INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts.
2018/04/13 13:56:37 parsed 1 programs
2018/04/13 13:56:37 executed programs: 0
syzkaller login: [ 56.408597] IPVS: ftp: loaded support on port[0] = 21
[ 56.413827] IPVS: ftp: loaded support on port[0] = 21
[ 56.436146] IPVS: ftp: loaded support on port[0] = 21
[ 56.442121] IPVS: ftp: loaded support on port[0] = 21
[ 56.458743] IPVS: ftp: loaded support on port[0] = 21
[ 56.474809] IPVS: ftp: loaded support on port[0] = 21
[ 56.479628] IPVS: ftp: loaded support on port[0] = 21
[ 56.484926] IPVS: ftp: loaded support on port[0] = 21
2018/04/13 13:56:42 executed programs: 343
[ 61.610199] ==================================================================
[ 61.617787] BUG: KASAN: alloca-out-of-bounds in tick_sched_handle+0x16c/0x180
[ 61.625073] Read of size 8 at addr ffff8801d8b9f550 by task syz-executor5/5866
[ 61.632426]
[ 61.634055] CPU: 1 PID: 5866 Comm: syz-executor5 Not tainted 4.16.0+ #2
[ 61.640795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 61.650136] Call Trace:
[ 61.652714]
[ 61.654874] dump_stack+0x1b9/0x294
[ 61.658507] ? dump_stack_print_info.cold.2+0x52/0x52
[ 61.663693] ? printk+0x9e/0xba
[ 61.666972] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 61.671739] ? kasan_check_write+0x14/0x20
[ 61.675989] print_address_description+0x6c/0x20b
[ 61.680834] ? tick_sched_handle+0x16c/0x180
[ 61.685242] kasan_report.cold.7+0xac/0x2f5
[ 61.689567] __asan_report_load8_noabort+0x14/0x20
[ 61.694499] tick_sched_handle+0x16c/0x180
[ 61.698736] tick_sched_timer+0x45/0x130
[ 61.702803] __hrtimer_run_queues+0x3e3/0x10a0
[ 61.707391] ? tick_sched_do_timer+0x1a0/0x1a0
[ 61.711977] ? hrtimer_start_range_ns+0xd10/0xd10
[ 61.716829] ? pvclock_read_flags+0x160/0x160
[ 61.721325] ? kvm_clock_read+0x25/0x30
[ 61.725306] ? kvm_clock_read+0x25/0x30
[ 61.729278] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 61.734291] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 61.739672] ? do_timer+0x50/0x50
[ 61.743123] ? rcu_nmi_exit+0xd7/0x2b0
[ 61.747026] ? do_raw_spin_lock+0xc1/0x200
[ 61.753702] hrtimer_interrupt+0x286/0x650
[ 61.757953] smp_apic_timer_interrupt+0x15d/0x710
[ 61.762802] ? smp_call_function_single_interrupt+0x650/0x650
[ 61.768682] ? _raw_spin_lock+0x32/0x40
[ 61.772663] ? _raw_spin_unlock+0x22/0x30
[ 61.776812] ? handle_edge_irq+0x330/0x870
[ 61.781053] ? task_prio+0x50/0x50
[ 61.784603] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 61.789454] apic_timer_interrupt+0xf/0x20
[ 61.793679]
[ 61.795923] RIP: 0010:__memset+0x0/0x30
[ 61.799894] RSP: 0018:ffff8801d8b9f578 EFLAGS: 00000212 ORIG_RAX: ffffffffffffff13
[ 61.807605] RAX: 1ffff1003b173eb6 RBX: ffffed003b173eb6 RCX: ffffffff830aafa6
[ 61.814876] RDX: 000000000000000e RSI: 0000000000000000 RDI: ffffed003b173ea8
[ 61.822238] RBP: ffff8801d8b9f590 R08: ffff8801caf9c280 R09: 0000000000000010
[ 61.829503] R10: ffff8801b6150530 R11: ffff8801c248cc9f R12: 0000000000000070
[ 61.836774] R13: ffff8801d8b9f560 R14: dffffc0000000000 R15: 0000000000000000
[ 61.844056] ? crypto_ctr_crypt+0x576/0x900
[ 61.848385] ? kasan_unpoison_shadow+0x35/0x50
[ 61.852975] __asan_allocas_unpoison+0x16/0x20
[ 61.857564] crypto_ctr_crypt+0x596/0x900
[ 61.861721] ? aes_decrypt+0x90/0x90
[ 61.865444] ? crypto_rfc3686_create+0xd20/0xd20
[ 61.870222] ? kasan_unpoison_shadow+0x35/0x50
