INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-9,10.128.15.211' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz3.accept_dad = 0
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz1.accept_dad = 0
net.ipv6.conf.syz7.accept_dad = 0
net.ipv6.conf.syz4.accept_dad = 0
net.ipv6.conf.syz6.accept_dad = 0
net.ipv6.conf.syz2.accept_dad = 0
net.ipv6.conf.syz5.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
net.ipv6.conf.syz6.router_solicitations = 0
net.ipv6.conf.syz3.router_solicitations = 0
net.ipv6.conf.syz4.router_solicitations = 0
net.ipv6.conf.syz1.router_solicitations = 0
net.ipv6.conf.syz2.router_solicitations = 0
net.ipv6.conf.syz7.router_solicitations = 0
net.ipv6.conf.syz5.router_solicitations = 0
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   26.958561] ==================================================================
[   26.959712] BUG: KASAN: use-after-free in aead_recvmsg+0x1552/0x1970
[   26.960568] Read of size 4 at addr ffff8801c72aacdc by task syzkaller568373/3336
[   26.961584] 
[   26.961819] CPU: 0 PID: 3336 Comm: syzkaller568373 Not tainted 4.14.0-next-20171124+ #51
[   26.962919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.964139] Call Trace:
[   26.964500]  dump_stack+0x194/0x257
[   26.964992]  ? arch_local_irq_restore+0x53/0x53
[   26.965614]  ? show_regs_print_info+0x65/0x65
[   26.966239]  ? af_alg_make_sg+0x510/0x510
[   26.966795]  ? aead_recvmsg+0x1552/0x1970
[   26.967351]  print_address_description+0x73/0x250
[   26.968011]  ? aead_recvmsg+0x1552/0x1970
[   26.968566]  kasan_report+0x25b/0x340
[   26.969083]  __asan_report_load4_noabort+0x14/0x20
[   26.969738]  aead_recvmsg+0x1552/0x1970
[   26.970290]  ? aead_sendpage_nokey+0xa0/0xa0
[   26.970883]  ? selinux_socket_recvmsg+0x36/0x40
[   26.971506]  ? security_socket_recvmsg+0x91/0xc0
[   26.972142]  ? aead_sendpage_nokey+0xa0/0xa0
[   26.972731]  sock_recvmsg+0xc9/0x110
[   26.973232]  ? __sock_recv_wifi_status+0x210/0x210
[   26.973889]  ___sys_recvmsg+0x29b/0x630
[   26.974432]  ? ___sys_sendmsg+0x8a0/0x8a0
[   26.975006]  ? fget_raw+0x20/0x20
[   26.975475]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   26.976096]  ? vmacache_find+0x5f/0x280
[   26.976648]  ? vmacache_update+0xfe/0x130
[   26.977210]  ? up_read+0x1a/0x40
[   26.977671]  ? __do_page_fault+0x3d6/0xc90
[   26.978238]  ? lock_downgrade+0x980/0x980
[   26.978800]  ? __fdget+0x18/0x20
[   26.982139]  __sys_recvmsg+0xe2/0x210
[   26.985906]  ? __sys_recvmsg+0xe2/0x210
[   26.989847]  ? SyS_sendmmsg+0x60/0x60
[   26.993618]  ? __do_page_fault+0xc90/0xc90
[   26.997818]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.002805]  ? lockdep_sys_exit+0x47/0xf0
executing program
executing program
[   27.006931]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.011923]  SyS_recvmsg+0x2d/0x50
[   27.015434]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   27.020158] RIP: 0033:0x44b1a9
[   27.023317] RSP: 002b:00007fa8251f3dc8 EFLAGS: 00000202 ORIG_RAX: 000000000000002f
[   27.030993] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000044b1a9
[   27.038231] RDX: 0000000000000040 RSI: 00000000207e0000 RDI: 0000000000000006
[   27.045465] RBP: 0000000000000086 R08: 00007fa8251f4700 R09: 00007fa8251f4700
executing program
executing program
