INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.31' (ECDSA) to the list of known hosts. 2018/04/11 16:30:46 fuzzer started 2018/04/11 16:30:46 dialing manager at 10.128.0.26:36259 2018/04/11 16:30:52 kcov=true, comps=false 2018/04/11 16:30:55 executing program 0: 2018/04/11 16:30:55 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa}, 0x1c) sendmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x4e22, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000001780)=[{0x10, 0x29, 0x8}], 0x10}}], 0x2, 0x0) 2018/04/11 16:30:55 executing program 7: perf_event_open(&(0x7f0000940000)={0x2, 0x78, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000759000)='clear_refs\x00') fcntl$setlease(r0, 0x400, 0x1) fcntl$setlease(r0, 0x400, 0x2) 2018/04/11 16:30:55 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) close(r0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000289fa8)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ad5664a3239dafb6c5820faeb995298992ea54c7beef9f5d", 0x18) r2 = accept$alg(r0, 0x0, 0x0) io_setup(0x1, &(0x7f0000e4b000)=0x0) sendmsg$alg(r2, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000000000)="f9e3a127be1d0953084fab7d2701417e1d4a010731", 0x15}], 0x1, &(0x7f00000000c0)}, 0x0) io_submit(r3, 0x1, &(0x7f0000bd9fe0)=[&(0x7f0000617fc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000003780)="b3", 0x1}]) 2018/04/11 16:30:55 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x3, 0x9) sendmsg(r0, &(0x7f0000031fc8)={0x0, 0x0, &(0x7f00008a8ff0)=[{&(0x7f0000000000)="240000005304f50008000000000000000000ffffffff00000b03006006fffd200000001f", 0x24}], 0x1}, 0x0) 2018/04/11 16:30:55 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0) dup2(r0, r2) 2018/04/11 16:30:55 executing program 5: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = memfd_create(&(0x7f00000000c0)="70726f63ae6d696d655f74797065776c616e316e6f64657600", 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000003, 0x5011, r1, 0x0) sendfile(r0, r1, 0x0, 0x80000001) 2018/04/11 16:30:55 executing program 6: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x4, 0x3, &(0x7f0000c91000)=ANY=[@ANYBLOB="850000001f00000097000000040000009500000000000000"], &(0x7f0000e6bffc)="f45010", 0x1, 0x99, &(0x7f000000d000)=""/153}, 0x48) syzkaller login: [ 41.888143] ip (3757) used greatest stack depth: 54672 bytes left [ 42.503387] ip (3813) used greatest stack depth: 54408 bytes left [ 42.537064] ip (3817) used greatest stack depth: 54312 bytes left [ 43.648722] ip (3923) used greatest stack depth: 54200 bytes left [ 45.503983] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.665529] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.683990] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.835670] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.851835] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.880237] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.936283] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.998935] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.677735] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.821937] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.839216] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.883441] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.917238] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.978917] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.115584] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.165996] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.431427] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.437705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.451698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.572389] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.578732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.595639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.623452] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.635425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.656629] ip (4933) used greatest stack depth: 53976 bytes left [ 55.673577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.707744] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.716334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.733332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.768381] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.775861] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.783592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.809823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.831871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.855638] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.903327] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.909774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.921654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.076447] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.082787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.096580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.156274] ================================================================== [ 57.163717] BUG: KMSAN: uninit-value in gf128mul_init_4k_lle+0x212/0x5c0 [ 57.170572] CPU: 1 PID: 5042 Comm: syz-executor1 Not tainted 4.16.0+ #83 [ 