INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. 2018/04/09 13:53:53 fuzzer started 2018/04/09 13:53:54 dialing manager at 10.128.0.26:38911 2018/04/09 13:54:00 kcov=true, comps=false 2018/04/09 13:54:03 executing program 0: 2018/04/09 13:54:03 executing program 2: syz_emit_ethernet(0x3a, &(0x7f0000000100)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty, [], {@ipv4={0x800, {{0x7, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}, @multicast1=0xe0000001, {[@rr={0x7, 0x7, 0x4, [@local={0xac, 0x14, 0x14, 0xaa}]}]}}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d8554c", 0x0, "08f2d9"}}}}}}, &(0x7f0000000040)) 2018/04/09 13:54:03 executing program 7: r0 = socket$inet(0x2, 0x200000000003, 0x2) setsockopt$inet_int(r0, 0x0, 0xd1, &(0x7f0000000180)=0x1, 0x4) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, {0x2, 0x0, @multicast1=0xe0000001}, {0x2, 0x0, @rand_addr}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='irlan0\x00'}) 2018/04/09 13:54:03 executing program 1: r0 = socket$inet(0x2b, 0x1, 0x0) bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e23, @multicast2=0xe0000002}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e23}, 0x10) setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000001c0)='tls\x00', 0x190) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000380)={0x0, {{0x2, 0x0, @loopback=0x7f000001}}}, 0x84) 2018/04/09 13:54:03 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f000000ffc8)={0x0, 0x0, &(0x7f0000003000)=[{&(0x7f0000012000)="260000001a00030207fffd73ffffff18810000000300000003fb8468647ba3a2d188637e57e4", 0x26}], 0x1}, 0x0) 2018/04/09 13:54:03 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001000)='/dev/sequencer2\x00', 0x83, 0x0) flock(r0, 0x0) 2018/04/09 13:54:03 executing program 5: perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x1000004, 0x10000032, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x0, 0x0) futex(&(0x7f0000001000), 0x8c, 0x1, &(0x7f0000191000), &(0x7f0000000000), 0x0) 2018/04/09 13:54:03 executing program 6: r0 = getpgid(0x0) sched_setaffinity(r0, 0x8, &(0x7f00009ad000)=0x1) pipe2(&(0x7f0000f61000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x20000032, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000bc8000)={0xaa}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x1c) write$tun(r2, &(0x7f0000000400)=ANY=[@ANYBLOB], 0x1) fcntl$setpipe(r1, 0x407, 0x0) dup2(r1, r3) syzkaller login: [ 44.616343] ip (3772) used greatest stack depth: 54944 bytes left [ 44.622792] ip (3774) used greatest stack depth: 54816 bytes left [ 44.869312] ip (3793) used greatest stack depth: 54408 bytes left [ 45.979539] ip (3903) used greatest stack depth: 54200 bytes left [ 47.905366] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.119935] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.177893] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.301814] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.338739] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.361246] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.496956] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.518206] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.075796] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.130797] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.243708] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.259435] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.334020] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.376091] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.385356] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.431101] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.864606] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.870960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.884662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.926787] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.933295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.978130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.064943] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.071243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.082668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.111276] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.121980] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.133205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.154667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.180121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.207767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.230476] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.237945] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.248321] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.258131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.275747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.323267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.347682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.372516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.388636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/04/09 13:54:20 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000500)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000933000)="9147ad46390d00c80000009d4d5469d01101c2f87d13e3bf", 