INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-net-kasan-gce-7,10.128.15.220' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz4.accept_dad = 0
net.ipv6.conf.syz5.accept_dad = 0
net.ipv6.conf.syz1.accept_dad = 0
net.ipv6.conf.syz3.accept_dad = 0
net.ipv6.conf.syz6.accept_dad = 0
net.ipv6.conf.syz2.accept_dad = 0
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz7.accept_dad = 0
net.ipv6.conf.syz4.router_solicitations = 0
net.ipv6.conf.syz2.router_solicitations = 0
net.ipv6.conf.syz5.router_solicitations = 0
net.ipv6.conf.syz1.router_solicitations = 0
net.ipv6.conf.syz3.router_solicitations = 0
net.ipv6.conf.syz7.router_solicitations = 0
net.ipv6.conf.syz0.router_solicitations = 0
net.ipv6.conf.syz6.router_solicitations = 0
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   31.468562] ==================================================================
[   31.469751] BUG: KASAN: use-after-free in aead_recvmsg+0x1758/0x1bc0
[   31.470757] Read of size 4 at addr ffff8801cb26985c by task syzkaller685376/3385
[   31.471784] 
[   31.472022] CPU: 1 PID: 3385 Comm: syzkaller685376 Not tainted 4.15.0-rc1+ #136
[   31.472995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.474275] Call Trace:
[   31.474660]  dump_stack+0x194/0x257
[   31.475153]  ? arch_local_irq_restore+0x53/0x53
[   31.475855]  ? show_regs_print_info+0x65/0x65
[   31.476491]  ? af_alg_make_sg+0x510/0x510
[   31.477049]  ? aead_recvmsg+0x1758/0x1bc0
[   31.477633]  print_address_description+0x73/0x250
[   31.478356]  ? aead_recvmsg+0x1758/0x1bc0
[   31.478947]  kasan_report+0x25b/0x340
[   31.479463]  __asan_report_load4_noabort+0x14/0x20
[   31.480162]  aead_recvmsg+0x1758/0x1bc0
[   31.480718]  ? aead_release+0x50/0x50
[   31.481234]  ? selinux_socket_recvmsg+0x36/0x40
[   31.481856]  ? security_socket_recvmsg+0x91/0xc0
[   31.482565]  ? aead_release+0x50/0x50
[   31.483132]  sock_recvmsg+0xc9/0x110
[   31.483658]  ? __sock_recv_wifi_status+0x210/0x210
[   31.484415]  ___sys_recvmsg+0x29b/0x630
[   31.484979]  ? ___sys_sendmsg+0x8a0/0x8a0
[   31.485563]  ? fget_raw+0x20/0x20
[   31.486076]  ? lock_release+0xda0/0xda0
[   31.486611]  ? lock_downgrade+0x980/0x980
[   31.487166]  ? do_raw_spin_trylock+0x190/0x190
[   31.487778]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   31.488465]  ? __fdget+0x18/0x20
[   31.490544]  __sys_recvmsg+0xe2/0x210
[   31.494312]  ? __sys_recvmsg+0xe2/0x210
[   31.498258]  ? SyS_sendmmsg+0x60/0x60
[   31.502032]  ? account_kernel_stack+0x155/0x1f0
[   31.506674]  ? lockdep_sys_exit+0x47/0xf0
[   31.510801]  ? trace_hardirqs_on_caller+0x421/0x5c0
executing program
executing program
[   31.515804]  SyS_recvmsg+0x2d/0x50
[   31.519316]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   31.524036] RIP: 0033:0x44b209
[   31.527191] RSP: 002b:00007eff68b5cdc8 EFLAGS: 00000202 ORIG_RAX: 000000000000002f
[   31.534871] RAX: ffffffffffffffda RBX: 00007eff68b5d700 RCX: 000000000044b209
[   31.542107] RDX: 0000000000000020 RSI: 00000000201f5000 RDI: 0000000000000007
[   31.549348] RBP: 00007ffe2405d400 R08: 00007eff68b5d700 R09: 00007eff68b5d700
[   31.556586] R10: 00007eff68b5d700 R11: 0000000000000202 R12: 0000000000000000
executing program
[   31.563833] R13: 00007ffe2405d3ff R14: 00007eff68b5d9c0 R15: 0000000000000000
[   31.571086] 
[   31.572695] Allocated by task 3263:
[   31.576290]  save_stack+0x43/0xd0
[   31.579708]  kasan_kmalloc+0xad/0xe0
[   31.583386]  __kmalloc+0x162/0x760
[   31.586894]  crypto_create_tfm+0x82/0x2e0
[   31.591010]  crypto_alloc_tfm+0x10e/0x2f0
[   31.595123]  crypto_alloc_skcipher+0x2c/0x40
[   31.599500]  crypto_get_default_null_skcipher+0x5f/0x80
[   31.604829]  aead_bind+0x89/0x140
[   31.608248]  alg_bind+0x1ab/0x440
[   31.611669]  SYSC_bind+0x1b4/0x3f0
[   31.615190]  SyS_bind+0x24/0x30
executing program
executing program
executing program
[   31.618438]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   31.623156] 
[   31.624753] Freed by task 3293:
[   31.627997]  save_stack+0x43/0xd0
[   31.631413]  kasan_slab_free+0x71/0xc0
[   31.635265]  kfree+0xca/0x250
[   31.638341]  kzfree+0x28/0x30
[   31.641413]  crypto_destroy_tfm+0x140/0x2e0
[   31.645703]  crypto_put_default_null_skcipher+0x35/0x60
[   31.651031]  aead_sock_destruct+0x13c/0x220
[   31.655321]  __sk_destruct+0xfd/0x910
[   31.659088]  sk_destruct+0x47/0x80
[   31.662604]  __sk_free+0x57/0x230
[   31.666021]  sk_free+0x2a/0x40
executing program
[   31.669180]  af_alg_release+0x5d/0x70
