INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-2,10.128.0.63' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz7.accept_dad = 0
net.ipv6.conf.syz5.accept_dad = 0
net.ipv6.conf.syz1.accept_dad = 0
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz4.accept_dad = 0
net.ipv6.conf.syz6.accept_dad = 0
net.ipv6.conf.syz3.accept_dad = 0
net.ipv6.conf.syz2.accept_dad = 0
net.ipv6.conf.syz7.router_solicitations = 0
net.ipv6.conf.syz5.router_solicitations = 0
net.ipv6.conf.syz4.router_solicitations = 0
net.ipv6.conf.syz1.router_solicitations = 0
net.ipv6.conf.syz0.router_solicitations = 0
net.ipv6.conf.syz6.router_solicitations = 0
net.ipv6.conf.syz2.router_solicitations = 0
net.ipv6.conf.syz3.router_solicitations = 0
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   27.467243] ==================================================================
[   27.468382] BUG: KASAN: use-after-free in aead_recvmsg+0x1552/0x1970
[   27.469236] Read of size 4 at addr ffff8801c7194e5c by task syzkaller438416/3340
[   27.470267] 
[   27.470499] CPU: 0 PID: 3340 Comm: syzkaller438416 Not tainted 4.14.0-next-20171124+ #51
[   27.471574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.472793] Call Trace:
[   27.473152]  dump_stack+0x194/0x257
[   27.473643]  ? arch_local_irq_restore+0x53/0x53
[   27.474267]  ? show_regs_print_info+0x65/0x65
[   27.474870]  ? af_alg_make_sg+0x510/0x510
[   27.475426]  ? aead_recvmsg+0x1552/0x1970
[   27.475983]  print_address_description+0x73/0x250
[   27.476627]  ? aead_recvmsg+0x1552/0x1970
[   27.477184]  kasan_report+0x25b/0x340
[   27.477698]  __asan_report_load4_noabort+0x14/0x20
[   27.478352]  aead_recvmsg+0x1552/0x1970
[   27.478902]  ? aead_sendpage_nokey+0xa0/0xa0
[   27.479495]  ? selinux_socket_recvmsg+0x36/0x40
[   27.480153]  ? security_socket_recvmsg+0x91/0xc0
[   27.480789]  ? aead_sendpage_nokey+0xa0/0xa0
[   27.481378]  sock_recvmsg+0xc9/0x110
[   27.481879]  ? __sock_recv_wifi_status+0x210/0x210
[   27.482537]  ___sys_recvmsg+0x29b/0x630
[   27.483078]  ? ___sys_sendmsg+0x8a0/0x8a0
[   27.483688]  ? fget_raw+0x20/0x20
[   27.484177]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   27.484787]  ? vmacache_find+0x5f/0x280
[   27.485320]  ? vmacache_update+0xfe/0x130
[   27.485881]  ? up_read+0x1a/0x40
[   27.486340]  ? __do_page_fault+0x3d6/0xc90
[   27.486934]  ? __fdget+0x18/0x20
[   27.487395]  __sys_recvmsg+0xe2/0x210
[   27.491181]  ? __sys_recvmsg+0xe2/0x210
[   27.495135]  ? SyS_sendmmsg+0x60/0x60
[   27.498906]  ? __do_page_fault+0xc90/0xc90
[   27.503110]  ? _raw_spin_unlock_irq+0x56/0x70
[   27.507577]  ? lockdep_sys_exit+0x47/0xf0
[   27.511701]  ? trace_hardirqs_on_caller+0x421/0x5c0
executing program
[   27.516689]  SyS_recvmsg+0x2d/0x50
[   27.520199]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   27.524923] RIP: 0033:0x44a6f9
[   27.528081] RSP: 002b:00007fe979ff6dc8 EFLAGS: 00000202 ORIG_RAX: 000000000000002f
[   27.535766] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000044a6f9
[   27.543002] RDX: 0000000000000040 RSI: 00000000207e0000 RDI: 0000000000000006
[   27.550238] RBP: 0000000000000086 R08: 00007fe979ff7700 R09: 00007fe979ff7700
[   27.557473] R10: 00007fe979ff7700 R11: 0000000000000202 R12: 0000000000000000
