INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.10.11' (ECDSA) to the list of known hosts.
2018/04/05 20:09:00 fuzzer started
2018/04/05 20:09:00 dialing manager at 10.128.0.26:40813
syzkaller login: [ 37.950612] can: request_module (can-proto-0) failed.
[ 37.959672] can: request_module (can-proto-0) failed.
2018/04/05 20:09:09 kcov=true, comps=true
2018/04/05 20:09:15 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c07, 0x0)
2018/04/05 20:09:15 executing program 2:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000f8b000)={{{@in6=@dev={0xfe, 0x80}, @in=@dev={0xac, 0x14}, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@loopback={0x0, 0x1}}, 0x0, @in6=@mcast1={0xff, 0x1, [], 0x1}}}, 0xc6)
close(r0)
2018/04/05 20:09:15 executing program 6:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={&(0x7f0000f8d000)={0x10}, 0xc, &(0x7f00008a7000)={&(0x7f0000001100)=ANY=[@ANYBLOB="2c00000001040101fff72c3e64f78ed2510702000c00010001000003190100010c8002000c0000f702000013"], 0x2c}, 0x1}, 0x0)
close(r0)
2018/04/05 20:09:15 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c02, 0x0)
2018/04/05 20:09:15 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/rt_acct\x00')
r1 = perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x70, 0x1e2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
dup2(r1, r0)
2018/04/05 20:09:15 executing program 4:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x6d, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8)
2018/04/05 20:09:15 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x1261, 0x0)
2018/04/05 20:09:15 executing program 7:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000009fe8)={0xaa, 0xe})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1})
madvise(&(0x7f000090b000/0x3000)=nil, 0x3000, 0x4)
read(r0, &(0x7f000060df9c)=""/100, 0x64)
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000040)={&(0x7f000090c000/0x4000)=nil, 0x4000})
[ 44.355500] IPVS: ftp: loaded support on port[0] = 21
[ 44.372867] IPVS: ftp: loaded support on port[0] = 21
[ 44.426142] IPVS: ftp: loaded support on port[0] = 21
[ 44.432556] IPVS: ftp: loaded support on port[0] = 21
[ 44.469785] IPVS: ftp: loaded support on port[0] = 21
[ 44.471120] IPVS: ftp: loaded support on port[0] = 21
[ 44.490784] IPVS: ftp: loaded support on port[0] = 21
[ 44.498243] IPVS: ftp: loaded support on port[0] = 21
[ 46.085178] ==================================================================
[ 46.092650] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16d/0x180
[ 46.099902] Read of size 8 at addr ffff88018b3bf310 by task ip/4723
[ 46.106278]
[ 46.107891] CPU: 0 PID: 4723 Comm: ip Not tainted 4.16.0+ #1
[ 46.113662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 46.122989] Call Trace:
[ 46.125551]
[ 46.127687] dump_stack+0x1b9/0x29f
[ 46.131295] ? arch_local_irq_restore+0x52/0x52
[ 46.135945] ? printk+0x9e/0xba
[ 46.139203] ? show_regs_print_info+0x18/0x18
[ 46.143682] ? kasan_check_write+0x14/0x20
[ 46.147907] print_address_description+0x6c/0x20b
[ 46.152731] ? tick_sched_handle+0x16d/0x180
[ 46.157120] kasan_report.cold.7+0xac/0x2f5
[ 46.161422] __asan_report_load8_noabort+0x14/0x20
[ 46.166334] tick_sched_handle+0x16d/0x180
[ 46.170553] tick_sched_timer+0x42/0x130
[ 46.174594] __hrtimer_run_queues+0x3e3/0x10a0
[ 46.179159] ? tick_sched_do_timer+0x100/0x100
[ 46.183724] ? hrtimer_start_range_ns+0xd10/0xd10
[ 46.188552] ? pvclock_read_flags+0x160/0x160
[ 46.193030] ? sync_sched_exp_handler+0x1d1/0x2e0
[ 46.197853] ? __local_bh_enable+0xef/0x130
[ 46.202156] ? kvm_clock_read+0x25/0x30
