INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. 2018/04/13 07:13:07 fuzzer started 2018/04/13 07:13:08 dialing manager at 10.128.0.26:44405 2018/04/13 07:13:14 kcov=true, comps=false 2018/04/13 07:13:17 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000000300)={&(0x7f00000027c0)={0x18, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x3}, [@generic="d7"]}, 0x18}, 0x1}, 0x0) getsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000480), &(0x7f00000004c0)=0x8) 2018/04/13 07:13:17 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_route(r0, &(0x7f00000fa000)={&(0x7f0000c1b000)={0x10}, 0xc, &(0x7f000052aff0)={&(0x7f0000634000)=@delneigh={0x1c, 0x1d, 0x301, 0x0, 0x0, {0x1f}}, 0x1c}, 0x1}, 0x0) read(r0, &(0x7f0000ff9000)=""/80, 0x50) 2018/04/13 07:13:17 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00005f4000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000052000)="e5fcb5bf91aa7855fbcdfef1ddb42113", 0x10) r1 = accept$alg(r0, 0x0, 0x0) write(r1, &(0x7f0000000000)="44182f5030927edcf6fb77bf39b97527f6f21fcad6abcd3a06c6fe3074a34f7b648a7c292c643c116d522767733bdbd6f7ff3b8c2a526f3c079e5774cd9f6570c063c6f22152118a0f45ebc36278da", 0x4f) readv(r1, &(0x7f00006e8ff0)=[{&(0x7f000070bf52)=""/174, 0xfffffde9}], 0x1) 2018/04/13 07:13:17 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000057fee)='/dev/input/event#\x00', 0x0, 0x0) fsetxattr(r0, &(0x7f0000000040)=@known="747275737465642e73797a02", &(0x7f0000000080)='/dev/inpus/event#\x00', 0x12, 0x0) 2018/04/13 07:13:17 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00003a4000)={{0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, {0xa, 0x0, 0x0, @mcast2={0xff, 0x3, [], 0x1}}}, 0x5c) 2018/04/13 07:13:17 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) sendto$inet6(r0, &(0x7f0000bc2000)="81", 0x1, 0x0, &(0x7f0000606fe4)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}, 0x1}, 0x1c) listen(r0, 0x7) r1 = accept4(r0, 0x0, &(0x7f0000004b80), 0x0) sendmmsg(r1, &(0x7f0000006d80)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000700)='>', 0x1}], 0x1, &(0x7f0000000a00)}}], 0x1, 0x0) 2018/04/13 07:13:17 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f000026cfff)="b9", 0x1, 0x0, &(0x7f0000000000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, 0x10) 2018/04/13 07:13:17 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'vmac(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="81081800001d000000010054409d0954", 0x10) r1 = accept(r0, 0x0, &(0x7f00000005c0)=0xffffffffffffffad) sendmsg$IPVS_CMD_SET_DEST(r1, &(0x7f0000000400)={&(0x7f0000000240)={0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x14, 0x0, 0x0, 0x0, 0x0, {0x6}}, 0x14}, 0x1}, 0x0) syzkaller login: [ 43.758258] ip (3791) used greatest stack depth: 54408 bytes left [ 43.837243] ip (3800) used greatest stack depth: 54312 bytes left [ 44.877397] ip (3900) used greatest stack depth: 54200 bytes left [ 46.745071] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.831720] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.849711] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.870793] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.939312] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.982455] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.013930] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.202945] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.700791] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.744921] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.768935] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.795578] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.803958] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.973904] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.062329] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.275306] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.487943] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.496516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.510837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.543605] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.552734] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.558948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.574299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.590716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.617654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.640998] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.653575] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.659841