executing program
[   27.564708] R13: 00007ffedba0d74f R14: 00007fe979ff79c0 R15: 0000000000000000
[   27.571963] 
[   27.573556] Allocated by task 3242:
[   27.577150]  save_stack+0x43/0xd0
[   27.580568]  kasan_kmalloc+0xad/0xe0
[   27.584245]  __kmalloc+0x162/0x760
[   27.587750]  crypto_create_tfm+0x82/0x2e0
[   27.591863]  crypto_alloc_tfm+0x10e/0x2f0
[   27.595977]  crypto_alloc_skcipher+0x2c/0x40
[   27.600397]  crypto_get_default_null_skcipher+0x5f/0x80
[   27.605737]  aead_bind+0x89/0x140
[   27.609154]  alg_bind+0x1ab/0x440
[   27.612572]  SYSC_bind+0x1b4/0x3f0
executing program
[   27.616076]  SyS_bind+0x24/0x30
[   27.619322]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   27.624039] 
[   27.625634] Freed by task 3261:
[   27.628881]  save_stack+0x43/0xd0
[   27.632299]  kasan_slab_free+0x71/0xc0
[   27.636152]  kfree+0xca/0x250
[   27.639225]  kzfree+0x28/0x30
[   27.642297]  crypto_destroy_tfm+0x140/0x2e0
[   27.646585]  crypto_put_default_null_skcipher+0x35/0x60
[   27.651914]  aead_sock_destruct+0x13c/0x220
[   27.656202]  __sk_destruct+0xfd/0x910
[   27.659971]  sk_destruct+0x47/0x80
[   27.663482]  __sk_free+0x57/0x230
executing program
[   27.667553]  sk_free+0x2a/0x40
[   27.670711]  af_alg_release+0x5d/0x70
[   27.674485]  sock_release+0x8d/0x1e0
[   27.678163]  sock_close+0x16/0x20
[   27.681580]  __fput+0x333/0x7f0
[   27.684824]  ____fput+0x15/0x20
[   27.688068]  task_work_run+0x199/0x270
[   27.691921]  do_exit+0x9bb/0x1ae0
[   27.695337]  do_group_exit+0x149/0x400
[   27.699188]  SyS_exit_group+0x1d/0x20
[   27.702956]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   27.707682] 
[   27.709279] The buggy address belongs to the object at ffff8801c7194e40
[   27.709279]  which belongs to the cache kmalloc-128 of size 128
[   27.721902] The buggy address is located 28 bytes inside of
[   27.721902]  128-byte region [ffff8801c7194e40, ffff8801c7194ec0)
[   27.733653] The buggy address belongs to the page:
[   27.738556] page:ffffea00071c6500 count:1 mapcount:0 mapping:ffff8801c7194000 index:0x0
[   27.746667] flags: 0x2fffc0000000100(slab)
[   27.750879] raw: 02fffc0000000100 ffff8801c7194000 0000000000000000 0000000100000015
[   27.758735] raw: ffffea00071b63a0 ffffea00071a8d60 ffff8801db000640 0000000000000000
executing program
[   27.766668] page dumped because: kasan: bad access detected
[   27.772342] 
[   27.773936] Memory state around the buggy address:
[   27.778833]  ffff8801c7194d00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   27.786159]  ffff8801c7194d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.793484] >ffff8801c7194e00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   27.800818]                                                     ^
[   27.807013]  ffff8801c7194e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
executing program
executing program
executing program
executing program
[   27.814336]  ffff8801c7194f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.821656] ==================================================================
[   27.828981] Disabling lock debugging due to kernel taint
[   27.834556] Kernel panic - not syncing: panic_on_warn set ...