[   27.052703] R10: 00007fa8251f4700 R11: 0000000000000202 R12: 0000000000000000
[   27.059939] R13: 00007ffec1c2285f R14: 00007fa8251f49c0 R15: 0000000000000000
[   27.067190] 
[   27.068785] Allocated by task 3244:
[   27.072378]  save_stack+0x43/0xd0
[   27.075799]  kasan_kmalloc+0xad/0xe0
[   27.079478]  __kmalloc+0x162/0x760
[   27.082982]  crypto_create_tfm+0x82/0x2e0
[   27.087096]  crypto_alloc_tfm+0x10e/0x2f0
[   27.091214]  crypto_alloc_skcipher+0x2c/0x40
[   27.095590]  crypto_get_default_null_skcipher+0x5f/0x80
[   27.100918]  aead_bind+0x89/0x140
[   27.104341]  alg_bind+0x1ab/0x440
executing program
executing program
[   27.107760]  SYSC_bind+0x1b4/0x3f0
[   27.111269]  SyS_bind+0x24/0x30
[   27.114515]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   27.119232] 
[   27.120827] Freed by task 3264:
[   27.124072]  save_stack+0x43/0xd0
[   27.127491]  kasan_slab_free+0x71/0xc0
[   27.131344]  kfree+0xca/0x250
[   27.134417]  kzfree+0x28/0x30
[   27.137489]  crypto_destroy_tfm+0x140/0x2e0
[   27.141776]  crypto_put_default_null_skcipher+0x35/0x60
[   27.147124]  aead_sock_destruct+0x13c/0x220
[   27.151428]  __sk_destruct+0xfd/0x910
[   27.155216]  sk_destruct+0x47/0x80
[   27.158722]  __sk_free+0x57/0x230
[   27.162187]  sk_free+0x2a/0x40
[   27.165364]  af_alg_release+0x5d/0x70
[   27.169132]  sock_release+0x8d/0x1e0
[   27.172815]  sock_close+0x16/0x20
[   27.176240]  __fput+0x333/0x7f0
[   27.179491]  ____fput+0x15/0x20
[   27.182739]  task_work_run+0x199/0x270
[   27.186595]  do_exit+0x9bb/0x1ae0
[   27.190011]  do_group_exit+0x149/0x400
[   27.193865]  SyS_exit_group+0x1d/0x20
[   27.197633]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   27.202352] 
executing program
[   27.203949] The buggy address belongs to the object at ffff8801c72aacc0
[   27.203949]  which belongs to the cache kmalloc-128 of size 128
[   27.216571] The buggy address is located 28 bytes inside of
[   27.216571]  128-byte region [ffff8801c72aacc0, ffff8801c72aad40)
[   27.228320] The buggy address belongs to the page:
[   27.233214] page:ffffea00071caa80 count:1 mapcount:0 mapping:ffff8801c72aa000 index:0x0
[   27.241324] flags: 0x2fffc0000000100(slab)
[   27.245524] raw: 02fffc0000000100 ffff8801c72aa000 0000000000000000 0000000100000015
executing program
[   27.253371] raw: ffffea00071b1c60 ffffea00071a8660 ffff8801db000640 0000000000000000
[   27.261213] page dumped because: kasan: bad access detected
[   27.266884] 
[   27.268475] Memory state around the buggy address:
[   27.273368]  ffff8801c72aab80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   27.280691]  ffff8801c72aac00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.288014] >ffff8801c72aac80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   27.295335]                                                     ^
[   27.301530]  ffff8801c72aad00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
executing program
executing program
executing program
executing program
[   27.308852]  ffff8801c72aad80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.316177] ==================================================================
[   27.323503] Disabling lock debugging due to kernel taint
[   27.329155] Kernel panic - not syncing: panic_on_warn set ...
