INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts.
2018/04/11 13:28:10 fuzzer started
2018/04/11 13:28:11 dialing manager at 10.128.0.26:36259
2018/04/11 13:28:18 kcov=true, comps=false
2018/04/11 13:28:21 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)="2f65786500000000000090d8b75e67e16b394342abb5158df87ea8984e79c93df7498b2b34796068700e29fbd789f9a031f23e16c96e30baed2961953b057f7a3222943acc4b8cfa4de553f8276731ddeb811efd44ea011e1a0db9074a28a826c88566b89c57cc3cca4aec41d37fa27c8daa19030d03139d0aea71d509d9a20ba7deceb656cc1308d9d1f111b6bd1595486f55e229923be4ed8cbfb78e86280b4cacf386bfa8840afb312a4c520a03b27f805d181bd09ea208931a36e888060a2d")
ioctl(r0, 0x1, &(0x7f0000000040)="3ad69188")

2018/04/11 13:28:21 executing program 1:
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x3e2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x20, r1, 0x503, 0x0, 0x0, {0xa}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1}]}]}, 0x20}, 0x1}, 0x0)

2018/04/11 13:28:21 executing program 7:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ptmx\x00', 0x0, 0x0)
fstat(r0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0})
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000c80)={{0x0, 0x0, r1}})

2018/04/11 13:28:21 executing program 4:

2018/04/11 13:28:21 executing program 2:

2018/04/11 13:28:21 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f00000001c0)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000000)={{}, {0xe}, 0x0, 0x1})

2018/04/11 13:28:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x5, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5})
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
syz_open_pts(r0, 0x0)
write(r0, &(0x7f0000c34fff), 0xffffff0b)

2018/04/11 13:28:21 executing program 6:
clock_gettime(0x0, &(0x7f0000000080)={<r0=>0x0})
nanosleep(&(0x7f0000000200)={r0}, &(0x7f0000000100))
nanosleep(&(0x7f0000000140)={0x0, 0x1c9c380}, &(0x7f0000000280))
ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000004c0)=""/111)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
shmdt(0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)

syzkaller login: [   45.033401] ip (3785) used greatest stack depth: 54408 bytes left
[   46.403127] ip (3910) used greatest stack depth: 54296 bytes left
[   47.389627] ip (3989) used greatest stack depth: 54256 bytes left
[   48.551396] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   48.581851] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   48.695766] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   48.797666] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   48.807658] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   48.898272] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   48.965604] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   49.027634] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   58.097670] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   58.222586] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   58.232520] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   58.310269] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   58.379847] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   58.485626] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   58.502745] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   58.517819] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   58.949257] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   58.955578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   58.970874] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.008994] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   59.015311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.033480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.074878] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   59.084136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.103283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.194538] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   59.201099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.213873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.262975] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   59.271156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.284705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.316909] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   59.323565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.364816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.389254] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   59.397248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.409750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.445553] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   59.461281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.495882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
2018/04/11 13:28:39 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = getpgid(0xffffffffffffffff)
memfd_create(&(0x7f0000000040)='\\GPLmd5sum/,ppp1-/cgroup\x00', 0x3)
setpriority(0x0, r1, 0x7)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0x1}, 0x1c)
sendmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="100000008000000000000000880000000e9622710651fd635fb2bfeaf7f2d18a05d0832cd447c85b9a02a9cf4ca3fb362e3dec1fe959754e048658e13cfdf7a9e267966f9e3b7641ce8b090000007210a508777487186554aa6b324bf589aaee618fecac8de82a4ab4a6b1829f2112ab95c89ba37782cbcc109ddd33e8c55f3fc443e6481cbbe509328d210007d1f74bdda2a90e6198cabb05a6fcb215b810995015c9bc58346b4859953d2acf6775a145772c845792bebe4adf4de77813e80662c49d21a9777ab5b24ed9e24d7ec12e49efd8a848d7a8e5d176efc1d3b22be8ec45451c948df3f9ef0a44f515a3dd7046f010744f76c0e1ef018e2e67373aa6111f51d8df1163ef693dd1e100ffcc6934e3e30090000022527c5cb729dc8e115d5d049d0b30e40735a8dec5fc015c849b7252c6853b51dc97fbaca180496db5ef163537319be4c519c9993407cd5e62befe0e153c7967851f85a0c655d68c599a366440503e5be14f6d9af01470666faf4903a3abdb26ba1683c2360695ecd4c0f1c8630013d0e7faa2675634133564da9a9cba8539049289971dd7520607ff1c0a4af46cccb50a22113226"], 0x1ac}}], 0x2, 0x0)

2018/04/11 13:28:39 executing program 1:

