INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 32.458126] ==================================================================
[ 32.465613] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16d/0x180
[ 32.472866] Read of size 8 at addr ffff8801b17f7580 by task syzkaller798471/4469
[ 32.480370]
[ 32.481979] CPU: 0 PID: 4469 Comm: syzkaller798471 Not tainted 4.16.0+ #1
[ 32.488877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 32.498203] Call Trace:
[ 32.500764]
[ 32.502896] dump_stack+0x1b9/0x29f
[ 32.506502] ? arch_local_irq_restore+0x52/0x52
[ 32.511149] ? printk+0x9e/0xba
[ 32.514406] ? show_regs_print_info+0x18/0x18
[ 32.518883] ? kasan_check_write+0x14/0x20
[ 32.523099] print_address_description+0x6c/0x20b
[ 32.527920] ? tick_sched_handle+0x16d/0x180
[ 32.532305] kasan_report.cold.7+0xac/0x2f5
[ 32.536607] __asan_report_load8_noabort+0x14/0x20
[ 32.541513] tick_sched_handle+0x16d/0x180
[ 32.545725] tick_sched_timer+0x42/0x130
[ 32.549767] __hrtimer_run_queues+0x3e3/0x10a0
[ 32.554338] ? tick_sched_do_timer+0x100/0x100
[ 32.558898] ? hrtimer_start_range_ns+0xd10/0xd10
[ 32.563729] ? pvclock_read_flags+0x160/0x160
[ 32.568212] ? kvm_clock_read+0x25/0x30
[ 32.572163] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 32.577164] ? ktime_get_update_offsets_now+0x3d3/0x5c0
[ 32.582508] ? do_timer+0x50/0x50
[ 32.585940] ? rcu_nmi_exit+0xd7/0x2b0
[ 32.589805] ? do_raw_spin_lock+0xc1/0x200
[ 32.594030] hrtimer_interrupt+0x2f3/0x750
[ 32.598248] smp_apic_timer_interrupt+0x15d/0x710
[ 32.603069] ? smp_call_function_single_interrupt+0x650/0x650
[ 32.608933] ? _raw_spin_lock+0x32/0x40
[ 32.612889] ? _raw_spin_unlock+0x22/0x30
[ 32.617020] ? handle_edge_irq+0x330/0x870
[ 32.621233] ? task_prio+0x50/0x50
[ 32.624767] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 32.629593] apic_timer_interrupt+0xf/0x20
[ 32.633810]
[ 32.636026] RIP: 0010:__asan_allocas_unpoison+0x0/0x20
[ 32.641276] RSP: 0018:ffff8801b17f75a8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff12
[ 32.648964] RAX: ffff8801aff0a640 RBX: 0000000000000010 RCX: ffffffff83064cb6
[ 32.656226] RDX: 0000000000000000 RSI: ffff8801b17f75b0 RDI: ffff8801b17f7540
[ 32.663481] RBP: ffff8801b17f7740 R08: ffff8801aff0a640 R09: 0000000000000010
[ 32.670728] R10: ffff8801af8d1bb0 R11: ffff8801b4ee761f R12: ffff8801b4ee75b0
[ 32.677991] R13: ffff8801b17f7560 R14: dffffc0000000000 R15: 0000000000000000
[ 32.685256] ? crypto_ctr_crypt+0x576/0x900
[ 32.689557] ? crypto_ctr_crypt+0x596/0x900
[ 32.693869] ? aes_decrypt+0x90/0x90
[ 32.697565] ? crypto_rfc3686_create+0xd20/0xd20
[ 32.702319] ? kasan_unpoison_shadow+0x35/0x50
[ 32.706883] ? crypto_rfc3686_create+0xd20/0xd20
[ 32.711616] skcipher_encrypt_blkcipher+0x215/0x310
[ 32.716610] ? skcipher_encrypt_blkcipher+0x215/0x310
[ 32.721793] ? skcipher_setkey_blkcipher+0x1a0/0x1a0
[ 32.726885] crypto_gcm_encrypt+0x429/0x570
[ 32.731186] ? crypto_aead_copy_sgl+0x32/0x350
[ 32.735768] aead_recvmsg+0x1225/0x1ba0
[ 32.739745] ? aead_release+0x50/0x50
[ 32.743526] ? move_addr_to_kernel.part.18+0x100/0x100
[ 32.748795] ? security_socket_recvmsg+0xa6/0xd0
[ 32.753528] ? aead_release+0x50/0x50
[ 32.757306] sock_recvmsg+0xd0/0x110
[ 32.761000] ? __sock_recv_ts_and_drops+0x420/0x420
[ 32.765995] ___sys_recvmsg+0x2b6/0x680
[ 32.769949] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.775469] ? ___sys_sendmsg+0x940/0x940
[ 32.779597] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 32.784341] ? graph_lock+0x170/0x170
[ 32.788121] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 32.793290] ? find_held_lock+0x36/0x1c0
[ 32.797332] ? fget_raw+0x20/0x20
[ 32.800762] ? find_held_lock+0x36/0x1c0
[ 32.804802] ? lock_downgrade+0x8e0/0x8e0