[   31.672946]  sock_release+0x8d/0x1e0
[   31.676633]  sock_close+0x16/0x20
[   31.680053]  __fput+0x333/0x7f0
[   31.683298]  ____fput+0x15/0x20
[   31.686555]  task_work_run+0x199/0x270
[   31.690409]  do_exit+0x9bb/0x1ae0
[   31.693832]  do_group_exit+0x149/0x400
[   31.697682]  SyS_exit_group+0x1d/0x20
[   31.701452]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   31.706171] 
[   31.707766] The buggy address belongs to the object at ffff8801cb269840
executing program
executing program
[   31.707766]  which belongs to the cache kmalloc-128 of size 128
[   31.720392] The buggy address is located 28 bytes inside of
[   31.720392]  128-byte region [ffff8801cb269840, ffff8801cb2698c0)
[   31.732147] The buggy address belongs to the page:
[   31.737041] page:000000009882f204 count:1 mapcount:0 mapping:00000000fb0a71b5 index:0x0
[   31.745151] flags: 0x2fffc0000000100(slab)
[   31.749351] raw: 02fffc0000000100 ffff8801cb269000 0000000000000000 0000000100000015
[   31.757201] raw: ffffea000720aa60 ffffea00071cf8e0 ffff8801db000640 0000000000000000
[   31.765052] page dumped because: kasan: bad access detected
[   31.770726] 
[   31.772316] Memory state around the buggy address:
[   31.777213]  ffff8801cb269700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   31.784546]  ffff8801cb269780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   31.791872] >ffff8801cb269800: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   31.799206]                                                     ^
[   31.805404]  ffff8801cb269880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   31.812733]  ffff8801cb269900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
executing program
[   31.820057] ==================================================================
[   31.827386] Disabling lock debugging due to kernel taint
[   31.833213] Kernel panic - not syncing: panic_on_warn set ...
[   31.833213] 
[   31.840553] CPU: 1 PID: 3385 Comm: syzkaller685376 Tainted: G    B            4.15.0-rc1+ #136
[   31.849265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.858586] Call Trace:
[   31.861145]  dump_stack+0x194/0x257
[   31.864747]  ? arch_local_irq_restore+0x53/0x53
[   31.869385]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.874105]  ? vsnprintf+0x1ed/0x1900
[   31.877871]  ? aead_recvmsg+0x1710/0x1bc0
[   31.881983]  panic+0x1e4/0x41c
[   31.885140]  ? refcount_error_report+0x214/0x214
[   31.889862]  ? add_taint+0x1c/0x50
[   31.893366]  ? add_taint+0x1c/0x50
[   31.896881]  ? aead_recvmsg+0x1758/0x1bc0
[   31.900995]  kasan_end_report+0x50/0x50
[   31.904935]  kasan_report+0x144/0x340
[   31.908701]  __asan_report_load4_noabort+0x14/0x20
[   31.913597]  aead_recvmsg+0x1758/0x1bc0
[   31.917547]  ? aead_release+0x50/0x50
[   31.921318]  ? selinux_socket_recvmsg+0x36/0x40
[   31.925951]  ? security_socket_recvmsg+0x91/0xc0
[   31.930682]  ? aead_release+0x50/0x50
[   31.934450]  sock_recvmsg+0xc9/0x110
[   31.938128]  ? __sock_recv_wifi_status+0x210/0x210
[   31.943023]  ___sys_recvmsg+0x29b/0x630
[   31.946966]  ? ___sys_sendmsg+0x8a0/0x8a0
[   31.951087]  ? fget_raw+0x20/0x20
[   31.954507]  ? lock_release+0xda0/0xda0
[   31.958447]  ? lock_downgrade+0x980/0x980
[   31.962559]  ? do_raw_spin_trylock+0x190/0x190
[   31.967119]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   31.972190]  ? __fdget+0x18/0x20
[   31.975528]  __sys_recvmsg+0xe2/0x210
[   31.979292]  ? __sys_recvmsg+0xe2/0x210
[   31.983230]  ? SyS_sendmmsg+0x60/0x60
[   31.987003]  ? account_kernel_stack+0x155/0x1f0
[   31.991641]  ? lockdep_sys_exit+0x47/0xf0
[   31.995762]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   32.000750]  SyS_recvmsg+0x2d/0x50
[   32.004257]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   32.008977] RIP: 0033:0x44b209
[   32.012132] RSP: 002b:00007eff68b5cdc8 EFLAGS: 00000202 ORIG_RAX: 000000000000002f
[   32.019807] RAX: ffffffffffffffda RBX: 00007eff68b5d700 RCX: 000000000044b209
[   32.027043] RDX: 0000000000000020 RSI: 00000000201f5000 RDI: 0000000000000007
[   32.034280] RBP: 00007ffe2405d400 R08: 00007eff68b5d700 R09: 00007eff68b5d700
[   32.041515] R10: 00007eff68b5d700 R11: 0000000000000202 R12: 0000000000000000
[   32.048750] R13: 00007ffe2405d3ff R14: 00007eff68b5d9c0 R15: 0000000000000000
[   32.056030] Dumping ftrace buffer:
[   32.059537]    (ftrace buffer empty)
[   32.063212] Kernel Offset: disabled
[   32.066811] Rebooting in 86400 seconds..