2018/04/11 13:28:39 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = getpgid(0xffffffffffffffff)
memfd_create(&(0x7f0000000040)='\\GPLmd5sum/,ppp1-/cgroup\x00', 0x3)
setpriority(0x0, r1, 0x7)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0x1}, 0x1c)
sendmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x80, &(0x7f0000000680), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="100000008000000000000000880000000e9622710651fd635fb2bfeaf7f2d18a05d0832cd447c85b9a02a9cf4ca3fb362e3dec1fe959754e048658e13cfdf7a9e267966f9e3b7641ce8b090000007210a508777487186554aa6b324bf589aaee618fecac8de82a4ab4a6b1829f2112ab95c89ba37782cbcc109ddd33e8c55f3fc443e6481cbbe509328d210007d1f74bdda2a90e6198cabb05a6fcb215b810995015c9bc58346b4859953d2acf6775a145772c845792bebe4adf4de77813e80662c49d21a9777ab5b24ed9e24d7ec12e49efd8a848d7a8e5d176efc1d3b22be8ec45451c948df3f9ef0a44f515a3dd7046f010744f76c0e1ef018e2e67373aa6111f51d8df1163ef693dd1e100ffcc6934e3e30090000022527c5cb729dc8e115d5d049d0b30e40735a8dec5fc015c849b7252c6853b51dc97fbaca180496db5ef163537319be4c519c9993407cd5e62befe0e153c7967851f85a0c655d68c599a366440503e5be14f6d9af01470666faf4903a3abdb26ba1683c2360695ecd4c0f1c8630013d0e7faa2675634133564da9a9cba8539049289971dd7520607ff1c0a4af46cccb50a22113226"], 0x1ac}}], 0x2, 0x0)

2018/04/11 13:28:40 executing program 0:

2018/04/11 13:28:40 executing program 4:

2018/04/11 13:28:40 executing program 1:

2018/04/11 13:28:40 executing program 2:

2018/04/11 13:28:40 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f00000001c0)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000000)={{}, {0xe}, 0x0, 0x1})

2018/04/11 13:28:40 executing program 7:

2018/04/11 13:28:40 executing program 6:

2018/04/11 13:28:40 executing program 5:

2018/04/11 13:28:40 executing program 4:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x13, &(0x7f0000000000)={@local={0xfe, 0x80, [], 0xaa}}, 0x20)

2018/04/11 13:28:40 executing program 2:
r0 = socket$inet6(0xa, 0x3, 0x7)
getsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040), &(0x7f00000015c0)=0x4)

2018/04/11 13:28:40 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f00009f2000)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000226000)={&(0x7f0000823fc4)={0x20, 0x1e, 0x2ff, 0x0, 0x0, {}, [@typed={0x8, 0x0, @u32}, @nested={0x4, 0x8}]}, 0x20}, 0x1}, 0x0)

