INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-8,10.128.0.56' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
syzkaller login: [   39.668110] ==================================================================
[   39.669335] BUG: KASAN: slab-out-of-bounds in sha3_final+0xeb/0x2e0
[   39.670215] Write of size 4294967223 at addr ffff8801cc82b719 by task syzkaller968605/3074
[   39.671377] 
[   39.671613] CPU: 0 PID: 3074 Comm: syzkaller968605 Not tainted 4.14.0+ #192
[   39.672623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.673908] Call Trace:
[   39.674287]  dump_stack+0x194/0x257
[   39.674842]  ? arch_local_irq_restore+0x53/0x53
[   39.675489]  ? show_regs_print_info+0x65/0x65
[   39.676140]  ? sock_sendmsg+0xca/0x110
[   39.676684]  ? entry_SYSCALL_64_fastpath+0x1f/0x96
[   39.677342]  ? sha3_final+0xeb/0x2e0
[   39.677878]  print_address_description+0x73/0x250
[   39.678524]  ? sha3_final+0xeb/0x2e0
[   39.679028]  kasan_report+0x25b/0x340
[   39.679548]  check_memory_region+0x137/0x190
[   39.680140]  memset+0x23/0x40
[   39.680595]  sha3_final+0xeb/0x2e0
[   39.681077]  ? sha3_512_init+0x20/0x20
[   39.681603]  crypto_shash_final+0xd3/0x1f0
[   39.682170]  ? __lock_is_held+0xbc/0x140
[   39.682720]  hmac_final+0x16c/0x2b0
[   39.683211]  ? hmac_finup+0x330/0x330
[   39.683724]  crypto_shash_final+0xd3/0x1f0
[   39.684290]  ? hash_sendmsg+0xcb/0x9c0
[   39.684818]  hmac_final+0x16c/0x2b0
[   39.685341]  ? hmac_finup+0x330/0x330
[   39.685865]  crypto_shash_final+0xd3/0x1f0
[   39.686433]  ? copy_overflow+0x30/0x30
[   39.686957]  ? crypto_shash_digest+0x120/0x120
[   39.687583]  shash_async_final+0x35/0x40
[   39.688175]  crypto_ahash_op+0xbc/0x140
[   39.691624]  crypto_ahash_final+0x57/0x70
[   39.695742]  hash_sendmsg+0x686/0x9c0
[   39.699518]  ? hash_recvmsg+0x9b0/0x9b0
[   39.703464]  sock_sendmsg+0xca/0x110
[   39.707153]  ___sys_sendmsg+0x322/0x8a0
[   39.711101]  ? copy_msghdr_from_user+0x590/0x590
[   39.715825]  ? find_held_lock+0x39/0x1d0
[   39.719875]  ? fget_raw+0x20/0x20
[   39.723299]  ? lock_downgrade+0x980/0x980
[   39.727431]  ? __fdget+0x18/0x20
[   39.730771]  __sys_sendmmsg+0x1e6/0x5f0
[   39.734713]  ? __sys_sendmmsg+0x1e6/0x5f0
[   39.738837]  ? SyS_sendmsg+0x50/0x50
[   39.742524]  ? mm_fault_error+0x2c0/0x2c0
[   39.746648]  ? lock_release+0xda0/0xda0
[   39.750612]  ? __do_page_fault+0xc90/0xc90
[   39.754814]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   39.759801]  ? lockdep_sys_exit+0x47/0xf0
[   39.763919]  ? syscall_return_slowpath+0x2ad/0x550
[   39.768819]  ? lockdep_sys_exit+0x47/0xf0
[   39.772944]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   39.777934]  SyS_sendmmsg+0x35/0x60
[   39.781538]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   39.786263] RIP: 0033:0x445aa9
[   39.789424] RSP: 002b:00007f1ed9ee8dc8 EFLAGS: 00000202 ORIG_RAX: 0000000000000133
[   39.797102] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445aa9
[   39.804341] RDX: 0000000000000005 RSI: 00000000209fe000 RDI: 0000000000000005
[   39.811581] RBP: 0000000000000086 R08: 00007f1ed9ee9700 R09: 00007f1ed9ee9700
[   39.818821] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[   39.826058] R13: 00007ffc4936159f R14: 00007f1ed9ee99c0 R15: 0000000000000000
[   39.833312] 
[   39.834909] Allocated by task 3073:
[   39.838509]  save_stack+0x43/0xd0
[   39.841927]  kasan_kmalloc+0xad/0xe0
[   39.845608]  __kmalloc+0x162/0x760
[   39.849115]  sock_kmalloc+0x112/0x190
[   39.852880]  hash_accept_parent_nokey+0x76/0x320
[   39.857604]  hash_accept_parent+0x9a/0xd0
[   39.861717]  af_alg_accept+0x125/0x670
[   39.865569]  alg_accept+0x46/0x60
[   39.868989]  SYSC_accept4+0x384/0x850
[   39.872755]  SyS_accept+0x26/0x30
[   39.876176]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   39.880896] 
[   39.882491] Freed by task 0:
[   39.885474] (stack is not available)
[   39.889152] 
[   39.890748] The buggy address belongs to the object at ffff8801cc82b200
[   39.890748]  which belongs to the cache kmalloc-2048 of size 2048
[   39.903543] The buggy address is located 1305 bytes inside of
[   39.903543]  2048-byte region [ffff8801cc82b200, ffff8801cc82ba00)
[   39.915564] The buggy address belongs to the page:
[   39.920461] page:ffffea0007320a80 count:1 mapcount:0 mapping:ffff8801cc82a100 index:0x0 compound_mapcount: 0
[   39.930401] flags: 0x2fffc0000008100(slab|head)
[   39.935041] raw: 02fffc0000008100 ffff8801cc82a100 0000000000000000 0000000100000003
[   39.942889] raw: ffffea00073220a0 ffff8801db001950 ffff8801db000c40 0000000000000000
[   39.950735] page dumped because: kasan: bad access detected
[   39.956422] 
[   39.958023] Memory state around the buggy address:
[   39.962920]  ffff8801cc82b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   39.970244]  ffff8801cc82b680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   39.977571] >ffff8801cc82b700: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   39.984896]                                                        ^
[   39.991353]  ffff8801cc82b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.998690]  ffff8801cc82b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.006031] ==================================================================
[   40.013353] Disabling lock debugging due to kernel taint
[   40.018841] Kernel panic - not syncing: panic_on_warn set ...