[ 61.874810] ? crypto_rfc3686_create+0xd20/0xd20
[ 61.879582] skcipher_encrypt_blkcipher+0x215/0x310
[ 61.884603] ? skcipher_encrypt_blkcipher+0x215/0x310
[ 61.889809] ? skcipher_setkey_blkcipher+0x1a0/0x1a0
[ 61.894923] crypto_gcm_encrypt+0x429/0x570
[ 61.899241] ? crypto_aead_copy_sgl+0x32/0x350
[ 61.903831] aead_recvmsg+0x1225/0x1ba0
[ 61.907819] ? aead_release+0x50/0x50
[ 61.911619] ? move_addr_to_kernel.part.18+0x100/0x100
[ 61.916908] ? security_socket_recvmsg+0x9b/0xc0
[ 61.921669] ? aead_release+0x50/0x50
[ 61.925474] sock_recvmsg+0xd0/0x110
[ 61.929191] ? __sock_recv_ts_and_drops+0x420/0x420
[ 61.934206] ___sys_recvmsg+0x2b6/0x680
[ 61.938189] ? ___sys_sendmsg+0x940/0x940
[ 61.942337] ? rcu_is_watching+0x85/0x140
[ 61.946492] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 61.951697] ? fget_raw+0x20/0x20
[ 61.955153] ? expand_files.part.8+0x9a0/0x9a0
[ 61.959739] ? af_alg_accept+0x33a/0x7d0
[ 61.963808] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 61.969346] ? fput+0x130/0x1a0
[ 61.972623] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 61.978154] ? sockfd_lookup_light+0xc5/0x160
[ 61.982633] __sys_recvmsg+0x112/0x260
[ 61.986499] ? SyS_sendmmsg+0x40/0x40
[ 61.990295] ? SyS_futex+0x3a4/0x56d
[ 61.993992] ? ksys_ioctl+0x81/0xd0
[ 61.997603] SyS_recvmsg+0x29/0x30
[ 62.001124] ? __sys_recvmsg+0x260/0x260
[ 62.005163] do_syscall_64+0x29e/0x9d0
[ 62.009036] ? vmalloc_sync_all+0x30/0x30
[ 62.013168] ? _raw_spin_unlock_irq+0x27/0x70
[ 62.017647] ? finish_task_switch+0x1ca/0x810
[ 62.022119] ? syscall_return_slowpath+0x5c0/0x5c0
[ 62.027032] ? syscall_return_slowpath+0x30f/0x5c0
[ 62.031947] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[ 62.037292] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 62.042126] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 62.047298] RIP: 0033:0x455319
[ 62.050463] RSP: 002b:00007ff07528bc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 62.058147] RAX: ffffffffffffffda RBX: 00007ff07528c6d4 RCX: 0000000000455319
[ 62.065397] RDX: 0000000000000000 RSI: 0000000020b2dfc8 RDI: 0000000000000008
[ 62.072652] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000
[ 62.079911] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 62.087159] R13: 0000000000000496 R14: 00000000006f9eb0 R15: 0000000000000001
[ 62.094414]
[ 62.096017] The buggy address belongs to the page:
[ 62.100931] page:ffffea000762e7c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 62.109056] flags: 0x2fffc0000000000()
[ 62.112927] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 62.120784] raw: 0000000000000000 ffffea0007620101 0000000000000000 0000000000000000
[ 62.128635] page dumped because: kasan: bad access detected
[ 62.134314]
[ 62.135919] Memory state around the buggy address:
[ 62.140826] ffff8801d8b9f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 62.148163] ffff8801d8b9f480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 62.155498] >ffff8801d8b9f500: 00 00 00 00 00 00 00 00 ca ca ca ca 00 00 cb cb
[ 62.162829] ^
[ 62.168775] ffff8801d8b9f580: cb cb cb cb 00 00 00 00 00 00 00 00 00 00 00 00
[ 62.176112] ffff8801d8b9f600: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00
[ 62.183444] ==================================================================
[ 62.190773] Disabling lock debugging due to kernel taint
[ 62.196195] Kernel panic - not syncing: panic_on_warn set ...