[   27.329155] 
[   27.336491] CPU: 0 PID: 3336 Comm: syzkaller568373 Tainted: G    B            4.14.0-next-20171124+ #51
[   27.345984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.355303] Call Trace:
executing program
[   27.357858]  dump_stack+0x194/0x257
[   27.361454]  ? arch_local_irq_restore+0x53/0x53
[   27.366090]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.370816]  ? vsnprintf+0x1ed/0x1900
[   27.371307] BUG: unable to handle kernel NULL pointer dereference at           (null)
[   27.371313] IP:           (null)
[   27.371316] PGD 1c6a0e067 P4D 1c6a0e067 PUD 1c6919067 PMD 0 
[   27.371324] Oops: 0010 [#1] SMP KASAN
[   27.371329] Dumping ftrace buffer:
[   27.371332]    (ftrace buffer empty)
[   27.371333] Modules linked in:
[   27.371340] CPU: 1 PID: 3455 Comm: syzkaller568373 Tainted: G    B            4.14.0-next-20171124+ #51
[   27.371342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.371344] task: ffff8801cbffa000 task.stack: ffff8801c6678000
[   27.371347] RIP: 0010:          (null)
[   27.371348] RSP: 0018:ffff8801c667f960 EFLAGS: 00010292
[   27.371352] RAX: ffff8801c72aacc0 RBX: 1ffff10038ccff2d RCX: ffffffff823adf39
[   27.371354] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8801c667f968
[   27.371357] RBP: ffff8801c667fb00 R08: 0000000000000000 R09: ffff8801cc389b10
[   27.371359] R10: 0000000000000008 R11: ffffed0039871369 R12: dffffc0000000000
[   27.371361] R13: ffff8801c72aace8 R14: ffff8801c6760c00 R15: ffff8801cc389b00
[   27.371364] FS:  00007fa8251f4700(0000) GS:ffff8801db500000(0000) knlGS:0000000000000000
[   27.371366] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.371369] CR2: 0000000000000000 CR3: 00000001c6960000 CR4: 00000000001406e0
[   27.371374] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   27.371376] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   27.371377] Call Trace:
[   27.371385]  ? aead_recvmsg+0xc96/0x1970
[   27.371393]  ? aead_recvmsg+0xb38/0x1970
[   27.371406]  ? aead_sendpage_nokey+0xa0/0xa0
[   27.371414]  ? selinux_socket_recvmsg+0x36/0x40
[   27.371422]  ? security_socket_recvmsg+0x91/0xc0
[   27.371427]  ? aead_sendpage_nokey+0xa0/0xa0
[   27.371432]  sock_recvmsg+0xc9/0x110
[   27.371436]  ? __sock_recv_wifi_status+0x210/0x210
[   27.371442]  ___sys_recvmsg+0x29b/0x630
[   27.371450]  ? ___sys_sendmsg+0x8a0/0x8a0
[   27.371465]  ? fget_raw+0x20/0x20
[   27.371470]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   27.371475]  ? vmacache_find+0x5f/0x280
[   27.371478]  ? vmacache_update+0xfe/0x130
[   27.371499]  ? up_read+0x1a/0x40
[   27.371505]  ? __do_page_fault+0x3d6/0xc90
[   27.371509]  ? lock_downgrade+0x980/0x980
[   27.371516]  ? __fdget+0x18/0x20
[   27.371523]  __sys_recvmsg+0xe2/0x210
[   27.371526]  ? __sys_recvmsg+0xe2/0x210
[   27.371531]  ? SyS_sendmmsg+0x60/0x60
[   27.371536]  ? __do_page_fault+0xc90/0xc90
[   27.371541]  ? trace_hardirqs_on+0xd/0x10
[   27.371546]  ? lockdep_sys_exit+0x47/0xf0
[   27.371556]  ? perf_trace_sys_enter+0xcb0/0xcb0
[   27.371563]  SyS_recvmsg+0x2d/0x50
[   27.371570]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   27.371573] RIP: 0033:0x44b1a9
[   27.371575] RSP: 002b:00007fa8251f3dc8 EFLAGS: 00000202 ORIG_RAX: 000000000000002f
[   27.371579] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000044b1a9
[   27.371581] RDX: 0000000000000040 RSI: 00000000207e0000 RDI: 0000000000000006
[   27.371583] RBP: 0000000000000000 R08: 00007fa8251f4700 R09: 00007fa8251f4700
[   27.371585] R10: 00007fa8251f4700 R11: 0000000000000202 R12: 0000000000000000
[   27.371587] R13: 00007ffec1c2285f R14: 00007fa8251f49c0 R15: 0000000000000000
[   27.371596] Code:  Bad RIP value.
