INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 34.248129] ==================================================================
[ 34.255619] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16d/0x180
[ 34.262870] Read of size 8 at addr ffff8801adbef570 by task syzkaller137858/4464
[ 34.270372]
[ 34.271980] CPU: 0 PID: 4464 Comm: syzkaller137858 Not tainted 4.16.0+ #1
[ 34.278878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.288205] Call Trace:
[ 34.290760]
[ 34.292894] dump_stack+0x1b9/0x29f
[ 34.296500] ? arch_local_irq_restore+0x52/0x52
[ 34.301986] ? printk+0x9e/0xba
[ 34.305257] ? show_regs_print_info+0x18/0x18
[ 34.309732] ? kasan_check_write+0x14/0x20
[ 34.313950] print_address_description+0x6c/0x20b
[ 34.318771] ? tick_sched_handle+0x16d/0x180
[ 34.323163] kasan_report.cold.7+0xac/0x2f5
[ 34.327464] __asan_report_load8_noabort+0x14/0x20
[ 34.332371] tick_sched_handle+0x16d/0x180
[ 34.336583] tick_sched_timer+0x42/0x130
[ 34.340622] __hrtimer_run_queues+0x3e3/0x10a0
[ 34.345194] ? tick_sched_do_timer+0x100/0x100
[ 34.349756] ? hrtimer_start_range_ns+0xd10/0xd10
[ 34.354579] ? pvclock_read_flags+0x160/0x160
[ 34.359051] ? __local_bh_enable+0xef/0x130
[ 34.363351] ? kvm_clock_read+0x25/0x30
[ 34.367312] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 34.372307] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 34.377650] ? do_timer+0x50/0x50
[ 34.381097] ? rcu_nmi_exit+0xd7/0x2b0
[ 34.384965] ? do_raw_spin_lock+0xc1/0x200
[ 34.389183] hrtimer_interrupt+0x286/0x650
[ 34.393401] smp_apic_timer_interrupt+0x15d/0x710
[ 34.398221] ? smp_call_function_single_interrupt+0x650/0x650
[ 34.404090] ? _raw_spin_lock+0x32/0x40
[ 34.408042] ? _raw_spin_unlock+0x22/0x30
[ 34.412167] ? handle_edge_irq+0x330/0x870
[ 34.416387] ? task_prio+0x50/0x50
[ 34.419910] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.424744] apic_timer_interrupt+0xf/0x20
[ 34.428959]
[ 34.431176] RIP: 0010:kasan_unpoison_shadow+0x1/0x50
[ 34.436268] RSP: 0018:ffff8801adbef590 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
[ 34.443970] RAX: ffff8801d9a90440 RBX: 0000000000000010 RCX: ffffffff83068906
[ 34.451219] RDX: 0000000000000000 RSI: 0000000000000070 RDI: ffff8801adbef540
[ 34.458464] RBP: ffff8801adbef5a0 R08: ffff8801d9a90440 R09: 0000000000000010
[ 34.465710] R10: ffff8801ae4e2e30 R11: ffff8801ae0769df R12: ffff8801ae076970
[ 34.472958] R13: ffff8801adbef560 R14: dffffc0000000000 R15: 0000000000000000
[ 34.480215] ? crypto_ctr_crypt+0x576/0x900
[ 34.484518] ? __asan_allocas_unpoison+0x16/0x20
[ 34.489253] crypto_ctr_crypt+0x596/0x900
[ 34.493380] ? aes_decrypt+0x90/0x90
[ 34.497071] ? crypto_rfc3686_create+0xd20/0xd20
[ 34.501820] ? kasan_unpoison_shadow+0x35/0x50
[ 34.506385] ? crypto_rfc3686_create+0xd20/0xd20
[ 34.511119] skcipher_encrypt_blkcipher+0x215/0x310
[ 34.516114] ? skcipher_encrypt_blkcipher+0x215/0x310
[ 34.521282] ? skcipher_setkey_blkcipher+0x1a0/0x1a0
[ 34.526375] crypto_gcm_encrypt+0x429/0x570
[ 34.530676] ? crypto_aead_copy_sgl+0x32/0x350
[ 34.535237] aead_recvmsg+0x1225/0x1ba0
[ 34.539206] ? aead_release+0x50/0x50
[ 34.543000] ? move_addr_to_kernel.part.18+0x100/0x100
[ 34.548272] ? security_socket_recvmsg+0xa6/0xd0
[ 34.553757] ? aead_release+0x50/0x50
[ 34.557536] sock_recvmsg+0xd0/0x110
[ 34.561229] ? __sock_recv_ts_and_drops+0x420/0x420
[ 34.566233] ___sys_recvmsg+0x2b6/0x680
[ 34.570188] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.575708] ? ___sys_sendmsg+0x940/0x940
[ 34.579836] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 34.584570] ? graph_lock+0x170/0x170
[ 34.588350] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 34.593344] ? find_held_lock+0x36/0x1c0
[ 34.597385] ? fget_raw+0x20/0x20
[ 34.600835] ? find_held_lock+0x36/0x1c0
[ 34.604878] ? lock_downgrade+0x8e0/0x8e0
