450] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.589281] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 34.594453] RIP: 0033:0x7fb8be2a5320
[ 34.598144] RSP: 002b:00007ffd4be4f9b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 34.605836] RAX: ffffffffffffffda RBX: 00007ffd4be53ab0 RCX: 00007fb8be2a5320
[ 34.613084] RDX: 0000000000000000 RSI: 00007ffd4be4f9f0 RDI: 0000000000000003
[ 34.620335] RBP: 00007ffd4be4f9f0 R08: 0000000000000000 R09: 0000000000000000
[ 34.627586] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005ac9234c
[ 34.634837] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffd4be54288
[ 34.642094]
[ 34.643700] The buggy address belongs to the page:
[ 34.648610] page:ffffea0006f4d1c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 34.656733] flags: 0x2fffc0000000000()
[ 34.660603] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 34.668473] raw: 0000000000000000 ffffea0006f40101 0000000000000000 0000000000000000
[ 34.676329] page dumped because: kasan: bad access detected
[ 34.682019]
[ 34.683629] Memory state around the buggy address:
[ 34.688538] ffff8801bd347080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 34.695877] ffff8801bd347100: 00 00 00 00 00 00 00 00 00 00 00 00 ca ca ca ca
[ 34.703216] >ffff8801bd347180: 00 cb cb cb cb cb cb cb 00 00 00 00 00 00 00 00
[ 34.710551] ^
[ 34.714941] ffff8801bd347200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 34.722280] ffff8801bd347280: f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2
[ 34.729615] ==================================================================
[ 34.736948] Disabling lock debugging due to kernel taint
[ 34.742373] Kernel panic - not syncing: panic_on_warn set ...
[ 34.742373]
[ 34.749720] CPU: 1 PID: 5519 Comm: ip Tainted: G B 4.16.0+ #1
[ 34.756793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.766122] Call Trace:
[ 34.768687]
[ 34.770823] dump_stack+0x1b9/0x29f
[ 34.774433] ? arch_local_irq_restore+0x52/0x52
[ 34.779087] ? lock_downgrade+0x8e0/0x8e0
[ 34.783216] ? vprintk_default+0x28/0x30
[ 34.787263] ? tick_sched_handle+0xe0/0x180
[ 34.791572] panic+0x22f/0x4de
[ 34.794770] ? add_taint.cold.5+0x16/0x16
[ 34.798901] ? add_taint.cold.5+0x5/0x16
[ 34.802946] ? do_raw_spin_unlock+0x9e/0x2e0
[ 34.807337] ? tick_sched_handle+0x16d/0x180
[ 34.811723] kasan_end_report+0x47/0x4f
[ 34.815679] kasan_report.cold.7+0xc9/0x2f5
[ 34.819993] __asan_report_load8_noabort+0x14/0x20
[ 34.824909] tick_sched_handle+0x16d/0x180
[ 34.829126] tick_sched_timer+0x42/0x130
[ 34.833174] __hrtimer_run_queues+0x3e3/0x10a0
[ 34.837742] ? tick_sched_do_timer+0x100/0x100
[ 34.842307] ? hrtimer_start_range_ns+0xd10/0xd10
[ 34.847135] ? pvclock_read_flags+0x160/0x160
[ 34.851615] ? kvm_clock_read+0x25/0x30
[ 34.855571] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 34.860571] ? ktime_get_update_offsets_now+0x3d3/0x5c0
[ 34.865917] ? do_timer+0x50/0x50
[ 34.869351] ? rcu_nmi_exit+0xd7/0x2b0
[ 34.873219] ? do_raw_spin_lock+0xc1/0x200
[ 34.877434] hrtimer_interrupt+0x2f3/0x750
[ 34.881657] smp_apic_timer_interrupt+0x15d/0x710
[ 34.886482] ? smp_call_function_single_interrupt+0x650/0x650
[ 34.892346] ? _raw_spin_lock+0x32/0x40
[ 34.896303] ? _raw_spin_unlock+0x22/0x30
[ 34.900430] ? handle_edge_irq+0x330/0x870
[ 34.904644] ? task_prio+0x50/0x50
[ 34.908172] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.912997] apic_timer_interrupt+0xf/0x20
[ 34.917212]
[ 34.919432] RIP: 0010:rtnl_newlink+0x1085/0x1a40
[ 34.924171] RSP: 0018:ffff8801bd3471c8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff12
[ 34.931859] RAX: ffff8801b4f30380 RBX: 0000000000000000 RCX: 0000000000000000
[ 34.939111] RDX: 0000000000000000 RSI: ffffffff85c03f2e RDI: ffffed0037a68e18
