INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. 2018/04/12 00:05:47 fuzzer started 2018/04/12 00:05:48 dialing manager at 10.128.0.26:41677 2018/04/12 00:05:54 kcov=true, comps=false 2018/04/12 00:05:57 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(gcm(aes))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="d179f2508fb13583605d0008a230e7a657f9cc6e", 0x14) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000036c0)=[{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000640)="3e59fe04bae75cfd14f526e0acc3c48c", 0x10}], 0x1}], 0x1, 0x0) recvmsg(r1, &(0x7f00000001c0)={&(0x7f0000000140)=@nfc_llcp, 0x80, &(0x7f0000000200)=[{&(0x7f0000000300)=""/88, 0x58}], 0x1, &(0x7f00009f2000)=""/190, 0xbe}, 0x0) 2018/04/12 00:05:57 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x75}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000000100)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffff9f}, [], {0x95}}, &(0x7f0000003ff6)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) 2018/04/12 00:05:57 executing program 7: r0 = syz_open_dev$sndseq(&(0x7f0000000300)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000fb6000)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, 'port1\x00', 0xa9824f69d1376637, 0x10800a}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f000019ffe9)={0xc3}) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000080)={{0x80}, 'port1\x00'}) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000000)) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer2\x00', 0x0, 0x0) 2018/04/12 00:05:57 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(gcm(aes))\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000036c0)=[{0x0, 0x0, &(0x7f00000006c0)}], 0x1, 0x0) 2018/04/12 00:05:57 executing program 4: 2018/04/12 00:05:57 executing program 3: 2018/04/12 00:05:57 executing program 5: 2018/04/12 00:05:57 executing program 6: syzkaller login: [ 43.515591] ip (3812) used greatest stack depth: 54312 bytes left [ 44.354628] ip (3895) used greatest stack depth: 54200 bytes left [ 46.260642] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.348008] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.369259] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.533259] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.573312] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.609637] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.708368] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.756663] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.301295] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.346293] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.520735] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.604632] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.651450] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.698862] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.891717] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.928548] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.094988] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.101514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.111760] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.137238] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.149390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.178712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.329970] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.341851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.363709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.398630] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.404946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.417662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.450380] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.459152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.474621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.519119] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.525497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.540698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.744879] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.754921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.776888] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.809467] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.818115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.853294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.179986] ================================================================== [ 