INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts. 2018/04/10 05:20:05 fuzzer started 2018/04/10 05:20:06 dialing manager at 10.128.0.26:36427 2018/04/10 05:20:12 kcov=true, comps=false 2018/04/10 05:20:15 executing program 0: 2018/04/10 05:20:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000e5aff8)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) write$tun(r2, &(0x7f0000000340)={@void, @hdr, @eth={@empty, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "4cf3a7", 0x8, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, {[], @udp={0x0, 0x0, 0x8}}}}}}}, 0x48) setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f000002effc)=0xb92c, 0x4) readv(r0, &(0x7f0000000100)=[{&(0x7f0000000000)=""/208, 0xd0}], 0x1) 2018/04/10 05:20:15 executing program 7: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000db5fdb)="24000000200025f0071c0165ff0ffc0e020000008010000002e1000c07000b0000000200", 0x24) 2018/04/10 05:20:15 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000ca9ff5)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f0000000180)="74086e750000000000000000008c00", 0x3) r2 = dup2(r1, r0) fcntl$getown(r2, 0x9) geteuid() getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000840)={{{@in6, @in6=@dev}}, {{@in=@loopback}, 0x0, @in=@multicast1}}, &(0x7f0000000940)=0xe8) ioctl$TIOCGSID(r2, 0x5429, &(0x7f00000009c0)) getgid() stat(&(0x7f0000003480)='./file0\x00', &(0x7f00000034c0)) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000003580), &(0x7f00000035c0)=0xc) fcntl$getown(r1, 0x9) getpgrp(0xffffffffffffffff) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000004bc0)={{{@in=@broadcast, @in6}}, {{@in=@broadcast}, 0x0, @in=@remote}}, &(0x7f0000004cc0)=0xe8) getgroups(0x2, &(0x7f0000004e00)=[0x0, 0x0]) 2018/04/10 05:20:15 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'vmac(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="81081800001d000000010054409d0954", 0x10) r1 = accept(r0, 0x0, &(0x7f0000000140)) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f00000002c0)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0x14, 0x0, 0x0, 0x0, 0x0, {0xc}}, 0x14}, 0x1}, 0x0) 2018/04/10 05:20:15 executing program 4: perf_event_open(&(0x7f0000348f88)={0x2, 0x78, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key(&(0x7f0000000100)='big_key\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a}, &(0x7f0000000400)='V', 0x1, 0xffffffffffffffff) r1 = socket(0x40000000015, 0x5, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0x5) keyctl$chown(0x4, r0, r2, 0x0) 2018/04/10 05:20:15 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000b9bff0)={0x2, 0x1, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000fa0fff), 0xffffffffffffffbb, 0x20020003, &(0x7f0000385ff0)={0x2, 0x1, @loopback=0x7f000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='yeah\x00', 0x5) exit(0x0) shutdown(r0, 0x1) 2018/04/10 05:20:15 executing program 6: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f000096ffe4)={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}}, 0x1c) getsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000e29ffc), &(0x7f0000a23000)=0x4) syzkaller login: [ 41.617288] ip (3748) used greatest stack depth: 54688 bytes left [ 42.127193] ip (3798) used greatest stack depth: 54672 bytes left [ 42.689316] ip (3850) used greatest stack depth: 54200 bytes left [ 45.213121] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.316346] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.333690] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.429446] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.565972] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.631422] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.658629] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.679465] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.158930] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.304947] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.357572] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.460575] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.503790] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.568347] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.674188] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.692593] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.817494] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.823792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.836981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.055988] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.062300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.073480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.109286] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.115542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.125899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