[ 34.946362] RBP: ffff8801bd3475f8 R08: ffff8801b4f30380 R09: 0000000000000000
[ 34.953612] R10: ffffed0037a68d20 R11: 0000000000000003 R12: ffff8801bd3475d0
[ 34.960864] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[ 34.968161] ? rtnl_newlink+0x107e/0x1a40
[ 34.972293] ? rtnl_newlink+0x4e7/0x1a40
[ 34.976341] ? rtnl_link_unregister+0x370/0x370
[ 34.981123] ? kasan_check_read+0x11/0x20
[ 34.985261] ? rcu_is_watching+0x85/0x140
[ 34.989396] ? __lock_acquire+0x7f5/0x5130
[ 34.993613] ? graph_lock+0x170/0x170
[ 34.997408] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 35.002928] ? rtnl_get_link+0x164/0x350
[ 35.006971] ? rtnl_dump_all+0x5e0/0x5e0
[ 35.011018] ? rcu_is_watching+0x85/0x140
[ 35.015159] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 35.020336] ? __netlink_ns_capable+0x100/0x130
[ 35.024992] ? rtnl_link_unregister+0x370/0x370
[ 35.029651] rtnetlink_rcv_msg+0x466/0xc10
[ 35.033876] ? rtnetlink_put_metrics+0x690/0x690
[ 35.038618] netlink_rcv_skb+0x172/0x440
[ 35.042664] ? rtnetlink_put_metrics+0x690/0x690
[ 35.047405] ? netlink_ack+0xbc0/0xbc0
[ 35.051367] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 35.056541] ? netlink_skb_destructor+0x210/0x210
[ 35.061370] rtnetlink_rcv+0x1c/0x20
[ 35.065070] netlink_unicast+0x58b/0x740
[ 35.069115] ? netlink_attachskb+0x970/0x970
[ 35.073512] ? import_iovec+0x24b/0x420
[ 35.077566] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 35.082569] ? security_netlink_send+0x8f/0xc0
[ 35.087142] netlink_sendmsg+0x9d8/0xf80
[ 35.091187] ? netlink_unicast+0x740/0x740
[ 35.095405] ? security_socket_sendmsg+0x9b/0xd0
[ 35.100146] ? netlink_unicast+0x740/0x740
[ 35.104365] sock_sendmsg+0xd5/0x120
[ 35.108063] ___sys_sendmsg+0x805/0x940
[ 35.112030] ? copy_msghdr_from_user+0x560/0x560
[ 35.116772] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 35.121511] ? graph_lock+0x170/0x170
[ 35.125297] ? graph_lock+0x170/0x170
[ 35.129170] ? find_held_lock+0x36/0x1c0
[ 35.133227] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.138745] ? __fget_light+0x2ef/0x430
[ 35.142703] ? fget_raw+0x20/0x20
[ 35.146143] ? find_held_lock+0x36/0x1c0
[ 35.150193] ? lock_downgrade+0x8e0/0x8e0
[ 35.154327] ? handle_mm_fault+0x8c0/0xc70
[ 35.158549] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 35.164075] ? sockfd_lookup_light+0xc5/0x160
[ 35.168564] __sys_sendmsg+0x115/0x270
[ 35.172436] ? SyS_shutdown+0x30/0x30
[ 35.176219] ? __do_page_fault+0x441/0xe40
[ 35.180437] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 35.185260] SyS_sendmsg+0x29/0x30
[ 35.188782] ? __sys_sendmsg+0x270/0x270
[ 35.192822] do_syscall_64+0x29e/0x9d0
[ 35.196690] ? vmalloc_sync_all+0x30/0x30
[ 35.200818] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 35.205554] ? syscall_return_slowpath+0x5c0/0x5c0
[ 35.210462] ? syscall_return_slowpath+0x30f/0x5c0
[ 35.215371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.220887] ? retint_user+0x18/0x18
[ 35.224582] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.229412] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 35.234580] RIP: 0033:0x7fb8be2a5320
[ 35.238271] RSP: 002b:00007ffd4be4f9b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 35.245958] RAX: ffffffffffffffda RBX: 00007ffd4be53ab0 RCX: 00007fb8be2a5320
[ 35.253208] RDX: 0000000000000000 RSI: 00007ffd4be4f9f0 RDI: 0000000000000003
[ 35.260454] RBP: 00007ffd4be4f9f0 R08: 0000000000000000 R09: 0000000000000000
[ 35.267700] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005ac9234c
[ 35.274947] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffd4be54288
[ 35.282649] Dumping ftrace buffer:
[ 35.286167] (ftrace buffer empty)
[ 35.289850] Kernel Offset: disabled
[ 35.293447] Rebooting in 86400 seconds..