INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-6,10.128.0.19' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   39.730324] ==================================================================
[   39.731469] BUG: KASAN: slab-out-of-bounds in sha3_update+0xdf/0x2e0
[   39.732324] Write of size 192 at addr ffff8801cb8888bc by task syzkaller326690/3087
[   39.733342] 
[   39.733576] CPU: 0 PID: 3087 Comm: syzkaller326690 Not tainted 4.15.0-rc2+ #208
[   39.734551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.735769] Call Trace:
[   39.736148]  dump_stack+0x194/0x257
[   39.736665]  ? arch_local_irq_restore+0x53/0x53
[   39.737294]  ? show_regs_print_info+0x65/0x65
[   39.737899]  ? entry_SYSCALL_64_fastpath+0x1f/0x96
[   39.738561]  ? sha3_update+0xdf/0x2e0
[   39.739076]  print_address_description+0x73/0x250
[   39.739739]  ? sha3_update+0xdf/0x2e0
[   39.740251]  kasan_report+0x25b/0x340
[   39.740765]  check_memory_region+0x137/0x190
[   39.741353]  memcpy+0x37/0x50
[   39.741777]  sha3_update+0xdf/0x2e0
[   39.742280]  crypto_shash_update+0xcb/0x220
[   39.742882]  hmac_update+0x7e/0xa0
[   39.743363]  crypto_shash_update+0xcb/0x220
[   39.743949]  __keyctl_dh_compute+0x16d8/0x1a00
[   39.744576]  ? dh_data_from_key+0x340/0x340
[   39.745162]  ? find_held_lock+0x39/0x1d0
[   39.745721]  ? __might_fault+0xe0/0x1d0
[   39.746260]  ? lock_release+0xda0/0xda0
[   39.746811]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   39.747607]  ? kasan_check_write+0x14/0x20
[   39.748191]  ? _copy_from_user+0x99/0x110
[   39.748750]  keyctl_dh_compute+0xac/0xf3
[   39.749295]  ? __keyctl_dh_compute+0x1a00/0x1a00
[   39.749939]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   39.750609]  SyS_keyctl+0x72/0x2c0
[   39.754119]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   39.758840] RIP: 0033:0x43fe89
[   39.761998] RSP: 002b:00007ffc460c3578 EFLAGS: 00000207 ORIG_RAX: 00000000000000fa
[   39.769672] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe89
[   39.776996] RDX: 00000000205cd000 RSI: 00000000204c8ff4 RDI: 0000000000000017
[   39.784235] RBP: 00000000006ca018 R08: 0000000020550000 R09: 0000000000000000
[   39.791482] R10: 0000000000000030 R11: 0000000000000207 R12: 00000000004017f0
[   39.798719] R13: 0000000000401880 R14: 0000000000000000 R15: 0000000000000000
[   39.805975] 
[   39.807572] Allocated by task 3087:
[   39.811167]  save_stack+0x43/0xd0
[   39.814585]  kasan_kmalloc+0xad/0xe0
[   39.818263]  __kmalloc+0x162/0x760
[   39.821768]  __keyctl_dh_compute+0x2a1/0x1a00
[   39.826228]  keyctl_dh_compute+0xac/0xf3
[   39.830253]  SyS_keyctl+0x72/0x2c0
[   39.833759]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   39.838476] 
[   39.840071] Freed by task 1627:
[   39.843315]  save_stack+0x43/0xd0
[   39.846732]  kasan_slab_free+0x71/0xc0
[   39.850585]  kfree+0xca/0x250
[   39.853656]  kernfs_fop_release+0x13f/0x180
[   39.857946]  __fput+0x333/0x7f0
[   39.861192]  ____fput+0x15/0x20
[   39.864437]  task_work_run+0x199/0x270
[   39.868292]  exit_to_usermode_loop+0x296/0x310
[   39.872843]  syscall_return_slowpath+0x490/0x550
[   39.877565]  entry_SYSCALL_64_fastpath+0x94/0x96
[   39.882282] 
[   39.883879] The buggy address belongs to the object at ffff8801cb8887c0
[   39.883879]  which belongs to the cache kmalloc-512 of size 512
[   39.896500] The buggy address is located 252 bytes inside of
[   39.896500]  512-byte region [ffff8801cb8887c0, ffff8801cb8889c0)
[   39.908339] The buggy address belongs to the page:
[   39.913234] page:00000000e263033c count:1 mapcount:0 mapping:00000000d07273f0 index:0x0
[   39.921343] flags: 0x2fffc0000000100(slab)
[   39.925555] raw: 02fffc0000000100 ffff8801cb888040 0000000000000000 0000000100000006
[   39.933402] raw: ffffea00072ee260 ffffea00072d1d60 ffff8801db000940 0000000000000000
[   39.941246] page dumped because: kasan: bad access detected
[   39.946921] 
[   39.948515] Memory state around the buggy address:
[   39.953410]  ffff8801cb888800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   39.960733]  ffff8801cb888880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   39.968055] >ffff8801cb888900: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   39.975378]                                               ^
[   39.981062]  ffff8801cb888980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.988385]  ffff8801cb888a00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   39.995707] ==================================================================
[   40.003030] Disabling lock debugging due to kernel taint
[   40.008623] Kernel panic - not syncing: panic_on_warn set ...
