INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-9,10.128.15.223' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   41.871547] ==================================================================
[   41.872691] BUG: KASAN: use-after-free in aead_recvmsg+0x1758/0x1bc0
[   41.873558] Read of size 4 at addr ffff8801cbf8801c by task syzkaller725317/3086
[   41.874574] 
[   41.874808] CPU: 0 PID: 3086 Comm: syzkaller725317 Not tainted 4.15.0-rc2+ #209
[   41.875784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.877062] Call Trace:
[   41.877423]  dump_stack+0x194/0x257
[   41.877915]  ? arch_local_irq_restore+0x53/0x53
[   41.878555]  ? show_regs_print_info+0x18/0x18
[   41.879160]  ? af_alg_make_sg+0x510/0x510
[   41.879716]  ? aead_recvmsg+0x1758/0x1bc0
[   41.880274]  print_address_description+0x73/0x250
[   41.880936]  ? aead_recvmsg+0x1758/0x1bc0
[   41.881494]  kasan_report+0x25b/0x340
[   41.882011]  __asan_report_load4_noabort+0x14/0x20
[   41.882685]  aead_recvmsg+0x1758/0x1bc0
[   41.883239]  ? aead_release+0x50/0x50
[   41.883772]  ? selinux_socket_recvmsg+0x36/0x40
[   41.884430]  ? security_socket_recvmsg+0x91/0xc0
[   41.885078]  ? aead_release+0x50/0x50
[   41.885593]  sock_recvmsg+0xc9/0x110
[   41.886133]  sock_read_iter+0x361/0x560
[   41.886704]  ? sock_recvmsg+0x110/0x110
[   41.887261]  do_iter_readv_writev+0x607/0x7f0
[   41.887878]  ? vfs_dedupe_file_range+0x900/0x900
[   41.888520]  ? rw_verify_area+0xe5/0x2b0
[   41.889069]  do_iter_read+0x220/0x5b0
[   41.889612]  ? dup_iter+0x260/0x260
[   41.890149]  vfs_readv+0x121/0x1c0
[   41.890640]  ? __fget_light+0x29d/0x390
[   41.891216]  ? compat_rw_copy_check_uvector+0x2e0/0x2e0
[   41.893486]  ? up_read+0x1a/0x40
[   41.896825]  ? __do_page_fault+0x3d6/0xc90
[   41.901030]  ? task_work_run+0x1f4/0x270
[   41.905067]  ? mm_fault_error+0x2c0/0x2c0
[   41.909197]  ? __fdget+0x18/0x20
[   41.912554]  ? __fdget_pos+0x136/0x1a0
[   41.916412]  ? __fdget_raw+0x20/0x20
[   41.920097]  ? __do_page_fault+0xc90/0xc90
[   41.924303]  do_readv+0xfc/0x2a0
[   41.927639]  ? do_readv+0xfc/0x2a0
[   41.931151]  ? vfs_readv+0x1c0/0x1c0
[   41.934833]  ? entry_SYSCALL_64_fastpath+0x5/0x96
[   41.939660]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   41.944649]  SyS_readv+0x27/0x30
[   41.947983]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   41.952706] RIP: 0033:0x43fed9
[   41.955863] RSP: 002b:00007ffc9af48ad8 EFLAGS: 00000217 ORIG_RAX: 0000000000000013
[   41.963539] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fed9
[   41.970778] RDX: 0000000000000001 RSI: 0000000020f40fe0 RDI: 0000000000000004
[   41.978102] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   41.985341] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401840
[   41.992582] R13: 00000000004018d0 R14: 0000000000000000 R15: 0000000000000000
[   41.999849] 
[   42.001450] Allocated by task 3086:
[   42.005047]  save_stack+0x43/0xd0
[   42.008473]  kasan_kmalloc+0xad/0xe0
[   42.012159]  __kmalloc+0x162/0x760
[   42.015667]  crypto_create_tfm+0x82/0x2e0
[   42.019782]  crypto_alloc_tfm+0x10e/0x2f0
[   42.023896]  crypto_alloc_skcipher+0x2c/0x40
[   42.028276]  crypto_get_default_null_skcipher+0x5f/0x80
[   42.033608]  aead_bind+0x89/0x140
[   42.037026]  alg_bind+0x1ab/0x440
[   42.040454]  SYSC_bind+0x1b4/0x3f0
[   42.043962]  SyS_bind+0x24/0x30
[   42.047207]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   42.051925] 
[   42.053519] Freed by task 3086:
[   42.056767]  save_stack+0x43/0xd0
[   42.060186]  kasan_slab_free+0x71/0xc0
[   42.064039]  kfree+0xca/0x250
[   42.067112]  kzfree+0x28/0x30
[   42.070185]  crypto_destroy_tfm+0x140/0x2e0
[   42.074473]  crypto_put_default_null_skcipher+0x35/0x60
[   42.079802]  aead_sock_destruct+0x13c/0x220
[   42.084091]  __sk_destruct+0xfd/0x910
[   42.087857]  sk_destruct+0x47/0x80
[   42.091362]  __sk_free+0x57/0x230
[   42.094781]  sk_free+0x2a/0x40
[   42.097939]  af_alg_release+0x5d/0x70
[   42.101707]  sock_release+0x8d/0x1e0
[   42.105396]  sock_close+0x16/0x20
[   42.108817]  __fput+0x333/0x7f0
[   42.112060]  ____fput+0x15/0x20
[   42.115308]  task_work_run+0x199/0x270
[   42.119170]  exit_to_usermode_loop+0x296/0x310
[   42.123716]  syscall_return_slowpath+0x490/0x550
[   42.128442]  entry_SYSCALL_64_fastpath+0x94/0x96