[ 62.196195]
[ 62.203534] CPU: 1 PID: 5866 Comm: syz-executor5 Tainted: G B 4.16.0+ #2
[ 62.211646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 62.220971] Call Trace:
[ 62.223526]
[ 62.225656] dump_stack+0x1b9/0x294
[ 62.229270] ? dump_stack_print_info.cold.2+0x52/0x52
[ 62.234435] ? lock_downgrade+0x8e0/0x8e0
[ 62.238556] ? vprintk_default+0x28/0x30
[ 62.242593] ? tick_sched_handle+0x150/0x180
[ 62.246980] panic+0x22f/0x4de
[ 62.250152] ? add_taint.cold.5+0x16/0x16
[ 62.254639] ? add_taint.cold.5+0x5/0x16
[ 62.258676] ? do_raw_spin_unlock+0x9e/0x2e0
[ 62.263058] ? tick_sched_handle+0x16c/0x180
[ 62.267444] kasan_end_report+0x47/0x4f
[ 62.271395] kasan_report.cold.7+0xc9/0x2f5
[ 62.275694] __asan_report_load8_noabort+0x14/0x20
[ 62.280600] tick_sched_handle+0x16c/0x180
[ 62.284810] tick_sched_timer+0x45/0x130
[ 62.288847] __hrtimer_run_queues+0x3e3/0x10a0
[ 62.293411] ? tick_sched_do_timer+0x1a0/0x1a0
[ 62.297969] ? hrtimer_start_range_ns+0xd10/0xd10
[ 62.302787] ? pvclock_read_flags+0x160/0x160
[ 62.307259] ? kvm_clock_read+0x25/0x30
[ 62.311211] ? kvm_clock_read+0x25/0x30
[ 62.315159] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 62.320149] ? ktime_get_update_offsets_now+0x3a6/0x570
[ 62.325488] ? do_timer+0x50/0x50
[ 62.328918] ? rcu_nmi_exit+0xd7/0x2b0
[ 62.332783] ? do_raw_spin_lock+0xc1/0x200
[ 62.336993] hrtimer_interrupt+0x286/0x650
[ 62.341211] smp_apic_timer_interrupt+0x15d/0x710
[ 62.346036] ? smp_call_function_single_interrupt+0x650/0x650
[ 62.351899] ? _raw_spin_lock+0x32/0x40
[ 62.355850] ? _raw_spin_unlock+0x22/0x30
[ 62.359975] ? handle_edge_irq+0x330/0x870
[ 62.364190] ? task_prio+0x50/0x50
[ 62.367709] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 62.372526] apic_timer_interrupt+0xf/0x20
[ 62.376733]
[ 62.378948] RIP: 0010:__memset+0x0/0x30
[ 62.382897] RSP: 0018:ffff8801d8b9f578 EFLAGS: 00000212 ORIG_RAX: ffffffffffffff13
[ 62.390583] RAX: 1ffff1003b173eb6 RBX: ffffed003b173eb6 RCX: ffffffff830aafa6
[ 62.397838] RDX: 000000000000000e RSI: 0000000000000000 RDI: ffffed003b173ea8
[ 62.405091] RBP: ffff8801d8b9f590 R08: ffff8801caf9c280 R09: 0000000000000010
[ 62.412338] R10: ffff8801b6150530 R11: ffff8801c248cc9f R12: 0000000000000070
[ 62.419590] R13: ffff8801d8b9f560 R14: dffffc0000000000 R15: 0000000000000000
[ 62.426856] ? crypto_ctr_crypt+0x576/0x900
[ 62.431168] ? kasan_unpoison_shadow+0x35/0x50
[ 62.435731] __asan_allocas_unpoison+0x16/0x20
[ 62.440290] crypto_ctr_crypt+0x596/0x900
[ 62.444428] ? aes_decrypt+0x90/0x90
