INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-8,10.128.0.2' (ECDSA) to the list of known hosts.
2017/11/28 07:31:47 parsed 1 programs
2017/11/28 07:31:47 executed programs: 0
2017/11/28 07:31:52 executed programs: 803
2017/11/28 07:31:57 executed programs: 1560
syzkaller login: [   37.069356] ==================================================================
[   37.070730] BUG: KASAN: use-after-free in aead_recvmsg+0x1758/0x1bc0
[   37.071810] Read of size 4 at addr ffff8801cd20f85c by task syz-executor5/7826
[   37.072827] 
[   37.073095] CPU: 0 PID: 7826 Comm: syz-executor5 Not tainted 4.15.0-rc1-mm1+ #27
[   37.074202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.075710] Call Trace:
[   37.076101]  dump_stack+0x194/0x257
[   37.077012]  ? arch_local_irq_restore+0x53/0x53
[   37.078128]  ? show_regs_print_info+0x65/0x65
[   37.079057]  ? af_alg_make_sg+0x510/0x510
[   37.079631]  ? aead_recvmsg+0x1758/0x1bc0
[   37.080222]  print_address_description+0x73/0x250
[   37.081058]  ? aead_recvmsg+0x1758/0x1bc0
[   37.081633]  kasan_report+0x25b/0x340
[   37.082181]  __asan_report_load4_noabort+0x14/0x20
[   37.082938]  aead_recvmsg+0x1758/0x1bc0
[   37.083533]  ? aead_release+0x50/0x50
[   37.084517]  ? selinux_socket_recvmsg+0x36/0x40
[   37.085326]  ? security_socket_recvmsg+0x91/0xc0
[   37.086062]  ? aead_release+0x50/0x50
[   37.086583]  sock_recvmsg+0xc9/0x110
[   37.087089]  ? __sock_recv_wifi_status+0x210/0x210
[   37.087837]  ___sys_recvmsg+0x29b/0x630
[   37.088429]  ? ___sys_sendmsg+0x8a0/0x8a0
[   37.088997]  ? get_unused_fd_flags+0x190/0x190
[   37.090448]  ? _raw_spin_unlock_bh+0x30/0x40
[   37.094851]  ? release_sock+0x1d4/0x2a0
[   37.098827]  ? fget_raw+0x20/0x20
[   37.102277]  ? af_alg_accept+0x302/0x670
[   37.106326]  ? selinux_socket_accept+0x55/0x200
[   37.110992]  ? fput+0xd2/0x140
[   37.114177]  ? SYSC_accept4+0x4f2/0x850
[   37.118145]  ? __fdget+0x18/0x20
[   37.121507]  __sys_recvmsg+0xe2/0x210
[   37.125295]  ? __sys_recvmsg+0xe2/0x210
[   37.129266]  ? SyS_sendmmsg+0x60/0x60
[   37.133050]  ? alg_setsockopt+0xef/0x350
[   37.137088]  ? SyS_futex+0x269/0x390
[   37.140771]  ? SyS_setsockopt+0x215/0x360
[   37.144905]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   37.149903]  SyS_recvmsg+0x2d/0x50
[   37.153419]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   37.158143] RIP: 0033:0x4529d9
[   37.161302] RSP: 002b:00007f46013f0c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002f
[   37.168980] RAX: ffffffffffffffda RBX: 00007f46013f1700 RCX: 00000000004529d9
[   37.176220] RDX: 0000000000000040 RSI: 00000000207e0000 RDI: 0000000000000003
[   37.183458] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   37.190697] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000
[   37.197936] R13: 00007fff98ee172f R14: 00007f46013f19c0 R15: 0000000000000000
[   37.205194] 
[   37.206794] Allocated by task 3234:
[   37.210392]  save_stack+0x43/0xd0
[   37.213815]  kasan_kmalloc+0xad/0xe0
[   37.217498]  __kmalloc+0x162/0x760
[   37.221005]  crypto_create_tfm+0x82/0x2e0
[   37.225124]  crypto_alloc_tfm+0x10e/0x2f0
[   37.229240]  crypto_alloc_skcipher+0x2c/0x40
[   37.233617]  crypto_get_default_null_skcipher+0x5f/0x80
[   37.238949]  aead_bind+0x89/0x140
[   37.242369]  alg_bind+0x1ab/0x440
[   37.245791]  SYSC_bind+0x1b4/0x3f0
[   37.249300]  SyS_bind+0x24/0x30
[   37.252545]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   37.257265] 
[   37.258862] Freed by task 7810:
[   37.262111]  save_stack+0x43/0xd0
[   37.265533]  kasan_slab_free+0x71/0xc0
[   37.269388]  kfree+0xca/0x250
[   37.272463]  kzfree+0x28/0x30
[   37.275536]  crypto_destroy_tfm+0x140/0x2e0
[   37.279825]  crypto_put_default_null_skcipher+0x35/0x60
[   37.285154]  aead_sock_destruct+0x13c/0x220
[   37.289445]  __sk_destruct+0xfd/0x910
[   37.293211]  sk_destruct+0x47/0x80
[   37.296718]  __sk_free+0x57/0x230
[   37.300137]  sk_free+0x2a/0x40
[   37.303297]  af_alg_release+0x5d/0x70
[   37.307064]  sock_release+0x8d/0x1e0
[   37.310745]  sock_close+0x16/0x20
[   37.314168]  __fput+0x333/0x7f0
[   37.317413]  ____fput+0x15/0x20
[   37.320663]  task_work_run+0x199/0x270
[   37.324518]  do_exit+0x9bb/0x1ae0
[   37.327940]  do_group_exit+0x149/0x400