[ 46.206116] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 46.211112] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 46.216458] ? do_timer+0x50/0x50
[ 46.219896] ? do_raw_spin_lock+0xc1/0x200
[ 46.224116] hrtimer_interrupt+0x286/0x650
[ 46.228340] smp_apic_timer_interrupt+0x15d/0x710
[ 46.233164] ? smp_call_function_single_interrupt+0x650/0x650
[ 46.239031] ? _raw_spin_lock+0x32/0x40
[ 46.242986] ? _raw_spin_unlock+0x22/0x30
[ 46.247115] ? handle_edge_irq+0x330/0x870
[ 46.251331] ? task_prio+0x50/0x50
[ 46.254856] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 46.259680] apic_timer_interrupt+0xf/0x20
[ 46.263889]
[ 46.266110] RIP: 0010:__asan_allocas_unpoison+0x0/0x20
[ 46.271364] RSP: 0018:ffff88018b3bf330 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 46.279051] RAX: ffff8801d69a8740 RBX: 0000000000000000 RCX: ffffffff85c09fdf
[ 46.286299] RDX: 0000000000000000 RSI: ffff88018b3bf338 RDI: ffff88018b3bf2c0
[ 46.293548] RBP: ffff88018b3bf768 R08: ffff8801d69a8740 R09: ffffed0031677e5d
[ 46.300801] R10: ffffed0031677e95 R11: ffff88018b3bf4af R12: ffff88018b3bf740
[ 46.308049] R13: ffff8801ce52a580 R14: 0000000000000000 R15: 00000000ffffffed
[ 46.315308] ? rtnl_newlink+0x112f/0x1a40
[ 46.319442] ? rtnl_newlink+0x1094/0x1a40
[ 46.323569] ? _raw_spin_unlock+0x22/0x30
[ 46.327707] ? rtnl_link_unregister+0x370/0x370
[ 46.332358] ? kasan_check_read+0x11/0x20
[ 46.336484] ? rcu_is_watching+0x85/0x140
[ 46.340613] ? __lock_acquire+0x7f5/0x5130
[ 46.344835] ? graph_lock+0x170/0x170
[ 46.348638] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 46.354152] ? rtnl_get_link+0x164/0x350
[ 46.358192] ? rtnl_dump_all+0x5e0/0x5e0
[ 46.362233] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 46.367404] ? __netlink_ns_capable+0x100/0x130
[ 46.372053] ? rtnl_link_unregister+0x370/0x370
[ 46.376704] rtnetlink_rcv_msg+0x466/0xc10
[ 46.380921] ? rtnetlink_put_metrics+0x690/0x690
[ 46.385666] netlink_rcv_skb+0x172/0x440
[ 46.389708] ? rtnetlink_put_metrics+0x690/0x690
[ 46.394445] ? netlink_ack+0xbc0/0xbc0
[ 46.398312] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 46.403483] ? netlink_skb_destructor+0x210/0x210
[ 46.408311] rtnetlink_rcv+0x1c/0x20
[ 46.412011] netlink_unicast+0x58b/0x740
[ 46.416062] ? netlink_attachskb+0x970/0x970
[ 46.420451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 46.425965] ? __fget_light+0x2ef/0x430
[ 46.429920] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 46.434914] ? security_netlink_send+0x8f/0xc0
[ 46.439477] netlink_sendmsg+0x9d8/0xf80
[ 46.443522] ? netlink_unicast+0x740/0x740
[ 46.447738] ? graph_lock+0x170/0x170
[ 46.451518] ? security_socket_sendmsg+0x9b/0xd0
[ 46.456252] ? netlink_unicast+0x740/0x740
[ 46.460467] sock_sendmsg+0xd5/0x120
[ 46.464165] __sys_sendto+0x3d7/0x670
[ 46.467953] ? SyS_getpeername+0x30/0x30
[ 46.471997] ? lock_downgrade+0x8e0/0x8e0
[ 46.476126] ? handle_mm_fault+0x8c0/0xc70
[ 46.480342] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 46.485857] ? handle_mm_fault+0x55a/0xc70
[ 46.490082] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 46.495598] ? __do_page_fault+0x441/0xe40
[ 46.499818] ? mm_fault_error+0x380/0x380
[ 46.503955] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 46.508790] SyS_sendto+0x40/0x60
[ 46.512225] ? __sys_sendto+0x670/0x670
[ 46.516180] do_syscall_64+0x29e/0x9d0
[ 46.520044] ? vmalloc_sync_all+0x30/0x30
[ 46.524173] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 46.528913] ? syscall_return_slowpath+0x5c0/0x5c0
[ 46.533823] ? syscall_return_slowpath+0x30f/0x5c0
[ 46.538734] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 46.544251] ? retint_user+0x18/0x18
