================================================================== BUG: KASAN: stack-out-of-bounds in __le32_to_cpup include/uapi/linux/byteorder/little_endian.h:58 [inline] BUG: KASAN: stack-out-of-bounds in le32_to_cpuvp crypto/chacha20_generic.c:19 [inline] BUG: KASAN: stack-out-of-bounds in crypto_chacha20_init crypto/chacha20_generic.c:58 [inline] BUG: KASAN: stack-out-of-bounds in crypto_chacha20_crypt+0xb1a/0xc00 crypto/chacha20_generic.c:91 Read of size 4 at addr ffff8801d9cb7260 by task kworker/0:1/23 CPU: 0 PID: 23 Comm: kworker/0:1 Not tainted 4.15.0-rc4+ #230 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: crypto cryptd_queue_worker Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_address_description+0x73/0x250 mm/kasan/report.c:252 kasan_report_error mm/kasan/report.c:351 [inline] kasan_report+0x25b/0x340 mm/kasan/report.c:409 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:429 __le32_to_cpup include/uapi/linux/byteorder/little_endian.h:58 [inline] le32_to_cpuvp crypto/chacha20_generic.c:19 [inline] crypto_chacha20_init crypto/chacha20_generic.c:58 [inline] crypto_chacha20_crypt+0xb1a/0xc00 crypto/chacha20_generic.c:91 chacha20_simd+0xe4/0x410 arch/x86/crypto/chacha20_glue.c:78 crypto_skcipher_decrypt include/crypto/skcipher.h:463 [inline] cryptd_skcipher_decrypt+0x2ed/0x5c0 crypto/cryptd.c:523 cryptd_queue_worker+0xff/0x1b0 crypto/cryptd.c:190 process_one_work+0xbbf/0x1b10 kernel/workqueue.c:2112 worker_thread+0x223/0x1990 kernel/workqueue.c:2246 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 The buggy address belongs to the page: page:000000003c4c0371 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x2fffc0000000000() raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff raw: ffffea0007672de0 ffffea0007672de0 0000000000000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801d9cb7100: 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 ffff8801d9cb7180: 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 >ffff8801d9cb7200: f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00 ^ ffff8801d9cb7280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801d9cb7300: 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 f2 ================================================================== Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 23 Comm: kworker/0:1 Tainted: G B 4.15.0-rc4+ #230 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: crypto cryptd_queue_worker Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 panic+0x1e4/0x41c kernel/panic.c:183 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 kasan_end_report+0x50/0x50 mm/kasan/report.c:176 kasan_report_error mm/kasan/report.c:356 [inline] kasan_report+0x144/0x340 mm/kasan/report.c:409 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:429 __le32_to_cpup include/uapi/linux/byteorder/little_endian.h:58 [inline] le32_to_cpuvp crypto/chacha20_generic.c:19 [inline] crypto_chacha20_init crypto/chacha20_generic.c:58 [inline] crypto_chacha20_crypt+0xb1a/0xc00 crypto/chacha20_generic.c:91 chacha20_simd+0xe4/0x410 arch/x86/crypto/chacha20_glue.c:78 crypto_skcipher_decrypt include/crypto/skcipher.h:463 [inline] cryptd_skcipher_decrypt+0x2ed/0x5c0 crypto/cryptd.c:523 cryptd_queue_worker+0xff/0x1b0 crypto/cryptd.c:190 process_one_work+0xbbf/0x1b10 kernel/workqueue.c:2112 worker_thread+0x223/0x1990 kernel/workqueue.c:2246 kthread+0x33c/0x400 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 CPU: 1 PID: 15003 Comm: syz-executor4 Tainted: G B 4.15.0-rc4+ #230 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3368 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3542 kmem_cache_zalloc include/linux/slab.h:678 [inline] cred_alloc_blank+0x67/0x140 kernel/cred.c:211 keyctl_session_to_parent+0xa3/0xac0 security/keys/keyctl.c:1512 SYSC_keyctl security/keys/keyctl.c:1719 [inline] SyS_keyctl+0xe1/0x2c0 security/keys/keyctl.c:1637 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a09 RSP: 002b:00007efe47ed2c58 EFLAGS: 00000212 ORIG_RAX: 00000000000000fa RAX: ffffffffffffffda RBX: 00007efe47ed2aa0 RCX: 0000000000452a09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000012 RBP: 00007efe47ed2a90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb R13: 00007efe47ed2bc8 R14: 00000000004b75bb R15: 0000000000000000 Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: disabled Rebooting in 86400 seconds..