0x18) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000378000)=[{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000002c0)="88280479a3c88d53b6cf1a1138b2da8a", 0x10}], 0x1, &(0x7f0000453000)}], 0x1, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) recvmmsg(r1, &(0x7f0000003d00)=[{{&(0x7f0000000040)=@llc={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, 0x80, &(0x7f0000000100), 0x0, &(0x7f0000000140)=""/9, 0x9}}, {{&(0x7f0000002a80)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @remote}}}, 0x80, &(0x7f0000003dc0)=[{&(0x7f0000003bc0)=""/98, 0x62}], 0x1, &(0x7f0000003cc0)=""/46, 0x2e}}], 0x2, 0x0, &(0x7f0000d0fff8)={0x0, r2+10000000}) [ 59.514717] ================================================================== [ 59.522171] BUG: KMSAN: uninit-value in gcmaes_decrypt+0x2ec/0xea0 [ 59.528586] CPU: 0 PID: 5048 Comm: syz-executor7 Not tainted 4.16.0+ #82 [ 59.535422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.544873] Call Trace: [ 59.547497] dump_stack+0x185/0x1d0 [ 59.551132] ? gcmaes_decrypt+0x2ec/0xea0 [ 59.555863] kmsan_report+0x142/0x240 [ 59.559676] __msan_warning_32+0x6c/0xb0 [ 59.563752] gcmaes_decrypt+0x2ec/0xea0 [ 59.567746] generic_gcmaes_decrypt+0x181/0x1e0 [ 59.572423] ? generic_gcmaes_encrypt+0x1e0/0x1e0 [ 59.577283] gcmaes_wrapper_decrypt+0x2f5/0x340 [ 59.581963] ? gcmaes_wrapper_encrypt+0x2d0/0x2d0 [ 59.586809] aead_recvmsg+0x25b5/0x2960 [ 59.590812] sock_recvmsg_nosec+0x109/0x140 [ 59.595138] ? aead_sendmsg+0x1b0/0x1b0 [ 59.599124] ___sys_recvmsg+0x3fb/0x810 [ 59.603111] ? __msan_poison_alloca+0x15c/0x1d0 [ 59.607783] ? _cond_resched+0x3c/0xd0 [ 59.611672] ? rcu_all_qs+0x32/0x1f0 [ 59.615389] ? _cond_resched+0x3c/0xd0 [ 59.619276] ? rcu_all_qs+0x32/0x1f0 [ 59.622991] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 59.628450] __sys_recvmmsg+0x54e/0xdb0 [ 59.632449] SYSC_recvmmsg+0x29b/0x3e0 [ 59.636349] SyS_recvmmsg+0x76/0xa0 [ 59.639989] do_syscall_64+0x309/0x430 [ 59.643889] ? __sys_recvmmsg+0xdb0/0xdb0 [ 59.648050] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.653237] RIP: 0033:0x455259 [ 59.656423] RSP: 002b:00007f7065182c68 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 59.664134] RAX: ffffffffffffffda RBX: 00007f70651836d4 RCX: 0000000000455259 [ 59.671412] RDX: 0000000000000002 RSI: 0000000020003d00 RDI: 0000000000000014 [ 59.678686] RBP: 000000000072bea0 R08: 0000000020d0fff8 R09: 0000000000000000 [ 59.685961] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.693236] R13: 0000000000000495 R14: 00000000006f9e98 R15: 0000000000000000 [ 59.700513] [ 59.702137] Uninit was created at: [ 59.706382] kmsan_internal_poison_shadow+0xb8/0x1b0 [ 59.711496] kmsan_kmalloc+0x94/0x100 [ 59.715301] __kmalloc+0x23c/0x350 [ 59.718841] sock_kmalloc+0x14e/0x270 [ 59.722645] af_alg_alloc_areq+0x85/0x320 [ 59.727498] aead_recvmsg+0x65a/0x2960 [ 59.731398] sock_recvmsg_nosec+0x109/0x140 [ 59.735726] ___sys_recvmsg+0x3fb/0x810 [ 59.739698] __sys_recvmmsg+0x54e/0xdb0 [ 59.743667] SYSC_recvmmsg+0x29b/0x3e0 [ 59.747547] SyS_recvmmsg+0x76/0xa0 [ 59.751157] do_syscall_64+0x309/0x430 [ 59.755039] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.760211] ================================================================== [ 59.767544] Disabling lock debugging due to kernel taint [ 59.772990] Kernel panic - not syncing: panic_on_warn set ... [ 59.772990] [ 59.780350] CPU: 0 PID: 5048 Comm: syz-executor7 Tainted: G B 4.16.0+ #82 [ 59.788481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.797844] Call Trace: [ 59.800432] dump_stack+0x185/0x1d0 [ 59.804050] panic+0x39d/0x940 [ 59.807238] ? gcmaes_decrypt+0x2ec/0xea0 [ 59.811379] kmsan_report+0x238/0x240 [ 59.815178] __msan_warning_32+0x6c/0xb0 [ 59.819234] gcmaes_decrypt+0x2ec/0xea0 [ 59.823205] generic_gcmaes_decrypt+0x181/0x1e0 [ 59.827875] ? generic_gcmaes_encrypt+0x1e0/0x1e0 [ 59.832721] gcmaes_wrapper_decrypt+0x2f5/0x340 [ 59.837397] ? gcmaes_wrapper_encrypt+0x2d0/0x2d0 [ 59.842224] aead_recvmsg+0x25b5/0x2960 [ 59.846217] sock_recvmsg_nosec+0x109/0x140 [ 59.850541] ? aead_sendmsg+0x1b0/0x1b0 [ 59.854526] ___sys_recvmsg+0x3fb/0x810 [ 59.858493] ? __msan_poison_alloca+0x15c/0x1d0 [ 59.863157] ? _cond_resched+0x3c/0xd0 [ 59.867040] ? rcu_all_qs+0x32/0x1f0 [ 59.870738] ? _cond_resched+0x3c/0xd0 [ 59.874607] ? rcu_all_qs+0x32/0x1f0 [ 59.878309] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 59.883763] __sys_recvmmsg+0x54e/0xdb0 [ 59.887743] SYSC_recvmmsg+0x29b/0x3e0 [ 59.891628] SyS_recvmmsg+0x76/0xa0 [ 59.895255] do_syscall_64+0x309/0x430 [ 59.899125] ? __sys_recvmmsg+0xdb0/0xdb0 [ 59.903267] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 59.908435] RIP: 0033:0x455259 [ 59.911609] RSP: 002b:00007f7065182c68 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 59.919324] RAX: ffffffffffffffda RBX: 00007f70651836d4 RCX: 0000000000455259 [ 59.926581] RDX: 0000000000000002 RSI: 0000000020003d00 RDI: 0000000000000014 [ 59.933848] RBP: 000000000072bea0 R08: 0000000020d0fff8 R09: 0000000000000000 [ 59.941134] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 59.948402] R13: 0000000000000495 R14: 00000000006f9e98 R15: 0000000000000000 [ 59.956342] Dumping ftrace buffer: [ 59.959868] (ftrace buffer empty) [ 59.963550] Kernel Offset: disabled [ 59.967151] Rebooting in 86400 seconds..