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.697997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.727535] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.741725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.815625] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.821926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.837840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.872713] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.883620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.917656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.181718] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.188098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.199616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.700475] ================================================================== [ 58.707883] BUG: KMSAN: uninit-value in vmac_setkey+0x337/0x940 [ 58.713944] CPU: 1 PID: 5097 Comm: syz-executor6 Not tainted 4.16.0+ #83 [ 58.720780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.730127] Call Trace: [ 58.732723] dump_stack+0x185/0x1d0 [ 58.736358] ? vmac_setkey+0x337/0x940 [ 58.740249] kmsan_report+0x142/0x240 [ 58.744058] ? aes_set_key+0x260/0x260 [ 58.747948] __msan_warning_32+0x6c/0xb0 [ 58.752013] ? aes_set_key+0x260/0x260 [ 58.755892] vmac_setkey+0x337/0x940 [ 58.759589] ? vmac_final+0x3f80/0x3f80 [ 58.763541] shash_async_setkey+0x337/0x4c0 [ 58.767843] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 58.773195] ? trace_kmalloc+0xb6/0x2b0 [ 58.777158] ? shash_async_digest+0x1b0/0x1b0 [ 58.781634] crypto_ahash_setkey+0x31a/0x470 [ 58.786037] hash_setkey+0x8b/0xa0 [ 58.789561] alg_setsockopt+0x6c5/0x740 [ 58.793525] ? hash_release+0x50/0x50 [ 58.797313] ? alg_accept+0xd0/0xd0 [ 58.800921] SYSC_setsockopt+0x4b8/0x570 [ 58.804963] SyS_setsockopt+0x76/0xa0 [ 58.808742] do_syscall_64+0x309/0x430 [ 58.812612] ? SYSC_recv+0xe0/0xe0 [ 58.816153] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.821322] RIP: 0033:0x455279 [ 58.824497] RSP: 002b:00007fc45ca3fc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 58.832190] RAX: ffffffffffffffda RBX: 00007fc45ca406d4 RCX: 0000000000455279 [ 58.839455] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 58.846704] RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 [ 58.853952] R10: 0000000020000040 R11: 0000000000000246 R12: 00000000ffffffff [ 58.861208] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 58.868460] [ 58.870150] Local variable description: ----out.i@vmac_setkey [ 58.876019] Variable was created at: [ 58.879724] vmac_setkey+0x93/0x940 [ 58.883328] shash_async_setkey+0x337/0x4c0 [ 58.887629] ================================================================== [ 58.894963] Disabling lock debugging due to kernel taint [ 58.900399] Kernel panic - not syncing: panic_on_warn set ... [ 58.900399] [ 58.907741] CPU: 1 PID: 5097 Comm: syz-executor6 Tainted: G B 4.16.0+ #83 [ 58.915855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.925184] Call Trace: [ 58.927762] dump_stack+0x185/0x1d0 [ 58.931368] panic+0x39d/0x940 [ 58.934549] ? vmac_setkey+0x337/0x940 [ 58.938423] kmsan_report+0x238/0x240 [ 58.942206] ? aes_set_key+0x260/0x260 [ 58.946075] __msan_warning_32+0x6c/0xb0 [ 58.950120] ? aes_set_key+0x260/0x260 [ 58.953997] vmac_setkey+0x337/0x940 [ 58.957700] ? vmac_final+0x3f80/0x3f80 [ 58.961651] shash_async_setkey+0x337/0x4c0 [ 58.965963] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 58.971323] ? trace_kmalloc+0xb6/0x2b0 [ 58.975290] ? shash_async_digest+0x1b0/0x1b0 [ 58.979785] crypto_ahash_setkey+0x31a/0x470 [ 58.984192] hash_setkey+0x8b/0xa0 [ 58.987731] alg_setsockopt+0x6c5/0x740 [ 58.991685] ? hash_release+0x50/0x50 [ 58.995468] ? alg_accept+0xd0/0xd0 [ 58.999075] SYSC_setsockopt+0x4b8/0x570 [ 59.003129] SyS_setsockopt+0x76/0xa0 [ 59.006918] do_syscall_64+0x309/0x430 [ 59.010785] ? SYSC_recv+0xe0/0xe0 [ 59.014315] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.019491] RIP: 0033:0x455279 [ 59.022665] RSP: 002b:00007fc45ca3fc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 59.030355] RAX: ffffffffffffffda RBX: 00007fc45ca406d4 RCX: 0000000000455279 [ 59.037603] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 59.044849] RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 [ 59.052096] R10: 0000000020000040 R11: 0000000000000246 R12: 00000000ffffffff [ 59.059346] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 59.067072] Dumping ftrace buffer: [ 59.070590] (ftrace buffer empty) [ 59.074272] Kernel Offset: disabled [ 59.077871] Rebooting in 86400 seconds..