[   40.008623] 
[   40.015958] CPU: 0 PID: 3087 Comm: syzkaller326690 Tainted: G    B            4.15.0-rc2+ #208
[   40.024670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.033990] Call Trace:
[   40.036550]  dump_stack+0x194/0x257
[   40.040144]  ? arch_local_irq_restore+0x53/0x53
[   40.044783]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.049517]  ? vsnprintf+0x1ed/0x1900
[   40.053301]  ? sha3_update+0x20/0x2e0
[   40.057070]  panic+0x1e4/0x41c
[   40.060230]  ? refcount_error_report+0x214/0x214
[   40.064953]  ? add_taint+0x1c/0x50
[   40.068460]  ? add_taint+0x1c/0x50
[   40.071966]  ? sha3_update+0xdf/0x2e0
[   40.075733]  kasan_end_report+0x50/0x50
[   40.079671]  kasan_report+0x144/0x340
[   40.083439]  check_memory_region+0x137/0x190
[   40.087814]  memcpy+0x37/0x50
[   40.090894]  sha3_update+0xdf/0x2e0
[   40.094504]  crypto_shash_update+0xcb/0x220
[   40.098793]  hmac_update+0x7e/0xa0
[   40.102302]  crypto_shash_update+0xcb/0x220
[   40.106596]  __keyctl_dh_compute+0x16d8/0x1a00
[   40.111151]  ? dh_data_from_key+0x340/0x340
[   40.115452]  ? find_held_lock+0x39/0x1d0
[   40.119487]  ? __might_fault+0xe0/0x1d0
[   40.123429]  ? lock_release+0xda0/0xda0
[   40.127369]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   40.133229]  ? kasan_check_write+0x14/0x20
[   40.137436]  ? _copy_from_user+0x99/0x110
[   40.141550]  keyctl_dh_compute+0xac/0xf3
[   40.145575]  ? __keyctl_dh_compute+0x1a00/0x1a00
[   40.150299]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.155284]  SyS_keyctl+0x72/0x2c0
[   40.158792]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.163510] RIP: 0033:0x43fe89
[   40.166665] RSP: 002b:00007ffc460c3578 EFLAGS: 00000207 ORIG_RAX: 00000000000000fa
[   40.174339] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe89
[   40.181573] RDX: 00000000205cd000 RSI: 00000000204c8ff4 RDI: 0000000000000017
[   40.188814] RBP: 00000000006ca018 R08: 0000000020550000 R09: 0000000000000000
[   40.196050] R10: 0000000000000030 R11: 0000000000000207 R12: 00000000004017f0
[   40.203285] R13: 0000000000401880 R14: 0000000000000000 R15: 0000000000000000
[   40.210569] Dumping ftrace buffer:
[   40.214074]    (ftrace buffer empty)
[   40.217750] Kernel Offset: disabled
[   40.221345] Rebooting in 86400 seconds..