INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.11' (ECDSA) to the list of known hosts. 2018/04/08 10:30:54 fuzzer started 2018/04/08 10:30:55 dialing manager at 10.128.0.26:41897 2018/04/08 10:31:02 kcov=true, comps=false 2018/04/08 10:31:05 executing program 0: 2018/04/08 10:31:05 executing program 1: 2018/04/08 10:31:05 executing program 7: perf_event_open(&(0x7f0000b5a000)={0x4000000002, 0x70, 0x1e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f000000ffc8)={0x0, 0x0, &(0x7f0000003000)=[{&(0x7f0000012000)="260000001a00030207fffd73ffffff18810000000300000003fb8468647ba3a2d188637e57e4", 0x26}], 0x1}, 0x0) 2018/04/08 10:31:05 executing program 2: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x49, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='ns/mnt\x00') syz_open_procfs(0x0, &(0x7f00009b6ff9)='ns/mnt\x00') 2018/04/08 10:31:05 executing program 3: perf_event_open(&(0x7f0000271000)={0x2, 0x70, 0x4a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6002290f00383a000000000000000000ffff00000000ff020000000000000000000000000001010090780000000060d5cae200003a0000000000000000000000000000000000ff020000000000000000000000000001f601929f106531aa"], 0x0) 2018/04/08 10:31:05 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr-aes-aesni,cbcmac(aes-generic))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003040)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)="37c9286f2e", 0x5}], 0x1, &(0x7f0000002480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000001440)={&(0x7f0000000280)=@sco, 0x80, &(0x7f00000013c0)=[{&(0x7f00000003c0)=""/4096, 0x1000}], 0x1, &(0x7f0000001400)=""/6, 0x6}, 0x0) 2018/04/08 10:31:05 executing program 5: 2018/04/08 10:31:05 executing program 6: syzkaller login: [ 43.276249] ip (3747) used greatest stack depth: 54688 bytes left [ 43.328868] ip (3755) used greatest stack depth: 54672 bytes left [ 43.737905] ip (3789) used greatest stack depth: 54312 bytes left [ 44.770731] ip (3895) used greatest stack depth: 54200 bytes left [ 46.565162] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.873276] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.890519] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.932243] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.948536] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.971212] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.073084] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.157350] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.059547] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.418193] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.480751] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.789702] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.798508] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.805851] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.812091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.820364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.877104] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.908238] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.922252] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.202840] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.211067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.227214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.253664] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.260210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.299197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.490312] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.496618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.507617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.541144] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.556271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.572548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.704709] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.710991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.719011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.770647] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.776877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.786840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.811614] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.820148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.833596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.594862] ================================================================== [ 57.602290] BUG: KMSAN: uninit-value in aes_encrypt+0x4d34/0x5990 [ 57.608522] CPU: 0 PID: 5000 Comm: syz-executor4 Not tainted 4.16.0+ #82 [ 57.615352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.624707] Call Trace: [ 57.627297] dump_stack+0x185/0x1d0 [ 57.630930] ? aes_encrypt+0x4d34/0x5990 [ 57.634998] kmsan_report+0x142/0x240 [ 57.638802] __msan_warning_32+0x6c/0xb0 [ 57.642873] aes_encrypt+0x4d34/0x5990 [ 57.646766] ? __crypto_xor+0x15e5/0x16b0 [ 57.650920] ? crypto_aes_set_key+0x180/0x180 [ 57.655422] crypto_cbcmac_digest_update+0x393/0x530 [ 57.660531] ? crypto_aes_set_key+0x180/0x180 [ 57.665029] ? crypto_cbcmac_digest_init+0x140/0x140 [ 57.670134] shash_async_update+0x290/0x360 [ 57.674458] ? shash_async_init+0x270/0x270 [ 57.678789] gcm_hash+0x184f/0x24a0 [ 57.682423] crypto_gcm_encrypt+0xa13/0xaf0 [ 57.686754] ? crypto_gcm_setauthsize+0xc0/0xc0 [ 57.691421] aead_recvmsg+0x25b5/0x2960 [ 57.695411] sock_recvmsg+0x1d0/0x230 [ 57.699216] ? aead_sendmsg+0x1b0/0x1b0 [ 57.703191] ___sys_recvmsg+0x3fb/0x810 [ 57.707170] ? __fget_light+0x56/0x710 [ 57.711053] ? __fdget+0x4e/0x60 [ 57.714427] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 57.719829] ? __fget_light+0x6b9/0x710 [ 57.723819] SYSC_recvmsg+0x298/0x3c0 [ 57.727638] SyS_recvmsg+0x54/0x80 [ 57.731182] do_syscall_64+0x309/0x430 [ 57.735102] ? ___sys_recvmsg+0x810/0x810 [ 57.739266] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.744479] RIP: 0033:0x455259 [ 57.747673] RSP: 002b:00007f2fe5c96c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 57.755379] RAX: ffffffffffffffda RBX: 00007f2fe5c976d4 RCX: 0000000000455259 [ 57.762645] RDX: 0000000000000000 RSI: 0000000020001440 RDI: 0000000000000014 [ 57.769919] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 57.777196] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.784551] R13: 0000000000000496 R14: 00000000006f9eb0 R15: 0000000000000000 [ 57.791820] [ 57.793450] Uninit was stored to memory at: [ 57.797780] kmsan_internal_chain_origin+0x12b/0x210 [ 57.802888] __msan_chain_origin+0x69/0xc0 [ 57.807121] __crypto_xor+0x95f/0x16b0 [ 57.811013] crypto_cbcmac_digest_update+0x287/0x530 [ 57.816116] shash_async_update+0x290/0x360 [ 57.820437] gcm_hash+0x8b5/0x24a0 [ 57.823975] crypto_gcm_encrypt+0xa13/0xaf0 [ 57.828304] aead_recvmsg+0x25b5/0x2960 [ 57.832283] sock_recvmsg+0x1d0/0x230 [ 57.836089] ___sys_recvmsg+0x3fb/0x810 [ 57.840067] SYSC_recvmsg+0x298/0x3c0 [ 57.843866] SyS_recvmsg+0x54/0x80 [ 57.847406] do_syscall_64+0x309/0x430 [ 57.851299] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.856484] Uninit was stored to memory at: [ 57.860806] kmsan_internal_chain_origin+0x12b/0x210 [ 57.865918] __msan_chain_origin+0x69/0xc0 [ 57.870159] __crypto_xor+0x95f/0x16b0 [ 57.874044] ctr_crypt+0x432/0x4f0 [ 57.877584] simd_skcipher_encrypt+0x221/0x320 [ 57.882169] crypto_gcm_encrypt+0x53e/0xaf0 [ 57.886496] aead_recvmsg+0x25b5/0x2960 [ 57.890477] sock_recvmsg+0x1d0/0x230 [ 57.894284] ___sys_recvmsg+0x3fb/0x810 [ 57.898276] SYSC_recvmsg+0x298/0x3c0 [ 57.902078] SyS_recvmsg+0x54/0x80 [ 57.905619] do_syscall_64+0x309/0x430 [ 57.909508] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.914692] Local variable description: ----keystream.i@ctr_crypt [ 57.920916] Variable was created at: [ 57.924632] ctr_crypt+0x4a/0x4f0 [ 57.928088] simd_skcipher_encrypt+0x221/0x320 [ 57.932658] ================================================================== [ 57.940011] Disabling lock debugging due to kernel taint [ 57.945442] Kernel panic - not syncing: panic_on_warn set ... [ 57.945442] [ 57.952787] CPU: 0 PID: 5000 Comm: syz-executor4 Tainted: G B 4.16.0+ #82 [ 57.960902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.970230] Call Trace: [ 57.972799] dump_stack+0x185/0x1d0 [ 57.976405] panic+0x39d/0x940 [ 57.979585] ? aes_encrypt+0x4d34/0x5990 [ 57.983632] kmsan_report+0x238/0x240 [ 57.987410] __msan_warning_32+0x6c/0xb0 [ 57.991449] aes_encrypt+0x4d34/0x5990 [ 57.995323] ? __crypto_xor+0x15e5/0x16b0 [ 57.999456] ? crypto_aes_set_key+0x180/0x180 [ 58.003931] crypto_cbcmac_digest_update+0x393/0x530 [ 58.009032] ? crypto_aes_set_key+0x180/0x180 [ 58.013523] ? crypto_cbcmac_digest_init+0x140/0x140 [ 58.018610] shash_async_update+0x290/0x360 [ 58.022913] ? shash_async_init+0x270/0x270 [ 58.027210] gcm_hash+0x184f/0x24a0 [ 58.030815] crypto_gcm_encrypt+0xa13/0xaf0 [ 58.035116] ? crypto_gcm_setauthsize+0xc0/0xc0 [ 58.039762] aead_recvmsg+0x25b5/0x2960 [ 58.043723] sock_recvmsg+0x1d0/0x230 [ 58.047500] ? aead_sendmsg+0x1b0/0x1b0 [ 58.051455] ___sys_recvmsg+0x3fb/0x810 [ 58.055409] ? __fget_light+0x56/0x710 [ 58.059282] ? __fdget+0x4e/0x60 [ 58.062636] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 58.067982] ? __fget_light+0x6b9/0x710 [ 58.071954] SYSC_recvmsg+0x298/0x3c0 [ 58.075747] SyS_recvmsg+0x54/0x80 [ 58.079270] do_syscall_64+0x309/0x430 [ 58.083144] ? ___sys_recvmsg+0x810/0x810 [ 58.087276] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 58.092444] RIP: 0033:0x455259 [ 58.095622] RSP: 002b:00007f2fe5c96c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 58.103309] RAX: ffffffffffffffda RBX: 00007f2fe5c976d4 RCX: 0000000000455259 [ 58.110557] RDX: 0000000000000000 RSI: 0000000020001440 RDI: 0000000000000014 [ 58.117807] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 58.125055] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 58.132303] R13: 0000000000000496 R14: 00000000006f9eb0 R15: 0000000000000000 [ 58.140019] Dumping ftrace buffer: [ 58.143532] (ftrace buffer empty) [ 58.147213] Kernel Offset: disabled [ 58.150814] Rebooting in 86400 seconds..