[   27.834556] 
[   27.841889] CPU: 0 PID: 3340 Comm: syzkaller438416 Tainted: G    B            4.14.0-next-20171124+ #51
[   27.851382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.860706] Call Trace:
[   27.861511] BUG: unable to handle kernel NULL pointer dereference at           (null)
[   27.861517] IP:           (null)
[   27.861519] PGD 1c6593067 P4D 1c6593067 PUD 1c648b067 PMD 0 
[   27.861528] Oops: 0010 [#1] SMP KASAN
[   27.861532] Dumping ftrace buffer:
[   27.861535]    (ftrace buffer empty)
[   27.861536] Modules linked in:
[   27.861542] CPU: 1 PID: 3434 Comm: syzkaller438416 Tainted: G    B            4.14.0-next-20171124+ #51
[   27.861544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.861546] task: ffff8801c85c81c0 task.stack: ffff8801c6ea0000
[   27.861548] RIP: 0010:          (null)
[   27.861550] RSP: 0018:ffff8801c6ea7960 EFLAGS: 00010292
[   27.861554] RAX: ffff8801c7194e40 RBX: 1ffff10038dd4f2d RCX: ffffffff823adf39
[   27.861556] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8801c6ea7968
[   27.861558] RBP: ffff8801c6ea7b00 R08: 0000000000000000 R09: ffff8801cc3cd210
[   27.861560] R10: 0000000000000008 R11: ffffed0039879a49 R12: dffffc0000000000
[   27.861562] R13: ffff8801c7194e68 R14: ffff8801c66ad500 R15: ffff8801cc3cd200
[   27.861566] FS:  00007fe979ff7700(0000) GS:ffff8801db500000(0000) knlGS:0000000000000000
[   27.861568] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.861571] CR2: 0000000000000000 CR3: 00000001c6592000 CR4: 00000000001406e0
[   27.861575] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   27.861577] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   27.861578] Call Trace:
[   27.861587]  ? aead_recvmsg+0xc96/0x1970
[   27.861594]  ? aead_recvmsg+0xb38/0x1970
[   27.861607]  ? aead_sendpage_nokey+0xa0/0xa0
[   27.861614]  ? selinux_socket_recvmsg+0x36/0x40
[   27.861619]  ? security_socket_recvmsg+0x91/0xc0
[   27.861625]  ? aead_sendpage_nokey+0xa0/0xa0
[   27.861630]  sock_recvmsg+0xc9/0x110
[   27.861633]  ? __sock_recv_wifi_status+0x210/0x210
[   27.861638]  ___sys_recvmsg+0x29b/0x630
[   27.861646]  ? ___sys_sendmsg+0x8a0/0x8a0
[   27.861655]  ? mem_cgroup_from_task+0x14/0x1e0
[   27.861665]  ? fget_raw+0x20/0x20
[   27.861671]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   27.861675]  ? vmacache_find+0x5f/0x280
[   27.861679]  ? vmacache_update+0xfe/0x130
[   27.861687]  ? up_read+0x1a/0x40
[   27.861696]  ? __do_page_fault+0x3d6/0xc90
[   27.861699]  ? lock_downgrade+0x980/0x980
[   27.861707]  ? __fdget+0x18/0x20
[   27.861714]  __sys_recvmsg+0xe2/0x210
[   27.861717]  ? __sys_recvmsg+0xe2/0x210
[   27.861721]  ? SyS_sendmmsg+0x60/0x60
[   27.861727]  ? __do_page_fault+0xc90/0xc90
[   27.861732]  ? trace_hardirqs_on+0xd/0x10
[   27.861736]  ? lockdep_sys_exit+0x47/0xf0
[   27.861747]  ? perf_trace_sys_enter+0xcb0/0xcb0
[   27.861753]  SyS_recvmsg+0x2d/0x50
[   27.861760]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   27.861763] RIP: 0033:0x44a6f9
[   27.861765] RSP: 002b:00007fe979ff6dc8 EFLAGS: 00000202 ORIG_RAX: 000000000000002f
[   27.861769] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000044a6f9
[   27.861771] RDX: 0000000000000040 RSI: 00000000207e0000 RDI: 0000000000000006
[   27.861773] RBP: 0000000000000000 R08: 00007fe979ff7700 R09: 00007fe979ff7700
[   27.861775] R10: 00007fe979ff7700 R11: 0000000000000202 R12: 0000000000000000
[   27.861777] R13: 00007ffedba0d74f R14: 00007fe979ff79c0 R15: 0000000000000000
[   27.861786] Code:  Bad RIP value.
