INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts. 2018/04/08 19:34:38 fuzzer started 2018/04/08 19:34:38 dialing manager at 10.128.0.26:40033 2018/04/08 19:34:44 kcov=true, comps=false 2018/04/08 19:34:47 executing program 0: 2018/04/08 19:34:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000880)={&(0x7f00000004c0)={0x10}, 0xc, &(0x7f0000000840)={&(0x7f00000006c0)={0x14, 0xd, 0xa, 0x105, 0x0, 0x0, {0x1}}, 0x14}, 0x1}, 0x0) 2018/04/08 19:34:47 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="71e67a15cdf0311cfc093a52a7d86bd1", 0x10) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f00000019c0)="e26d4189b9adc9cffa3e437f2be118d8e3a4f5ea623fce2c3e53fe1529de19a1163a0a01f672d8edc55fcb1676dd8060b625fdf7585f9666a039a64cc637a4a226bceb361bc0fda84a6904bbd5fea4b700a05fba70074475aa940d2f94fb227847386c9c75559dd2df17756986782ee51cf3ec60bd5ae67cb340fe8e96bb9b3482d8bc59115c1a236f9c8054ca1c8ca04145c561d5de60f3d46d709adc96028d05bb760dfade2fcd21f8577f6c53231a72a1c6f8c68e29f15009bd7945e1ff6dcc32ad48ec90d6c71f1f941ddfc796071aa84ce46ea8e0a891896c2dcb336658da1d1c0f78943d32b9d14d1bd028776891d6", 0xf2}], 0x1, &(0x7f0000000800)=[@op={0x10, 0x117, 0x3}, @op={0x10, 0x117, 0x3}, @assoc={0x10, 0x117, 0x4, 0x8}, @op={0x10, 0x117, 0x3, 0x1}], 0x40, 0x1}, 0x0) recvmsg(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000900)=""/147, 0x93}], 0x1, &(0x7f00000001c0)=""/47, 0x2f}, 0x0) 2018/04/08 19:34:47 executing program 4: r0 = socket$kcm(0x2, 0x4000000005, 0x0) sendmsg$kcm(r0, &(0x7f0000000a40)={&(0x7f0000000340)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14}}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000480)='r', 0x1}], 0x1, &(0x7f0000000c80)}, 0x40400c0) 2018/04/08 19:34:47 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001cc0)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3000000010000108000000000000000000000000", @ANYBLOB="000000000000000008000d00000000000800030000000000401ad3265d02f184e02ba01775989d7fe25bf4567fbc6b9ac7dc4334d09aaa4b5be139a878b9348d26bf90c69d9589fdf19227f6370aa45d104ce43fb3dbf8da3a6796dbfec5493dc5a5f049800aebfb70445c35c14ccc3649357a53f869e7de9396376590d52a9de99f46450afaf380a6b9bf8cb6b417de38add0f65288bad13a75d6aa6b0f967f8f"], 0x2}, 0x1}, 0x0) 2018/04/08 19:34:47 executing program 2: mkdir(&(0x7f000084bff8)='./file0\x00', 0x0) r0 = open(&(0x7f0000862000)='./file0\x00', 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x800000000402, 0xffffffffffffffff) dup2(r1, r0) 2018/04/08 19:34:47 executing program 3: syz_emit_ethernet(0x1, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd6050a09c00082f00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0004000000089078"], &(0x7f0000000040)) 2018/04/08 19:34:47 executing program 6: r0 = socket(0x11, 0x803, 0x300) r1 = socket(0xa, 0x2, 0x0) sendto$inet(r1, &(0x7f0000509f92), 0xff77, 0x0, &(0x7f000055fff0)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000daeffc)=0x9, 0x4) recvmmsg(r0, &(0x7f00000062c0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000059c0)=""/185, 0xb9}], 0x1, &(0x7f0000005ac0)=""/27, 0x1b}}], 0x1, 0x0, 0x0) syzkaller login: [ 42.867287] ip (3779) used greatest stack depth: 54672 bytes left [ 42.896830] ip (3784) used greatest stack depth: 54312 bytes left [ 44.221470] ip (3910) used greatest stack depth: 54200 bytes left [ 45.963402] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.060071] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.123617] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.296556] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.373820] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.429887] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.452917] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.490891] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.852480] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.949863] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.961117] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.006345] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.261165] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.301270] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.332454] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.416292] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.623622] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.629881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.642501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.702209] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.708454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.721263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.758134] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.764331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.774845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.840863] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.847145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.859704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.068924] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.075230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.089183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.113074] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.119497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.156681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.187352] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.196097] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.215852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.260098] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.266319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.279742] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.395778] ================================================================== [ 