[   42.133164] 
[   42.134763] The buggy address belongs to the object at ffff8801cbf88000
[   42.134763]  which belongs to the cache kmalloc-128 of size 128
[   42.147386] The buggy address is located 28 bytes inside of
[   42.147386]  128-byte region [ffff8801cbf88000, ffff8801cbf88080)
[   42.159137] The buggy address belongs to the page:
[   42.164037] page:00000000ab40d262 count:1 mapcount:0 mapping:00000000c631902c index:0x0
[   42.172144] flags: 0x2fffc0000000100(slab)
[   42.176349] raw: 02fffc0000000100 ffff8801cbf88000 0000000000000000 0000000100000015
[   42.184195] raw: ffffea00072f4ae0 ffffea0007319fe0 ffff8801db000640 0000000000000000
[   42.192047] page dumped because: kasan: bad access detected
[   42.197721] 
[   42.199312] Memory state around the buggy address:
[   42.204204]  ffff8801cbf87f00: fb fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb
[   42.211528]  ffff8801cbf87f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   42.218850] >ffff8801cbf88000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   42.226172]                             ^
[   42.230282]  ffff8801cbf88080: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   42.237604]  ffff8801cbf88100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   42.244924] ==================================================================
[   42.252261] Disabling lock debugging due to kernel taint
[   42.257898] Kernel panic - not syncing: panic_on_warn set ...
[   42.257898] 
[   42.265237] CPU: 0 PID: 3086 Comm: syzkaller725317 Tainted: G    B            4.15.0-rc2+ #209
[   42.273951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.283272] Call Trace:
[   42.285834]  dump_stack+0x194/0x257
[   42.289433]  ? arch_local_irq_restore+0x53/0x53
[   42.294075]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   42.298798]  ? vsnprintf+0x1ed/0x1900
[   42.302567]  ? aead_recvmsg+0x1720/0x1bc0
[   42.306684]  panic+0x1e4/0x41c
[   42.309843]  ? refcount_error_report+0x214/0x214
[   42.314567]  ? add_taint+0x1c/0x50
[   42.318071]  ? add_taint+0x1c/0x50
[   42.321578]  ? aead_recvmsg+0x1758/0x1bc0
[   42.325697]  kasan_end_report+0x50/0x50
[   42.329637]  kasan_report+0x144/0x340
[   42.333414]  __asan_report_load4_noabort+0x14/0x20
[   42.338306]  aead_recvmsg+0x1758/0x1bc0
[   42.342254]  ? aead_release+0x50/0x50
[   42.346023]  ? selinux_socket_recvmsg+0x36/0x40
[   42.350660]  ? security_socket_recvmsg+0x91/0xc0
[   42.355381]  ? aead_release+0x50/0x50
[   42.359152]  sock_recvmsg+0xc9/0x110
[   42.362834]  sock_read_iter+0x361/0x560
[   42.366774]  ? sock_recvmsg+0x110/0x110
[   42.370724]  do_iter_readv_writev+0x607/0x7f0
[   42.375188]  ? vfs_dedupe_file_range+0x900/0x900
[   42.379913]  ? rw_verify_area+0xe5/0x2b0
[   42.383943]  do_iter_read+0x220/0x5b0
[   42.387711]  ? dup_iter+0x260/0x260
[   42.391307]  vfs_readv+0x121/0x1c0
[   42.394812]  ? __fget_light+0x29d/0x390
[   42.398752]  ? compat_rw_copy_check_uvector+0x2e0/0x2e0
[   42.404081]  ? up_read+0x1a/0x40
[   42.407419]  ? __do_page_fault+0x3d6/0xc90
[   42.411621]  ? task_work_run+0x1f4/0x270
[   42.415650]  ? mm_fault_error+0x2c0/0x2c0
[   42.419760]  ? __fdget+0x18/0x20
[   42.423094]  ? __fdget_pos+0x136/0x1a0
[   42.426946]  ? __fdget_raw+0x20/0x20
[   42.430635]  ? __do_page_fault+0xc90/0xc90
[   42.434837]  do_readv+0xfc/0x2a0
[   42.438166]  ? do_readv+0xfc/0x2a0
[   42.441673]  ? vfs_readv+0x1c0/0x1c0
[   42.445353]  ? entry_SYSCALL_64_fastpath+0x5/0x96
[   42.450162]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   42.455145]  SyS_readv+0x27/0x30
[   42.458488]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   42.463217] RIP: 0033:0x43fed9
[   42.466374] RSP: 002b:00007ffc9af48ad8 EFLAGS: 00000217 ORIG_RAX: 0000000000000013
[   42.474046] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fed9
[   42.481282] RDX: 0000000000000001 RSI: 0000000020f40fe0 RDI: 0000000000000004
[   42.488517] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   42.495758] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401840
[   42.502991] R13: 00000000004018d0 R14: 0000000000000000 R15: 0000000000000000
[   42.510271] Dumping ftrace buffer:
[   42.513775]    (ftrace buffer empty)
[   42.517453] Kernel Offset: disabled
[   42.521049] Rebooting in 86400 seconds..