[   27.371603] RIP:           (null) RSP: ffff8801c667f960
[   27.371605] CR2: 0000000000000000
[   27.371620] ---[ end trace a854dc4da09988db ]---
[   27.688317]  ? aead_recvmsg+0x1500/0x1970
[   27.692431]  panic+0x1e4/0x41c
[   27.695589]  ? refcount_error_report+0x214/0x214
[   27.700310]  ? add_taint+0x1c/0x50
[   27.703812]  ? add_taint+0x1c/0x50
[   27.707317]  ? aead_recvmsg+0x1552/0x1970
[   27.711429]  kasan_end_report+0x50/0x50
[   27.715365]  kasan_report+0x144/0x340
[   27.719133]  __asan_report_load4_noabort+0x14/0x20
[   27.724024]  aead_recvmsg+0x1552/0x1970
[   27.727973]  ? aead_sendpage_nokey+0xa0/0xa0
[   27.732350]  ? selinux_socket_recvmsg+0x36/0x40
[   27.736984]  ? security_socket_recvmsg+0x91/0xc0
[   27.741704]  ? aead_sendpage_nokey+0xa0/0xa0
[   27.746077]  sock_recvmsg+0xc9/0x110
[   27.749755]  ? __sock_recv_wifi_status+0x210/0x210
[   27.754649]  ___sys_recvmsg+0x29b/0x630
[   27.758593]  ? ___sys_sendmsg+0x8a0/0x8a0
[   27.762712]  ? fget_raw+0x20/0x20
[   27.766131]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   27.770677]  ? vmacache_find+0x5f/0x280
[   27.774614]  ? vmacache_update+0xfe/0x130
[   27.778727]  ? up_read+0x1a/0x40
[   27.782060]  ? __do_page_fault+0x3d6/0xc90
[   27.786260]  ? lock_downgrade+0x980/0x980
[   27.790373]  ? __fdget+0x18/0x20
[   27.793706]  __sys_recvmsg+0xe2/0x210
[   27.797470]  ? __sys_recvmsg+0xe2/0x210
[   27.801409]  ? SyS_sendmmsg+0x60/0x60
[   27.805173]  ? __do_page_fault+0xc90/0xc90
[   27.809371]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.814353]  ? lockdep_sys_exit+0x47/0xf0
[   27.818470]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.823452]  SyS_recvmsg+0x2d/0x50
[   27.826958]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   27.831677] RIP: 0033:0x44b1a9
[   27.834840] RSP: 002b:00007fa8251f3dc8 EFLAGS: 00000202 ORIG_RAX: 000000000000002f
[   27.842512] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000044b1a9
[   27.849745] RDX: 0000000000000040 RSI: 00000000207e0000 RDI: 0000000000000006
[   27.856977] RBP: 0000000000000086 R08: 00007fa8251f4700 R09: 00007fa8251f4700
[   27.864213] R10: 00007fa8251f4700 R11: 0000000000000202 R12: 0000000000000000
[   27.871447] R13: 00007ffec1c2285f R14: 00007fa8251f49c0 R15: 0000000000000000
[   28.934799] Shutting down cpus with NMI
[   28.939208] Dumping ftrace buffer:
[   28.942717]    (ftrace buffer empty)
[   28.946391] Kernel Offset: disabled
[   28.949986] Rebooting in 86400 seconds..