[   62.092521] ==================================================================
[   62.099968] BUG: KMSAN: uninit-value in neigh_dump_info+0x1a15/0x2250
[   62.106563] CPU: 1 PID: 5116 Comm: syz-executor5 Not tainted 4.16.0+ #83
[   62.113520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   62.122881] Call Trace:
[   62.125506]  dump_stack+0x185/0x1d0
[   62.129148]  ? neigh_dump_info+0x1a15/0x2250
[   62.133570]  kmsan_report+0x142/0x240
[   62.137388]  __msan_warning_32+0x6c/0xb0
[   62.141471]  neigh_dump_info+0x1a15/0x2250
[   62.145739]  ? neigh_delete+0x980/0x980
[   62.149727]  netlink_dump+0x9ad/0x1540
[   62.153641]  __netlink_dump_start+0x1167/0x12a0
[   62.158338]  rtnetlink_rcv_msg+0x1435/0x1560
[   62.162766]  ? neigh_delete+0x980/0x980
[   62.166756]  ? neigh_delete+0x980/0x980
[   62.170747]  ? __msan_poison_alloca+0x15c/0x1d0
[   62.175429]  ? _raw_spin_unlock_bh+0x57/0x70
[   62.179852]  ? __local_bh_enable_ip+0x3b/0x140
[   62.184447]  ? _raw_spin_unlock_bh+0x57/0x70
[   62.188875]  ? kmsan_set_origin_inline+0x6b/0x120
[   62.193738]  ? kmsan_set_origin+0x9e/0x160
[   62.197987]  netlink_rcv_skb+0x355/0x5f0
[   62.202065]  ? rtnetlink_bind+0x120/0x120
[   62.206236]  rtnetlink_rcv+0x50/0x60
[   62.209969]  netlink_unicast+0x1672/0x1750
[   62.214225]  ? rtnetlink_net_exit+0xa0/0xa0
[   62.218565]  netlink_sendmsg+0x1048/0x1310
[   62.222828]  ? netlink_getsockopt+0xc80/0xc80
[   62.227345]  ___sys_sendmsg+0xec0/0x1310
[   62.231413]  ? __fdget+0x4e/0x60
[   62.234766]  ? __fget_light+0x56/0x710
[   62.238635]  ? __fdget+0x4e/0x60
[   62.241988]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[   62.247354]  ? __fget_light+0x6b9/0x710
[   62.251334]  SYSC_sendmsg+0x2a3/0x3d0
[   62.255144]  SyS_sendmsg+0x54/0x80
[   62.258669]  do_syscall_64+0x309/0x430
[   62.262541]  ? ___sys_sendmsg+0x1310/0x1310
[   62.266861]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   62.272048] RIP: 0033:0x455259
[   62.275221] RSP: 002b:00007f466099cc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   62.282911] RAX: ffffffffffffffda RBX: 00007f466099d6d4 RCX: 0000000000455259
[   62.290170] RDX: 0000000000000000 RSI: 00000000209f2000 RDI: 0000000000000013
[   62.297433] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   62.304687] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   62.311943] R13: 00000000000004ef R14: 00000000006fa708 R15: 0000000000000000
[   62.319202] 
[   62.320814] Uninit was created at:
[   62.324368]  kmsan_internal_poison_shadow+0xb8/0x1b0
[   62.329464]  kmsan_kmalloc+0x94/0x100
[   62.333264]  kmsan_slab_alloc+0x11/0x20
[   62.337229]  __kmalloc_node_track_caller+0xaed/0x11c0
[   62.342412]  __alloc_skb+0x2cf/0x9f0
[   62.346115]  netlink_sendmsg+0x9a6/0x1310
[   62.350253]  ___sys_sendmsg+0xec0/0x1310
[   62.354299]  SYSC_sendmsg+0x2a3/0x3d0
[   62.358107]  SyS_sendmsg+0x54/0x80
[   62.361629]  do_syscall_64+0x309/0x430
[   62.365510]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   62.370677] ==================================================================
[   62.378041] Disabling lock debugging due to kernel taint
[   62.383488] Kernel panic - not syncing: panic_on_warn set ...
[   62.383488] 
[   62.390857] CPU: 1 PID: 5116 Comm: syz-executor5 Tainted: G    B            4.16.0+ #83
[   62.398978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   62.408321] Call Trace:
[   62.410898]  dump_stack+0x185/0x1d0
[   62.414508]  panic+0x39d/0x940
[   62.417696]  ? neigh_dump_info+0x1a15/0x2250
[   62.422092]  kmsan_report+0x238/0x240
[   62.425874]  __msan_warning_32+0x6c/0xb0
[   62.429919]  neigh_dump_info+0x1a15/0x2250
[   62.434146]  ? neigh_delete+0x980/0x980
[   62.438106]  netlink_dump+0x9ad/0x1540
[   62.441980]  __netlink_dump_start+0x1167/0x12a0
[   62.446648]  rtnetlink_rcv_msg+0x1435/0x1560
[   62.451054]  ? neigh_delete+0x980/0x980
[   62.455016]  ? neigh_delete+0x980/0x980
[   62.458983]  ? __msan_poison_alloca+0x15c/0x1d0
[   62.463658]  ? _raw_spin_unlock_bh+0x57/0x70
[   62.468062]  ? __local_bh_enable_ip+0x3b/0x140
[   62.472643]  ? _raw_spin_unlock_bh+0x57/0x70
[   62.477058]  ? kmsan_set_origin_inline+0x6b/0x120
[   62.481886]  ? kmsan_set_origin+0x9e/0x160
[   62.486105]  netlink_rcv_skb+0x355/0x5f0
[   62.490166]  ? rtnetlink_bind+0x120/0x120
[   62.494319]  rtnetlink_rcv+0x50/0x60
[   62.498026]  netlink_unicast+0x1672/0x1750
[   62.502262]  ? rtnetlink_net_exit+0xa0/0xa0
[   62.506571]  netlink_sendmsg+0x1048/0x1310
[   62.510795]  ? netlink_getsockopt+0xc80/0xc80
[   62.515277]  ___sys_sendmsg+0xec0/0x1310
[   62.519332]  ? __fdget+0x4e/0x60
[   62.522689]  ? __fget_light+0x56/0x710
[   62.526559]  ? __fdget+0x4e/0x60
[   62.529912]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[   62.535259]  ? __fget_light+0x6b9/0x710
[   62.539221]  SYSC_sendmsg+0x2a3/0x3d0
[   62.543010]  SyS_sendmsg+0x54/0x80
[   62.546544]  do_syscall_64+0x309/0x430
[   62.550416]  ? ___sys_sendmsg+0x1310/0x1310
[   62.554736]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   62.559903] RIP: 0033:0x455259
[   62.563073] RSP: 002b:00007f466099cc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   62.570763] RAX: ffffffffffffffda RBX: 00007f466099d6d4 RCX: 0000000000455259
[   62.578016] RDX: 0000000000000000 RSI: 00000000209f2000 RDI: 0000000000000013
[   62.585279] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[   62.592552] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   62.599822] R13: 00000000000004ef R14: 00000000006fa708 R15: 0000000000000000
[   62.607570] Dumping ftrace buffer:
[   62.611101]    (ftrace buffer empty)
[   62.614792] Kernel Offset: disabled
[   62.618396] Rebooting in 86400 seconds..