[ 32.808930] ? handle_mm_fault+0x8c0/0xc70
[ 32.813145] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 32.818659] ? sockfd_lookup_light+0xc5/0x160
[ 32.823141] __sys_recvmsg+0x112/0x260
[ 32.827019] ? SyS_sendmmsg+0x40/0x40
[ 32.830805] ? __do_page_fault+0x441/0xe40
[ 32.835027] SyS_recvmsg+0x29/0x30
[ 32.838550] ? __sys_recvmsg+0x260/0x260
[ 32.842590] do_syscall_64+0x29e/0x9d0
[ 32.846457] ? vmalloc_sync_all+0x30/0x30
[ 32.850583] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 32.855413] ? syscall_return_slowpath+0x5c0/0x5c0
[ 32.860321] ? syscall_return_slowpath+0x30f/0x5c0
[ 32.865230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 32.870755] ? retint_user+0x18/0x18
[ 32.874453] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 32.879279] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 32.884447] RIP: 0033:0x43ff29
[ 32.887614] RSP: 002b:00007ffcff652c88 EFLAGS: 00000217 ORIG_RAX: 000000000000002f
[ 32.895299] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff29
[ 32.902555] RDX: 0000000000000000 RSI: 0000000020b2dfc8 RDI: 0000000000000004
[ 32.910150] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[ 32.917395] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401850
[ 32.924642] R13: 00000000004018e0 R14: 0000000000000000 R15: 0000000000000000
[ 32.931895]
[ 32.933499] The buggy address belongs to the page:
[ 32.938410] page:ffffea0006c5fdc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 32.946541] flags: 0x2fffc0000000000()
[ 32.950427] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 32.958287] raw: 0000000000000000 ffffea0006c5fde0 0000000000000000 0000000000000000
[ 32.966141] page dumped because: kasan: bad access detected
[ 32.971825]
[ 32.973428] Memory state around the buggy address:
[ 32.978332] ffff8801b17f7480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 32.985668] ffff8801b17f7500: 00 00 00 00 00 00 00 00 ca ca ca ca 00 00 cb cb
[ 32.993006] >ffff8801b17f7580: cb cb cb cb 00 00 00 00 00 00 00 00 00 00 00 00
[ 33.000337] ^
[ 33.003677] ffff8801b17f7600: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00
[ 33.011013] ffff8801b17f7680: 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00
[ 33.018344] ==================================================================
[ 33.025675] Disabling lock debugging due to kernel taint
[ 33.031103] Kernel panic - not syncing: panic_on_warn set ...
[ 33.031103]
[ 33.038443] CPU: 0 PID: 4469 Comm: syzkaller798471 Tainted: G B 4.16.0+ #1
[ 33.046642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 33.055971] Call Trace:
[ 33.058527]
[ 33.060661] dump_stack+0x1b9/0x29f
[ 33.064267] ? arch_local_irq_restore+0x52/0x52
[ 33.068913] ? lock_downgrade+0x8e0/0x8e0
[ 33.073038] ? vprintk_default+0x28/0x30
[ 33.077076] ? tick_sched_handle+0xe0/0x180
[ 33.081373] panic+0x22f/0x4de
[ 33.084543] ? add_taint.cold.5+0x16/0x16
[ 33.088668] ? add_taint.cold.5+0x5/0x16
[ 33.092710] ? do_raw_spin_unlock+0x9e/0x2e0
[ 33.097095] ? tick_sched_handle+0x16d/0x180
[ 33.101481] kasan_end_report+0x47/0x4f
[ 33.105430] kasan_report.cold.7+0xc9/0x2f5
[ 33.109728] __asan_report_load8_noabort+0x14/0x20
[ 33.114630] tick_sched_handle+0x16d/0x180
[ 33.118842] tick_sched_timer+0x42/0x130
[ 33.122882] __hrtimer_run_queues+0x3e3/0x10a0
[ 33.127442] ? tick_sched_do_timer+0x100/0x100
[ 33.132001] ? hrtimer_start_range_ns+0xd10/0xd10
[ 33.136821] ? pvclock_read_flags+0x160/0x160
[ 33.141295] ? kvm_clock_read+0x25/0x30
[ 33.145246] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 33.150237] ? ktime_get_update_offsets_now+0x3d3/0x5c0
[ 33.155575] ? do_timer+0x50/0x50
[ 33.159021] ? rcu_nmi_exit+0xd7/0x2b0
[ 33.162885] ? do_raw_spin_lock+0xc1/0x200
[ 33.167096] hrtimer_interrupt+0x2f3/0x750
