INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-7,10.128.0.42' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 31.765685] ================================================================== [ 31.766790] BUG: KASAN: stack-out-of-bounds in sha3_update+0xdf/0x2e0 [ 31.767677] Write of size 4096 at addr ffff8801cca07c40 by task syzkaller076574/3044 [ 31.768712] [ 31.768949] CPU: 1 PID: 3044 Comm: syzkaller076574 Not tainted 4.14.0-mm1+ #25 [ 31.769914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.771160] Call Trace: [ 31.771528] dump_stack+0x194/0x257 [ 31.772021] ? arch_local_irq_restore+0x53/0x53 [ 31.772647] ? show_regs_print_info+0x65/0x65 [ 31.773252] ? check_usage+0xb60/0xb60 [ 31.773776] ? sha3_update+0xdf/0x2e0 [ 31.774298] print_address_description+0x73/0x250 [ 31.774967] ? sha3_update+0xdf/0x2e0 [ 31.775482] kasan_report+0x25b/0x340 [ 31.776060] check_memory_region+0x137/0x190 [ 31.776653] memcpy+0x37/0x50 [ 31.777100] sha3_update+0xdf/0x2e0 [ 31.777627] crypto_shash_update+0xcb/0x220 [ 31.778235] shash_finup_unaligned+0x2a/0x60 [ 31.778838] crypto_shash_finup+0xc4/0x120 [ 31.779408] hmac_finup+0x182/0x330 [ 31.779908] ? shash_default_import+0x5b/0x80 [ 31.780529] crypto_shash_finup+0xc4/0x120 [ 31.781098] shash_digest_unaligned+0x9e/0xd0 [ 31.781741] crypto_shash_digest+0xc4/0x120 [ 31.782337] hmac_setkey+0x36a/0x690 [ 31.782874] ? hmac_setkey+0x20/0x690 [ 31.783391] crypto_shash_setkey+0xad/0x190 [ 31.783987] shash_async_setkey+0x47/0x60 [ 31.784546] crypto_ahash_setkey+0xaf/0x180 [ 31.785127] hash_setkey+0x40/0x90 [ 31.785607] ? hash_accept_parent+0xd0/0xd0 [ 31.788254] alg_setsockopt+0x2a1/0x350 [ 31.792206] SyS_setsockopt+0x189/0x360 [ 31.796175] ? SyS_recv+0x40/0x40 [ 31.799620] ? entry_SYSCALL_64_fastpath+0x5/0x96 [ 31.804450] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 31.809450] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 31.814187] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 31.818913] RIP: 0033:0x43fdb9 [ 31.822085] RSP: 002b:00007ffd5be32ba8 EFLAGS: 00000217 ORIG_RAX: 0000000000000036 [ 31.829786] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9 [ 31.837038] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003 [ 31.844290] RBP: 0000000000000086 R08: 0000000000001000 R09: 0000000000000000 [ 31.851532] R10: 0000000020ea5000 R11: 0000000000000217 R12: 0000000000401720 [ 31.858775] R13: 00000000004017b0 R14: 0000000000000000 R15: 0000000000000000 [ 31.866039] [ 31.867639] The buggy address belongs to the page: [ 31.872543] page:ffffea00073281c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 31.880662] flags: 0x2fffc0000000000() [ 31.884528] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 31.892395] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 31.900244] page dumped because: kasan: bad access detected [ 31.905927] [ 31.907519] Memory state around the buggy address: [ 31.912424] ffff8801cca07d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.919755] ffff8801cca07e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.927083] >ffff8801cca07e80: f1 f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2 [ 31.934409] ^ [ 31.937751] ffff8801cca07f00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.945275] ffff8801cca07f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.952630] ================================================================== [ 31.959965] Disabling lock debugging due to kernel taint [ 31.965517] Kernel panic - not syncing: panic_on_warn set ... [ 31.965517] [ 31.972869] CPU: 1 PID: 3044 Comm: syzkaller076574 Tainted: G B 4.14.0-mm1+ #25 [ 31.981499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.990832] Call Trace: [ 31.993408] dump_stack+0x194/0x257 [ 31.997011] ? arch_local_irq_restore+0x53/0x53 [ 32.001648] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 32.006369] ? vsnprintf+0x1ed/0x1900 [ 32.010141] ? sha3_update+0x20/0x2e0 [ 32.013910] panic+0x1e4/0x41c [ 32.017105] ? refcount_error_report+0x214/0x214 [ 32.021827] ? add_taint+0x1c/0x50 [ 32.025331] ? add_taint+0x1c/0x50 [ 32.028839] ? sha3_update+0xdf/0x2e0 [ 32.032607] kasan_end_report+0x50/0x50 [ 32.036547] kasan_report+0x144/0x340 [ 32.040322] check_memory_region+0x137/0x190 [ 32.044697] memcpy+0x37/0x50 [ 32.047770] sha3_update+0xdf/0x2e0 [ 32.051368] crypto_shash_update+0xcb/0x220 [ 32.055658] shash_finup_unaligned+0x2a/0x60 [ 32.060032] crypto_shash_finup+0xc4/0x120 [ 32.064233] hmac_finup+0x182/0x330 [ 32.067831] ? shash_default_import+0x5b/0x80 [ 32.072296] crypto_shash_finup+0xc4/0x120 [ 32.076500] shash_digest_unaligned+0x9e/0xd0 [ 32.080964] crypto_shash_digest+0xc4/0x120 [ 32.085261] hmac_setkey+0x36a/0x690 [ 32.088966] ? hmac_setkey+0x20/0x690 [ 32.092747] crypto_shash_setkey+0xad/0x190 [ 32.097036] shash_async_setkey+0x47/0x60 [ 32.101150] crypto_ahash_setkey+0xaf/0x180 [ 32.105442] hash_setkey+0x40/0x90 [ 32.108948] ? hash_accept_parent+0xd0/0xd0 [ 32.113236] alg_setsockopt+0x2a1/0x350 [ 32.117180] SyS_setsockopt+0x189/0x360 [ 32.121501] ? SyS_recv+0x40/0x40 [ 32.124924] ? entry_SYSCALL_64_fastpath+0x5/0x96 [ 32.129737] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 32.134730] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 32.139476] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 32.144205] RIP: 0033:0x43fdb9 [ 32.147361] RSP: 002b:00007ffd5be32ba8 EFLAGS: 00000217 ORIG_RAX: 0000000000000036 [ 32.155034] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9 [ 32.162280] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003 [ 32.169517] RBP: 0000000000000086 R08: 0000000000001000 R09: 0000000000000000 [ 32.176753] R10: 0000000020ea5000 R11: 0000000000000217 R12: 0000000000401720 [ 32.183991] R13: 00000000004017b0 R14: 0000000000000000 R15: 0000000000000000 [ 32.191625] Dumping ftrace buffer: [ 32.195136] (ftrace buffer empty) [ 32.198822] Kernel Offset: disabled [ 32.202415] Rebooting in 86400 seconds..