.300979] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.307287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.315373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.333382] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.344969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.384472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.418688] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.425307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.443668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.534944] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.541370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.557684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.575928] ip (4949) used greatest stack depth: 53976 bytes left [ 55.622950] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.629269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.641147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.577757] netlink: 'syz-executor7': attribute type 11 has an invalid length. [ 56.710288] ================================================================== [ 56.717715] BUG: KMSAN: uninit-value in vmac_setkey+0x337/0x940 [ 56.723777] CPU: 1 PID: 5066 Comm: syz-executor3 Not tainted 4.16.0+ #82 [ 56.730619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.739988] Call Trace: [ 56.742593] dump_stack+0x185/0x1d0 [ 56.746230] ? vmac_setkey+0x337/0x940 [ 56.750125] kmsan_report+0x142/0x240 [ 56.753929] ? aes_set_key+0x260/0x260 [ 56.757827] __msan_warning_32+0x6c/0xb0 [ 56.761885] ? aes_set_key+0x260/0x260 [ 56.765780] vmac_setkey+0x337/0x940 [ 56.769499] ? vmac_final+0x3f80/0x3f80 [ 56.773475] shash_async_setkey+0x337/0x4c0 [ 56.777796] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 56.783162] ? trace_kmalloc+0xb6/0x2b0 [ 56.787127] ? shash_async_digest+0x1b0/0x1b0 [ 56.791604] crypto_ahash_setkey+0x31a/0x470 [ 56.796004] hash_setkey+0x8b/0xa0 [ 56.799534] alg_setsockopt+0x6c5/0x740 [ 56.803487] ? hash_release+0x50/0x50 [ 56.807277] ? alg_accept+0xd0/0xd0 [ 56.810890] SYSC_setsockopt+0x4b8/0x570 [ 56.814935] SyS_setsockopt+0x76/0xa0 [ 56.818730] do_syscall_64+0x309/0x430 [ 56.822613] ? SYSC_recv+0xe0/0xe0 [ 56.826144] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 56.831313] RIP: 0033:0x455259 [ 56.834479] RSP: 002b:00007feb935d2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 56.842165] RAX: ffffffffffffffda RBX: 00007feb935d36d4 RCX: 0000000000455259 [ 56.849419] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 56.856667] RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 [ 56.863913] R10: 0000000020000040 R11: 0000000000000246 R12: 00000000ffffffff [ 56.871161] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 56.878409] [ 56.880016] Local variable description: ----out.i@vmac_setkey [ 56.885882] Variable was created at: [ 56.889576] vmac_setkey+0x93/0x940 [ 56.893178] shash_async_setkey+0x337/0x4c0 [ 56.897472] ================================================================== [ 56.904809] Disabling lock debugging due to kernel taint [ 56.910239] Kernel panic - not syncing: panic_on_warn set ... [ 56.910239] [ 56.917585] CPU: 1 PID: 5066 Comm: syz-executor3 Tainted: G B 4.16.0+ #82 [ 56.925699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.935032] Call Trace: [ 56.937611] dump_stack+0x185/0x1d0 [ 56.941218] panic+0x39d/0x940 [ 56.944402] ? vmac_setkey+0x337/0x940 [ 56.948265] kmsan_report+0x238/0x240 [ 56.952054] ? aes_set_key+0x260/0x260 [ 56.955931] __msan_warning_32+0x6c/0xb0 [ 56.959971] ? aes_set_key+0x260/0x260 [ 56.963839] vmac_setkey+0x337/0x940 [ 56.967548] ? vmac_final+0x3f80/0x3f80 [ 56.971506] shash_async_setkey+0x337/0x4c0 [ 56.975807] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 56.981151] ? trace_kmalloc+0xb6/0x2b0 [ 56.985106] ? shash_async_digest+0x1b0/0x1b0 [ 56.989584] crypto_ahash_setkey+0x31a/0x470 [ 56.993973] hash_setkey+0x8b/0xa0 [ 56.997491] alg_setsockopt+0x6c5/0x740 [ 57.001444] ? hash_release+0x50/0x50 [ 57.005226] ? alg_accept+0xd0/0xd0 [ 57.008840] SYSC_setsockopt+0x4b8/0x570 [ 57.012881] SyS_setsockopt+0x76/0xa0 [ 57.016673] do_syscall_64+0x309/0x430 [ 57.020556] ? SYSC_recv+0xe0/0xe0 [ 57.024087] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 57.029276] RIP: 0033:0x455259 [ 57.032457] RSP: 002b:00007feb935d2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 57.040152] RAX: ffffffffffffffda RBX: 00007feb935d36d4 RCX: 0000000000455259 [ 57.047401] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 57.054648] RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 [ 57.061899] R10: 0000000020000040 R11: 0000000000000246 R12: 00000000ffffffff [ 57.069151] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 57.076879] Dumping ftrace buffer: [ 57.080406] (ftrace buffer empty) [ 57.084089] Kernel Offset: disabled [ 57.087691] Rebooting in 86400 seconds..