[ 33.171327] smp_apic_timer_interrupt+0x15d/0x710
[ 33.176147] ? smp_call_function_single_interrupt+0x650/0x650
[ 33.182007] ? _raw_spin_lock+0x32/0x40
[ 33.185970] ? _raw_spin_unlock+0x22/0x30
[ 33.190094] ? handle_edge_irq+0x330/0x870
[ 33.194304] ? task_prio+0x50/0x50
[ 33.197823] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 33.202641] apic_timer_interrupt+0xf/0x20
[ 33.206846]
[ 33.209058] RIP: 0010:__asan_allocas_unpoison+0x0/0x20
[ 33.214309] RSP: 0018:ffff8801b17f75a8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff12
[ 33.221992] RAX: ffff8801aff0a640 RBX: 0000000000000010 RCX: ffffffff83064cb6
[ 33.229236] RDX: 0000000000000000 RSI: ffff8801b17f75b0 RDI: ffff8801b17f7540
[ 33.236484] RBP: ffff8801b17f7740 R08: ffff8801aff0a640 R09: 0000000000000010
[ 33.243732] R10: ffff8801af8d1bb0 R11: ffff8801b4ee761f R12: ffff8801b4ee75b0
[ 33.250984] R13: ffff8801b17f7560 R14: dffffc0000000000 R15: 0000000000000000
[ 33.258251] ? crypto_ctr_crypt+0x576/0x900
[ 33.262553] ? crypto_ctr_crypt+0x596/0x900
[ 33.266853] ? aes_decrypt+0x90/0x90
[ 33.270545] ? crypto_rfc3686_create+0xd20/0xd20
[ 33.275282] ? kasan_unpoison_shadow+0x35/0x50
[ 33.279842] ? crypto_rfc3686_create+0xd20/0xd20
[ 33.284576] skcipher_encrypt_blkcipher+0x215/0x310
[ 33.289577] ? skcipher_encrypt_blkcipher+0x215/0x310
[ 33.294744] ? skcipher_setkey_blkcipher+0x1a0/0x1a0
[ 33.299829] crypto_gcm_encrypt+0x429/0x570
[ 33.304130] ? crypto_aead_copy_sgl+0x32/0x350
[ 33.308691] aead_recvmsg+0x1225/0x1ba0
[ 33.312646] ? aead_release+0x50/0x50
[ 33.316425] ? move_addr_to_kernel.part.18+0x100/0x100
[ 33.321679] ? security_socket_recvmsg+0xa6/0xd0
[ 33.326412] ? aead_release+0x50/0x50
[ 33.330188] sock_recvmsg+0xd0/0x110
[ 33.333879] ? __sock_recv_ts_and_drops+0x420/0x420
[ 33.338871] ___sys_recvmsg+0x2b6/0x680
[ 33.342821] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 33.348346] ? ___sys_sendmsg+0x940/0x940
[ 33.352473] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 33.357298] ? graph_lock+0x170/0x170
[ 33.361077] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 33.366071] ? find_held_lock+0x36/0x1c0
[ 33.370110] ? fget_raw+0x20/0x20
[ 33.373541] ? find_held_lock+0x36/0x1c0
[ 33.377580] ? lock_downgrade+0x8e0/0x8e0
[ 33.381712] ? handle_mm_fault+0x8c0/0xc70
[ 33.385929] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 33.391445] ? sockfd_lookup_light+0xc5/0x160
[ 33.395918] __sys_recvmsg+0x112/0x260
[ 33.399781] ? SyS_sendmmsg+0x40/0x40
[ 33.403562] ? __do_page_fault+0x441/0xe40
[ 33.407779] SyS_recvmsg+0x29/0x30
[ 33.411294] ? __sys_recvmsg+0x260/0x260
[ 33.415419] do_syscall_64+0x29e/0x9d0
[ 33.419283] ? vmalloc_sync_all+0x30/0x30
[ 33.423407] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 33.428226] ? syscall_return_slowpath+0x5c0/0x5c0
[ 33.433133] ? syscall_return_slowpath+0x30f/0x5c0
[ 33.438051] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 33.443568] ? retint_user+0x18/0x18
[ 33.447259] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 33.452085] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 33.457253] RIP: 0033:0x43ff29
[ 33.460420] RSP: 002b:00007ffcff652c88 EFLAGS: 00000217 ORIG_RAX: 000000000000002f
[ 33.468109] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff29
[ 33.475363] RDX: 0000000000000000 RSI: 0000000020b2dfc8 RDI: 0000000000000004
[ 33.482610] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[ 33.489856] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401850
[ 33.497119] R13: 00000000004018e0 R14: 0000000000000000 R15: 0000000000000000
[ 33.504860] Dumping ftrace buffer:
[ 33.508382] (ftrace buffer empty)
[ 33.512083] Kernel Offset: disabled
[ 33.515780] Rebooting in 86400 seconds..