[ 34.609010] ? handle_mm_fault+0x8c0/0xc70
[ 34.613227] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 34.618742] ? sockfd_lookup_light+0xc5/0x160
[ 34.623214] __sys_recvmsg+0x112/0x260
[ 34.627080] ? SyS_sendmmsg+0x40/0x40
[ 34.630871] ? __do_page_fault+0x441/0xe40
[ 34.635092] SyS_recvmsg+0x29/0x30
[ 34.638609] ? __sys_recvmsg+0x260/0x260
[ 34.642666] do_syscall_64+0x29e/0x9d0
[ 34.646538] ? vmalloc_sync_all+0x30/0x30
[ 34.650667] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 34.655406] ? syscall_return_slowpath+0x5c0/0x5c0
[ 34.660321] ? syscall_return_slowpath+0x30f/0x5c0
[ 34.665239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 34.670757] ? retint_user+0x18/0x18
[ 34.674452] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 34.679284] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 34.684453] RIP: 0033:0x4407c9
[ 34.687619] RSP: 002b:00007ffe25fc7918 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 34.695303] RAX: ffffffffffffffda RBX: 00007ffe25fc7940 RCX: 00000000004407c9
[ 34.702553] RDX: 0000000000000000 RSI: 0000000020b2dfc8 RDI: 0000000000000004
[ 34.709813] RBP: 0000000000000000 R08: 00007ffe25fc7990 R09: 00007ffe25fc7990
[ 34.717064] R10: 00007ffe25fc7990 R11: 0000000000000246 R12: 00000000004020f0
[ 34.724313] R13: 0000000000402180 R14: 0000000000000000 R15: 0000000000000000
[ 34.731573]
[ 34.733180] The buggy address belongs to the page:
[ 34.738088] page:ffffea0006b6fbc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 34.746207] flags: 0x2fffc0000000000()
[ 34.750076] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 34.757937] raw: 0000000000000000 ffffea0006b60101 0000000000000000 0000000000000000
[ 34.765920] page dumped because: kasan: bad access detected
[ 34.771602]
[ 34.773205] Memory state around the buggy address:
[ 34.778232] ffff8801adbef400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 34.785585] ffff8801adbef480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 34.792924] >ffff8801adbef500: 00 00 00 00 00 00 00 00 ca ca ca ca 00 00 cb cb
[ 34.800261] ^
[ 34.807254] ffff8801adbef580: cb cb cb cb 00 00 00 00 00 00 00 00 00 00 00 00
[ 34.815093] ffff8801adbef600: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00
[ 34.822517] ==================================================================
[ 34.829860] Disabling lock debugging due to kernel taint
[ 34.835291] Kernel panic - not syncing: panic_on_warn set ...
[ 34.835291]
[ 34.842641] CPU: 0 PID: 4464 Comm: syzkaller137858 Tainted: G B 4.16.0+ #1
[ 34.850842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.860168] Call Trace:
[ 34.862734]
[ 34.864875] dump_stack+0x1b9/0x29f
[ 34.868483] ? arch_local_irq_restore+0x52/0x52
[ 34.873129] ? lock_downgrade+0x8e0/0x8e0
[ 34.877253] ? vprintk_default+0x28/0x30
[ 34.881292] ? tick_sched_handle+0x120/0x180
[ 34.885677] panic+0x22f/0x4de
[ 34.888843] ? add_taint.cold.5+0x16/0x16
[ 34.892965] ? add_taint.cold.5+0x5/0x16
[ 34.897002] ? do_raw_spin_unlock+0x9e/0x2e0
[ 34.901384] ? tick_sched_handle+0x16d/0x180
[ 34.905766] kasan_end_report+0x47/0x4f
[ 34.909716] kasan_report.cold.7+0xc9/0x2f5
[ 34.914018] __asan_report_load8_noabort+0x14/0x20
[ 34.918925] tick_sched_handle+0x16d/0x180
[ 34.923137] tick_sched_timer+0x42/0x130
[ 34.927177] __hrtimer_run_queues+0x3e3/0x10a0
[ 34.931739] ? tick_sched_do_timer+0x100/0x100
[ 34.936297] ? hrtimer_start_range_ns+0xd10/0xd10
[ 34.941116] ? pvclock_read_flags+0x160/0x160
[ 34.945603] ? __local_bh_enable+0xef/0x130
[ 34.949924] ? kvm_clock_read+0x25/0x30
[ 34.953880] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 34.958875] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 34.964218] ? do_timer+0x50/0x50
[ 34.967661] ? rcu_nmi_exit+0xd7/0x2b0
[ 34.971537] ? do_raw_spin_lock+0xc1/0x200