[ 62.448117] ? crypto_rfc3686_create+0xd20/0xd20
[ 62.452849] ? kasan_unpoison_shadow+0x35/0x50
[ 62.457415] ? crypto_rfc3686_create+0xd20/0xd20
[ 62.462146] skcipher_encrypt_blkcipher+0x215/0x310
[ 62.467136] ? skcipher_encrypt_blkcipher+0x215/0x310
[ 62.472302] ? skcipher_setkey_blkcipher+0x1a0/0x1a0
[ 62.477383] crypto_gcm_encrypt+0x429/0x570
[ 62.481686] ? crypto_aead_copy_sgl+0x32/0x350
[ 62.486244] aead_recvmsg+0x1225/0x1ba0
[ 62.490196] ? aead_release+0x50/0x50
[ 62.493971] ? move_addr_to_kernel.part.18+0x100/0x100
[ 62.499224] ? security_socket_recvmsg+0x9b/0xc0
[ 62.503957] ? aead_release+0x50/0x50
[ 62.507823] sock_recvmsg+0xd0/0x110
[ 62.511515] ? __sock_recv_ts_and_drops+0x420/0x420
[ 62.516504] ___sys_recvmsg+0x2b6/0x680
[ 62.520456] ? ___sys_sendmsg+0x940/0x940
[ 62.524585] ? rcu_is_watching+0x85/0x140
[ 62.528707] ? rcu_bh_force_quiescent_state+0x20/0x20
[ 62.533875] ? fget_raw+0x20/0x20
[ 62.537303] ? expand_files.part.8+0x9a0/0x9a0
[ 62.541859] ? af_alg_accept+0x33a/0x7d0
[ 62.545899] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 62.551410] ? fput+0x130/0x1a0
[ 62.554667] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 62.560179] ? sockfd_lookup_light+0xc5/0x160
[ 62.564648] __sys_recvmsg+0x112/0x260
[ 62.568509] ? SyS_sendmmsg+0x40/0x40
[ 62.572287] ? SyS_futex+0x3a4/0x56d
[ 62.575980] ? ksys_ioctl+0x81/0xd0
[ 62.579583] SyS_recvmsg+0x29/0x30
[ 62.583095] ? __sys_recvmsg+0x260/0x260
[ 62.587133] do_syscall_64+0x29e/0x9d0
[ 62.590995] ? vmalloc_sync_all+0x30/0x30
[ 62.595119] ? _raw_spin_unlock_irq+0x27/0x70
[ 62.599589] ? finish_task_switch+0x1ca/0x810
[ 62.604061] ? syscall_return_slowpath+0x5c0/0x5c0
[ 62.608968] ? syscall_return_slowpath+0x30f/0x5c0
[ 62.613872] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[ 62.619212] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 62.624037] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 62.629200] RIP: 0033:0x455319
[ 62.632373] RSP: 002b:00007ff07528bc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 62.640061] RAX: ffffffffffffffda RBX: 00007ff07528c6d4 RCX: 0000000000455319
[ 62.647305] RDX: 0000000000000000 RSI: 0000000020b2dfc8 RDI: 0000000000000008
[ 62.654551] RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000
[ 62.661796] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 62.669046] R13: 0000000000000496 R14: 00000000006f9eb0 R15: 0000000000000001
[ 62.676741] Dumping ftrace buffer:
[ 62.680257] (ftrace buffer empty)
[ 62.683939] Kernel Offset: disabled
[ 62.687538] Rebooting in 86400 seconds..