[ 46.547947] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 46.552778] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 46.557944] RIP: 0033:0x7fcb70ad5282
[ 46.561633] RSP: 002b:00007ffe3a44b090 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 46.569319] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fcb70ad5282
[ 46.576568] RDX: 0000000000000020 RSI: 00007ffe3a44b0d0 RDI: 0000000000000013
[ 46.583820] RBP: 00007ffe3a44bf5a R08: 0000000000000000 R09: 0000000000000000
[ 46.591068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 46.598316] R13: 00007ffe3a44b850 R14: 00007ffe3a44b858 R15: 0000000000000000
[ 46.605573]
[ 46.607175] The buggy address belongs to the page:
[ 46.612083] page:ffffea00062cefc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 46.620202] flags: 0x2fffc0000000000()
[ 46.624076] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 46.631946] raw: ffffea00062cefe0 ffffea00062cefe0 0000000000000000 0000000000000000
[ 46.639800] page dumped because: kasan: bad access detected
[ 46.645481]
[ 46.647084] Memory state around the buggy address:
[ 46.651989] ffff88018b3bf200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 46.659329] ffff88018b3bf280: 00 00 00 00 00 00 00 00 ca ca ca ca 00 cb cb cb
[ 46.666665] >ffff88018b3bf300: cb cb cb cb 00 00 00 00 00 00 00 00 00 00 00 00
[ 46.673998] ^
[ 46.677868] ffff88018b3bf380: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[ 46.685203] ffff88018b3bf400: 00 f2 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2
[ 46.692535] ==================================================================
[ 46.699869] Disabling lock debugging due to kernel taint
[ 46.705291] Kernel panic - not syncing: panic_on_warn set ...
[ 46.705291]
[ 46.712633] CPU: 0 PID: 4723 Comm: ip Tainted: G B 4.16.0+ #1
[ 46.719706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 46.729032] Call Trace:
[ 46.731588]
[ 46.733720] dump_stack+0x1b9/0x29f
[ 46.737333] ? arch_local_irq_restore+0x52/0x52
[ 46.741983] ? lock_downgrade+0x8e0/0x8e0
[ 46.746112] ? vprintk_default+0x28/0x30
[ 46.750153] ? tick_sched_handle+0x120/0x180
[ 46.754537] panic+0x22f/0x4de
[ 46.757705] ? add_taint.cold.5+0x16/0x16
[ 46.761831] ? add_taint.cold.5+0x5/0x16
[ 46.765869] ? do_raw_spin_unlock+0x9e/0x2e0
[ 46.770257] ? tick_sched_handle+0x16d/0x180
[ 46.774643] kasan_end_report+0x47/0x4f
[ 46.778594] kasan_report.cold.7+0xc9/0x2f5
[ 46.782897] __asan_report_load8_noabort+0x14/0x20
[ 46.787808] tick_sched_handle+0x16d/0x180
[ 46.792023] tick_sched_timer+0x42/0x130
[ 46.796065] __hrtimer_run_queues+0x3e3/0x10a0
[ 46.800627] ? tick_sched_do_timer+0x100/0x100
[ 46.805189] ? hrtimer_start_range_ns+0xd10/0xd10
[ 46.810014] ? pvclock_read_flags+0x160/0x160
[ 46.814485] ? sync_sched_exp_handler+0x1d1/0x2e0
[ 46.819305] ? __local_bh_enable+0xef/0x130
[ 46.823605] ? kvm_clock_read+0x25/0x30
[ 46.827559] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 46.832552] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 46.837891] ? do_timer+0x50/0x50
[ 46.841323] ? do_raw_spin_lock+0xc1/0x200
[ 46.845537] hrtimer_interrupt+0x286/0x650
[ 46.849755] smp_apic_timer_interrupt+0x15d/0x710
[ 46.854578] ? smp_call_function_single_interrupt+0x650/0x650
[ 46.860439] ? _raw_spin_lock+0x32/0x40
[ 46.864392] ? _raw_spin_unlock+0x22/0x30
[ 46.868514] ? handle_edge_irq+0x330/0x870
[ 46.872729] ? task_prio+0x50/0x50
[ 46.876253] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 46.881074] apic_timer_interrupt+0xf/0x20
[ 46.885279]
[ 46.887496] RIP: 0010:__asan_allocas_unpoison+0x0/0x20
[ 46.892749] RSP: 0018:ffff88018b3bf330 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 46.900434] RAX: ffff8801d69a8740 RBX: 0000000000000000 RCX: ffffffff85c09fdf