[ 34.975752] hrtimer_interrupt+0x286/0x650
[ 34.979983] smp_apic_timer_interrupt+0x15d/0x710
[ 34.984809] ? smp_call_function_single_interrupt+0x650/0x650
[ 34.990675] ? _raw_spin_lock+0x32/0x40
[ 34.994640] ? _raw_spin_unlock+0x22/0x30
[ 34.998788] ? handle_edge_irq+0x330/0x870
[ 35.003003] ? task_prio+0x50/0x50
[ 35.006531] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.011358] apic_timer_interrupt+0xf/0x20
[ 35.015563]
[ 35.017779] RIP: 0010:kasan_unpoison_shadow+0x1/0x50
[ 35.022858] RSP: 0018:ffff8801adbef590 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
[ 35.030551] RAX: ffff8801d9a90440 RBX: 0000000000000010 RCX: ffffffff83068906
[ 35.037800] RDX: 0000000000000000 RSI: 0000000000000070 RDI: ffff8801adbef540
[ 35.045049] RBP: ffff8801adbef5a0 R08: ffff8801d9a90440 R09: 0000000000000010
[ 35.052301] R10: ffff8801ae4e2e30 R11: ffff8801ae0769df R12: ffff8801ae076970
[ 35.059546] R13: ffff8801adbef560 R14: dffffc0000000000 R15: 0000000000000000
[ 35.066803] ? crypto_ctr_crypt+0x576/0x900
[ 35.071115] ? __asan_allocas_unpoison+0x16/0x20
[ 35.075846] crypto_ctr_crypt+0x596/0x900
[ 35.079970] ? aes_decrypt+0x90/0x90
[ 35.083674] ? crypto_rfc3686_create+0xd20/0xd20
[ 35.088410] ? kasan_unpoison_shadow+0x35/0x50
[ 35.092974] ? crypto_rfc3686_create+0xd20/0xd20
[ 35.097718] skcipher_encrypt_blkcipher+0x215/0x310
[ 35.102710] ? skcipher_encrypt_blkcipher+0x215/0x310
[ 35.107878] ? skcipher_setkey_blkcipher+0x1a0/0x1a0
[ 35.112960] crypto_gcm_encrypt+0x429/0x570
[ 35.117262] ? crypto_aead_copy_sgl+0x32/0x350
[ 35.121822] aead_recvmsg+0x1225/0x1ba0
[ 35.125776] ? aead_release+0x50/0x50
[ 35.129555] ? move_addr_to_kernel.part.18+0x100/0x100
[ 35.134807] ? security_socket_recvmsg+0xa6/0xd0
[ 35.139539] ? aead_release+0x50/0x50
[ 35.143317] sock_recvmsg+0xd0/0x110
[ 35.147024] ? __sock_recv_ts_and_drops+0x420/0x420
[ 35.152025] ___sys_recvmsg+0x2b6/0x680
[ 35.155996] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.161516] ? ___sys_sendmsg+0x940/0x940
[ 35.165651] ? vm_insert_mixed_mkwrite+0x40/0x40
[ 35.170388] ? graph_lock+0x170/0x170
[ 35.174177] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 35.179173] ? find_held_lock+0x36/0x1c0
[ 35.183214] ? fget_raw+0x20/0x20
[ 35.186645] ? find_held_lock+0x36/0x1c0
[ 35.190687] ? lock_downgrade+0x8e0/0x8e0
[ 35.194814] ? handle_mm_fault+0x8c0/0xc70
[ 35.199029] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 35.204553] ? sockfd_lookup_light+0xc5/0x160
[ 35.209026] __sys_recvmsg+0x112/0x260
[ 35.212899] ? SyS_sendmmsg+0x40/0x40
[ 35.216678] ? __do_page_fault+0x441/0xe40
[ 35.220896] SyS_recvmsg+0x29/0x30
[ 35.224423] ? __sys_recvmsg+0x260/0x260
[ 35.228462] do_syscall_64+0x29e/0x9d0
[ 35.232326] ? vmalloc_sync_all+0x30/0x30
[ 35.236453] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 35.241188] ? syscall_return_slowpath+0x5c0/0x5c0
[ 35.246108] ? syscall_return_slowpath+0x30f/0x5c0
[ 35.251033] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 35.256548] ? retint_user+0x18/0x18
[ 35.260238] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 35.265058] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 35.270225] RIP: 0033:0x4407c9
[ 35.273389] RSP: 002b:00007ffe25fc7918 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 35.281076] RAX: ffffffffffffffda RBX: 00007ffe25fc7940 RCX: 00000000004407c9
[ 35.288323] RDX: 0000000000000000 RSI: 0000000020b2dfc8 RDI: 0000000000000004
[ 35.295568] RBP: 0000000000000000 R08: 00007ffe25fc7990 R09: 00007ffe25fc7990
[ 35.302814] R10: 00007ffe25fc7990 R11: 0000000000000246 R12: 00000000004020f0
[ 35.310062] R13: 0000000000402180 R14: 0000000000000000 R15: 0000000000000000
[ 35.317885] Dumping ftrace buffer:
[ 35.321402] (ftrace buffer empty)
[ 35.325087] Kernel Offset: disabled
[ 35.328689] Rebooting in 86400 seconds..