[   27.861793] RIP:           (null) RSP: ffff8801c6ea7960
[   27.861794] CR2: 0000000000000000
[   27.861804] ---[ end trace 18f888e09dee0b28 ]---
[   28.182159]  dump_stack+0x194/0x257
[   28.186534]  ? arch_local_irq_restore+0x53/0x53
[   28.191257]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.195978]  ? vsnprintf+0x1ed/0x1900
[   28.199742]  ? aead_recvmsg+0x1500/0x1970
[   28.203854]  panic+0x1e4/0x41c
[   28.207013]  ? refcount_error_report+0x214/0x214
[   28.211734]  ? add_taint+0x1c/0x50
[   28.215239]  ? add_taint+0x1c/0x50
[   28.218746]  ? aead_recvmsg+0x1552/0x1970
[   28.222858]  kasan_end_report+0x50/0x50
[   28.226798]  kasan_report+0x144/0x340
[   28.230564]  __asan_report_load4_noabort+0x14/0x20
[   28.235465]  aead_recvmsg+0x1552/0x1970
[   28.239411]  ? aead_sendpage_nokey+0xa0/0xa0
[   28.243784]  ? selinux_socket_recvmsg+0x36/0x40
[   28.248415]  ? security_socket_recvmsg+0x91/0xc0
[   28.253134]  ? aead_sendpage_nokey+0xa0/0xa0
[   28.257504]  sock_recvmsg+0xc9/0x110
[   28.261181]  ? __sock_recv_wifi_status+0x210/0x210
[   28.266072]  ___sys_recvmsg+0x29b/0x630
[   28.270013]  ? ___sys_sendmsg+0x8a0/0x8a0
[   28.274132]  ? fget_raw+0x20/0x20
[   28.277550]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   28.282097]  ? vmacache_find+0x5f/0x280
[   28.286033]  ? vmacache_update+0xfe/0x130
[   28.290146]  ? up_read+0x1a/0x40
[   28.293476]  ? __do_page_fault+0x3d6/0xc90
[   28.297678]  ? __fdget+0x18/0x20
[   28.301009]  __sys_recvmsg+0xe2/0x210
[   28.304772]  ? __sys_recvmsg+0xe2/0x210
[   28.308710]  ? SyS_sendmmsg+0x60/0x60
[   28.312478]  ? __do_page_fault+0xc90/0xc90
[   28.316678]  ? _raw_spin_unlock_irq+0x56/0x70
[   28.321138]  ? lockdep_sys_exit+0x47/0xf0
[   28.325253]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.330235]  SyS_recvmsg+0x2d/0x50
[   28.333750]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   28.338470] RIP: 0033:0x44a6f9
[   28.341624] RSP: 002b:00007fe979ff6dc8 EFLAGS: 00000202 ORIG_RAX: 000000000000002f
[   28.349293] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000044a6f9
[   28.356526] RDX: 0000000000000040 RSI: 00000000207e0000 RDI: 0000000000000006
[   28.363823] RBP: 0000000000000086 R08: 00007fe979ff7700 R09: 00007fe979ff7700
[   28.371059] R10: 00007fe979ff7700 R11: 0000000000000202 R12: 0000000000000000
[   28.378303] R13: 00007ffedba0d74f R14: 00007fe979ff79c0 R15: 0000000000000000
[   29.436564] Shutting down cpus with NMI
[   29.440970] Dumping ftrace buffer:
[   29.444476]    (ftrace buffer empty)
[   29.448151] Kernel Offset: disabled
[   29.451747] Rebooting in 86400 seconds..