[ 46.907679] RDX: 0000000000000000 RSI: ffff88018b3bf338 RDI: ffff88018b3bf2c0
[ 46.914924] RBP: ffff88018b3bf768 R08: ffff8801d69a8740 R09: ffffed0031677e5d
[ 46.922172] R10: ffffed0031677e95 R11: ffff88018b3bf4af R12: ffff88018b3bf740
[ 46.929419] R13: ffff8801ce52a580 R14: 0000000000000000 R15: 00000000ffffffed
[ 46.936674] ? rtnl_newlink+0x112f/0x1a40
[ 46.940804] ? rtnl_newlink+0x1094/0x1a40
[ 46.944932] ? _raw_spin_unlock+0x22/0x30
[ 46.949060] ? rtnl_link_unregister+0x370/0x370
[ 46.953707] ? kasan_check_read+0x11/0x20
[ 46.957839] ? rcu_is_watching+0x85/0x140
[ 46.961965] ? __lock_acquire+0x7f5/0x5130
[ 46.966178] ? graph_lock+0x170/0x170
[ 46.969971] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 46.975485] ? rtnl_get_link+0x164/0x350
[ 46.979526] ? rtnl_dump_all+0x5e0/0x5e0
[ 46.983564] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 46.988733] ? __netlink_ns_capable+0x100/0x130
[ 46.993383] ? rtnl_link_unregister+0x370/0x370
[ 46.998032] rtnetlink_rcv_msg+0x466/0xc10
[ 47.002246] ? rtnetlink_put_metrics+0x690/0x690
[ 47.006984] netlink_rcv_skb+0x172/0x440
[ 47.011027] ? rtnetlink_put_metrics+0x690/0x690
[ 47.015765] ? netlink_ack+0xbc0/0xbc0
[ 47.019628] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 47.024798] ? netlink_skb_destructor+0x210/0x210
[ 47.029619] rtnetlink_rcv+0x1c/0x20
[ 47.033311] netlink_unicast+0x58b/0x740
[ 47.037352] ? netlink_attachskb+0x970/0x970
[ 47.041744] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 47.047257] ? __fget_light+0x2ef/0x430
[ 47.051213] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 47.056210] ? security_netlink_send+0x8f/0xc0
[ 47.060773] netlink_sendmsg+0x9d8/0xf80
[ 47.064817] ? netlink_unicast+0x740/0x740
[ 47.069032] ? graph_lock+0x170/0x170
[ 47.072813] ? security_socket_sendmsg+0x9b/0xd0
[ 47.077547] ? netlink_unicast+0x740/0x740
[ 47.081764] sock_sendmsg+0xd5/0x120
[ 47.085457] __sys_sendto+0x3d7/0x670
[ 47.089240] ? SyS_getpeername+0x30/0x30
[ 47.093282] ? lock_downgrade+0x8e0/0x8e0
[ 47.097419] ? handle_mm_fault+0x8c0/0xc70
[ 47.101645] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 47.107163] ? handle_mm_fault+0x55a/0xc70
[ 47.111383] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 47.116897] ? __do_page_fault+0x441/0xe40
[ 47.121111] ? mm_fault_error+0x380/0x380
[ 47.125240] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 47.130063] SyS_sendto+0x40/0x60
[ 47.133498] ? __sys_sendto+0x670/0x670
[ 47.137452] do_syscall_64+0x29e/0x9d0
[ 47.141317] ? vmalloc_sync_all+0x30/0x30
[ 47.145445] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 47.150182] ? syscall_return_slowpath+0x5c0/0x5c0
[ 47.155090] ? syscall_return_slowpath+0x30f/0x5c0
[ 47.159998] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 47.165518] ? retint_user+0x18/0x18
[ 47.169214] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 47.174041] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 47.179208] RIP: 0033:0x7fcb70ad5282
[ 47.182896] RSP: 002b:00007ffe3a44b090 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 47.190580] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fcb70ad5282
[ 47.197826] RDX: 0000000000000020 RSI: 00007ffe3a44b0d0 RDI: 0000000000000013
[ 47.205072] RBP: 00007ffe3a44bf5a R08: 0000000000000000 R09: 0000000000000000
[ 47.212317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 47.219566] R13: 00007ffe3a44b850 R14: 00007ffe3a44b858 R15: 0000000000000000
[ 47.227291] Dumping ftrace buffer:
[ 47.230808] (ftrace buffer empty)
[ 47.234492] Kernel Offset: disabled
[ 47.238093] Rebooting in 86400 seconds..