INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-net-kasan-gce-6,10.128.0.5' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 39.975366] ================================================================== [ 39.976581] BUG: KASAN: stack-out-of-bounds in sha3_update+0xdf/0x2e0 [ 39.977483] Write of size 4096 at addr ffff8801cc94fc40 by task syzkaller028901/3053 [ 39.978528] [ 39.978763] CPU: 0 PID: 3053 Comm: syzkaller028901 Not tainted 4.14.0+ #128 [ 39.979724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.980945] Call Trace: [ 39.981338] dump_stack+0x194/0x257 [ 39.981836] ? arch_local_irq_restore+0x53/0x53 [ 39.982462] ? show_regs_print_info+0x65/0x65 [ 39.983098] ? check_usage+0xb60/0xb60 [ 39.983621] ? sha3_update+0xdf/0x2e0 [ 39.984137] print_address_description+0x73/0x250 [ 39.984795] ? sha3_update+0xdf/0x2e0 [ 39.985352] kasan_report+0x25b/0x340 [ 39.985868] check_memory_region+0x137/0x190 [ 39.986477] memcpy+0x37/0x50 [ 39.986902] sha3_update+0xdf/0x2e0 [ 39.987405] crypto_shash_update+0xcb/0x220 [ 39.987995] shash_finup_unaligned+0x2a/0x60 [ 39.988587] crypto_shash_finup+0xc4/0x120 [ 39.989162] hmac_finup+0x182/0x330 [ 39.989649] ? shash_default_import+0x5b/0x80 [ 39.990267] crypto_shash_finup+0xc4/0x120 [ 39.990886] shash_digest_unaligned+0x9e/0xd0 [ 39.991502] crypto_shash_digest+0xc4/0x120 [ 39.992084] hmac_setkey+0x36a/0x690 [ 39.992620] ? hmac_setkey+0x20/0x690 [ 39.993139] crypto_shash_setkey+0xad/0x190 [ 39.993722] shash_async_setkey+0x47/0x60 [ 39.994279] crypto_ahash_setkey+0xaf/0x180 [ 39.994865] hash_setkey+0x40/0x90 [ 39.995344] ? hash_accept_parent+0xd0/0xd0 [ 39.998374] alg_setsockopt+0x2a1/0x350 [ 40.002325] SyS_setsockopt+0x189/0x360 [ 40.006274] ? SyS_recv+0x40/0x40 [ 40.009701] ? entry_SYSCALL_64_fastpath+0x5/0x96 [ 40.014517] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 40.019503] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 40.024234] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 40.028958] RIP: 0033:0x43fdb9 [ 40.032115] RSP: 002b:00007ffcf58f5a78 EFLAGS: 00000217 ORIG_RAX: 0000000000000036 [ 40.040094] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9 [ 40.047360] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003 [ 40.054597] RBP: 0000000000000086 R08: 0000000000001000 R09: 0000000000000000 [ 40.061834] R10: 0000000020ea5000 R11: 0000000000000217 R12: 0000000000401720 [ 40.069069] R13: 00000000004017b0 R14: 0000000000000000 R15: 0000000000000000 [ 40.076324] [ 40.077922] The buggy address belongs to the page: [ 40.082823] page:ffffea00073253c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 40.090943] flags: 0x2fffc0000000000() [ 40.094802] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 40.102650] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 40.110494] page dumped because: kasan: bad access detected [ 40.116170] [ 40.117765] Memory state around the buggy address: [ 40.122659] ffff8801cc94fd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.129987] ffff8801cc94fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.137311] >ffff8801cc94fe80: f1 f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2 [ 40.144633] ^ [ 40.147965] ffff8801cc94ff00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.155295] ffff8801cc94ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.162616] ================================================================== [ 40.169937] Disabling lock debugging due to kernel taint [ 40.175470] Kernel panic - not syncing: panic_on_warn set ... [ 40.175470] [ 40.182817] CPU: 0 PID: 3053 Comm: syzkaller028901 Tainted: G B 4.14.0+ #128 [ 40.191185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.200515] Call Trace: [ 40.203079] dump_stack+0x194/0x257 [ 40.206673] ? arch_local_irq_restore+0x53/0x53 [ 40.211309] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 40.216031] ? vsnprintf+0x1ed/0x1900 [ 40.219801] ? sha3_update+0x10/0x2e0 [ 40.223568] panic+0x1e4/0x41c [ 40.226725] ? refcount_error_report+0x214/0x214 [ 40.231446] ? add_taint+0x1c/0x50 [ 40.234953] ? add_taint+0x1c/0x50 [ 40.238460] ? sha3_update+0xdf/0x2e0 [ 40.242227] kasan_end_report+0x50/0x50 [ 40.246165] kasan_report+0x144/0x340 [ 40.249932] check_memory_region+0x137/0x190 [ 40.254303] memcpy+0x37/0x50 [ 40.257374] sha3_update+0xdf/0x2e0 [ 40.260975] crypto_shash_update+0xcb/0x220 [ 40.265264] shash_finup_unaligned+0x2a/0x60 [ 40.269638] crypto_shash_finup+0xc4/0x120 [ 40.273840] hmac_finup+0x182/0x330 [ 40.277429] ? shash_default_import+0x5b/0x80 [ 40.281895] crypto_shash_finup+0xc4/0x120 [ 40.286097] shash_digest_unaligned+0x9e/0xd0 [ 40.290557] crypto_shash_digest+0xc4/0x120 [ 40.294843] hmac_setkey+0x36a/0x690 [ 40.298540] ? hmac_setkey+0x20/0x690 [ 40.302308] crypto_shash_setkey+0xad/0x190 [ 40.306596] shash_async_setkey+0x47/0x60 [ 40.310712] crypto_ahash_setkey+0xaf/0x180 [ 40.315004] hash_setkey+0x40/0x90 [ 40.318507] ? hash_accept_parent+0xd0/0xd0 [ 40.322803] alg_setsockopt+0x2a1/0x350 [ 40.326747] SyS_setsockopt+0x189/0x360 [ 40.330690] ? SyS_recv+0x40/0x40 [ 40.334117] ? entry_SYSCALL_64_fastpath+0x5/0x96 [ 40.338962] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 40.343944] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 40.348668] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 40.353388] RIP: 0033:0x43fdb9 [ 40.356554] RSP: 002b:00007ffcf58f5a78 EFLAGS: 00000217 ORIG_RAX: 0000000000000036 [ 40.364226] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9 [ 40.371459] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003 [ 40.378697] RBP: 0000000000000086 R08: 0000000000001000 R09: 0000000000000000 [ 40.385931] R10: 0000000020ea5000 R11: 0000000000000217 R12: 0000000000401720 [ 40.393178] R13: 00000000004017b0 R14: 0000000000000000 R15: 0000000000000000 [ 40.400819] Dumping ftrace buffer: [ 40.404323] (ftrace buffer empty) [ 40.408000] Kernel Offset: disabled [ 40.411595] Rebooting in 86400 seconds..