[   37.331793]  SyS_exit_group+0x1d/0x20
[   37.335561]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   37.340281] 
[   37.341880] The buggy address belongs to the object at ffff8801cd20f840
[   37.341880]  which belongs to the cache kmalloc-128 of size 128
[   37.354502] The buggy address is located 28 bytes inside of
[   37.354502]  128-byte region [ffff8801cd20f840, ffff8801cd20f8c0)
[   37.366255] The buggy address belongs to the page:
[   37.371151] page:ffffea00073483c0 count:1 mapcount:0 mapping:ffff8801cd20f000 index:0x0
[   37.379262] flags: 0x2fffc0000000100(slab)
[   37.383467] raw: 02fffc0000000100 ffff8801cd20f000 0000000000000000 0000000100000015
[   37.391316] raw: ffffea00072ad2a0 ffffea00072b4e20 ffff8801db000640 0000000000000000
[   37.399162] page dumped because: kasan: bad access detected
[   37.404837] 
[   37.406434] Memory state around the buggy address:
[   37.411330]  ffff8801cd20f700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   37.418658]  ffff8801cd20f780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.426074] >ffff8801cd20f800: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   37.433400]                                                     ^
[   37.439597]  ffff8801cd20f880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   37.446923]  ffff8801cd20f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.454247] ==================================================================
[   37.461571] Disabling lock debugging due to kernel taint
[   37.467233] Kernel panic - not syncing: panic_on_warn set ...
[   37.467233] 
[   37.474598] CPU: 0 PID: 7826 Comm: syz-executor5 Tainted: G    B            4.15.0-rc1-mm1+ #27
[   37.483419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.492757] Call Trace:
[   37.495328]  dump_stack+0x194/0x257
[   37.498941]  ? arch_local_irq_restore+0x53/0x53
[   37.503594]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   37.508332]  ? vsnprintf+0x1ed/0x1900
[   37.512125]  ? aead_recvmsg+0x1750/0x1bc0
[   37.516274]  panic+0x1e4/0x41c
[   37.519455]  ? refcount_error_report+0x214/0x214
[   37.524214]  ? add_taint+0x1c/0x50
[   37.527745]  ? add_taint+0x1c/0x50
[   37.531275]  ? aead_recvmsg+0x1758/0x1bc0
[   37.535416]  kasan_end_report+0x50/0x50
[   37.539376]  kasan_report+0x144/0x340
[   37.543164]  __asan_report_load4_noabort+0x14/0x20
[   37.548065]  aead_recvmsg+0x1758/0x1bc0
[   37.552024]  ? aead_release+0x50/0x50
[   37.555809]  ? selinux_socket_recvmsg+0x36/0x40
[   37.560455]  ? security_socket_recvmsg+0x91/0xc0
[   37.565180]  ? aead_release+0x50/0x50
[   37.568949]  sock_recvmsg+0xc9/0x110
[   37.572630]  ? __sock_recv_wifi_status+0x210/0x210
[   37.577526]  ___sys_recvmsg+0x29b/0x630
[   37.581483]  ? ___sys_sendmsg+0x8a0/0x8a0
[   37.585599]  ? get_unused_fd_flags+0x190/0x190
[   37.590148]  ? _raw_spin_unlock_bh+0x30/0x40
[   37.594522]  ? release_sock+0x1d4/0x2a0
[   37.598467]  ? fget_raw+0x20/0x20
[   37.601890]  ? af_alg_accept+0x302/0x670
[   37.605918]  ? selinux_socket_accept+0x55/0x200
[   37.610558]  ? fput+0xd2/0x140
[   37.613716]  ? SYSC_accept4+0x4f2/0x850
[   37.617659]  ? __fdget+0x18/0x20
[   37.621000]  __sys_recvmsg+0xe2/0x210
[   37.624771]  ? __sys_recvmsg+0xe2/0x210
[   37.628712]  ? SyS_sendmmsg+0x60/0x60
[   37.632478]  ? alg_setsockopt+0xef/0x350
[   37.636510]  ? SyS_futex+0x269/0x390
[   37.640188]  ? SyS_setsockopt+0x215/0x360
[   37.644308]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   37.649291]  SyS_recvmsg+0x2d/0x50
[   37.652797]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   37.657517] RIP: 0033:0x4529d9
[   37.660672] RSP: 002b:00007f46013f0c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002f
[   37.668345] RAX: ffffffffffffffda RBX: 00007f46013f1700 RCX: 00000000004529d9
[   37.675579] RDX: 0000000000000040 RSI: 00000000207e0000 RDI: 0000000000000003
[   37.682814] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   37.690050] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000
[   37.697286] R13: 00007fff98ee172f R14: 00007f46013f19c0 R15: 0000000000000000
[   37.704961] Dumping ftrace buffer:
[   37.708474]    (ftrace buffer empty)
[   37.712151] Kernel Offset: disabled
[   37.715744] Rebooting in 86400 seconds..