INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts. 2018/04/07 04:05:14 fuzzer started 2018/04/07 04:05:14 dialing manager at 10.128.0.26:38639 2018/04/07 04:05:20 kcov=true, comps=false 2018/04/07 04:05:23 executing program 0: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc\x00', 0x400400, 0x0) bind$unix(r0, &(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e) pipe2(&(0x7f0000000080)={0x0, 0x0}, 0x4000) r3 = syz_open_procfs(0x0, &(0x7f0000000300)='net/rt_acct\x00') sendfile(r2, r3, &(0x7f000036b000), 0x7f) r4 = syz_open_dev$usbmon(&(0x7f00000001c0)='/dev/usbmon#\x00', 0x7, 0xdab8e4976d7fda9c) ioctl$KDGKBDIACR(r1, 0x4b4a, &(0x7f0000000340)=""/199) ioctl$PIO_SCRNMAP(r4, 0x4b41, &(0x7f0000000540)="d38e50e252a3cef4b8f34e36") socket$inet(0x2, 0x801, 0x8) ioctl$EVIOCGABS20(r2, 0x80184560, &(0x7f0000000580)=""/27) fstatfs(r2, &(0x7f00000000c0)=""/227) ioctl$sock_inet_SIOCDARP(r1, 0x8953, &(0x7f0000000240)={{0x2, 0x0, @multicast1=0xe0000001}, {0x306, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14, {0x2, 0x4e21, @multicast1=0xe0000001}, 'dummy0\x00'}) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, 0xffffffffffffffff) 2018/04/07 04:05:23 executing program 2: r0 = socket$inet6(0xa, 0x0, 0x88) recvfrom$inet6(r0, &(0x7f0000ffbf47)=""/185, 0xfffffffffffffeba, 0x0, 0x0, 0xfffffffffffffde6) bind$inet6(r0, &(0x7f00008a8000)={0xa, 0x4e23}, 0x1c) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)={0x0, 0x0, 0x5, [0x7766, 0xffff, 0x581, 0x9, 0x20c]}, 0x12) r2 = gettid() wait4(r2, &(0x7f0000000100), 0x4, &(0x7f0000000180)) r3 = socket$inet6(0xa, 0x8000000000000802, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, r4, 0x32, 0x70bd29, 0x25dfdbfc, {0x9}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}]}, 0x1c}, 0x1}, 0x4040801) sendmsg$inet_sctp(r3, &(0x7f0000a29000)={&(0x7f00005dafe4)=@in6={0xa, 0x4e23, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c, &(0x7f0000fc8000)}, 0x8000) sched_setscheduler(0x0, 0x5, &(0x7f0000000300)) setsockopt$ax25_buf(r1, 0x101, 0x19, &(0x7f0000000340)="3518973f9585f75e96f57efae8f6833f29556cacc680a0e567dd49f1b0bef3076af4201975c230a192a4f43f9ab7de752a5214f34cabb8bb588c49c698fa6a8ae769513e02", 0x45) sendto$inet6(r3, &(0x7f0000b0cf6e), 0xffed, 0x0, &(0x7f000001b000)={0xa}, 0x1c) r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$DRM_IOCTL_DROP_MASTER(r5, 0x641f) recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000600)=""/191, 0xbf, 0x0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @empty, 0x4}, 0x1c) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000000c0)=0x0) syz_open_procfs(r6, &(0x7f00000005c0)='gid_map\x00') tgkill(r2, r2, 0x23) socket$inet6(0xa, 0x0, 0x2) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@in={0x2, 0x4e22, @rand_addr=0x8}, 0x10, &(0x7f0000000480), 0x0, &(0x7f00000004c0), 0x0, 0x80}, 0x0) accept(0xffffffffffffffff, &(0x7f0000000240)=@pppoe={0x0, 0x0, {0x0, @dev}}, &(0x7f00000002c0)=0x80) 2018/04/07 04:05:23 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000500)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080), 0x0) r1 = accept$alg(r0, 0x0, 0x0) poll(&(0x7f0000000000)=[{r1}], 0x1, 0xf238) write(r1, &(0x7f0000000380)="e6", 0x1) 2018/04/07 04:05:23 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes-asm)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003bcfd0)="d3ab27191a01002356ba602dff05000b", 0x10) 2018/04/07 04:05:23 executing program 4: perf_event_open(&(0x7f000001d000)={0x5, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00002b5f88)={0x2, 0x78, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@loopback={0x0, 0x1}, 0x800, 0x0, 0xff, 0x1}, 0x20) r1 = socket$inet6(0xa, 0x802, 0x0) r2 = dup3(r0, r1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000000)={@loopback={0x0, 0x1}, 0x400000000800, 0x0, 0xffffffffffffffff}, 0x20) 2018/04/07 04:05:23 executing program 3: perf_event_open(&(0x7f0000740000)={0x2, 0x70, 0x4a, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000b86fff)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x2, 0x2000000000000005, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x88) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000380)={'bridge0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="0e"]}) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='attr/current\x00') r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f00000000c0)={r3, 0x1, 0x6, @random="7c2e1626459d"}, 0x10) r4 = dup3(r1, r2, 0x80020) symlinkat(&(0x7f0000000040)='./file0\x00', r4, &(0x7f0000000080)='./file0\x00') 2018/04/07 04:05:23 executing program 5: r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000239000)='environ\x00') pread64(r1, &(0x7f0000e4d000), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'ip_vti0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={"62707130000100000300", r2}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[]}, 0x1}, 0x0) ioctl$TIOCSSOFTCAR(r1, 0x541a, &(0x7f0000000040)=0x4) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f00000000c0)=0x3, 0x4) 2018/04/07 04:05:23 executing program 6: mmap(&(0x7f0000000000/0xb3c000)=nil, 0xb3c000, 0xfffffffffffffffc, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000d25fef)='/dev/vga_arbiter\x00', 0x20021, 0x0) write$eventfd(r0, &(0x7f00009c2ff8), 0xfe53) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f0000000040)=0xffffffffffff7fff, 0x4) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f00000000c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000000)={0x1, 0xbb5d}, 0x8) syzkaller login: [ 41.776249] ip (3763) used greatest stack depth: 54688 bytes left [ 42.172982] ip (3802) used greatest stack depth: 54312 bytes left [ 43.304849] ip (3908) used greatest stack depth: 54296 bytes left [ 43.526248] ip (3925) used greatest stack depth: 53992 bytes left [ 44.974513] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.429917] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.456704] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.486950] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.543409] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.553207] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.577689] ip (4105) used greatest stack depth: 53976 bytes left [ 45.615730] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.666257] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.858092] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.209688] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.289555] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.360158] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.368978] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.441318] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.581761] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.611992] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.634493] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.640753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.649780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.941640] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.947908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.956129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.022291] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.030295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.039982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.146953] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.153261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.165009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.195898] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.205788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.237191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.267660] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.273914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.309611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.349799] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.356316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.375830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.415925] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.422189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.435214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.174477] device bridge0 entered promiscuous mode [ 56.353402] device bridge0 left promiscuous mode [ 56.513577] ================================================================== [ 56.520985] BUG: KMSAN: uninit-value in ghash_setkey+0x209/0x270 [ 56.527132] CPU: 1 PID: 5033 Comm: syz-executor1 Not tainted 4.16.0+ #81 [ 56.533960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.543302] Call Trace: [ 56.545891] dump_stack+0x185/0x1d0 [ 56.549519] ? ghash_setkey+0x209/0x270 [ 56.553491] kmsan_report+0x142/0x240 [ 56.557293] __msan_warning_32+0x6c/0xb0 [ 