[   40.018841] 
[   40.026171] CPU: 0 PID: 3074 Comm: syzkaller968605 Tainted: G    B            4.14.0+ #192
[   40.034539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.043868] Call Trace:
[   40.046425]  dump_stack+0x194/0x257
[   40.050020]  ? arch_local_irq_restore+0x53/0x53
[   40.054658]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.059379]  ? vsnprintf+0x1ed/0x1900
[   40.063149]  ? sha3_final+0x50/0x2e0
[   40.066831]  panic+0x1e4/0x41c
[   40.069990]  ? refcount_error_report+0x214/0x214
[   40.074715]  ? add_taint+0x1c/0x50
[   40.078220]  ? add_taint+0x1c/0x50
[   40.081725]  ? sha3_final+0xeb/0x2e0
[   40.085405]  kasan_end_report+0x50/0x50
[   40.089432]  kasan_report+0x144/0x340
[   40.093200]  check_memory_region+0x137/0x190
[   40.098041]  memset+0x23/0x40
[   40.101132]  sha3_final+0xeb/0x2e0
[   40.104640]  ? sha3_512_init+0x20/0x20
[   40.108509]  crypto_shash_final+0xd3/0x1f0
[   40.112717]  ? __lock_is_held+0xbc/0x140
[   40.116745]  hmac_final+0x16c/0x2b0
[   40.120339]  ? hmac_finup+0x330/0x330
[   40.124103]  crypto_shash_final+0xd3/0x1f0
[   40.128303]  ? hash_sendmsg+0xcb/0x9c0
[   40.132157]  hmac_final+0x16c/0x2b0
[   40.135750]  ? hmac_finup+0x330/0x330
[   40.139524]  crypto_shash_final+0xd3/0x1f0
[   40.143790]  ? copy_overflow+0x30/0x30
[   40.147648]  ? crypto_shash_digest+0x120/0x120
[   40.152195]  shash_async_final+0x35/0x40
[   40.156222]  crypto_ahash_op+0xbc/0x140
[   40.160162]  crypto_ahash_final+0x57/0x70
[   40.164273]  hash_sendmsg+0x686/0x9c0
[   40.168044]  ? hash_recvmsg+0x9b0/0x9b0
[   40.171998]  sock_sendmsg+0xca/0x110
[   40.175680]  ___sys_sendmsg+0x322/0x8a0
[   40.179621]  ? copy_msghdr_from_user+0x590/0x590
[   40.184342]  ? find_held_lock+0x39/0x1d0
[   40.188378]  ? fget_raw+0x20/0x20
[   40.191798]  ? lock_downgrade+0x980/0x980
[   40.195917]  ? __fdget+0x18/0x20
[   40.199252]  __sys_sendmmsg+0x1e6/0x5f0
[   40.203190]  ? __sys_sendmmsg+0x1e6/0x5f0
[   40.207305]  ? SyS_sendmsg+0x50/0x50
[   40.210988]  ? mm_fault_error+0x2c0/0x2c0
[   40.215103]  ? lock_release+0xda0/0xda0
[   40.219057]  ? __do_page_fault+0xc90/0xc90
[   40.223262]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.228247]  ? lockdep_sys_exit+0x47/0xf0
[   40.232364]  ? syscall_return_slowpath+0x2ad/0x550
[   40.237261]  ? lockdep_sys_exit+0x47/0xf0
[   40.241378]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.246363]  SyS_sendmmsg+0x35/0x60
[   40.249958]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.254680] RIP: 0033:0x445aa9
[   40.257838] RSP: 002b:00007f1ed9ee8dc8 EFLAGS: 00000202 ORIG_RAX: 0000000000000133
[   40.265510] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445aa9
[   40.272744] RDX: 0000000000000005 RSI: 00000000209fe000 RDI: 0000000000000005
[   40.279980] RBP: 0000000000000086 R08: 00007f1ed9ee9700 R09: 00007f1ed9ee9700
[   40.287215] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[   40.294459] R13: 00007ffc4936159f R14: 00007f1ed9ee99c0 R15: 0000000000000000
[   40.301735] Dumping ftrace buffer:
[   40.305243]    (ftrace buffer empty)
[   40.308921] Kernel Offset: disabled
[   40.312516] Rebooting in 86400 seconds..