57.177416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.186863] Call Trace: [ 57.189457] dump_stack+0x185/0x1d0 [ 57.193093] ? gf128mul_init_4k_lle+0x212/0x5c0 [ 57.197762] kmsan_report+0x142/0x240 [ 57.201564] __msan_warning_32+0x6c/0xb0 [ 57.205626] gf128mul_init_4k_lle+0x212/0x5c0 [ 57.210126] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 57.215499] ? ghash_setkey+0x56/0x280 [ 57.219386] ghash_setkey+0x185/0x280 [ 57.223280] ? ghash_final+0x1f0/0x1f0 [ 57.227181] shash_async_setkey+0x337/0x4c0 [ 57.231510] ? shash_async_digest+0x1b0/0x1b0 [ 57.236016] crypto_ahash_setkey+0x31a/0x470 [ 57.240530] ? skcipher_encrypt_blkcipher+0x222/0x320 [ 57.245729] crypto_gcm_setkey+0xa3c/0xc10 [ 57.249973] ? crypto_gcm_exit_tfm+0xd0/0xd0 [ 57.254390] crypto_aead_setkey+0x373/0x4c0 [ 57.258723] aead_setkey+0xa0/0xc0 [ 57.262271] alg_setsockopt+0x6c5/0x740 [ 57.266253] ? aead_release+0x90/0x90 [ 57.270065] ? alg_accept+0xd0/0xd0 [ 57.273706] SYSC_setsockopt+0x4b8/0x570 [ 57.277778] SyS_setsockopt+0x76/0xa0 [ 57.281582] do_syscall_64+0x309/0x430 [ 57.285494] ? SYSC_recv+0xe0/0xe0 [ 57.289042] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.294233] RIP: 0033:0x455259 [ 57.297423] RSP: 002b:00007f274f73dc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 57.305143] RAX: ffffffffffffffda RBX: 00007f274f73e6d4 RCX: 0000000000455259 [ 57.312415] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 57.319690] RBP: 000000000072bea0 R08: 0000000000000018 R09: 0000000000000000 [ 57.326961] R10: 0000000020000080 R11: 0000000000000246 R12: 00000000ffffffff [ 57.334231] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 57.341503] [ 57.343136] Uninit was stored to memory at: [ 57.347465] kmsan_internal_chain_origin+0x12b/0x210 [ 57.352593] kmsan_memcpy_origins+0x11d/0x170 [ 57.357096] __msan_memcpy+0x19f/0x1f0 [ 57.360993] gf128mul_init_4k_lle+0x99/0x5c0 [ 57.365399] ghash_setkey+0x185/0x280 [ 57.369201] shash_async_setkey+0x337/0x4c0 [ 57.373531] crypto_ahash_setkey+0x31a/0x470 [ 57.377943] crypto_gcm_setkey+0xa3c/0xc10 [ 57.382181] crypto_aead_setkey+0x373/0x4c0 [ 57.386506] aead_setkey+0xa0/0xc0 [ 57.390049] alg_setsockopt+0x6c5/0x740 [ 57.394035] SYSC_setsockopt+0x4b8/0x570 [ 57.398099] SyS_setsockopt+0x76/0xa0 [ 57.401910] do_syscall_64+0x309/0x430 [ 57.405807] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.410988] Uninit was stored to memory at: [ 57.415316] kmsan_internal_chain_origin+0x12b/0x210 [ 57.420406] __msan_chain_origin+0x69/0xc0 [ 57.424628] __crypto_xor+0x23c/0x16b0 [ 57.428500] crypto_ctr_crypt_inplace+0x29a/0x3a0 [ 57.433331] crypto_ctr_crypt+0x54c/0x7d0 [ 57.437501] skcipher_encrypt_blkcipher+0x222/0x320 [ 57.442505] crypto_gcm_setkey+0x6a3/0xc10 [ 57.446727] crypto_aead_setkey+0x373/0x4c0 [ 57.451041] aead_setkey+0xa0/0xc0 [ 57.454584] alg_setsockopt+0x6c5/0x740 [ 57.458540] SYSC_setsockopt+0x4b8/0x570 [ 57.462598] SyS_setsockopt+0x76/0xa0 [ 57.466390] do_syscall_64+0x309/0x430 [ 57.470270] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.475437] Local variable description: ----vla@crypto_ctr_crypt_inplace [ 57.482266] Variable was created at: [ 57.485963] crypto_ctr_crypt_inplace+0x19a/0x3a0 [ 57.490784] crypto_ctr_crypt+0x54c/0x7d0 [ 57.494911] ================================================================== [ 57.502246] Disabling lock debugging due to kernel taint [ 57.507673] Kernel panic - not syncing: panic_on_warn set ... [ 57.507673] [ 57.515041] CPU: 1 PID: 5042 Comm: syz-executor1 Tainted: G B 4.16.0+ #83 [ 57.523273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.532613] Call Trace: [ 57.535634] dump_stack+0x185/0x1d0 [ 57.539253] panic+0x39d/0x940 [ 57.542443] ? gf128mul_init_4k_lle+0x212/0x5c0 [ 57.547100] kmsan_report+0x238/0x240 [ 57.550899] __msan_warning_32+0x6c/0xb0 [ 57.554951] gf128mul_init_4k_lle+0x212/0x5c0 [ 57.559453] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 57.564824] ? ghash_setkey+0x56/0x280 [ 57.568708] ghash_setkey+0x185/0x280 [ 57.572490] ? ghash_final+0x1f0/0x1f0 [ 57.576359] shash_async_setkey+0x337/0x4c0 [ 57.580664] ? shash_async_digest+0x1b0/0x1b0 [ 57.585151] crypto_ahash_setkey+0x31a/0x470 [ 57.589552] ? skcipher_encrypt_blkcipher+0x222/0x320 [ 57.594734] crypto_gcm_setkey+0xa3c/0xc10 [ 57.598963] ? crypto_gcm_exit_tfm+0xd0/0xd0 [ 57.603356] crypto_aead_setkey+0x373/0x4c0 [ 57.607666] aead_setkey+0xa0/0xc0 [ 57.611213] alg_setsockopt+0x6c5/0x740 [ 57.615175] ? aead_release+0x90/0x90 [ 57.618976] ? alg_accept+0xd0/0xd0 [ 57.622587] SYSC_setsockopt+0x4b8/0x570 [ 57.626650] SyS_setsockopt+0x76/0xa0 [ 57.630436] do_syscall_64+0x309/0x430 [ 57.634310] ? SYSC_recv+0xe0/0xe0 [ 57.637837] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.643011] RIP: 0033:0x455259 [ 57.646189] RSP: 002b:00007f274f73dc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 57.653895] RAX: ffffffffffffffda RBX: 00007f274f73e6d4 RCX: 0000000000455259 [ 57.661164] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 57.668439] RBP: 000000000072bea0 R08: 0000000000000018 R09: 0000000000000000 [ 57.675695] R10: 0000000020000080 R11: 0000000000000246 R12: 00000000ffffffff [ 57.682954] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 57.690650] Dumping ftrace buffer: [ 57.694177] (ftrace buffer empty) [ 57.697863] Kernel Offset: disabled [ 57.701820] Rebooting in 86400 seconds..