56.561354] ghash_setkey+0x209/0x270 [ 56.565154] ? ghash_final+0x1d0/0x1d0 [ 56.569037] crypto_shash_setkey+0x317/0x490 [ 56.573449] cryptd_hash_setkey+0x1a5/0x330 [ 56.577772] ? cryptd_hash_import+0x2a0/0x2a0 [ 56.582268] crypto_ahash_setkey+0x31a/0x470 [ 56.586679] ghash_async_setkey+0x1a5/0x330 [ 56.591010] ? ghash_async_import+0x3a0/0x3a0 [ 56.595508] crypto_ahash_setkey+0x31a/0x470 [ 56.599923] ? skcipher_encrypt_blkcipher+0x222/0x320 [ 56.605119] crypto_gcm_setkey+0xa3c/0xc10 [ 56.609359] ? crypto_gcm_exit_tfm+0xd0/0xd0 [ 56.613766] crypto_aead_setkey+0x373/0x4c0 [ 56.618089] aead_setkey+0xa0/0xc0 [ 56.621629] alg_setsockopt+0x6c5/0x740 [ 56.625601] ? aead_release+0x90/0x90 [ 56.629400] ? alg_accept+0xd0/0xd0 [ 56.633028] SYSC_setsockopt+0x4b8/0x570 [ 56.637094] SyS_setsockopt+0x76/0xa0 [ 56.640888] do_syscall_64+0x309/0x430 [ 56.644775] ? SYSC_recv+0xe0/0xe0 [ 56.648325] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 56.653505] RIP: 0033:0x455259 [ 56.656686] RSP: 002b:00007f05653abc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 56.664391] RAX: ffffffffffffffda RBX: 00007f05653ac6d4 RCX: 0000000000455259 [ 56.671657] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 56.678914] RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 [ 56.686168] R10: 00000000203bcfd0 R11: 0000000000000246 R12: 00000000ffffffff [ 56.693420] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 56.700670] [ 56.702278] Uninit was stored to memory at: [ 56.706576] kmsan_internal_chain_origin+0x12b/0x210 [ 56.711917] __msan_chain_origin+0x69/0xc0 [ 56.716136] __crypto_xor+0x23c/0x16b0 [ 56.720019] crypto_ctr_crypt_inplace+0x29a/0x3a0 [ 56.724843] crypto_ctr_crypt+0x54c/0x7d0 [ 56.728968] skcipher_encrypt_blkcipher+0x222/0x320 [ 56.733966] crypto_gcm_setkey+0x6a3/0xc10 [ 56.738189] crypto_aead_setkey+0x373/0x4c0 [ 56.742489] aead_setkey+0xa0/0xc0 [ 56.746012] alg_setsockopt+0x6c5/0x740 [ 56.749972] SYSC_setsockopt+0x4b8/0x570 [ 56.754020] SyS_setsockopt+0x76/0xa0 [ 56.757802] do_syscall_64+0x309/0x430 [ 56.761668] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 56.766827] Local variable description: ----vla@crypto_ctr_crypt_inplace [ 56.773633] Variable was created at: [ 56.777326] crypto_ctr_crypt_inplace+0x19a/0x3a0 [ 56.782149] crypto_ctr_crypt+0x54c/0x7d0 [ 56.786269] ================================================================== [ 56.793607] Disabling lock debugging due to kernel taint [ 56.799035] Kernel panic - not syncing: panic_on_warn set ... [ 56.799035] [ 56.806901] CPU: 1 PID: 5033 Comm: syz-executor1 Tainted: G B 4.16.0+ #81 [ 56.815018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.824355] Call Trace: [ 56.826920] dump_stack+0x185/0x1d0 [ 56.830527] panic+0x39d/0x940 [ 56.833705] ? ghash_setkey+0x209/0x270 [ 56.837655] kmsan_report+0x238/0x240 [ 56.841434] __msan_warning_32+0x6c/0xb0 [ 56.845471] ghash_setkey+0x209/0x270 [ 56.849247] ? ghash_final+0x1d0/0x1d0 [ 56.853119] crypto_shash_setkey+0x317/0x490 [ 56.857520] cryptd_hash_setkey+0x1a5/0x330 [ 56.861828] ? cryptd_hash_import+0x2a0/0x2a0 [ 56.866303] crypto_ahash_setkey+0x31a/0x470 [ 56.870700] ghash_async_setkey+0x1a5/0x330 [ 56.875023] ? ghash_async_import+0x3a0/0x3a0 [ 56.879522] crypto_ahash_setkey+0x31a/0x470 [ 56.883917] ? skcipher_encrypt_blkcipher+0x222/0x320 [ 56.889085] crypto_gcm_setkey+0xa3c/0xc10 [ 56.893300] ? crypto_gcm_exit_tfm+0xd0/0xd0 [ 56.897685] crypto_aead_setkey+0x373/0x4c0 [ 56.901987] aead_setkey+0xa0/0xc0 [ 56.905512] alg_setsockopt+0x6c5/0x740 [ 56.909469] ? aead_release+0x90/0x90 [ 56.913252] ? alg_accept+0xd0/0xd0 [ 56.916863] SYSC_setsockopt+0x4b8/0x570 [ 56.920910] SyS_setsockopt+0x76/0xa0 [ 56.924694] do_syscall_64+0x309/0x430 [ 56.928567] ? SYSC_recv+0xe0/0xe0 [ 56.932093] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 56.937264] RIP: 0033:0x455259 [ 56.940432] RSP: 002b:00007f05653abc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 56.948118] RAX: ffffffffffffffda RBX: 00007f05653ac6d4 RCX: 0000000000455259 [ 56.955365] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000013 [ 56.962616] RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 [ 56.969865] R10: 00000000203bcfd0 R11: 0000000000000246 R12: 00000000ffffffff [ 56.977115] R13: 0000000000000510 R14: 00000000006faa20 R15: 0000000000000000 [ 56.984785] Dumping ftrace buffer: [ 56.988302] (ftrace buffer empty) [ 56.991984] Kernel Offset: disabled [ 56.995585] Rebooting in 86400 seconds..