58.187415] BUG: KMSAN: uninit-value in gcmaes_decrypt+0x2ec/0xea0 [ 58.193749] CPU: 0 PID: 5035 Comm: syz-executor0 Not tainted 4.16.0+ #83 [ 58.200619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.209981] Call Trace: [ 58.212590] dump_stack+0x185/0x1d0 [ 58.216234] ? gcmaes_decrypt+0x2ec/0xea0 [ 58.220399] kmsan_report+0x142/0x240 [ 58.224212] __msan_warning_32+0x6c/0xb0 [ 58.228311] gcmaes_decrypt+0x2ec/0xea0 [ 58.232315] generic_gcmaes_decrypt+0x181/0x1e0 [ 58.237001] ? generic_gcmaes_encrypt+0x1e0/0x1e0 [ 58.241857] gcmaes_wrapper_decrypt+0x2f5/0x340 [ 58.246546] ? gcmaes_wrapper_encrypt+0x2d0/0x2d0 [ 58.251405] crypto_rfc4543_crypt+0xaec/0xb40 [ 58.255916] ? crypto_has_alg+0x280/0x280 [ 58.260096] crypto_rfc4543_decrypt+0x47/0x50 [ 58.264603] ? crypto_rfc4543_encrypt+0x60/0x60 [ 58.269288] aead_recvmsg+0x25b5/0x2960 [ 58.273294] sock_recvmsg+0x1d0/0x230 [ 58.277107] ? aead_sendmsg+0x1b0/0x1b0 [ 58.281101] ___sys_recvmsg+0x3fb/0x810 [ 58.285098] ? __fget_light+0x56/0x710 [ 58.288995] ? __fdget+0x4e/0x60 [ 58.292374] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 58.297754] ? __fget_light+0x6b9/0x710 [ 58.301749] SYSC_recvmsg+0x298/0x3c0 [ 58.305574] SyS_recvmsg+0x54/0x80 [ 58.309130] do_syscall_64+0x309/0x430 [ 58.313126] ? ___sys_recvmsg+0x810/0x810 [ 58.317295] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.322493] RIP: 0033:0x455279 [ 58.325689] RSP: 002b:00007fc9b4f73c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 58.333412] RAX: ffffffffffffffda RBX: 00007fc9b4f746d4 RCX: 0000000000455279 [ 58.340703] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000015 [ 58.347980] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 58.355259] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 58.362630] R13: 0000000000000496 R14: 00000000006f9eb0 R15: 0000000000000000 [ 58.369911] [ 58.371540] Uninit was created at: [ 58.375096] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 58.380210] kmsan_kmalloc+0x94/0x100 [ 58.384020] __kmalloc+0x23c/0x350 [ 58.387571] sock_kmalloc+0x14e/0x270 [ 58.391382] af_alg_alloc_areq+0x85/0x320 [ 58.395536] aead_recvmsg+0x65a/0x2960 [ 58.399428] sock_recvmsg+0x1d0/0x230 [ 58.403236] ___sys_recvmsg+0x3fb/0x810 [ 58.407227] SYSC_recvmsg+0x298/0x3c0 [ 58.411041] SyS_recvmsg+0x54/0x80 [ 58.414588] do_syscall_64+0x309/0x430 [ 58.418490] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.423679] ================================================================== [ 58.431039] Disabling lock debugging due to kernel taint [ 58.436501] Kernel panic - not syncing: panic_on_warn set ... [ 58.436501] [ 58.443892] CPU: 0 PID: 5035 Comm: syz-executor0 Tainted: G B 4.16.0+ #83 [ 58.452051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.461415] Call Trace: [ 58.464027] dump_stack+0x185/0x1d0 [ 58.467670] panic+0x39d/0x940 [ 58.470893] ? gcmaes_decrypt+0x2ec/0xea0 [ 58.475052] kmsan_report+0x238/0x240 [ 58.478863] __msan_warning_32+0x6c/0xb0 [ 58.482938] gcmaes_decrypt+0x2ec/0xea0 [ 58.486959] generic_gcmaes_decrypt+0x181/0x1e0 [ 58.491638] ? generic_gcmaes_encrypt+0x1e0/0x1e0 [ 58.496490] gcmaes_wrapper_decrypt+0x2f5/0x340 [ 58.501171] ? gcmaes_wrapper_encrypt+0x2d0/0x2d0 [ 58.506033] crypto_rfc4543_crypt+0xaec/0xb40 [ 58.510539] ? crypto_has_alg+0x280/0x280 [ 58.514709] crypto_rfc4543_decrypt+0x47/0x50 [ 58.519228] ? crypto_rfc4543_encrypt+0x60/0x60 [ 58.523911] aead_recvmsg+0x25b5/0x2960 [ 58.527953] sock_recvmsg+0x1d0/0x230 [ 58.531774] ? aead_sendmsg+0x1b0/0x1b0 [ 58.535771] ___sys_recvmsg+0x3fb/0x810 [ 58.539768] ? __fget_light+0x56/0x710 [ 58.543672] ? __fdget+0x4e/0x60 [ 58.547058] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 58.552441] ? __fget_light+0x6b9/0x710 [ 58.556447] SYSC_recvmsg+0x298/0x3c0 [ 58.560282] SyS_recvmsg+0x54/0x80 [ 58.563847] do_syscall_64+0x309/0x430 [ 58.567766] ? ___sys_recvmsg+0x810/0x810 [ 58.571956] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.577248] RIP: 0033:0x455279 [ 58.580454] RSP: 002b:00007fc9b4f73c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 58.588264] RAX: ffffffffffffffda RBX: 00007fc9b4f746d4 RCX: 0000000000455279 [ 58.595635] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000015 [ 58.604123] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 58.611411] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 58.618781] R13: 0000000000000496 R14: 00000000006f9eb0 R15: 0000000000000000 [ 58.626542] Dumping ftrace buffer: [ 58.630078] (ftrace buffer empty) [ 58.633764] Kernel Offset: disabled [ 58.637455] Rebooting in 86400 seconds..