57.403185] BUG: KMSAN: uninit-value in ghash_setkey+0x209/0x270 [ 57.409307] CPU: 1 PID: 5058 Comm: syz-executor7 Not tainted 4.16.0+ #82 [ 57.416122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.425449] Call Trace: [ 57.428024] dump_stack+0x185/0x1d0 [ 57.431640] ? ghash_setkey+0x209/0x270 [ 57.435593] kmsan_report+0x142/0x240 [ 57.439374] __msan_warning_32+0x6c/0xb0 [ 57.443418] ghash_setkey+0x209/0x270 [ 57.447206] ? ghash_final+0x1d0/0x1d0 [ 57.451085] crypto_shash_setkey+0x317/0x490 [ 57.455486] cryptd_hash_setkey+0x1a5/0x330 [ 57.459793] ? cryptd_hash_import+0x2a0/0x2a0 [ 57.464265] crypto_ahash_setkey+0x31a/0x470 [ 57.468654] ghash_async_setkey+0x1a5/0x330 [ 57.472967] ? ghash_async_import+0x3a0/0x3a0 [ 57.477462] crypto_ahash_setkey+0x31a/0x470 [ 57.481863] ? skcipher_encrypt_blkcipher+0x222/0x320 [ 57.487052] crypto_gcm_setkey+0xa3c/0xc10 [ 57.491284] ? crypto_gcm_exit_tfm+0xd0/0xd0 [ 57.495690] crypto_aead_setkey+0x373/0x4c0 [ 57.500000] aead_setkey+0xa0/0xc0 [ 57.503523] alg_setsockopt+0x6c5/0x740 [ 57.507477] ? aead_release+0x90/0x90 [ 57.511256] ? alg_accept+0xd0/0xd0 [ 57.514859] SYSC_setsockopt+0x4b8/0x570 [ 57.518898] SyS_setsockopt+0x76/0xa0 [ 57.522675] do_syscall_64+0x309/0x430 [ 57.526538] ? SYSC_recv+0xe0/0xe0 [ 57.530068] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.535243] RIP: 0033:0x455259 [ 57.538418] RSP: 002b:00007fd2ac468c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 57.546107] RAX: ffffffffffffffda RBX: 00007fd2ac4696d4 RCX: 0000000000455259 [ 57.553356] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 57.560605] RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 [ 57.567854] R10: 00000000200000c0 R11: 0000000000000246 R12: 00000000ffffffff [ 57.575100] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 57.582348] [ 57.583952] Uninit was stored to memory at: [ 57.588259] kmsan_internal_chain_origin+0x12b/0x210 [ 57.593338] __msan_chain_origin+0x69/0xc0 [ 57.597556] __crypto_xor+0x23c/0x16b0 [ 57.601424] crypto_ctr_crypt_inplace+0x29a/0x3a0 [ 57.606246] crypto_ctr_crypt+0x54c/0x7d0 [ 57.610386] skcipher_encrypt_blkcipher+0x222/0x320 [ 57.615384] crypto_gcm_setkey+0x6a3/0xc10 [ 57.619599] crypto_aead_setkey+0x373/0x4c0 [ 57.623902] aead_setkey+0xa0/0xc0 [ 57.627416] alg_setsockopt+0x6c5/0x740 [ 57.631378] SYSC_setsockopt+0x4b8/0x570 [ 57.635428] SyS_setsockopt+0x76/0xa0 [ 57.639203] do_syscall_64+0x309/0x430 [ 57.643069] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.648233] Local variable description: ----vla@crypto_ctr_crypt_inplace [ 57.655046] Variable was created at: [ 57.658746] crypto_ctr_crypt_inplace+0x19a/0x3a0 [ 57.663561] crypto_ctr_crypt+0x54c/0x7d0 [ 57.667680] ================================================================== [ 57.675016] Disabling lock debugging due to kernel taint [ 57.680453] Kernel panic - not syncing: panic_on_warn set ... [ 57.680453] [ 57.687806] CPU: 1 PID: 5058 Comm: syz-executor7 Tainted: G B 4.16.0+ #82 [ 57.695918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.705248] Call Trace: [ 57.707816] dump_stack+0x185/0x1d0 [ 57.711426] panic+0x39d/0x940 [ 57.714605] ? ghash_setkey+0x209/0x270 [ 57.718556] kmsan_report+0x238/0x240 [ 57.722339] __msan_warning_32+0x6c/0xb0 [ 57.726383] ghash_setkey+0x209/0x270 [ 57.730161] ? ghash_final+0x1d0/0x1d0 [ 57.734033] crypto_shash_setkey+0x317/0x490 [ 57.738429] cryptd_hash_setkey+0x1a5/0x330 [ 57.742732] ? cryptd_hash_import+0x2a0/0x2a0 [ 57.747205] crypto_ahash_setkey+0x31a/0x470 [ 57.751593] ghash_async_setkey+0x1a5/0x330 [ 57.755892] ? ghash_async_import+0x3a0/0x3a0 [ 57.760379] crypto_ahash_setkey+0x31a/0x470 [ 57.764773] ? skcipher_encrypt_blkcipher+0x222/0x320 [ 57.769944] crypto_gcm_setkey+0xa3c/0xc10 [ 57.774159] ? crypto_gcm_exit_tfm+0xd0/0xd0 [ 57.778551] crypto_aead_setkey+0x373/0x4c0 [ 57.782863] aead_setkey+0xa0/0xc0 [ 57.786379] alg_setsockopt+0x6c5/0x740 [ 57.790351] ? aead_release+0x90/0x90 [ 57.794135] ? alg_accept+0xd0/0xd0 [ 57.797741] SYSC_setsockopt+0x4b8/0x570 [ 57.801783] SyS_setsockopt+0x76/0xa0 [ 57.805560] do_syscall_64+0x309/0x430 [ 57.809428] ? SYSC_recv+0xe0/0xe0 [ 57.812955] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.818129] RIP: 0033:0x455259 [ 57.821293] RSP: 002b:00007fd2ac468c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 57.828975] RAX: ffffffffffffffda RBX: 00007fd2ac4696d4 RCX: 0000000000455259 [ 57.836221] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 57.843466] RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 [ 57.850711] R10: 00000000200000c0 R11: 0000000000000246 R12: 00000000ffffffff [ 57.857954] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 57.865670] Dumping ftrace buffer: [ 57.869190] (ftrace buffer empty) [ 57.872874] Kernel Offset: disabled [ 57.876472] Rebooting in 86400 seconds..